Sixscape’s IDCentral provides services to the organizations with customers who needs to authenticate and run their own in-house IDCentral for their customers. For example, Banks/Corporates/Government agencies can run their own in-house IDCentral to provide certificates and secure communications for their employees.
The IDCentral Server consists of three components:
Distributed PKI Function:
What a bank is interested in is not your name and passport, but your identity as their customer. An employer is interested in your identity as one of their employees. Vetting name and address by an online CA is very expensive (e.g. $150 per applicant). Even then it may not be of value to a bank or employer. They need to verify you as a customer or an employee of theirs. Only they have the databases to verify that information.
In Sixscape, PKI function is distributed so this information vetting can be done by the people in the best position to do it. It can also handle far larger volumes of certificates by distributing the PKI function, rather than trying to have a single giant CA issue and manage certificates for the entire world. Imagine a DNS server trying to provide address resolution for everyone. The volume of server certs is small enough for one centralized CA to handle. Client cert volume is simple too massive for one central CA to handle.
The current online CA’s are lacking a single comprehensive PKI protocol. Sixscape’s IRP (Identity Registry Protocol) is a revolutionary approach in PKI technology. It allows PKI function to be distributed and embedded in applications (similar to DNS).
Why you should prefer this product?
- IDCentral is a client/server design, and will run over IPv4 and/or IPv6 (it can accept incoming connections over either IP version)
- Authorized and licensed to issue a specific number of client certs. Packages are available at various levels, for different sized organizations.
- IDCentral helps to implement direct end-to-end secure communications.
- IRP-enabled clients can locate the IDCentral for any IRP domain (via DNS SRV records) for retrieving or verify certs.