Overview of the Jetico Central Manager Database


Jetico Central Manager Database Encryption and Initialization.

Jetico Central Manager (JCM) encrypts sensitive information in its database and in the communication channel between JCM Client computers and JCM Server. The software utilizes public/private key technology to provide this functionality.

When JCM Console runs for the first time, the program automatically creates the first company and the first administrator account. At that time, two public/private key pairs are generated. The generation procedure runs on a local computer where the JCM Administrator starts initializing the JCM Database. The generated keys are password protected. Furthermore, since the keys are being generated on the local computer, the keys are transferred to remote database in a secure form.

Two key pairs function in the following manner:

  1. The first key pair is a Company Key. It is used to encrypt all sensitive information in JCM Database.
  2. The second encryption key pair is an Administrator Key. It is used to encrypt the Company Key. JCM allows creating user accounts with different roles (Administrator, Operator, Auditor). Since there are several persons who can administrate JCM Database to varying degrees, each should have his/her own password and key pair. A personal key is then used to encrypt the Company Key. This two-level key architecture allows the addition and removal of user accounts that can gain access to different portions of the sensitive data stored in the JCM Database.

When JCM generates an Administrator Key, it asks to for a password entry. The password is then used to encrypt the private key. Then, JCM generates a Company Key and encrypts it with the Administrator's public key. This means that subsequently, the Company Key can only be decrypted by this Administrator's private key which, in turn, has been encrypted by a key derived from the Administrator password.

Client-server communication

JCM secures the communication channel between the server and its clients using HTTPS protocol. When the JCM Client computer connects to the server for the first time, it receives the server root certificate, generates its own private/public key pair, and sends a request to the server to sign the keys. After the successful completion of this process, a client can verify the server since the client has the server certificate. Additionally, the server can verify all further requests from the client, since it has signed the client keys.

The communication channel between client and server is protected, because all of the information sent by the client to the server is encrypted by the server public key. When the client receives an encryption policy or any other data from the server, it can validate that the data comes from a proper server by ensuring the data is signed by the proper certificate.

JCM Administration Console.

To switch to JCM Administration Console, click Administration at the top bar of JCM Console. The administration console allows for a number of administrative functions:

See also: