CTSS uses the built-in TPM on your PC to secure Cryptographic Keys and execute secure functions.
Supports Windows 7 as well as Windows 8, 10 and Windows Server 2003, 2008/R2 and 2012.
Supports Windows Auto-enrollment for automatic distribution of machine certificates to client devices.
First introduced in 2005, and now used by some of the largest enterprises in the world.
Full support for Windows Crypto API means the ability to customize certificate templates, including integrating user data.
CTSS supports TPMs from all major vendors, including Infineon, Atmel, STMicroelectronics and Broadcom
CTSS ensures that keys that are associated with device certificates are securely stored in a TPM module on the device, preventing duplication and comprise of the device credentials.
Certificate based device authentication is a proven method for securing access to networks whether hardwired, wireless or through VPN. In a standard network, any device that is attached to the network has access to all network communication between other devices. A compromised device can then intercept valuable information like user credentials. By requiring a device certificate (also known as a machine certificate) to access the network, a device is prevented from accessing network information until it is properly authenticated using the strong cryptographic keys associated with the certificate.
However, with standard device certificates the cryptographic keys are stored on disk and in memory. If a device is compromised, those keys can be compromised as well.
CTSS solves this problem by ensuring that device certificates are securely stored in the TPM, and that the relevant cryptographic operations are executed only in the TPM.
Access to CTSS is provided through a dedicated Windows compliant CSP and the Charismathics TSS stack, ensuring full integration with Microsoft Windows CryptoAPI/CNG, and insuring interoperability with Windows Certificate Auto-Enrollment.