The Directory-Enabled PKI Appliance: Digital Signatures Made Simple

Feb 15, 2007

Download This paper presents a novel approach for a PKI-based digital signature system for documents in an enterprise setting. A centralized appliance securely stores users' private signing keys. The appliance interfaces with the existing enterprise directory to automatically provision users' keys and certificates. Users authenticate to the appliance using their existing directory credentials in order to access their signing keys. Client applications send document hash values to the appliance to be signed, therefore the signing keys themselves never leave the appliance. Streamlined user interface methods enable easy acceptance by users, while streamlined management enables minimal ongoing investment by IT staff. Real-world experience with the described system is presented and shows successful deployment in a variety of organizations and markets.