PKI and SSL Certificates

(PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved. This is achieved during the communication process to validate the veracity of the information being transferred.

  • Gemalto Family Logo

  • Gemalto Digital Certificates

Entrust SSL Certificates

Digital certificates are core to implementing a true multi-layered, identity-based security environment. Authenticate identities, verify devices, secure applications and email, and even safeguard websites. Entrust provides organisations centralised services to automate certificate management. These services — available in various deployment models — help streamline the management of digital identities, SSL certificates, device certificates, mobile devices and more.
Choose the Right SSL CERTIFICATE for You
SSL certificates are one of the most important components of encrypting your website data and securing Internet transactions. Choosing the right SSL Certificate for your business is so vital with Entrust SSL Certificates designed to meet a variety of needs offer additional features such as strong encryption and browser trust.
Which SSL Certificate is RIGHT FOR YOU?
Entrust Standard SSL Certificate
Entrust Standard SSL certificates secure ecommerce, communications and private information passed from browser to Web server and between servers. Entrust Standard SSL Certificates provide website encryption and identification for and
More info
Entrust Advantage SSL
Entrust Advantage SSL certificates secure ecommerce, communications and private information passed from browser to Web server and between servers. With more features than Entrust’s Standard certificates, Entrust Advantage SSL Certificates offer greater set-up and deployment flexibility.
More info
Entrust EV Multi-Domain
Entrust EV Multi-Domain SSL Certificates are supported by the most complete validation processes available, including certificate transparency for the Google Chrome browser. These certificates take advantage of the added visual cues in today’s popular browsers, including the green address bar in Microsoft® Internet Explorer®, Mozilla Firefox, Opera and Google Chrome — a clear indicator to your customers that your website is secure.
More info
Entrust Wildcard SSL Certificates
Entrust Wildcard SSL Certificates offer a great combination of flexibility and value, allowing system administrators to future-proof the addition sub-domains while streamlining management. Entrust Wildcard SSL Certificates secure an entire domain, and include the option to purchase additional non-related domain names and non-related wildcard domains, with up to 250 total domain names in the certificate.
More info
Entrust UC Multi-Domain SSL Certificates
Entrust UC Multi-Domain SSL Certificates secure multiple domains, sub-domains or hostnames with a single certificate — saving you time and money when compared to buying individual certs. A total of four domains are included in the base price. Need more? Purchase more domains, sub-domains or hostnames — from ($call) each per year.
More info
Entrust Private SSL Certificates
Entrust Private SSL certificates provide the same key sizes, signing algorithms, validity periods and CA protection as our proven, publicly trusted SSL certificates. Entrust Private SSL Certs are used by organisations wishing to secure non-fully-qualified domain names.
More info

Gemalto SSL Certificates

Gemalto Certificate based Authentication
While OTP from an authentication standpoint is a significant step-up from used name and password, certificate-based authentication raises the bar even further. For those entrusted with access to a business’s most sensitive information, require authentication technology that can provide verified access and a full audit trail of access events. Certificate based authentication provides this level of security and enables a wide range of security services in the process that includes document or transaction signing, email encryption as typical examples. With a solid identity foundation that includes a consolidated ID repository, trusted data sources and mature mature ID provisioning system, deploying certificate based authentication is easy and cost effective.
Certificate Based Identity
Gemalto’s Protiva smart card-based solutions leverage public key infrastructure (PKI) to provide certificate-based strong authentication. This ensures two-factors of authentication by leveraging the smart card product (card or token) for something you have combined with a user selected PIN for something you know to provide two factors of authentication. With proper security controls in place to verify the identity of the user before smart card issuance and certificate provisioning provided the assurance that only the legitimate user is the one accessing the corporate network and sensitive data.
One a certificate based identity solution has been deployed; there are several additional security features that can be added.
Email Encryption
Ensure the security of sensitive information through email. Leveraging the cryptographic process within the smart card deployment, email is encrypted and can only be decrypted by the intended recipient – keeping your email safe from prying eyes.
Digital Signature
Using the Internet for business processes is cheaper and faster but these savings can be negated by having to rely on “wet” signatures for validation and approval. Digital Signatures created using Protiva smart card devices with PKI can securely authenticate virtual documents saving both time and money.
Mutual Authentication
As hosted applications become more prevalent, there is a need for stronger controls both from the system to authenticate the user and also the user being able to authenticate the system. This provides an additional layer of security to ensure that information exchanged online is secure and the user is interacting only with the legitimate application.

Deployment choices – Microsoft infrastructure or open standards

There are two basic options when deploying a certificate based identity solution: .NET or Java based identity credentials. Both provide a high level of assurance of the identity of the user attempting to gain logical access to then network. These smart card based products can be combined with proximity technology to provide for physical access and with security printing processes can serve as visual identity as well.
.NET based smart cards leverages the built in card management capabilities in Microsoft Server and Windows OS. This deployment requires no additional middleware for card management. Fully contained within Microsoft Forefront Identity Manager (FIM) a .NET certificate based authentication solution is virtually plug and play. .NET Bio adds a further level of security with the addition of fingerprint match-on-card user authentication as an alternative or complement to PIN verification. This functionality is supported by Windows Biometric Framework in Windows 7.
Java based smart cards are build using open standards to ensure interoperability with leading middleware providing a simple and straight forward integration process. This solution was selected by the U.S. Department of Defense and is the identity card base for both the Common Access Card (CAC) used by millions of military personnel and the Personal Identity Verification (PIV) identity credential used by non military federal agencies. Based upon the secure yet open nature of the platform, other applications have been added to this identity credential including payment and digital wallet.

Strong Authentication

In today’s competitive business environment where information can circumnavigate the globe in seconds, protecting sensitive information from unauthorized access should be a top concern of every company. Username and passwords is simply not a secure way to protect any level of information within a company. The past year has been filled with stories of companies that did not implement strong authentication which resulted not only in a breach of sensitive information, but the exposure of the breach to the global population. All of this should lead us to one conclusion – strong authentication is required.
OTP Resources
Securite can assist you with all of your Gemalto Security Solutions