We present a novel approach for a PKI based digital signature system for documents in an enterprise setting. A centralized appliance securely stores users' private signing keys. The appliance interfaces with the existing enterprise directory to automatically provision users' keys and certificates. Users authenticate to the appliance using their existing directory credentials in order to access their signing keys. Client applications send document hash values to the appliance to be signed therefore the signing keys themselves never leave the appliance. Streamlined user interface methods enable easy acceptance by users, while streamlined management enables minimal ongoing investment by IT staff. Real world experience with the described system is presented and shows successful deployment in a variety of organizations and markets.
展开▼
