Digital Certificate and Key Lifecycle Management and Automation with Gemalto and AppViewX

AppViewX – Gemalto AT Joint Solution

AppViewX and Gemalto’s partnership helps enterprises overcome the challenges brought
by managing private keys in a complex infrastructure. For enhanced security and compliance, private keys must be encrypted before they are stored in an enterprise’s infrastructure.

Our combined solution gives the enterprise multiple options that cater to the specific needs of that infrastructure. AppViewX acts as the automation and orchestration engine for the lifecycle management of X.509 certificates, and Gemalto aids in the security of the private keys associated with those certificates.

Solution Highlights

Certificate Management with Encrypted Private Key Storage in AppViewX

This solution is useful for enterprises seeking to generate and store private keys inside AppViewX and limit their encryption to the HSM device for optimum resource utilization. Before being stored in an AES-256 encrypted database, the private keys undergo multiple layers of encryption by Data Encryption Key (DEK), Key Encryption Key (KEK) and Master Encryption Key (MEK). While the encrypted private key, encrypted DEK, and encrypted KEK reside inside AppViewX, the MEK is stored inside the HSM and cannot be retrieved. This solution is suitable for all ADC and server devices.

Certificate Management in AppViewX and Private Key Storage in Gemalto

Enterprises can use this solution to assign AppViewX to certificate management activities while HSM is used to both generate and store private keys in the name of added security. The private key generated within the HSM cannot be removed and is completely shielded from tampering. This particular solution is suitable for all supported devices that can initiate direct communication with the HSM and use a key identifier to access private keys.

Related Articles:   PrimeKey

Comprehensive Role-Based Access Control

The first step in any access control process is having complete visibility into your certificate ecosystem. Sifting through the thousands of certificates in your inventory can be cumbersome. With our holistic view, CERTIFICATE+ graphically represents important certificate information like chain of trust, associated devices and HSM. Users can also perform necessary lifecycle management tasks like issuing, renewing and revoking multiple certificates all within the holistic view itself.

Benefits

  • Encrypt and protect private keys using an industry-standard, FIPS 140-2 certified HSM

  • Manage and automate multi-vendor X.509 certificates across multiple devices

  • Gain visibility and control across all certificates and its keys

  • Enforce policies and ensure compliance across the network

  • Deliver secure, encrypted communications faster by reducing certificate deployment time by up to 70%

About

Gemalto’s SafeNet Identity and Data Protection solutions are trusted by the largest and most respected brands around the world to protect their data, identities, and intellectual property. As the world leader in digital security, Gemalto ensures the authenticity of your banking transactions, safeguards your health records, protects the purchase of your morning cup of coffee, and helps organizations to control risk, manage security, and maintain compliance.