Jetico Central Manager (JCM) encrypts sensitive information in its database and in the communication channel between JCM Client computers and JCM Server. The software utilizes public/private key technology to provide this functionality.
When JCM Console runs for the first time, the program automatically creates the first company and the first administrator account. At that time, two public/private key pairs are generated. The generation procedure runs on a local computer where the JCM Administrator starts initializing the JCM Database. The generated keys are password protected. Furthermore, since the keys are being generated on the local computer, the keys are transferred to remote database in a secure form.
Two key pairs function in the following manner:
When JCM generates an Administrator Key, it asks to for a password entry. The password is then used to encrypt the private key. Then, JCM generates a Company Key and encrypts it with the Administrator's public key. This means that subsequently, the Company Key can only be decrypted by this Administrator's private key which, in turn, has been encrypted by a key derived from the Administrator password.Client-server communication
JCM secures the communication channel between the server and its clients using HTTPS protocol.
As part of the JCM Server installation, the JCM Setup program generates a public/private key pair and creates a server root certificate. When the JCM Client computer connects to the server for the first time, it receives the server certificate, generates its own private/public key pair, and sends a request to the server to sign the keys. After the successful completion of this process, a client can verify the server since the client has the server certificate. Additionally, the server can verify all further requests from the client, since it has signed the client keys.
The communication channel between client and server is protected, because all of the information sent by the client to the server is encrypted by the server public key. When the client receives an encryption policy or any other data from the server, it can validate that the data comes from a proper server by ensuring the data is signed by the proper certificate.
To switch to JCM Administration Console, click at the top bar of JCM Console. The administration console allows for a number of administrative functions: