Overcome the security obstacles of Key and Certificate Delivery to multiple mobile devices

The delivery of digital certificates and private keys to devices of all types and platforms can be challenging.

Once certificates and keys are issued, you need an efficient way to deliver them to the countless mobile devices in play and prevent the export of the certificates to ensure they are used for their original purpose. 

Key and Certificate Delivery security risks

Workarounds in issuing and delivering certificates to mobile devices can expose private keys and weaken the intended security design. In addition, different device platforms, models and versions each handle certificate and key storage in different ways and require customized approaches to loading certificates. Certificate and key delivery methods that try to deliver with a “one-size-fits-all” approach often ends up generating the user's private key remotely and copying it to the device over public wire/air which leaves it vulnerable to breach. Some processes also result in fully exportable certificates being sent to the device. This can result in an increased possibility of private key exposure, the potential for certificates and keys to be copied, and the inability to maintain legal non-repudiation for these users on their mobile devices.

How can CSS help ensure the security of your Key and Certificate Delivery?

  • Deliver certificates directly to Windows, Windows phone, iOS, Mac, Android and Linux platforms
  • Leverage an API to customize delivery to other platforms and proprietary devices
  • Delivery of certificates with on-device key generation (ODKG), ensuring private keys are not stored in remote locations.
  • Support for auditable non-repudiation for users utilizing certificates issued to mobile devices
  • Creation of non-exportable Certificates, even in environments do not enable this feature natively

How PKI and digital certificates boost the security of Key and Certificate Delivery

  • Digital certificates augment authentication processes based on user credentials, and improve security posture by decreasing your attack surface
  • Certificates used for authentication can be set as non-exportable, ensuring that only authorized users on authorized devices are able to connect to private networks
  • VPN routers/servers accept digital certificates to authenticate both users and trusted devices, leading to a more secured connection to private networks
  • PKI is a high assurance proven technology for digital certificates.
  • A well-managed PKI can issue, deliver, revoke, track and update certificates on an as needed basis

Learn more about enabling proper security measures for key and certificate delivery.