HID Global’s ActivID® Validation Authority enables organizations to deploy a PKI certificate validation infrastructure capable of scaling to millions of user certificates. The solution supports the OCSP and SCVP standards, enabling real-time validation from every end point in an organization’s network, without needing to manage multiple large Certificate Revocation Lists (CRLs).
The ActivID Validation Authority is ideal for:
- Certificate Authority (CA) managed service providers wishing to provide a complimentary, highly scalable standards based validation service
- Organizations wishing to deploy a centralized certificate validation service that consolidates CRLs from multiple CAs
In addition to the combined solution being ideal for large organizations needing to implement real-time validation services across multiple regional networks, it is also optimal for organizations in which each party requires the ability to validate the status and authenticity of external credentials; this includes government agencies and partner networks participating in a federated Public Key Infrastructure (PKI) comprising multiple CAs.
The unique distributed architecture of the solution eliminates the need for securing individual OCSP / SCVP responders with their own signing keys. This greatly reduces the cost and complexity typically associated with enterprise-wide PKI deployments. Data compression optimizes network resources and bandwidth and enables the solution to scale to address user populations of millions of certificates with response times that are virtually instantaneous.
Key Features
The ActivID® Validation Authority enables organizations to deploy a distributed validation infrastructure across their networks. The solution supports:
- Strong security: Organizations can validate the status of all their user credentials in near real-time. The solution utilizes the most advanced cryptographic standards and supports all industry standard Hardware Security Modules (HSMs) for cryptographic operations.
- Industry Standards: Full compliance with industry OCSP, SCVP and PKI standards is met, as defined in their respective RFC specifications. The solution uses the Java Cryptographic Extension (JCE) standard to be interoperable with any compliant Hardware Security Module (HSM).
- Scalability: A single Validation Authority can scale to validate millions of credentials. Additional instances can be deployed to accommodate even larger populations.
- Cost Reduction: Traditional OCSP deployments require each responder to have its own set of cryptographic keys, resulting in huge costs for securing the infrastructure. The Validation Authority isolates all cryptographic activity to one server, eliminating these costs. Additionally, the solution shrinks the required hardware footprint of OCSP responders.
- Integration: Deployment is available with the ActivID Validation Client (Desktop Validation Client or Server Validation Extension), an OCSP/SCVP plugin for Windows environments. Additionally, the solution can be used with any OCSP or SCVP compliant software client.
Specifications
The ActivID Validation Authority supports the following environments:
- Platforms: Microsoft Windows Server® 2012, 2012 R2 and 2016 (64-bit), Red Hat® Enterprise Linux® v6.x and 7.x (64-bit)
- Databases: Microsoft SQL Server™ 2014, 2016 and 2017, Oracle® 12c, PostgreSQL 9.x
- Certificate authorities: All industry standards-compliant certificate authorities
- Hardware Security Modules (HSMs): Gemalto/SafeNet® Network HSM and PCIe HSM, SafeNet Assured Technologies Luna SA for Government, Thales® nShield™ Connect, Connect+ and Connect XC and nShield Solo and Solo+, AEP™ Networks Keyper Enterprise and Keyper Plus