Identity & Access Management


SealSign Central Key Control

Secure custody and centralized management of Digital Certificates

The custody and usage management of digital certificates in any medium or large organization has become a complex task that consumes technical resources.

Certificates are commonly installed either in the computer systems of users who need them for their work, a setup which entails significant risks to the organization, or in smartcards that users must bring to each system or device through a reader, which complicates their use.

In both cases, the organization has no mechanisms to register or limit which processes or electronic signatures are made, and there is also a risk of information leak associated with users copying such certificates.

SealSign® Central Key Control lets users store certificates in a centralized, controlled and secure manner in HSM devices that let only authorized users carry out authentication processes, signings or encryption with no need to have keys installed locally in their computers or devices, hence a fully transparent process for users.


  • Secure storage of personal, professional and corporate digital certificates in secure devices specialized in key custody
  • Maintains control over who can carry out operations on certificates through use policies and traceability of the operations made
  • Simplifies the use of certificates from applications on mobile devices with no need to upload certificates onto the device, streamlining management and precluding the risks associated with theft or misplacement of the mobile device
  • Reduction in the costs associated with managing and personalizing smartcards, enabling the creation of a single virtual smartcard per user



  • Secure certificate storage space exclusive to each user (Virtual Smartcard) protected by a PIN/Password or biometric credential
  • The SealSign CKC agent enables local use of certificates with no need to modify applications, and can co-exist with local certificates
  • Integrated with Microsoft Active Directory
  • Record and auditing of all operations made
  • Possibility of establishing proactive rules for delegating and limiting the use the certificates (by systems, users, processes and URLs)
  • Flexible and customizable report generator
  • Configurable alerts issued for expiration or revocation of digital certificates
  • Options for creating an inventory of certificates in use at workstations
  • Compatible with remote terminals such as Windows Terminal Services, Citrix XenApp and XenDesktop
  • Integrated with authorities for recording Certification Service Providers for directly issuing certificates in HSM (consult list)


Target group

  • Companies that want to replace their certificate store.
  • Companies that want to automate their hiring flows for tenders. It’s a unique mailbox for signing all the electronic documents that need to be reviewed or approved.
  • Companies with a need to store data in a centralized and secure manner.
  • Companies that want to protect a certificate of a legal entity to be used exclusively in specific situations and times.
  • Companies that need to include an authentication, signature or coding process without having to have the private key installed locally on their authorized users’ computers or devices.


Use cases

  • Signing tests, medical records, electronic prescriptions.
  • Signing import approvals for products in customs.
  • Processes for signing purchases or authorizations.
  • Process for signing documents, complying with the ANI (National Infrastructure Agency)
  • Signing authorizations or transactions without having to display certificates on device