CSPid is a virtual smartcard that maintains a central Information … · 2019-05-30 · including ANSI X.509 and IETF PKIX, TLS, and S/MIME +1-847-405-0500 [email protected] infoseccorp

CSPid Benefits

• Eliminates private key duplication

• Simplifies trust chain management

• Enforces strict password quality requirements

• Audits all private key operations

• May be easily deployed and managed

• Appropriate for oganizations of any size, scaling up to millions of users

• Uses NIST CMVP-validated FIPS 140-2 cryptography and today’s proven standards, including ANSI X.509 and IETF PKIX, TLS, and S/MIME

[email protected]

infoseccorp

@infoseccorp

/infsec.us

Information SecurityCORPORATION

CSPid is a virtual smartcard that maintains a central repository for X.509 certificates and private keys. It provides a secure environment for cryptographic operations that nearly all security-enabled applications can access.

Overview

CSPid affords your users the functionality of a physical smartcard at a fraction of the cost. It stores each user’s credentials in a single encrypted file on any designated storage device (e.g., local hard drive, network share, or removable memory device). It also provides cryptographic operations to security-enabled applications through industry-standard application programming interfaces (Java, PKCS#11, and CAPI/CNG APIs).

Net-Centric Applications

CSPid can be deployed in conjunction with DAS and your company’s existing security-enabled applications (e.g., Microsoft Outlook S/MIME) to support enhanced security protocols, such as role-based signing and decryption, which were previously impossible to implement with conventional PK-based tools.

Use Cases for CSPid

Enhancing Private Key SecurityCSPid protects private keys independent of the operating system or browser for greater flexibility and security. Administrators can control password cache settings, mandate password quality, and monitor credential use with better auditing capabilities

Signing with ‘Role-Based’ CredentialsCSPid works with ISC’s DAS to provide high-assurance ‘role-based’ signing and decryption operations to all applications

Migrating Keys EasilyCSPid effortlessly supports key migration to any workstation in an OS-independent manner, without the need to physically replicate user keys.

Managing Trust Anchors in FirefoxCSPid replicates Windows Group Policy distributed trust anchors as well as its own trust anchors into Firefox, Thunderbird, and other NSS-based applications reducing their management

©2019 Information Security Corporation. All rights reserved. CertAgent, CSPid, SecretAgent, and SpyProof! are registered trademarks of Information Security Corporation and may not be used without permission. All other trademarks, service marks, and product or service names are trademarks or registered trademarks of their respective owners. Specifications quoted herein are subject to change without notice.

Information SecurityCORPORATION

EXPORT INFORMATIONCSPid may be freely exported to all but a handful of embargoed countries and denied parties under License Exception ENC:

ECCN 5D002 (C.1); CCATS: G053671

TECHNICAL SPECIFICATIONS• Complies with NIST FIPS

140-2 Level 1 requirements• Exports a PKCS#11 version

2.20 compliant API• Includes a Cryptographic Service

Provider and Key Storage Provider for Microsoft Windows

• Imports and exports PKCS#12, PKCS#7, and ASN.1 DER-encoded X.509 certificates

• Generates up to 8192-bit RSA and up to 571-bit ECDSA PKCS#10 requests

• Supports SHA-256, SHA-384, and SHA-512

• Employs password-protected PKCS#15 PDUs for key storage on local, removable, or network-attached drives, using AES-256 for confidentiality and HMAC-SHA-512 for integrity checking

SUPPORTED PLATFORMS• Windows Server 2012 R2 or above• Windows 7, 8, 8.1, 10, or above• CentOS 6.7 x86-64 (Linux

Kernel 2.6) or above