Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2917 Discussions

IPT enterprise PKI solution?

SSott
Beginner
2,862 Views

Hi there,

I have been asked to implement a PKI solution for a customer using the Identity Protection Technology of Intel VPro.

We have an own Java CA on a Linux server and need to generate certificates signed by our CA for authentication, as well as e-mail encryption keys which also must be stored in the CA as a backup.

The Intel IPT documentation only advises to use their own IPT CA on a Microsoft server, but this does not match our environment.

The IntelJCE documentation https://software.intel.com/en-us/articles/providing-hardware-based-security-by-leveraging-intel-identity-protection-technology-and Providing Hardware-based Security to Java* Applications by leveraging Intel® Identity Protection Technology and Java Cry… also seems to be insufficient for this use case.

So is there any way to implement this solution and where can I get the complete interface description?

Regards

Sandra

0 Kudos
5 Replies
idata
Employee
1,425 Views

Hello sekandra,

 

 

Thanks for joining the community.

 

 

The issue you describe is certainly a complex one and we will need to do some further research.

 

 

In the meantime let me share with you the Intel Setup and Configuration Software User Guide which describes the Remote configuration for PKI in page 13: https://www.intel.com/content/dam/support/us/en/documents/software/Intel_SCS_User_Guide.pdf https://www.intel.com/content/dam/support/us/en/documents/software/Intel_SCS_User_Guide.pdf# page=13 for reference.

 

 

We will get back to you as soon as we have updates.

 

 

Jose A.
0 Kudos
SSott
Beginner
1,425 Views

Hello Jose,

Thank you for your assistance. I hope you can help us find a solution.

I think the central question is if IPT supports the PKCS # 11 interface or something equivalent for the operations mentioned above.

Regards

Sandra

0 Kudos
idata
Employee
1,425 Views

Hello sekandra,

 

 

We are researching with our engineering department. We will keep you posted as soon as we have updates.

 

 

Regards

 

 

Jose A.
0 Kudos
SSott
Beginner
1,425 Views

Hello Jose,

could you already find out anything helpful?

Regards

Sandra

0 Kudos
idata
Employee
1,425 Views

Hello sekandra,

 

 

I apologize for the long delay. We are still waiting for a word from our engineering department. We will keep you posted, hopefully I will be soon.

 

 

Regards.

 

 

Jose A.
0 Kudos
Reply