HID Global’s ActivID® Validation Authority enables organizations to deploy a PKI certificate validation infrastructure capable of scaling to millions of user certificates. The solution supports the OCSP and SCVP standards, enabling real-time validation from every end point in an organization’s network, without needing to manage multiple large Certificate Revocation Lists (CRLs).

The ActivID Validation Authority is ideal for:

• Certificate Authority (CA) managed service providers wishing to provide a complimentary, highly scalable standards based validation service
• Organizations wishing to deploy a centralized certificate validation service that consolidates CRLs from multiple CAs

The ActivID Validation Authority can be combined with the ActivID Validation Responder to establish local OCSP and SCVP validation services across a distributed environment. The combined solution is ideal for large organizations needing to implement real-time validation services across multiple regional networks, and for organizations including government agencies and partner networks participating in a federated Public Key Infrastructure (PKI) comprising multiple CAs, in which each party requires the ability to validate the status and authenticity of others’ credentials.

The unique distributed architecture of the solution eliminates the need for securing individual OCSP / SCVP responders with their own signing keys. This greatly reduces the cost and complexity typically associated with enterprise-wide PKI deployments. Data compression optimizes network resources and bandwidth and enables the solution to scale to address user populations of millions of certificates with response times that are virtually instantaneous.

Key Features

The ActivID® Validation Authority enables organizations to deploy a distributed validation infrastructure across their network. The solution supports:

• Strong security: Organizations can validate the status of all their user credentials in near real-time. The solution utilizes the most advanced cryptographic standards, and supports all industry standard Hardware Security Modules (HSMs) for cryptographic operations.
• Industry Standards: Fully compliant with the industry OCSP, SCVP and PKI standards, as defined in their respective RFC specifications. The solution uses the Java Cryptographic Extension (JCE) standard to be interoperable with any compliant Hardware Security Module.
• Scalability: A single Validation Authority can scale to validate millions of credentials. Additional instances can be deployed to accommodate even larger populations.
• Cost Reduction: Traditional OCSP deployments require each responder to have its own set of cryptographic keys, resulting in huge costs for securing the infrastructure. The Validation Authority isolates all cryptographic activity to one server, eliminating these costs. Additionally, the solution shrinks the required hardware footprint of OCSP responders.
• Integration: Can be deployed with the ActivID Validation Client (Desktop Validation Client or Server Validation Extension), an OCSP/SCVP plugin for Windows environments. Additionally, the solution can be used with any OCSP or SCVP compliant software client.

The ActivID Validation Authority supports the following environments:

• Platforms: Microsoft Windows Server® 2012, 2012 R2 and 2016, Red Hat® Enterprise Linux v6 and 7
• Databases: Microsoft SQL Server™ 2012 R2 and 2014, Oracle® 12c, PostgreSQL 9.x
• Certificate authorities: All industry standards-compliant certificate authorities
• Hardware Security Modules (HSMs): Gemalto/SafeNet® Luna® SA and Luna PCI-E, Thales® nShield™ Connect and nShield Solo, AEP™ Keyper Enterprise and Keyper Plus