Certificate-based authentication is a prerequisite for the Public Key Infrastructure (PKI) and for securely administering networked devices and services that participate in it. PKI is widely deployed, and many wireless and wireline technologies and protocols depend upon it, including WiFi, 3G, LTE, WiMax, 802.11i, IPSec/IKE, SSL and SSH. Certificates need to be updated frequently to ensure the device is operated by the assigned user, that the device has the most updated user privileges, and that the device has the most recent upgrades in its service. But manually updating certificates is error-prone, inefficient and simply doesn't scale… especially when you've got tens of millions of devices in the field.
NanoCert™ is your certificate management solution.
NanoCert is specially designed for embedded device and consumer electronics manufacturers and their ISVs. It automates certificate management in devices and applications, and is available in carrier-grade editions that can scale to handle millions upon millions of wireless subscribers. NanoCert's client software requests certificates, renews them or pulls down revocation lists from most any certification authority (CA). NanoCert's certificate server software can act as CA's that issue and revoke certificates at scale and publish CRLs (Certificate Revocation List); or as Registration Authorities that register users and devices.
NanoCert uses SCEP (the Simple Certificate Enrollment Protocol), an evolution of the certificate enrollment protocol developed by Verisign and Cisco Systems, and extends the SCEP protocol by automating the formerly manual certificate management administrative tasks of registering end entities, revoking certificates, and publishing CRLs. NanoCert makes embedding certificate management on devices easy, fast, and reliable. Mocana NanoCert also supports OCSP, which enables applications to determine the revocation state and overall status of any certificate. It may be used to provide more timely revocation information than is possible with Certificate Revocation Lists (CRLs) and may also be used to obtain additional status information.
NanoCert uses a FIPS-compliant cryptographic library for key generation and all cryptographic operations. The product is available either in source code or as a FIPS 140-2 Level 1 certified binary.