Business Identity Certificate with YubiKey

YubiKey FIPSSSL.com’s Business Identity document signing, client authentication, and email certificates are now delivered on FIPS 140.2 validated YubiKey USB tokens, offering many additional benefits to our customers.

The YubiKey FIPS token offers extra security for your private keys, which are protected by a PIN and are not exportable from the device. Plus, you get the convenience of having your certificates and keys installed on a small USB token that you can put on your keychain and take anywhere!

Read on to find out more about all the great features offered by our Business Identity certificates, plus ordering information:

If you already own a YubiKey FIPS that you’d like to install a Business Identity certificate on, we’ve got you covered! Please read our how-to on Key Generation and Attestation with YubiKey for details.

FIPS 140.2 Validated Hardware Token

 

Each Business Identity certificate is shipped on a FIPS 140.2 validated YubiKey USB token, offering multiple security and convenience benefits:

  • Private keys for authentication and document signing are securely generated and stored on the YubiKey and cannot be exported, making your YubiKey a unique identifier for document and email signing and client authentication.
  • Each YubiKey is protected by a PIN that can be set by the user.
  • Compliance with FIPS 140.2 standards (Overall Level 2, Physical Security Level 3) for cryptographic modules and meets the highest Authenticator Assurance Level (AAL3) of NIST SP800-63B guidance.
  • Multiple authentication protocols and crypto algorithms.
  • Small, convenient USB device that does not require batteries or network connectivity.
  • YubiKey Manager software for simple management of PIN, certificates, and One-Time Password (OTP) features.
  • Seamless integration with SSL.com’s SSL Manager software (coming soon in next release).

Digital Signatures for Adobe PDF and Microsoft Office

 

Your Business Identity certificate can be used for secure document signing in Adobe PDFs and Microsoft Office documents.

  • A digital signature provides proof that the signer of an electronic document is who they claim to be, and demonstrates that the information in the document has not been altered since it was signed.
  • Digitally-signed documents ensure legal non-repudiation. If a person digitally signs a document with their private document signing key, it is difficult for them to deny that they signed it.
  • As a publicly trusted certificate authority and member of the Adobe Approved Trust List (AATL), SSL.com’s Business Identity certificates are trusted worldwide for signing digital documents, including Adobe PDF and Microsoft Office.
A digitally-signed contract or other legal document is just as legally binding as a paper contract signed in ink. The Electronic Signatures in Global and National Commerce Act (2000) indicates that a contract or signature “may not be denied legal effect, validity, or enforceability solely because it is in electronic form.”

Secure S/MIME Email

 

SSL.com’s Business Identity certificates also support the S/MIME standard for email protection. S/MIME works in two ways to prevent phishing attacks and keep messages secure while in transit:

  • Digital Signatures for email messages provide the same benefits as digitally-signed PDF and Word documents. Your recipients can be assured that the messages you send are really from you and not an attacker. And, like signed documents, signed email provides legal non-repudiation.
  • Encrypted email keeps your messages secure in transit using the same kind of strong public-key cryptography used to protect HTTPS websites on the World Wide Web.
Note: Because it is impossible to export a private key from a FIPS YubiKey, it is important to deliver a separate S/MIME encryption certificate outside of the YubiKey so that users can back up their private key. Otherwise, they are at risk of losing access to their data if a YubiKey is lost. For this reason, each Business Identity certificate includes a download credit for an additional Organization Validated (OV) S/MIME certificate, which may optionally installed by a user on their YubiKey. Please see our how-to with complete instructions for this simple process.

Client Authentication and Single Sign-On

 

SSL’s Business Identity certificates offer an additional layer of client authentication for workstation, application, and website sign-in that is not susceptible to phishing attacks, keystroke loggers, or other forms of credential theft. Once set up, it’s easy to log into any Windows, Mac, or Linux computer with just your YubiKey and a PIN (please see Yubico’s documentation for specific instructions for each platform). Plus, for maximum flexibility, each YubiKey FIPS offers several additional protocols for authentication and sign-on, including:

Ordering

SSL.com’s Business Identity certificates with YubiKey are available for ordering now, with discounts of up to 45% for multi-year orders. Additional discounts are also available through our reseller program.

If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. Thank you for choosing SSL.com!