As discussed in our recent webinar, one of the main benefits of using digital certificates for authentication is that they can be used to secure all of your endpoints – users, machines, and devices. Let’s take a closer look at how some our customers* are taking advantage of that benefit to secure various endpoints.
A payment services company operating payment kiosks and computers in retail convenience stores uses digital certificates to authenticate the kiosks and encrypt communications to and from their servers.
A US-based payment processing company operates 10,000 on-location payment kiosks and computers in convenience stores across the country. Their services allow customers to pay a network of various service providers (e.g., utility companies, phone providers) bills in cash. The company needed a solution to ensure only approved machines could communicate with their back-end servers and also encrypt the information being transmitted between the kiosks/computers and the servers.
Including a digital certificate on each kiosk or computer not only identifies the machine and proves that it is allowed to access the network, but also encrypts data transmission to and from the company’s server. Using our API, the company is able to programmatically push certificates to each of the kiosks, automating deployment, renewal, and other stages of the certificate lifecycle.
Mobile Device & Laptop Authentication
A law firm uses digital certificates to authenticate employee-operated mobile iOS devices and laptops.
An Illinois-based law firm standardized on Apple products for their 250 employees, including mobile phones and tablets to allow employees to work remotely. To ensure only approved devices could access and operate on the corporate networks, the law firm sought a cohesive authentication solution that would cover the entire range of machines and devices – MacBook Pros, iPads, and iPhones.
Compatible with personal computers, tablets, and mobile phones, digital certificates offer an easy to deploy and manage solution that covers all of the legal firm’s needs. We even have a mobile authentication solution designed specifically for iOS devices. With the mobile solution, policies and device restrictions are configured using Apple’s free profile configuration utility and apply to all issued certificates, making it easy to deploy certificates across an organization. Certificates are issued and delivered using SCEP over the air enrollment so certificates can be installed directly on the devices with the click of a button.
ISO New England uses digital certificates to authenticate users to their online energy trading portal.
ISO New England, operator of the New England bulk power system and wholesale electricity market, manages an energy market trading application accessed by power generators, regional utility companies, and other market participants. Due to the critical nature of ensuring efficient and reliable delivery of electricity, and based on recommendations from the Executive Order to improve Critical Infrastructure cybersecurity, ISO New England wanted to strengthen the level of identity authentication for all users of their trading application.
NIST’s Preliminary Cybersecurity Framework, the set of standards, guidelines, and best practices that has been drafted to put the recommendations from the Executive Order into action, specifically mentions the inadequacy of passwords as a means of authentication. To meet NIST’s recommendations, ISO New England has implemented our authentication certificates for all users of their eMarket portal, adding a second layer of security beyond usernames and passwords.
As the only public Certificate Authority trusted in all popular browsers and operating systems that is authorized by the North American Energy Standards Board (NAESB), we have been a key member and active participant in establishing PKI standards for NAESB. In choosing us for their authentication needs, ISO New England found a NAESB-compliant partner who is committed to helping them meet their need for strong authentication in a way that is transparent for their stakeholders, while ensuring highly-trusted, authenticated energy transactions.