What is ORTP in VoIP Wholesale Termination

ECOS: manage certificates and smart cards securely and conveniently

Security specialist ECOS Technology bundles PKI competencies in the continuous further development of the standalone solution ECOS CERTIFICATE AUTHORITY APPLIANCE. [...]

ECOS Technology, provider of solutions for highly secure remote access, is focusing on the management of public key infrastructures (PKI) at this year's it-sa. As part of the Nuremberg IT security trade fair (Hall 12.0 / Stand 622), the security specialists will be presenting the continuously enhanced ECOS CERTIFICATE AUTHORITY APPLIANCE (CAA), which has been specially designed for user authentication.

Depiction of complex organizational hierarchies
The ECOS CAA is designed for the simple, central and flexible management of certificates. The solution allows the creation of multi-level, hierarchically structured Certificate Authorities (CAs) and sub-CAs. Corresponding root CAs can be assigned to different business areas or clients. This means that even complex organizational hierarchies can be mapped in the certificate management.

Different mechanisms are available for the distribution and automatic renewal of the generated certificates. For all devices that support this process, the generated certificates can be made available for collection in an LDAP server.

For Windows devices and users, the certificates can be distributed via Active Directory (AD) or an independent, independent certificate distribution tool. For VoIP telephones and mobile devices, SCEP (Simple Certificate Enrollment Protocol) can be used for distribution.

Seamless integration into existing IT infrastructures

A decisive factor in the success of the introduction of a new PKI is the ability to integrate it into the existing IT infrastructure. Via the coupling with the AD or another metadirectory, the ECOS CAA can obtain the information required to generate the certificates - for example for a specific user, server or device group. If desired, the certificates are written back directly to the AD in order to distribute them in this way.

With the integrated HTTP API, all processes can be controlled remotely using appropriate scripts. For example, the generation and distribution of certificates can be fully automated from a software deployment tool.

Generation of one-time passwords (OTP)

With its own module, the ECOS CAA also offers the option of generating and verifying one-time passwords (OTP). Not only hardware tokens, but also soft tokens (app) for iOS, Android and Windows Phone are supported. It is also possible to send one-time passwords via SMS. This is done to the mobile phone number stored for the respective user - for example in the AD. The integrated Radius server is used to verify the entered one-time password.

An integrated report editor provides an overview of all relevant information, which enables flexible access to all available data. Reports that have been generated once can be saved and made available to other users.

High availability through use in the cluster
Depending on the application scenario, the ECOS CAA can also be operated with high availability in the cluster. This ensures that users can continue to log in even if a system fails - and the associated failure of the Radius or OCSP server. Using the load balancer integrated in the HA module, several CAAs can be operated across locations and short response times from the servers can be ensured.

"With our USB stick-based solutions for high-security remote access, such as ECOS MOBILE OFFICE STICK and ECOS SECURE BOOT STICK, we have long been relying on PKI functions as part of the associated management appliance," explains Paul Marx, Managing Director of ECOS Technology GmbH. “Competencies that we have bundled with ECOS CAA in an independent, continuously developed product in order to implement the requirements of a modern PKI within a compact appliance. As a standalone solution, the appliance is suitable for use in companies and authorities and enables administrators and IT managers to keep track of even very complex PKI infrastructures. "

More articles