You Are Here:

US Home > Products & Services > Security Services > Managed PKI Services > Key Management Services

Key Management Services

VeriSign's Key Management Services provide the industry's most secure key management and recovery solution for enterprises deploying public key infrastructure (PKI) to secure a broad array of network applications. Key Management Services use state-of-the-art technology to provide enterprises with a complete key management solution. This solution includes centralized key generation, distribution and backup capabilities, archiving of key histories, and dual key pair support, coupled with a two-step recovery process which provides far greater security than in-house software alone.

Features and Benefits

• Dual Key Support 
  Key Management Services supports dual keys by providing central generation and back up of encryption keys along with distributed generation of signing keys. Key Management Services is the industry's leading solution for non-repudiation because it combines this support for dual key pairs with strong security, audit and archive functions. Dual key pair support is critical for applications that utilize both encryption and digital signatures. An end user needs one key pair for encryption and another for digital signing so that the encryption key pair can be backed up without compromising the integrity of the user's digital signatures.
• High Security Key Recovery 
  Unlike other alternatives, VeriSign's Key Management Services offers a unique approach to key management that provides the highest security available. It combines local software and backup of the key pairs with a key recovery service located at VeriSign. Private keys are stored at your enterprise in a secure, encrypted form that provides strong protection without requiring you to build a high security facility. Recovery of a key pair occurs by retrieving from VeriSign a unique key that can unlock the backed-up version of that specific key, but without your end user encryption keys ever leaving your premises. This removes any single point of compromise from the system, since even if someone has a complete copy of the database of backed-up keys, they will not be authorized to get the recovery keys from VeriSign. Authorization is needed to access the database.
• Centralized Key Management 
  Key Management Services’ centralized key-generation functions allow an enterprise administrator to set up an end user's security and in so doing, simplify the process for users. The administrator can easily and quickly generate encryption key pairs, trigger a client application to generate a signing key pair, coordinate certificate acquisition for both key pairs and distribute the keys and certificates to the end user, without the end user having to register and request a certificate. Enterprises deploying PKI primarily for authentication, access control or non-repudiation without encryption may not need dual key support and key recovery, but they can still benefit from Key Management Services’ centralized management capability. Key Management Services significantly reduces end user support burdens and PKI deployment time. With Key Management Services, Managed PKI provides the broadest range of registration and distribution options available.

Key Management Services is part of the VeriSign Managed PKI product line. It works with Microsoft IE, Outlook XP, 2000, and 98, IBM Lotus Notes R5, and Netscape Communicator as well as with applications enabled with VeriSign-compatible toolkits. Key Management Services does not require proprietary client software and allows you to build and operate a best-of-breed enterprise security solution.