Enterprise Random Password Manager™ Adds Smart Card and Digital Certificate Support
To meet the increasing security requirements of its government and commercial customers, Lieberman Software today announced support for the major smartcard and certificate formats in its privileged identity management solution, Enterprise Random Password Manager (ERPM).
For government agencies mandated to support PIV (HSPD 12), or corporate sites using smartcards/PKI certificates for authentication, these enhancements enable ERPM to identify who is logging on and to control what the user can access via digital certificates. This capability can be implemented instead of - or in conjunction with - a user name and password. If configured by an organization, the possession of a smartcard and its PIN code can be all that is necessary to securely logon to ERPM.
“We have always been staunch supporters of PKI, FIPS 201, PIV, HSPD 12 and certificates for authentication and encryption, where physical possession of the crypto device can provide a far more secure environment,” said Philip Lieberman, president and CEO of Lieberman Software. “Over the last few years we have implemented a variety of authentication and authorization mechanisms within our products to match the needs of our corporate and government users. Our integrated authentication solutions include LDAP, Kerberos, RADIUS, as well as RSA and a very rich OATH implementation for multi-factor authentication.
“Our newest version of ERPM provides a simple way to manually enroll client certificates, transparently verify certificates on smartcards, and configure rights and privileges for certificates directly within the ERPM console.”
ERPM automatically discovers privileged accounts on the network, frequently changes each account’s password to a unique value, and deploys the password changes wherever they are used in the data center. It provides the accountability of showing precisely who on the IT staff had administrative access to systems and applications with sensitive data, at what time and for what stated purpose.
Now, ERPM can use digital certificates and/or a combination of shared secrets (such as a user name and password), with the option for smartcards to both identify and authorize specific usage capabilities. When a user logs on to ERPM’s delegated web interface with the certificate authentication enabled, the browser and web site require the user to select an appropriate certificate to gain access to ERPM and to the powerful privileged account passwords managed by the software. The digital certificates can be stored on the local machine, on a USB stick or on a smartcard.