WHITE PAPER
CodeMeter Certificate Vault Dongle used in User Mode
This is the choice for small to medium-scale operations , handling manageable numbers of certificates locally . The client is given a dongle preprogrammed by Wibu-Systems with a license for CodeMeter Certificate Vault on board and the space to store eight certificates and the related keys . A custom password is already set ( and can be changed upon first launch ). This makes it possible to create and store certificates on the dongle with the aforementioned interfaces , but without the need for a central CodeMeter entity for remote programming . It is possible to create and roll out certificates in this case via the textbook route ( option 1 ) or via centralized creation and distribution ( option 2 ).
This option allows a certain number of certificates to be stored , which makes it a good choice for establishing a CA or for securely storing a root key . A preprogrammed CodeMeter dongle is also just a simple introduction to the world of CodeMeter Certificate Vault and its integration into one ’ s own software environment .
CodeMeter Certificate Vault Dongle Used in ISV Mode
For this case , the client is given their own Firm Security Box ( FSB ) with a Firm Code ( containing the client ’ s unique key ) as a master key to handle all of the above options 1-3 . The dongle is not preprogrammed , and virtually any type of dongle – including those already owned by the client – from USB dongles to SD cards or ASICs can be equipped with CodeMeter Certificate Vault . This allows easy and fully customizable integration into the client ’ s existing ecosystem , processes , and PKI infrastructure as well as seamless combination with the CodeMeter licensing system and CodeMeter AxProtector protection .
Conclusion
CodeMeter Certificate Vault stores certificates and keys in secure hardware .
CodeMeter Certificate Vault can complement an existing CodeMeter infrastructure with secure certificate usage based on IT standards . CodeMeter Certificate Vault can also be operated on its own .
With the PKCS # 11 interface , a widely used standard for the connection of physical key stores is supported . OpenSSL as one of the standard implementations for secure communication is raised to a higher security level by securely storing the certificates .
Microsoft ' s Key Storage Provider ( KSP ) can be connected to CodeMeter CertificateVault .
The certificates and keys can be transported via existing , standard-compliant paths . If required , alternative paths can also be used without compromising security .
CodeMeter Certificate Vault extends the capabilities of CodeMeter and makes it an even more universal building block in the security architecture .
Terminology
Abbr . Definition Abbr . Definition
OPC UA |
OPC Unifi ed Architecture – Communication protocol for machineto-machine ( M2M ) communication based on data models |
CA |
Certifi cate Authority |
MQTT |
MQ Telemetry Transport – Simple protocol for machine-to-machine ( M2M ) communication |
TLS |
Transport Layer Security |
S / MIME |
Secure / Multipurpose Internet Mail Extensions – Interface used for encrypting mail |
TPM |
Trusted Platform Module |
PKCS # 11 |
Part of the Public Key Cryptography Standards – specifi cally for accessing cryptographic tokens |
X . 509 |
Standard for public key certifi cates |
PKI Public Key Infrastructure HSM Hardware Security Module
11