1) A Key Requestor makes a request to recover one or more of a user’s keys.
2) The request is queued for Key Request Agent 1 (KRA1). An email notification is generated to notify all the members of the KRA1 group — as well as any other individuals that should be notified, such as security officers or Legal — that a key recovery process has commenced.
3) KRA1 retrieves and reviews the request to determine whether it is appropriate and meets applicable policies and agency guidelines. KRA1 can then approve or reject the request, or allow it to expire.
4) If approved by KRA1, an email notification is generated to alert Key Request Agent 2 (KRA2). KRA2 reviews the request to determine if appropriate and meets applicable policies and agency guidelines. KRA2 can then approve or reject the request, or allow it to expire.
5) If approved by KRA1 and KRA2, the Requestor is notified that request has been approved and the keys are ready for recovery. The Requestor may recover the keys to an approved storage format.
Venafi pioneered the machine identity protection market. Today, amid growing cybersecurity threats, it provides leading encryption technology solutions to the highly security conscious Global 5000. Its solutions secure cryptographic keys and digital certificates that both business and government agencies rely on for secure machine-to-machine connections and communications. Venafi holds 30 patents and devotes $12.5 million a year to its Machine Identity Protection Development Fund to promote the development of integrations with the Venafi Platform, sponsoring accelerated expansion of the Venafi ecosystem.