Common Industry Challenges
Aligning Core Strengths
Telecommunications and IoT organizations have a need for machine identity management. As such, organizations often migrate internal resources away from key areas to develop and maintain inhouse identity management solutions.
Vivacity Technologies hosts and manages private Certification Authorities (CAs) on behalf of your organization, so that you can focus on your core business. With our solution you have all the benefits of controlling your machine identities while leaning on our experts for maintenance, support and compliance needs. Our team is laser focused on helping our clients succeed, which is why we can customize your CA and API to better suit the specific needs of your business.
Strong machine identities are a constant need irrespective of organization scale, but the costs associated with most PKI solutions are often prohibitive for small to medium sized organizations.
Chains of trust in our managed PKI leverage cutting edge hardware security modules that keep your keys safe and support much larger volumes than a typical CA requires. By optimally distributing CA loads to centralized hardware security modules, Vivacity is able to lead the way in offering affordable but secure CA solutions.
The commonly used X.509 certificates were not designed with computational efficiency in mind. As a result, traditional certificates are not ideal for resource-constrained applications (such as IoT), or high-volume critical applications (such as telecommunications).
Certificates in Vivacity Technologies chain of trust leverage a custom format which offers a 40% reduction in size when compared to standard certificates. This lowers overhead costs associated with securing your device communications, while retaining the high standards of security needed to be compliant.
Customer Case Study
Redline Communications needed a cost effective solution to updating, hosting, and managing a PKI system critical in the security supply chain of their product lines. How could they outsource the liability of handling sensitive credentials while also leveraging their technical development in the PKI space to increase revenue without redirecting resources from core operations? Vivacity stepped in to bridge the gap by providing the services required to host, manage, and upgrade their custom PKI solution securely and robustly.
Private CA Service
Access your own private Certification Authority over the network with a simple and well-documented RESTful API. Integrate your devices and business applications with your own CA to get the benefits of PKI while decreasing your maintenance costs and freeing up internal resources.
All keys used by your CAs are securely generated and stored in cutting edge hardware security modules (HSMs) without ever being physically exposed to any parties. This allows your business to issue certificates without the liability of managing your own crypto keys.
Ideal for IoT and IIoT
The certificate format used by default in Viva PKI provides up to 40% reductions in certificate sizes when compared to X.509 alternatives, without sacrificing the security of your communications. This results in fewer computational resources being needed for your identity needs, which is ideal for resource-constrained but sensitive applications in IoT and IIoT.
How it works
How does PKI protect my devices?
PKI allows you to secure the communications between your devices using asymmetric cryptography. This enables your devices to communicate securely without exchanging private keys over the network.
What services are offered in Vivacity's managed PKI?
We set up and operate your chain of trust, and offer your business access to your private Certification Authority (CA) via a RESTful API. This allows you to manage your device identities, manage access to your CA, and audit all operations performed by the CA.
How does a Certification Authority (CA) work?
CAs are responsible for issuing certificates to your devices. The diagram below showcases this process step by step. From the perspective of the CA, the main duties are receiving and processing certificate signing requests (CSRs) as shown in step 1, as well as issuing certificates (as shown in step 2). Because the CA has its own public and private keys, other devices can use that information to confirm if a certificate is legitimate (shown in steps 5 and 6). You can find our complete step-by-step explanation of PKI and CAs here.
How can I trust that my CA is securely operated?
Our managed PKI solution uses state-of-the-art Hardware Security Modules (HSMs) to securely generate and store the private keys used by your CA. Using this equipment ensures that your private keys cannot be accessed directly, but rather can only be used to perform specific operations (such as signing) by authenticated users. Vivacity is responsible for securely hosting your private keys in the HSM, which makes it impossible for anyone to directly read your private keys, and limits its authorized usage to a private CA to which only your business has access.
What happens in the event of a disaster?
Our managed PKI solution offers out-of-the-box backup and redundancy functionalities. We securely back up your keys in a backup HSM unit, so that your keys are never lost or compromised as a consequence of a disaster. Additionally, our periodic server backups ensure that your services can be restored rapidly and with minimal disruptions to the operations of your business. For customers with higher stringency needs in the response to critical incidents, we do offer additional service and escalation options.
What if I experience a connectivity blackout, can I still access my CA?
By default, our managed CAs are fully managed and hosted by Vivacity offsite to our customers, you will not be able to access it without a network connection. If your business requires uninterrupted access to the CA even in the event of a connectivity issue, we offer the option to deploy and manage your PKI onsite. This means you can access your CA functionality from your local network, and Vivacity provides remote management and maintenance services.