WHITE
PAPER
Challenges in the Field
Certificates can be hard to handle , especially when manual intervention is required . This is undesirable or even impossible in many commercial settings . Industrial machines are often not connected to the web , but instead run autonomously , while minimizing downtime as much as possible . A technician charged with maintenance and repairs should not have to worry about checking the presence and validity of certificates . At the same time , the standards for secure communication and device integrity continue to get tougher in modern factories . CodeMeter Certificate Vault is the solution for making certificate management automatic , but secure at the same time .
Advantages of CodeMeter Certificate Vault
CodeMeter Certificate Vault was designed with the secure storage and use of private keys in mind . This is its essential purpose : maintaining the integrity and security of private keys . The standardized interfaces of CodeMeter Certificate Vault make it easy to integrate into existing software environments , and the many routes available for moving certificates and keys into CodeMeter Certificate Vault make it a universal and versatile tool for a range of circumstances and client requirements . Its origins in the CodeMeter universe allow many other opportunities , like using CodeMeter dongles or ASICs , licensing software or machine functions or using CodeMeter AxProtector to protect the IP in software .
CodeMeter Certificate Vault in Use
Use Case 1 : Certifying a Person
For this use case , a service engineer needs to be able to authenticate themselves and get access to the devices they are charged with by showing the right certificate and proving their identity . That certificate and related key can be stored on a CodeMeter USB CmStick or similar container . This solution is used e . g . by the technicians servicing ATMs , a highly secure task where every step needs to be recorded and only trained and approved technicians are qualified for the job .
Use Case 2 : Identifying a Machine for Secure Communication
This use case needs a certificate that is bound to a specific device . Ideally this is done with a CodeMeter ASIC , with its security chip permanently fixed into the device ’ s inner workings . For this use case , a specific hardware entity should be uniquely identifiable in a network and be able to communicate securely . Examples of this include PLCs or smart sensors that are part of larger industrial networks via a standard protocol like OPC UA . That protocol uses the OpenSSL framework to handle X . 509 certificates and protect communication in the network . In that setup , CodeMeter Certificate Vault provides secure certificate storage and a secure engine for cryptographic operations with the private key .
Use Case 3 : Creating a Public Key Infrastructure ( PKI )
When creating and signing certificates for use with VPN connections , mail signatures , or as proof of authenticity in process documentation , it is essential to protect the signer ’ s private key . This makes this use case particularly sensitive .
6