CSPid™

  • Overview
  • Advantages
  • Features
  • Standards
  • Licensing

Overview

CSPid is a virtual smartcard that maintains a central repository for private keys and X.509 certificates. It provides a secure environment for cryptographic operations that applications can access via Java, PKCS#11, or Microsoft CAPI. It is available for, and compatible between, all desktop version of Windows, Linux/x86, and Solaris/SPARC.

CSPid

  • provides a portable, operating system independent credential store that may be shared by all security-enabled applications
  • simplifies enterprise-wide credential management; users need not replicate keys among applications, and may effortlessly migrate credentials between workstations
  • provides administrative controls over user credentials; allows PKI enrollment, key rollover, credential backup, and other key management tasks to be automated in a user-transparent manner
  • provides superior protection for private keys and overcomes password change/reset issues with Internet Explorer and Mozilla
  • reduces help desk costs and PKI training requirements

 

CSPid 1.1 Architecture Diagram 

CSPid 1.1 Architecture Diagram

Applications

CSPid stores a user’s credentials in a single encrypted file on any designated storage device (e.g., a local hard drive, a network share, a flash drive, or any other removable memory device). That credential store may be opened by CSPid on any platform once its owner has entered their password.

In this way CSPid allows users to effortlessly migrate their public and private keys to any workstation in an OS-independent manner, without the need to physically replicate those keys. (The fewer persistent copies of a user’s private key that are created, the less likely it is to be compromised.)

CSPid’s programmable interface simplifies certificate lifecycle management. By giving security officers control over employee credentials throughout their enterprise, it reduces help desk costs and PKI training requirements.

Security officers can configure CSPid to force password change at designated intervals, prohibit password reuse, and enforce password quality requirements on cryptographic keys. These security policy settings are then enforced for all connected applications, including Microsoft IE and Mozilla (which do not provide such controls by themselves).

Advantages

CSPid

  • affords your users the functionality of a physical smartcard for a fraction of the cost
  • exposes a common store of certificates and private keys to applications via PKCS#11, Microsoft CAPI, and Java
  • obviates the need to replicate keys among applications, and simplifies the migration of keys between workstations
  • protects private keys independently of the operating system and browsers for greater flexibility and security; administrators can control password cache settings, mandate password quality and change requirements, and monitor credential use with better auditing capabilities
  • links users to a specified CA to facilitate enrollment, certificate renewal, key rollover, etc., directly from the CSPid system tray menu

Technical Details

  • Intuitive graphical user interface for credential management; command line interface for batch operations and automated tasks under end-user or administrative control
  • Exports a PKCS#11 version 2.20 compliant API
  • Includes a Microsoft smart card minidriver for CAPI support
  • Imports and exports PKCS#12, PKCS#7, and ASN.1 DER-encoded X.509 certificates
  • Generates RSA keys of 1024 to 8192 bits; manages RSA keys of any size
  • Employs password-protected PKCS#15 PDUs for key storage on local, removable, or network-attached drives, using AES-256 for confidentiality and HMAC-SHA-512 for integrity checking


Supported Applications

CSPid works with all PKCS#11- or CAPI-enabled applications, as well as with all Java applications based on J2SE 5.0 or above, including, but not limited to, the following:

  • Microsoft Internet Explorer 5.0 and above
  • Outlook 2000, 2002, 2003, 2007, and Outlook Express
  • Mozilla 1.1, 1.6, and above
  • FireFox 1.0 and above
  • Thunderbird 1.0 and above
  • Netscape Communicator 4.75 and above
  • Lotus Notes 6 and above
  • SecretAgent 5.x/6.x and SpyProof! 1.x
  • Cisco and Checkpoint VPNs

 

Standards Compliance and PKI Compatibility

CSPid is built upon ISC's FIPS 140-certified Cryptographic Development Kit (CDK) version 7.0 and is FIPS 140-2 compliant. It works with X.509v3 credentials from most leading PKI vendors, including Entrust, Microsoft, RedHat, RSA Security, VeriSign, and ISC.

 
NIST FIPS 140-1 logo

Licensing

CSPid is normally licensed on an enterprise-wide basis under terms negotiated with ISC. The typical contract includes free updates and support for one year. Maintenance may be renewed on an annual basis in subsequent years for an agreed-upon percentage of the original site license fee.

 

Certified for Vista logoNIST FIPS 140-1 logo

Brochure [PDF]
CSPid FAQ
Product Support
Platforms:
Tabs on this page:

Linux logo

Microsoft partner logo

Sun Partner logo