Securing the future with key management
Security with keys and certificates
Building secure IT infrastructures and trustworthiness within them to ensure secure communication in highly interconnected systems requires reliable authentication as well as signing and encrypting data.
Public key infrastructures (PKI) allow to issue, manage and verify digital identities in a secure way.
The ECOS TrustManagementAppliance is a PKI and key management solution for securing mobile devices, PCs, servers, processes and other devices in the (I)IoT area.
One PKI for all platforms
Certificate-based security for desktops and mobile end devices
Network and server security
The ECOS security concept for client and server authentication
Industrial security 4.0
Certificates and keys protect man and machine
One PKI for all platforms
Certificate-based security for desktops and mobile devices
A public key infrastructure (PKI) is a proven and reliable security technology in the office sector.
Certificates are used for following scenarios:
- WLAN login for mobile devices
- Authentication of desktops in LAN
- Windows login with smartcard
- Secure authentication at VPN gateway
- Login to web applications
- Hard disk encryption
The ECOS TrustManagementAppliance offers all options to create, manage, renew, revoke, validate or store certificates, as well as to import, manage and use public CA certificates.
On top of this, our all-in-one PKI solution provides all components required for building up a secure infrastructure and ensuring its long-term security through an extensive certificate management system.
Smart workflow processes allow the automation of all relevant workflows, such as requesting and approving certificates, notifications of expiration, and renewals.
You are always on the safer side with an ECOS PKI solution!
More security, less effort
Security is of top priority in the IT network of R. STAHL AG. This is why the company was looking for a new, suitable PKI to implement in 2019. Not only should the PKI be state-of-the-art in terms of security, but it also had to be able to manage certificates for all devices used within the company.
An important requirement for the new PKI was the synchronization with Active Directory. The OTP area had to be covered as well to ideally allow PKI and OTP to be managed together in one solution with a standardized, central interface.
The ECOS TrustManagementAppliance convinced R. STAHL AG.
Network and server security
The ECOS security concept for client and server authentication
Public key infrastructures (PKI) have become standard for securing networks and server processes.
Company IT infrastructures nowadays involve a large number of servers communicating closely with each other. It is therefore essential to grant secure authentication and encryption of communication as protection against potential attacks.
The IT sector uses certificates for the following scenarios:
- Securing server processes and web servers
- Signing apps, macros and other software
The ECOS TrustManagementAppliance allows you to set up your own private/public key infrastructure (PKI) and create, renew or revoke certificates to safeguard your network and server security.
Why you should use a public key infrastructure (PKI)
"Companies around the world are using IoT devices. The more we interconnect devices, the more important it becomes to ensure their security. But security is more than data loss. If we just consider securing the communication of single actuators, sensors or control devices in chemical plants, utilities, vehicles or medical implants, we realize that virtual dangers can quickly turn into physical dangers and, in the worst case, even become life-threatening."
- Paul Marx | Commercial Managing Director | ECOS Technology GmbH -
Industrial security 4.0
Certificates and keys as digital protection for man and machine
Today, more things (devices) are online than there are people on the planet!
Millions of Internet-connected IoT devices are being deployed by countless companies in sensitive and vital areas. However, the growing number of devices also increase security risks. Unsecured devices are quickly becoming the preferred prey of cyber-attacks.
Public key infrastructures (PKI) and key management solutions provide the decisive security layer. Strong certificates and keys are the cornerstones for IoT security—authentication, encryption and integrity.
IoT certificates and symmetric keys are used in the following scenarios:
- Authenticating actuators and sensors on control device
- Encrypting communication of non-IT devices
The ECOS PKI & key management solution helps you digitize your products, manufacturing plants and processes in a scalable, future-proof and, above all, attack-proof way.
From handhelds to destination boards
The variety of devices used at the airport extends far beyond the classic client world: handhelds, special mobile devices, tablets or destination boards. Reason enough to look for a suitable PKI solution.
Besides Windows and Linux support or Active Directory authentication, the focus lay on automation. The objective was to implement a most automated process for all types of clients so certificates could be downloaded onto devices and automatically renewed whenever required.
The ECOS TrustManagementAppliance proved to be convincing.
Performance Features:
- Create, renew, revoke certificates
- Certificates, secrets and symmetric keys
- Key length and signature algorithm freely configurable
- Freely definable and assignable metadata
- Automatic certificate renewal
- Classifying and structuring of certificates
- Distributing certificates by LDAP, SCEP, CMC, CST, EST or Windows service
- Refueling or creation of certificates on the smartcard
- Self-service portal for users, helpdesk and administrators
- Secure storage in hardware security module
- Coupling with AD or other metadirectory
- All functions controlled via HTTP API
- Multi-level root- and sub CAs
- Central administration of tenant-specific root CAs
- Integration into existing PKI, as root- or sub CA
- Import interface for public and private certificates
- SNMP interface for the connection of a monitoring system
- syslog interface for the connection of an aggregation tool
- Operation under VMware, Microsoft Hyper-V, other virtualization platforms or dedicated hardware
- Preconfigured ISO image with ECOS Secure Linux and TMA
- Certificate validation via CRL or OCSP
- RADIUS server for IEEE 802.1X authentication
- Support of OTP tokens, software tokens and SMS
- Granular rights assignment by admin interface
- Predefined reports and custom report editor
- Automatic notification system via Active Reports
- Cluster operation, even cross-site