E-signature, encryption
& authentication without
hardware devices

Solution based on Axidian CertiFlow for efficient digital certificates security maintenance that allows to replace hardware devices

SCHEDULE PRODUCT DEMO
prew-product

Task

In recent years, employers have been paying special attention to organizing and protecting remote workflow. Enterprise mobility does have certain benefits: employees can access required services at any time and take care of urgent tasks even when they are away on vacation or sick leave. And this can boost workflow efficiency and team productivity.

Leadership at many companies, large and small, try to make the most of remote access tools. However, they still need to handle a variety of tasks related to digital certificates:

  • Two-factor authentication based on certificates (for example, logins to the operating system, VPN authentication)
  • Website verification (SSL certificates)
  • Network resource verification (for example, routers)
  • Preventing unauthorized software alterations (code signing)
  • Data encryption (IPsec)
  • Encryption and signature for emails
  • Digital signature for electronic document flow, etc.

Two-factor authentication and data encryption are especially important in the case of remote work when workstations are not protected by the corporate perimeter and employees may use unsafe public networks to connect to corporate services.

Digital certificates may have multiple advantages but they do come with one essential requirement: you need a secure device to store the key information and perform all cryptographic operations. A classic solution would be to use a hardware device — a smart card or a USB token.

However, in the context of enterprise mobility, the use of smart cards and tokens (despite their obvious strengths in terms of information security) can have serious limitations:

  • Logistics related to the delivery of hardware devices to mobile workstations
  • Costs related to purchasing hardware devices and readers
  • Lack of smart card readers or their failure
  • Issues with quick access to enterprise resources whenever a hardware device is lost or broken

The best solution would be to introduce virtual smart card technology that does not require removable devices for using digital certificates. Virtual smart cards can also be used together with classic PKI tokens both on a regular basis or ad-hoc whenever you need a virtual replacement for your hardware device, for example, when its delivery is in progress.

Solution

Maintaining the security of digital certificates beyond the corporate perimeter without using personal hardware devices poses a challenge to all technologies involving digital certificates.

One leading-edge development in this field has been the cloud- or network-based electronic signature stored on a secure server instead of a user’s PKI token. What is being protected in this case is the connection between a user’s computer and the secure server with key information.

Another popular solution is Trusted Platform Module when a dedicated microprocessor is used for secure storage of key information and performance of cryptographic operations. This module is a native component of a user’s device, be it a smartphone or a computer.

Axidian CertiFlow supports both technologies and offers its own mechanism to enable online delivery of certificates to user workstations. The proposed solutions can be used as a high-quality alternative to hardware devices or as a temporary solution whenever a token or smart card is lost or broken.

Technologies

Trusted Platform Module, secure storage of key information

Trusted Platform Module (TPM) is a secure microprocessor designed to create and store cryptographic keys and perform cryptographic operations. TPM does not depend on Windows and has its own non-volatile memory that can retain data after power interruptions.

There are different types of TPM implementations:

  • A separate chip on the motherboard
  • A chip integrated into the processor
  • Firmware

The module lets you solve various tasks, including data encryption on your hard drive, user authentication, tamper-proofing, protection of license rights, etc.

You can use Axidian CertiFlow to issue a new virtual TPM device in the user console and manage its entire lifecycle. This means it can be updated, temporarily disabled, revoked, and assigned a new PIN code.

Axidian CertiFlow will monitor and run audits for all user activity with TPM devices. It can also send notifications to the administrator to alert them about pre-defined events.

Windows Hello for Business, two-factor authentication instead of passwords

Windows 10 and later versions offer a new tool, Windows Hello for Business (WHfB) that replaces passwords with strong two-factor authentication on computers and mobile devices. Windows Hello relies on TPM technology, which guarantees a high level of information security.

This solution lets you store your keys in a secure vault on your computer and simulate authentication at the enterprise workstation by using biometric authentication or a PIN. Relevant key information can also be used to connect to a VPN gateway or enterprise resources that use certificates.

With Axidian CertiFlow, you can create a PIN for WHfB whenever you issue a new device, manage the certificates that will be installed on the virtual card, and update these certificates as needed.

Axidian AirCard Enterprise, a network smart card

Software-based smart cards are delivered to a user’s workstation online, do not require a reader, and can be used on virtual workstations.

This is exactly how Axidian AirCard Enterprise works. Your employees can use it just like they would use a hardware smart card — to sign documents, encrypt data, and complete two-factor authentication. At the same time, they cannot break, lose or forget it at home, while the digital certificate and its private key will be stored on a secure server.

After integration with Axidian Access, an AirCard can also be used for gaining access to corporate applications and programs on a user workstation.

Technical parameters

Supported storage technologies for key information:

  • Trusted Platform Module 2.0
  • Windows Registry
  • Axidian AirCard Enterprise

Supported software for virtual and network smart cards:

  • Microsoft Virtual Smart Card (TPM)
  • Windows Hello for Business
  • Axidian AirCard Enterprise
    Supported certificate authorities:
  • Microsoft Enterprise CA
  • Cryptovision CAmelot

Get the budget estimation of your project

GET QUESTIONNAIRE
prew-product-work

Industries

Learn how multiple industries enjoy benefits from implementing our products

Prev
Next

industry about us

quot-mark
avt-1
Andy Woo
Regional Director of Pacific Tech

At Pacific Tech, we are continuously evolving and bringing new solutions to our partners and customers in the region. We are delighted to be partnering with Axidian. With Axidian, we found a comprehensive access management solution which perfectly complements the growing population of Singapore work-from-home workers. As a leading cyber security solution provider, this strategic partnership is perfect for our two companies.

read more
quot-mark
avt-2
KC KuppingerCole Report
Executive view

Axidian’s innovative approach towards designing its whole product portfolio as a highly modular open application platform allows the customers to pick and choose the modules as needed and grow in the future as their business needs expand. Even out of the box, Axidian CertiFlow provides comprehensive yet convenient management capabilities for both administrators and end users.

read more
quot-mark
avt-3
Michael Bürger
Founder & Sales Partner at EU-HUB Network

Since approximately 5 years now I’m working with Axidian quite successfully. First as my vendor client and next as a trusted innovative software partner. Now we are re-selling Axidian software as a Distributor for the EU and beyond. Often I met Axidian CEOs, CTO, Product Management, Partner Managers and System Engineers, on the the phone and even in person in London and Munich and always my feeling was that this is are smart people, an excellent organized company, straight forward thinking and | don’t have any doubt that together we will be very successful this decade in the 2020s on everything we target.

quot-mark
avt-4
Leo Querubin
Executive Director for Business Development of Pointwest Technologies Corporation

The products of Axidian, like Axidian Access, a software for strong and multi-factor authentication (MFA), can provide the structural changes that force everyone to follow necessary cybersecurity procedures. Customers get the best of both worlds — the world-class cybersecurity products of Axidian and the experience and expertise of the local cybersecurity landscape of Pointwest.

read more
quot-mark
avt-4
Volkan Duman
Information Technologies General Manager at vMind

As a result of the long-term laboratory tests and studies that we conducted, we believe that Axidian products should certainly be on the Turkish market. Thanks to our partnership with Axidian, we sought to expand the access control and certificate management market, which is located in a narrow profile in the country, as well as add value by transferring technology to our country. When we compare Axidian products with similar products, we can safely say that they contain much more different features and are more inclusive.

read more
quot-mark
avt-4
Marko Pust
Director of OSI.SI

We have a long partnership with Axidian for more than 2 years already. I can confidently say that Axidian CertiFlow is one of the best and technologically enhanced products for managing digital certificates and smart cards on the EU market. This product has a number of unique features such as Client Agent and Axidian AirCard Enterprise network-attached smart card that are highly valued by our customers. One of the customers said that Axidian CertiFlow brought automation and visibility to their PKI life.

quot-mark
avt-4
Heng Lie
Director of Synnex Metrodata Indonesia

I believe that Axidian Access is an excellent solution for many of our clients. It manages access to all information systems of the enterprise and protects companies from internal and external cyber threats. It is a flexible platform combining different authentication scenarios and methods.

quot-mark
avt-4
Sergey Yeliseyev
X–Infotech Owner, Business Development Director, Government eID solutions

Axidian is the company of professionals in the field of information security. They provide top-level solutions for PKI management and access control to corporate resources. We recommend this company as a reliable partner.