RSA Digital Certificate Solutions RSA Solutions for PKI David Mateju RSA Sales Consultant david.mateju@rsa.com

RSA – The Big Picture information Encryption Store, Transport IT infrastructure information Access Authentication, Authorization, Anti-fraud Solutions DLP Data Loss Prevention SIEM Security Information and Event Management

RSA Encryption and Key Management Suite RSA – The Big Picture RSA Encryption and Key Management Suite RSA Access Manager RSA Federated Identity Manager RSA SecurID RSA Digital Certificate Solutions RSA Identity Protection and Verification Suite IT infrastructure information RSA Data Loss Prevention Suite RSA enVision Platform

RSA Digital Certificate Solutions Registration Manager RSA Certificate Manager User RSA Validation Client Web Server RSA Card Manager, SOM, and Authentication Utility are adjacent RSA products that work with the RSA Certificate Management products. RSA Validation Manager

RSA Certificate Manager Industry leading certificate authority Scalability RSA OneStep automated enrollment Native support for secure e-mail & VPN Certifications First CA to be Common Criteria EAL4+ certified IdenTrust Interoperability Over 100 applications tested RSA BSAFE Cert J/C enables thousands more Web browser, smart card/USB token credential storage options Issues, manages & validates digital certificates Manages trust relationships Modular design enables easy integration into existing environments RSA Certificate Manager RSA Certificate Manager is an Internet-based CA solution that provides the core functionality for issuing, managing and validating digital certificates thereby delivering online digital identities for customers, partners, suppliers and/or employees allowing users to identify themselves and establish trusted relationships. It includes a secure web server and a powerful signing engine for digitally signing end-user certificates and system events; and an integrated data repository for storing certificates, system data, and certificate status information. RSA KCA enables you to do e-business securely. RSA KCA permits you to define who else you and your users are willing to trust by allowing you to automatically trust digital certificates issued by your business partners or customers. RSA KCA has been architected to allow you to design and deploy digital certificate management solution to mirror your organization’s structure, with the flexibility to change the system as the organization changes. For example, you can set-up any number of CAs and administrators and physically locate them where convenient. In addition, the user interface can be customized and branded with your organization’s logo so that users are immediately familiar with who they are interacting with. Since RSA KCA is built using open industry standards, it can interoperate out-of-box with other standards-based applications. This means that your RSA KCA can be leveraged across others applications like web-browsers, email, and VPN clients to ensure maximum return-on-investment.

RSA Registration Manager Streamline enrollment process Offloads potential enrollment bottlenecks from CA Verifies credentials of certificate request Deploy distributed Registration Authorities (RA) Allows placement of policy-driven RAs at remote customer or partner sites Increase security Reduce risk of approving certificates for unauthorized parties Secure remote web-based administration RSA Certificate Manager RA SD: Reg. Authority is a web based interface that interfaces with the CA. Can be distributed worldwide and set up jurisdictions that have their own registration authority. It allows for policies to be driven at remote customer or partner sites as well so that a certain amount of policy can vary by region. That map illustrates the distributed way in which the CA and reg authority can be deployed RSA Keon RA is an optional component that works with RSA KCA to streamline the certificate enrollment process, especially when dealing with large scale digital certificate deployments. The RA was designed to be deployed at local or remote locations, like those of business partners or field offices, to offload the certificate enrollment process to people more suited to authenticate these remote users. It also gives customers the flexibility to deploy your digital certificate management solution to suit your particular needs and structure. (When that structure changes in the future, you can easily re-configure your digital certificate management solution as needed.) Despite the fact that RSA Keon RA is being run remotely, you still retain central control over the certificate issuance process. Since the RA works in conjunction with RSA KCA to issue certificates, policies you enforce at the CA will be carried over to each RA. Using KRA in large-scale deployments improves security because ensures that the authentication of the users requesting certificates is kept closer to the users. This helps ensure that your digital certificates are being issued to legitimate users.

RSA Validation Manager Web Applications Certificate Authorities (RSA or other) RSA Validation Manager LDAP Directory CRLs Fetch CRLs LDAP Directory CRLs Check Status of specific certificate with OCSP OCSP Synchronization Status RSA Validation Manager Third Party OCSP

RSA Validation Manager / Client Industry standards-based OCSP server RFC 2560, OCSP, X.509 v3 certificates, X509 v2 CRLs, delta CRLs, Authority Revocation Lists (ARLs), LDAP , http, https Immediately validate digital certificates Ensures high levels of trust and assurance of transactions Provides a more reliable verification process than CRLs Instantly revokes suspended certificates Achieve high performance Resolves CRL performance and scalability issues Integrates real-time status checking into Microsoft® Windows® applications Interoperates with third-party Certificate Authorities Increase security Reduces the risk of security breaches resulting from invalid certificates Increases accountability and protection through audit trails Since digital certificates can expire, become revoked or be suspended, users and transactions cannot be trusted until the status of their digital certificate can be validated. The RSA Validation Solution helps organizations overcome the limitations of CRLs by providing real-time certificate status checking thereby minimizing the risk of revoked certificates being deemed valid. The RSA Validation Solution provides an efficient, scalable, industry-standard based solution for validating digital certificates designed to meet the needs of today’s demanding e-business environment. The RSA Validation Solution enables real-time validation utilizing Online Certificate Status Protocol (OCSP), an IETF standard. The RSA Validation Manager provides a centralized aggregate of CRLs and delta CRLs published by single or multiple CAs for relying parties in a continuous, real-time environment — thereby helping to eliminate the threat of security breaches from non-valid certificates. The RSA Validation Solution is a highly scalable, enterprise-ready, certificate status checking solution that easily integrates with RSA Keon CA software as well as a number of third-party certificate authority products and solutions including Microsoft CA and VeriSign. Web Services Security relies heavily on digital certificates and signatures. Validating all of these certificates in real time will become a bigger challenge over time. Several Web Services Security product companies are already building in support for OCSP, the validation solution will work with these products in High volume applications. The RSA Federated Identity Manager also supports OCSP.

RSA BSAFE Libraries (C/C++, Java) Libraries usable by C/C++ or Java software application developers High-performance, scalable, and standards-based: cryptography (Crypto-C/J, Crypto-C ME) certificate handling, digital signature (Cert-C/J, Cert-C ME) secure network transport (SSL-C/J, SSL-C ME) Web Services security (Secure Web Services) Helps you meet the regulatory and data privacy requirements of your customers Available on a wide range of platforms to easily adapt to your heterogeneous environment, including mainframe platforms