PKI Blog

Authentication in an Ultra-Connected World: Internet of Things

Posted by Ted Shorter on Oct 1, 2015 6:05:00 AM

As PKI practitioners, we’ve been asked the question for years: “What’s the best way to get a digital certificate on _____?” What gets filled into the blank has expanded dramatically over time, however. Ten years ago, certificates landed primarily on what I’d describe as “traditional” IT infrastructure – servers, desktops, laptops, smart cards, RADIUS servers, or VPN concentrators. But since then, things have gotten much more interesting. Handheld scanners. Surgical robots. VOIP phones. Set-top boxes. Cable modems. Even heart monitors and IV pumps.

Read More

Topics: install certificates onto devices, digital certificates, cert, embedded systems, certificate, Microsoft Security Partner, expired digital certificate, Public Key Infrastructure, Certificate Management System (CMS), Industry Trends, Microsoft Public Key Infrastructure, Cisco Internet of Things, embedded certificates, embedded devices, Microsoft PKI, X.509 digital certificates, Internet of Things, IoT, Blog, Internet of Things (IoT), certificate install, BYOD, PKI Assurance

Workplace Join, AD FS 3.0 or OAuth 2.0: Which is Right for You?

Posted by CSS Technical Team on Jun 18, 2014 6:27:00 AM

At first, this question might initially seem like an apples vs. oranges situation. We’ll find out that in some cases it’s not, and that making the best strategic choice for your needs depends on a number of factors.

Read More

Topics: Workplace Join, IT Security, IAM, Microsoft Security Partner, Azure ACS, Microsoft Azure, AD FS 3.0, Identity and Access Management, SAML 2.0, SAML 2.0 via AD FS 3.0, Identity Management, OAuth 2.0, Blog, SaaS, Azure, OAuth, Mobile, BYOD, Windows Azure

AirWatch & CSS - Partnership Featuring Certificate Management System

Posted by Sarah Hance on Sep 24, 2013 11:58:24 AM

Cleveland, OH - September 24, 2013 - Certified Security Solutions' Certificate Management System (CMS) is featured in the AirWatch Marketplace as a fully integrated mobile certificate solution. Developed to give AirWatch customers and partners a centralized location to identify technologies that complement their investments in AirWatch and additional mobile avenues, the AirWatch Marketplace is reserved for top solution providers with proven integration benefits.

Read More

Topics: digital certificate, digital pki, Public Key Infrastructure, issue mobile certificate, AirWatch, PKI, cert management, Microsoft PKI, mobile certificate, certificate management, Internet of Things, expired certificate, AirWatch marketplace, Press Releases, BYOD

SCEP Validation Service Integration with 3rd-party MDM Applications

Posted by CSS Technical Team on Aug 16, 2012 12:27:00 PM

CSS recently discovered and published information on a potential privilege escalation attack in SCEP-based Certificate Issuance Systems. After this discovery, CSS created the SCEP Validation Service, which aims to close this attack by validating the certificate contents before the Certificate Authority sends it to the requestor. CSS’ patent-pending solution ships today with our Mobile Certificate Management System (mCMS) v 1.1 software. CSS’ SCEP Validation Service is architected as a set of components that can also be integrated into 3rd-party Mobile Device Management (MDM) products.

Read More

Topics: consumerization of IT, Mobile Device Management, bring your own device, Certificate Management System (CMS), mCMS, Microsoft IT Security, MDM, SCEP, iOS management services, iOS management certificates, iOS, Blog, Simple Certificate Enrollment Protocol, VSCEP, BYOD, Validated SCEP

Is My MDM Deployment Vulnerable?

Posted by Ted Shorter on Jul 7, 2012 5:55:35 AM

If you’re reading this, there’s a good chance you’ve already seen the reports about the security ramifications of issuing certificates to mobile devices using the Simple Certificate Enrollment Protocol (more information on our site here). We’ve received many inquiries about how to determine whether a given system is at risk, and if so, what levels of exposure may be involved. Complicating the issue is the sheer number of Mobile Device Management (MDM) products that exist, and the wide variety of configuration options within them. Because of all this variability, simply asking, “Is {Product X} affected?” can lead to over-simplified answers that might still leave you exposed to risk.

Assessing the risk of a given MDM deployment can be a bit nuanced, as there are a number of factors that come into play. The primary criteria to examine when making an assessment are:

Read More

Topics: digital certificate, Mobile Device Management, bring your own device, Provisioning, Public Key Infrastructure, Certificate Management System (CMS), mCMS, MDM, SCEP, Identity and Access Management, iOS, US-CERT, Blog, Simple Certificate Enrollment Protocol, Active Directory, BYOD

CSS UNCOVERS SCEP VULNERABILITY FOR MOBILE DEVICES IN THE ENTERPRISE

Posted by CSS Technical Team on Jun 28, 2012 7:22:00 AM

Vulnerability Note VU#971035- Simple Certificate Enrollment Protocol (SCEP) does not strongly authenticate certificate requests

CLEVELAND, OH – June 28, 2012. Researchers at Certified Security Solutions, Inc. (CSS), a leading information security company, have uncovered a potentially serious security issue pertaining to the use of the Simple Certificate Enrollment Protocol (SCEP) in conjunction with mobile devices. Organizations that leverage SCEP to issue digital certificates to mobile devices may be subject to a privilege escalation attack.

Read More

Topics: digital certificates, MDM, SCEP, US-CERT, Press Releases, Simple Certificate Enrollment Protocol, privilege escalation attack, BYOD

Security Vulnerability- The Use of the Simple Certificate Enrollment Protocol (SCEP) and Untrusted Devices

Posted by Ted Shorter on Jun 27, 2012 11:19:38 AM

It’s been in the works for quite some time, but we are finally able to publicly announce a problem that we’ve encountered, related to the use of the Simple Certificate Enrollment Protocol, or SCEP, in conjunction with mobile devices. We’ve been working for months behind the scenes with the folks at the United States Computer Emergency Readiness Team (US-CERT) and CERT/CC at Carnegie Mellon our customers, and a number of vendors as well, to help raise awareness of the issue. The CERT report can be found here, and we have a whitepaper and video overview on our website to provide more information.

It should be noted that not all MDM usage of SCEP is equally vulnerable. The scenarios that cause the most concern to us are those that involve the use of SCEP to issue authentication certificates to enterprise systems such as ActiveSync, WiFi, and VPN. In some cases it may be possible to use alternative configurations that reduce or eliminate these risks; in others, it may be more difficult. CSS is willing to help customers assess their specific usage of SCEP and PKI to determine their degree of exposure.

Read More

Topics: digital certificate, consumerization of IT, IT Security, Microsoft Security Partner, Mobile Device Management, bring your own device, Public Key Infrastructure, Certificate Management System (CMS), Industry Trends, mCMS, MDM, SCEP, Certificate Reporting Tool (CRT), PKI, certification and remediation, mobile certificate, Microsoft-centric infrastructure, Blog, Simple Certificate Enrollment Protocol, CERT Coordination Center, BYOD, ActiveSync, Got PKI?

Got PKI? CSS at RSA

Posted by CSS Marketing on Mar 15, 2012 6:39:29 AM

Certified Security Solutions sent a team to the 2012 RSA Security Conference in San Francisco where one of the underlying themes was mobile security. Located in the Microsoft Pavilion, team CSS boasted a 'Got PKI?' theme centered around PKI best practices and the power of digital certificates on mobile devices. Booth conversations included PKI as a service in addition to leveraging CSS' own software solution, the Certificate Management System (CMS) for digital certificate management and enrollment in a Microsoft PKI. Visitors to the booth were genuinely excited to see a mobile security solution from a company that "gets" PKI. CSS' CTO, Ted Shorter, and Director of Business Development, Uri Lichtenfeld, presented a theater session titled 'Do's and Don’ts of PKI and Certificate Management for Mobile Devices.' Check out the photos below:

Read More

Topics: digital certificate, Fulfillment and governance tools for IAM, consumerization of IT, apple, iPhone, digital pki, digital certificate management, Public Key Infrastructure, Certificate Management System (CMS), mCMS, certificate remediation, Microsoft Public Key Infrastructure, iPad, Certificate Reporting Tool (CRT), PKI, Microsoft PKI, iOS management certificates, Microsoft-centric infrastructure, iOS, Blog, expanded compliance and forensic issues, mobile certificates, BYOD, Got PKI?

Apple Products Becoming (Business) Mainstream

Posted by CSS Marketing on Feb 9, 2012 4:00:13 AM

The popularity of Apple’s iPads and iPhones among consumers are well documented, but recent findings from Forrester Research shows that these devices are gaining steam in the corporate world.

The “Consumerization of IT” or BYOD (Bring Your Own Device) has become a common occurrence among all departments, and not surprisingly, Apple is leading the way among what Forrester calls “information” workers — workers that use a computer for work an hour or more per day. And the more senior the individual, the more they are using Apple devices:

  • More than 1 out of 5 (21%) of 10,000 surveyed Information workers use one or more Apple device at work
  • The number of Apple BYOD-ers doubles to 2 out of 5 professionals (41%) for those with the title “Director of IT” or higher
Read More

Topics: digital certificate, Microsoft Active Directory AD, certificates, apple, iOS 5, iPhone, IT Security, Microsoft Security Partner, digital pki, Certificate Reporting Tool, Public Key Infrastructure, Certificate Management System (CMS), Industry Trends, mCMS, Microsoft Public Key Infrastructure, Active Directory Certificate Services, iPad, PKI, Microsoft PKI, iOS management certificates, Microsoft and Apple, iOS, Blog, Active Directory, mobile certificates, BYOD, AD, Got PKI?

Apple Cozying Up to Microsoft Partners? CSS' mCMS

Posted by CSS Marketing on Nov 18, 2011 7:19:57 AM

This week we’ve seen the latest chapter in the Microsoft/Apple love/hate relationship… and it would seem that love is conquering all… at least for the time being. As CRN reports, Apple is reaching out to Microsoft partners that can help integrate iPhones and iPads into enterprise environments.

We’re seeing a bit of a perfect storm for Apple and Microsoft to work together – at least in the mobile space – as more and more organizations are taking a look at moving to or allowing iPhones (and iPads). Combining the robust multi-faceted Microsoft Core Infrastructure platform and Apple’s trendy “must-have” market monopolizing devices, Apple and Microsoft are “on again,” albeit in the relatively limited smartphone and tablet arena.

Read More

Topics: digital certificate, iPad security, apple, iOS 5, iPhone, IT Security, consumerization, Microsoft Security Partner, Certificate Reporting Tool, Certificate Management System (CMS), Industry Trends, mCMS, Software Products, Microsoft Public Key Infrastructure, iPad, SCEP, mobile security, Microsoft, Microsoft PKI, CRT, iOS management certificates, mobile certificate, Microsoft and Apple, iOS, Blog, iPhone security, secure enrollment, BYOD, Got PKI?

Recent Posts

Posts by Topic

see all

Subscribe to Email Updates

Want to Learn more about CSS?