Gemalto is now part of the Thales Group, find out more.
Contact Us

PKI Security: Encryption Key Management & Authentication

Public key infrastructures (PKIs) are relied upon to secure a broad range of digital applications, validating everything from transactions and identities to supply chains. However, infrastructure vulnerabilities represent a significant risk to the organizations that rely on PKI alone to safeguard digital applications.

Gemalto offers PKI encryption key management solutions to help you protect the keys at the heart of PKI as well as PKI-based authentication tokens that leverage the security benefits offered by PKI to deliver dependable identity protection. These solutions are available on premises, or as a service in the cloud.

PKI Key and Certificate Security

Secure storage and protection of private keys is integral to the security of the Asymmetric Key Cryptography used in a PKI. If a Certificate Authority’s (CA’s) root key is compromised, the credibility of financial transactions, business processes, and intricate access control systems is adversely affected.

Therefore, in a PKI environment – particularly one integral to business processes, financial transactions, or access controls – it is essential that private keys be guarded with the highest level of security possible via a dedicated security device -- a hardware security module (HSM). Gemalto provides these solutions on-premises with the marketing leading SafeNet Luna HSMs, and as a service in the cloud with its groundbreaking SafeNet Data Protection On Demand - a cloud-based HSM.

HSMs for PKI Encryption Key Management

Hardware security module icon - PKI encryption key management

Organizations deploy Gemalto's SafeNet HSMs, which work in conjunction with a host CA server to provide a secure hardware storage location for the CA’s root key or subordinate CAs’ private keys. It is separately managed and stored outside of the operating system software, thus preventing theft, tampering, and access to the secret key material.

SafeNet HSM Highlights:

  • FIPS 140-2 validation
  • Hardware-secured key generation, storage, and backup
  • Hardware-secured digital signing
  • PKI-authenticated software updates
  • Host-independent, two-factor authentication
  • Enforced operational roles
Security is so important to our clients. We needed a solution that would provide the level of trust our customers were demanding. Gemalto solutions not only provided the security we were looking for but did so in a way that won’t hinder the development and expansion of our business. Our overall experience was very positive.

Featured Resource:

An Anchor of Trust in a Digital World - White Paper

Learn why many entities now consider hardware security modules to be instrumental in the development of innovative products and services that are only possible through secure storage and use of digitized information.

Get this resource

Partner Spotlight: Microsoft Active Directory Certificate Services

Microsoft logo

In the deployment of a Microsoft Active Directory Certificate Services, the co-deployment of an HSM is highly recommended to protect the CA root keys and maintain the integrity of the resultant PKI, certificates, and PKI dependent applications. SafeNet Hardware Security Modules complement and enhance Microsoft Active Directory Certificate Services.

PKI Authentication Solutions

Gemalto offers hardware-based PKI authentication solutions that provide optimal levels of security. Our wide portfolio of SafeNet smart cards and USB tokens leverage public key infrastructure to provide certificate-based strong authentication.

This ensures two-factors of authentication by leveraging the hardware card or token for something you have, combined with a user selected PIN for something you know to provide two factors of authentication.

Authentication Icon

Realizing the need for strong PKI authentication

With proper security controls in place to verify the identity of the user before smart card issuance and certificate provisioning, you can be assured that only the legitimate user is the one accessing the corporate network and sensitive data.

Once a certificate-based identity solution has been deployed, there are several additional security features that can be added, including file encryption, email encryption and digital signature.

For more information, download our Identity and Authentication PKI Portfolio Brochure.

Learn about Gemalto PKI smart cards
Learn about Gemalto PKI USB tokens
of workers report working outside the office at least part of the time and using 3+ personal devices for work activities.
MobilePKI bluetooth smart authentication solution icon

Adapting to a digital world

The rapid growth of the mobile movement has many IT teams scrambling to get enterprise mobile security in line with current corporate standards. Mobile devices create unique security challenges because of a lack of embedded card readers or USB ports, making smart card and token usage impossible.

But enterprises using traditional cards can easily deploy a wearable badge holder equipped with Bluetooth to act as the card reader. Employees can login to their mobile devices using their existing credentials.

Explore Gemalto MobilePKI solutions

Featured Resources:

Back to Top

Contact Us

Thank you for your interest in our products. Please fill out and submit the form to receive more information about Gemalto or to be contacted by a Gemalto specialist.

Your Information

* Email Address:  
* First Name:  
* Last Name:  
* Company Name:  
* Phone:  
* Country:  
* State (US Only):  
* Province (Canada/Australia Only):  

By submitting this form I agree to receive information from Gemalto and its affiliates as described in our Privacy statement.