1. RSA Digital Certificate Solutions RSA Solutions for PKI David Mateju RSA Sales Consultant

2. RSA – The Big Picture information Encryption
Store, Transport
IT infrastructure
information
Access Authentication, Authorization,
Anti-fraud Solutions
DLP
Data Loss Prevention
SIEM
Security Information and Event Management

3. RSA Encryption and Key Management Suite
RSA – The Big Picture
RSA Encryption and Key Management Suite
RSA Access Manager RSA Federated Identity Manager
RSA SecurID
RSA Digital Certificate Solutions
RSA Identity Protection and Verification Suite
IT infrastructure
information
RSA Data Loss
Prevention Suite
RSA enVision Platform

4. RSA Digital Certificate Solutions
Registration Manager
RSA
Certificate Manager
User
RSA
Validation
Client
Web Server
RSA Card Manager, SOM, and Authentication Utility are adjacent RSA products that work with the RSA Certificate Management products.
RSA
Validation Manager

5. RSA Certificate Manager
Industry leading certificate authority
Scalability
RSA OneStep automated enrollment
Native support for secure & VPN
Certifications
First CA to be Common Criteria EAL4+ certified
IdenTrust
Interoperability
Over 100 applications tested
RSA BSAFE Cert J/C enables thousands more
Web browser, smart card/USB token credential storage options
Issues, manages & validates digital certificates
Manages trust relationships
Modular design enables easy integration into existing environments
RSA Certificate Manager
RSA Certificate Manager is an Internet-based CA solution that provides the core functionality for issuing, managing and validating digital certificates thereby delivering online digital identities for customers, partners, suppliers and/or employees allowing users to identify themselves and establish trusted relationships. It includes a secure web server and a powerful signing engine for digitally signing end-user certificates and system events; and an integrated data repository for storing certificates, system data, and certificate status information.
RSA KCA enables you to do e-business securely. RSA KCA permits you to define who else you and your users are willing to trust by allowing you to automatically trust digital certificates issued by your business partners or customers.
RSA KCA has been architected to allow you to design and deploy digital certificate management solution to mirror your organization’s structure, with the flexibility to change the system as the organization changes. For example, you can set-up any number of CAs and administrators and physically locate them where convenient. In addition, the user interface can be customized and branded with your organization’s logo so that users are immediately familiar with who they are interacting with. Since RSA KCA is built using open industry standards, it can interoperate out-of-box with other standards-based applications. This means that your RSA KCA can be leveraged across others applications like web-browsers, , and VPN clients to ensure maximum return-on-investment.

6. RSA Registration Manager
Streamline enrollment process
Offloads potential enrollment bottlenecks from CA
Verifies credentials of certificate request
Deploy distributed Registration Authorities (RA)
Allows placement of policy-driven RAs at remote customer or partner sites
Increase security
Reduce risk of approving certificates for unauthorized parties
Secure remote web-based administration
RSA
Certificate Manager RA
SD: Reg. Authority is a web based interface that interfaces with the CA. Can be distributed worldwide and set up jurisdictions that have their own registration authority. It allows for policies to be driven at remote customer or partner sites as well so that a certain amount of policy can vary by region.
That map illustrates the distributed way in which the CA and reg authority can be deployed
RSA Keon RA is an optional component that works with RSA KCA to streamline the certificate enrollment process, especially when dealing with large scale digital certificate deployments. The RA was designed to be deployed at local or remote locations, like those of business partners or field offices, to offload the certificate enrollment process to people more suited to authenticate these remote users. It also gives customers the flexibility to deploy your digital certificate management solution to suit your particular needs and structure. (When that structure changes in the future, you can easily re-configure your digital certificate management solution as needed.)
Despite the fact that RSA Keon RA is being run remotely, you still retain central control over the certificate issuance process. Since the RA works in conjunction with RSA KCA to issue certificates, policies you enforce at the CA will be carried over to each RA. Using KRA in large-scale deployments improves security because ensures that the authentication of the users requesting certificates is kept closer to the users. This helps ensure that your digital certificates are being issued to legitimate users.

7. RSA Validation Manager
Web Applications
Certificate Authorities
(RSA or other)
RSA Validation Manager
LDAP
Directory
CRLs
Fetch
CRLs
LDAP
Directory
CRLs
Check Status of specific certificate with OCSP
OCSP
Synchronization
Status
RSA Validation Manager
Third Party OCSP

8. RSA Validation Manager / Client
Industry standards-based OCSP server
RFC 2560, OCSP, X.509 v3 certificates, X509 v2 CRLs, delta CRLs, Authority Revocation Lists (ARLs), LDAP , http, https
Immediately validate digital certificates
Ensures high levels of trust and assurance of transactions
Provides a more reliable verification process than CRLs
Instantly revokes suspended certificates
Achieve high performance
Resolves CRL performance and scalability issues
Integrates real-time status checking into Microsoft® Windows® applications
Interoperates with third-party Certificate Authorities
Increase security
Reduces the risk of security breaches resulting from invalid certificates
Increases accountability and protection through audit trails
Since digital certificates can expire, become revoked or be suspended, users and transactions cannot be trusted until the status of their digital certificate can be validated. The RSA Validation Solution helps organizations overcome the limitations of CRLs by providing real-time certificate status checking thereby minimizing the risk of revoked certificates being deemed valid. The RSA Validation Solution provides an efficient, scalable, industry-standard based solution for validating digital certificates designed to meet the needs of today’s demanding e-business environment.
The RSA Validation Solution enables real-time validation utilizing Online Certificate Status Protocol (OCSP), an IETF standard. The RSA Validation Manager provides a centralized aggregate of CRLs and delta CRLs published by single or multiple CAs for relying parties in a continuous, real-time environment — thereby helping to eliminate the threat of security breaches from non-valid certificates. The RSA Validation Solution is a highly scalable, enterprise-ready, certificate status checking solution that easily integrates with RSA Keon CA software as well as a number of third-party certificate authority products and solutions including Microsoft CA and VeriSign.
Web Services Security relies heavily on digital certificates and signatures. Validating all of these certificates in real time will become a bigger challenge over time. Several Web Services Security product companies are already building in support for OCSP, the validation solution will work with these products in High volume applications. The RSA Federated Identity Manager also supports OCSP.

9. RSA BSAFE Libraries (C/C++, Java)
Libraries usable by C/C++ or Java software application developers
High-performance, scalable, and standards-based:
cryptography (Crypto-C/J, Crypto-C ME)
certificate handling, digital signature (Cert-C/J, Cert-C ME)
secure network transport (SSL-C/J, SSL-C ME)
Web Services security (Secure Web Services)
Helps you meet the regulatory and data privacy requirements of your customers
Available on a wide range of platforms to easily adapt to your heterogeneous environment, including mainframe platforms