Management and Control

The confidentiality, control and authenticity of data is ultimately reliant on the use of cryptographic keys such as encryption keys or private signature keys. Similarly, many forms of user authentication and access control rely on cryptographic keys. Managing and controlling such keys is therefore a means of controlling access to secure data, systems or services, and of enabling trust.

SEAcurIT-e® provides practical and powerful capabilities for the management and control of cryptographic keys. Controls include searching a domain to see every device and user to which a specific key is available (useful when keys are shared across multiple devices), and the ability to enable or disable an individual device's access to a key - if disabled, even a legitimate user cannot access keys on that device.

The management component holds information about keys, but nothing related to their actual value (or any other related information designated as confidential). Core (non-secret) technical information is passed seamlessly and invisibly to this component during the registration process. The management component correlates information about users/owners of keys and devices and manages the relationship between them, including which keys may be accessed.

The management component has an interface for users and administrators:

  • Administration accounts allow for the management and control of all users, devices and keys within a domain
    • Allows for centralised management and control
  • Individual users have their own management accounts

The management features include:

  • Enabling or disabling of keys, accounts or devices
    • Ability to remove access to a key for a specific user
    • May specify when a key is available
  • Viewing information about keys, accounts and devices
  • Search all devices and accounts within a domain to see all instances of where a key is used
    • Useful when keys are shared between multiple individual users or devices
  • Authorised parties may remove a key from a specified user or device
  • Various search and view options