PKIWorks™ is a secure, highly configurable web-based system for certificate authorities offered by CommScope
The CommScope Sentry™ is a premier provider of PKI and other security-related services. Our robust, efficient infrastructure refined by three decades of operational experience can help you secure your devices' identities, communications and code images.
PKIWorks™ generates standard X.509 digital certificates (version 3) and is capable of generating the RSA and ECDSA public/private key pair on behalf of customers (e.g., WInnForum CBRS) or accepting Certificate Signing Requests (PKCS#10) containing a customer generated RSA public key.
PKIWorks™ supports revocation of certificates by the Certification Authority and provides online Certificate Revocation Lists and an OCSP Responder for certificate status queries. The Resources tab provides directions how to submit security incident reports which may include a request for revocation.
For large volume device manufacturers who need a large number of keys and certificates, PKIWorks™ supports generation of a batch of keys and certificates using customer device ID. PKIWorks™ also supports automatically assigning IDs within a predefined range.
PKIWorks™ supports user specification of ID ranges from which IDs are automatically chosen for certificates, based on configurable ID assignment policies, such as next-available and ID skipping. This helps customers manage their ID space and guarantee ID uniqueness.
PKIWorks™ supports two-factor user authentication via cryptographic USB tokens provided by CommScope, for better security. Each user accessing PKIWorks™ must possess a cryptographic USB token (factor 1) and the password (factor 2) in order to use PKIWorks™. The two factors of authentication include possession of the physical USB token and the knowledge of the token password to access it.
If a customer requests PKIWorks™ to generate private keys in addition to the digital certificates, the private keys are delivered to the customer securely encrypted using the cryptographic USB token issued by CommScope, thus providing two-factor protection for the private keys.
PKIWorks™ will retain private keys generated for each customer based on a configurable policy. For example, if the customer wishes, all PKIWorks™ copies of the private keys will be deleted as soon as the customer confirms successful receipt and decryption of those private keys. And if the customer does not confirm receipt, PKIWorks™ can still delete the private keys after a configurable timeout period.