Delivering a World-Class Digital Identity Solution for a National Defense Organization
Read how a National Defense Organization strengthened operational resilience and future-readiness by modernizing its digital identity infrastructure with a scalable PKI and credential management solution with biometric authentication and FIPS 201 PIV compliance from Entrust and Intercede.
はじめに
National defense organizations operate in some of the most demanding and security-sensitive environments in the world. As cyber threats grow more sophisticated and operational requirements evolve, maintaining a secure, flexible, and standards-compliant digital identity infrastructure becomes mission-critical.
A government advisory body within a defense organization recognized the need to modernize its aging identity and access management systems. To meet this challenge, Entrust, a global leader in identity-centric security, partnered with Intercede, a specialist in credential management systems. Together, they delivered a next-generation digital identity solution tailored to the organization’s unique operational and security needs.
ビジネスにおける課題
The defense organization was undertaking a critical technology refresh to modernize its digital identity infrastructure. Key components – including its Public Key Infrastructure (PKI), Credential Management System (CMS), and end-user device ecosystem – were outdated and approaching end-of-life.
主な課題には、次のようなものがありました。
- セキュリティの強化: Addressing the need for advanced security mechanisms to counter evolving cyber threats
- ユーザエクスペリエンスの向上: Integrating biometric authentication to streamline access while maintaining strict security standards
- Standards Compliance: Achieving full compliance with the FIPS 201 Personal Identity Verification (PIV) standard
- PKI Modernization: Replacing legacy PKI components that posed security and support risks
- Vendor Flexibility: Reducing vendor lock-in to allow for future adaptability and support for emerging technologies
- 展開を加速: Meeting a tight timeline for design, implementation, and deployment to align with internal governance requirements
These challenges set the stage for a collaborative solution that would not only support immediate needs but also lay the groundwork for long-term resilience.
ソリューション
Entrust led the delivery of a modern, integrated PKI solution that formed the cryptographic backbone of the new identity infrastructure. Working closely with Intercede, the team delivered a comprehensive solution that included:
- Scalable Architecture: A robust CMS was deployed to support multiple air-gapped environments and manage tens of thousands of end-user devices. The system was initially configured for smartcards but designed to scale to mobile platforms, USB tokens, and virtual smartcards.
- Modern PKI Integration: A new PKI solution was seamlessly integrated, providing a secure and modern cryptographic foundation.
- Custom Applet Support: Smartcards were enabled with custom applets to meet specific operational requirements.
- 生体認証: Match-on-Card biometric authentication was introduced, enhancing both security and user convenience.
- 安全な鍵の保管 : A new CA-independent key storage solution was implemented, enabling secure generation, access, and recovery of sensitive cryptographic keys in line with strict security policies.
This tightly integrated solution not only helped meet the organization’s technical and compliance requirements but also introduced new capabilities that would support future innovation.
Our engagement with the customer was a testament to deep collaboration. By meticulously understanding their intricate requirements and working together with their ecosystem of technology partners, we were able to create a comprehensive digital identity framework. The integration of MyID CMS and MyID SecureVault ensures not just immediate operational resilience but also provides the foundational agility for their future security endeavours.
Siobhan Morey-Millington
Sales Director, Intercede
成果
With the solution now being rolled out in phases across the organization’s secure environments, early results are already demonstrating its value.
The deployment has enabled:
- Improved operational efficiency through streamlined credential management
- Enhanced security posture with biometric authentication and secure key storage
- Greater flexibility for future device and platform integration
Additionally, the phased approach has surfaced opportunities for further enhancements, such as secure biometric data storage, which will continue to strengthen the organization’s identity infrastructure.
The full rollout is expected to be completed by December 2026, with the system designed to remain operational for at least eight years – a testament to its long-term strategic value.
Collaborating on this project allowed us to deliver a modern PKI solution that seamlessly integrated with the broader digital identity framework. The synergy between our PKI and Intercede’s MyID CMS was crucial in supporting the Customer 's stringent security and compliance objectives, especially around FIPS 201 PIV. It's a prime example of how integrated, solutions elevate an organization's security posture.
Sales Director
Entrust
将来を見据えて
This project represents more than just a technology upgrade – it’s a foundational shift toward a more agile, secure, and future-ready digital identity ecosystem. As cyber threats continue to evolve and defense operations become increasingly digitized, the organization is now well-positioned to adapt quickly, integrate emerging technologies, and maintain the highest levels of trust and assurance.
Entrust remains committed to supporting this journey, ensuring that the digital identity infrastructure continues to evolve in step with the organization’s mission-critical needs.
関連製品とサービス
暗号セキュリティプラットフォーム
PKI、証明書ライフサイクル管理、鍵管理、シークレット管理、ハードウェア・セキュリティ・モジュールの多様な機能を、1つの統合されたシステムで提供することで、暗号管理を一元化することができます。
ハードウェアセキュリティモジュール
暗号化、デジタル署名、鍵の生成と保護を実行するFIPS 140-3レベル3認定のnShieldハードウェア・セキュリティ・モジュールを使用して、ネットワーク全体、クラウド、ハイブリッド環境のアプリケーションに暗号化サービスを提供します。
PKIと証明書ライフサイクル管理
Entrust Cryptographic Security Platformには、包括的で高性能なコンテナベースのPKI、証明書ライフサイクル管理、および自動化ソリューションが含まれています。
鍵、シークレット、および証明書の管理
分散型の保管庫ベースのアーキテクチャを採用した堅牢な鍵とシークレットのライフサイクル管理システムにより、一元的な可視性とコンプライアンス管理を提供します。
Fill out the form to have one of our representatives contact you to discuss how our solutions can serve you.