Tasks

Expenditure reductions for routine PKI maintenance operations

• Certificate issue. Indeed CM automatically generates the list of certificates to issue based on PKI usage policy mechanism. All users that fall within a single policy get an identical set of parameters and certificates. The operations of certificate request creation, certificate issue and writing those to smart cards are performed in automated mode.
• The Indeed CM contains a self-service cabinet for common users, implemented as web application. With self-service, the users can issue and update certificates on their own, if this is allowed by the policy. This reduces the workload of IT department.
• Indeed CM can send email notifications of certain system events to the Indeed CM system administrators and users: Say, administrator and/or user receives a notification of the certificate being about to expire. This allows for timely update of the latter, thus avoiding of downtime.
• Indeed CM also allows for unlocking of locked smart card without addressing to administrator. Such unlocking can be performed either before or after user logon, as well as with or without explicit participation of administrator.
• The Indeed CM provides for software interface (API) to integrate to third party systems. The integration expands the Indeed CM capabilities in the sphere of automation of certificate and key media usage processes. For example, Indeed CM can revoke the certificate of dismissed employee upon event from Identity Management class system.
• Accounting of certificates issued by third parties. If the organization uses certificates issued by third party certification authorities, the Indeed CM allows for adding those certificates to database and provide for timely reminder to administrator and user of certificate being about to expire. This allows to avoid of downtime when working with banks and trade platforms.

Increased company security

• Centralized application of PIN policies When a key media is issued, it has PIN requirements written to it: complexity, change interval, history depth etc. The available parameters depend on the device model. The policies are stored and distributed centrally. The administrators do not need to configure policies for every single card.
• Device accounting. Each device - a smart card or USB token - is assigned to an employee responsible for it. Only Indeed CM administrator or the device owner can issue or update certificates for the device.
• Timely revocation of dismissed employees’ certificates. In order to disallow access of dismissed employees to corporate resources promptly, the Indeed CM contains a special service that checks the user directory through at defined intervals and revokes certificates of users marked as dismissed.
• Flexible configuration of privileges Indeed CM allows the companies to define their own security roles with configurable list of allowed operations. It makes it possible for administrators to bring the Indeed CM role model into compliance with the company business processes.
• Control of smart card usage at users’ PCs. Indeed CM allows for tracking of what smart cards are connected to company computers and by whom. Administrator can assign a certain smart card to certain user or PC. If the system discovers a discrepancy (say, a smart card is connected within a session of another user or to disallowed PC), then the smart card might be locked.