Axway Validation Authority Suite



Similar documents
Certification Path Processing in the Tumbleweed Validation Authority Product Line Federal Bridge CA Meeting 10/14/2004

RSA Digital Certificate Solution

Test Plan for Department of Defense (DoD) Public Key Infrastructure (PKI) Interagency/Partner Interoperability. Version 1.0.3

Citrix MetaFrame XP Security Standards and Deployment Scenarios

Configuring Digital Certificates

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

ncipher Modules Integration Guide for Axway Validation Authority Server 4.11 (Responder)

Certificate Management

DEPARTMENT OF DEFENSE ONLINE CERTIFICATE STATUS PROTOCOL RESPONDER INTEROPERABILITY MASTER TEST PLAN VERSION 1.0

Alliance Key Manager Solution Brief

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

Alliance Key Manager A Solution Brief for Technical Implementers

RSA ACCESS MANAGER. Web Access Management Solution ESSENTIALS SECURE ACCESS TO WEB APPLICATIONS WEB SINGLE SIGN-ON CONTEXTUAL AUTHORIZATION

RSA Security RSA Keon Certificate Authority PKI Product

An Introduction to Entrust PKI. Last updated: September 14, 2004

The Security Framework 4.1 Programming and Design

An introduction to EJBCA and SignServer

Red Hat Identity Management. Certificate System Technical Overview

By Jan De Clercq. Understanding. and Leveraging SSL-TLS. for Secure Communications

The GlobalCerts TM Secur Gateway TM

What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4

NCP Secure Enterprise Management Next Generation Network Access Technology

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION

encryption keys, signing keys are not archived, reducing exposure to unauthorized access to the private key.

Department of Defense PKI Use Case/Experiences

<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008

Djigzo encryption. Djigzo white paper

Axway SecureTransport

DJIGZO ENCRYPTION. Djigzo white paper

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Open Directory. Apple s standards-based directory and network authentication services architecture. Features

The Costs of Managed PKI:

UserGuide ReflectionPKIServicesManager

Microsoft vs. Red Hat. A Comparison of PKI Vendors

Securing Citrix with SSL VPN Technology

How To Understand And Understand The Security Of A Key Infrastructure

DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0

Part III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0

Axway SecureTransport

PUBLIC Secure Login for SAP Single Sign-On Implementation Guide

Complying with PCI Data Security

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series

CA SiteMinder. Implementation Guide. r12.0 SP2

FAQs for Oracle iplanet Proxy Server 4.0

CoSign by ARX for PIV Cards

MetaFrame Presentation Server Security Standards and Deployment Scenarios Including Common Criteria Information

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Ciphire Mail. Abstract

Citrix Presentation Server Security Standards and Deployment Scenarios Including Common Criteria Information. Citrix Presentation Server 4.

MOVEIT: SECURE, GUARANTEED FILE DELIVERY BY JONATHAN LAMPE, GCIA, GSNA

SOLUTIONS FOR BUSINESS PROCESS & ENTERPRISE CONTENT MANAGEMENT. Imaging & Enterprise Content Management

Controlling Web Access with BMC Web Access Manager WHITE PAPER

Project Title: Judicial Branch Enterprise Document Management System RFP Number: FIN122210CK Appendix D Technical Features List

The governance IT needs Easy user adoption Trusted Managed File Transfer solutions

IBM CICS Transaction Gateway for Multiplatforms, Version 7.0

CIPHERMAIL ENCRYPTION. CipherMail white paper

Certificate Authority Product Overview Technology White Paper

NIST Test Personal Identity Verification (PIV) Cards

Utilizing the DoD PKI to Provide Certificates for Unified Capabilities (UC) Components. DISA NS2 Capabilities Center November 3, 2011 Revision 1.

IBM Lotus Instant Messaging and Web Conferencing 6.5.1

Installation and Configuration Guide

ACE Management Server Deployment Guide VMware ACE 2.0

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Configuring DoD PKI. High-level for installing DoD PKI trust points. Details for installing DoD PKI trust points

LAB FORWARD. WITH PROService RMS TECHNOLOGY, ARCHITECTURE AND SECURITY INFORMATION FOR IT PROFESSIONALS

Archive Data Retention & Compliance. Solutions Integrated Storage Appliances. Management Optimized Storage & Migration

Citrix MetaFrame Presentation Server 3.0 and Microsoft Windows Server 2003 Value Add Feature Guide

SBR Enterprise Series Steel-Belted Radius Servers

Content Distribution Management

Certificate technology on Pulse Secure Access

Identity & Privacy Protection

owncloud Architecture Overview

How To Achieve Pca Compliance With Redhat Enterprise Linux

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

How To Protect Your Data From Harm With Safenet

Certificate technology on Junos Pulse Secure Access

Configuration Guide BES12. Version 12.3

CA IDMS Server r17. Product Overview. Business Value. Delivery Approach

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

Active Directory Compatibility with ExtremeZ-IP

Oracle Access Manager. An Oracle White Paper

Data Sheet. NCP Secure Enterprise Management. Next Generation Network Access Technology

Public Key Infrastructure for a Higher Education Environment

IBM Security Access Manager for Web

The bridge to delivering digital applications across cloud, mobile and partner channels

Secure Gateway for Windows Administrator s Guide. Secure Gateway 3.1 for Windows

CA Service Desk Manager Release 12.5 Certification Matrix

CA Identity Manager. Installation Guide (WebLogic) r12.5 SP8

Deploying Smart Cards in Your Enterprise

Using Entrust certificates with VPN

RSA SecurID Two-factor Authentication

Transcription:

Axway Validation Authority Suite PKI safeguards for secure applications Around the world, banks, healthcare organizations, governments, and defense agencies rely on public key infrastructures (PKIs) to secure everything from enterprise networks, to multi-million dollar electronic transactions, to military facilities. Within these PKI environments, protecting high-value assets whether they are product plans, financial data, patient records, or physical locations requires both vigilance and diligence. Axway Validation Authority (VA) Suite offers a comprehensive, scalable, and reliable framework for real-time validation of digital certificates and access permissions within PKI environments. VA Suite is Certificate Authority (CA)-neutral and provides support for multiple CAs, several different trust models, and CA-specific validation policies. Axway VA Suite is: Vigilant in determining whether people are who they say they are, and if their digital certificates are valid and current. Diligent in verifying which secure applications, networks, and locations the owner of a valid digital certificate is authorized to access at any given point in time. VA Suite Key Features & Benefits Flexible and robust certificate validation Axway Identity Validation Suite is CA-neutral and supports all widely adopted international security standards and open technologies Certified to meet Common Criteria (EAL 3), FIPS 201, NIST PDVAL, FIPS 140-2, and DoD JITC standards. OCSP and SCVP compliant (RFC 2560, RFC 5055) Entrust-ready and IdenTrust-compliant Part of the IdenTrust, SWIFT Trust Act, BACS, and Global Trust Authority financial trust infrastructures Interoperable with leading cryptographic hardware, including products certified to FIPS 140-2 Level 3 and 4, as well as smart cards such as the DoD Common Access Card and the Federal Personal Identity Verification Card or national eid-card www.axway.com 1

Standards Support OCSP (RFC 2560) IPv6 and IPv4 SCVP (RFC 5055) SSL 3.0, TLS 1.0 X509v3 digital certificate format CRLv2 and delta CRL revocation data LDAP(S), FTP, HTTP(S) CRL retrieval SNMP and HTTPS administration RSA PKCS#1,#7,#10,#11 RSA SHA-1, SHA-256. SHA-512 and MD5 Microsoft Cryptographic API ECC prime 256,384 ECCDSA Next-generation certificate validation Identifying invalid or revoked digital certificates is just the tip of the PKI iceberg. Beneath the surface, a secure PKI also needs to: Know which applications and/or network locations a user ( John ) is authorized to access; Enforce John s level of access and any enterprise policies that apply to his account; Federate John s physical access rights across multiple buildings and/or geographic locations; and Provide visibility into the what, where, and when of each and every instance of John s physical and logical access. Axway VA Suite s Server-based Certificate Validation Protocol (SCVP) technologies enables applications to delegate both revocation-checking and path validation to a trusted server in a single request. SCVP enables harvesting of an entity s credential for the full range of access rights, crossvalidated across multiple certificate chains by highly accredited certification issuers. Axway Validation Authority (VA) Suite Validation Authority Server, a high-performance multi-platform server that processes client digital certificate status queries using a variety of protocols, including OCSP, SCVP, CMP, and VACRL Server Validator, a flexible client application for validating digital certificates from the most widely used secure Web servers and Web application servers Desktop Validator, a flexible client application that enables Microsoft Windows-based desktop and server applications to validate digital certificates via the Microsoft Cryptographic API (CAPI) Axway VA Suite The most widely deployed validator of digital certificates Axway VA Suite consists of several components that provide a flexible and robust certificate validation solution for both standard and custom desktop and server applications. These components may be used together or, leveraging open standards, integrated with existing solutions using OCSP or SCVP (RFC 5055). Microsoft CAPI Enabled Desktop Applications Desktop Validator Standard Edition Microsoft CAPI Enabled Server Applications Desktop Validator Enterprise Edition Secure Web and Application Servers Oracle Application Server Apache IBM Lotus Domino Netscape/ Sun Server Validator Redhat Stronghold BEA WebLogic Validator Toolkits, a complete set of certificate validation functions, source code examples, and reference manuals that enables certificate validation integration into commercial or custom applications developed in C/C++ or Java Validation Authority Repeater OCSP, SCVP and VACRL over HTTP(S) CA Directory OCSP (no nonce) Validation Authority Repeater OCSP Firewall or Air Gap CRL CRL Validation Authority Responder Hardware Signing Module Pre-computed OCSP Cache 2 www.axway.com

With support for caching and replication of revocation data regardless of format, VA Suite enables cost-effective scalability across a wide range of operational environments, including hardware-software appliance and Java-based solutions for distributed or hosted environments. VA Server The VA Server is the core of the Axway VA Suite. A sophisticated digital certificate status responder, VA Server prevents revoked credentials from being used for secure email, smart card login, network access (including wireless), or other sensitive electronic transactions. VA Server maintains a store of digital certificate revocation data by obtaining the Certificate Revocation List (CRL) from the issuing CA. To validate a digital certificate, a client application can simply query the VA Server rather than performing the cumbersome task of obtaining and processing the entire CRL every time it encounters a digital certificate. Client applications can query VA Server utilizing various open standard protocols (OCSP, SCVP, CMP, VACRL), which allows them to delegate the entire certificate validation operation, including path construction and intermediate CA validation, to the VA Server. For tactical environments, or where bandwidth is limited, VA Server also supports protocols like Compact CRL and VACRL that allow the server to convert CA-issued CRLs which can be as large as 40+ MB for mature PKIs into revocation data that has a much smaller footprint. VA Server Key Features & Benefits VA-to-VA mirroring (replication) Distributed repeater-responder caching Robust security and non-repudiation Supports backup, load balancing, and failover by replicating the same certificate revocation data across a cluster of VA Servers Maintains a cache loaded with OCSP responses that are pre-computed or dynamically built up by proxy client requests to a responder Supports non-ocsp clients or clients that want to maintain their own revocation data caches for backup and in lowbandwidth and non real-time environments Supports SSL-based communications with clients, digitally signed client requests/responses, and digitally signed XML logs and CRL archives, as well as SSL-based server administration. Supports software, PKCS #11, and CAPI token-based hardware signing and encryption products from all leading vendors

VA Server Validator VA Server Validator is a flexible client application that enables digital certificate validation on the most widely used secure Web and application servers available on UNIX, Windows, and Apple platforms, including: Apache Oracle Application Server Red Hat Strong Hold BEA WebLogic IBM Lotus Domino VA Server Validator utilizes the native interfaces of these Web and application servers to add digital certificate validation functionality as part of the product s PKI-based client authentication. Working as a plug-in, VA Server Validator can query a VA Server (or any other standards-based digital certificate validation responder) or utilize a CRL to determine the status of a digital certificate presented by a client. Clients with revoked or expired certificates are denied access to the server or application. VA Desktop Validator VA Desktop Validator is a flexible client solution that enables digital certificate validation in the most commonly used Microsoft Windows-based desktop and server applications. VA Desktop Validator integrates seamlessly with any Microsoft Cryptographic API (CAPI)- compliant client or server application: Validates digital certificates encountered by PKI-enabled Windows applications via CRL lookups or standard protocol queries to a VA Server or other OCSP or SCVP standardsbased responder. Is highly available and can be remotely installed, configured, and maintained using applications such as Microsoft SMS, CA Unicenter or Microsoft Active Directory. Supports single sign-on applications based on digital certificates stored on smart cards such as the DoD Common Access Card. Enables secure workflow applications based on digitally signed documents and secure email (S/MIME) messages. VA Repeater and Responder Appliances VA Server Appliances are hardware-software appliance solutions that can be installed in less than 30 minutes, and deliver the lowest total cost of ownership for distributed computing environments. www.axway.com 4

Server Validator & Desktop Validator Key Features & Benefits Robust security and non-repudiation Separate, configurable validation caches Automatic configuration Processes CRL data from multiple CA or VA sources to support complex trust models and certificate policy controls for path processing and policy enforcement Performs end-to-end certificate validation if one or more intermediate CAs are used and the validation policy requires a complete certificate chain validation Communicates securely with VA Server utilizing SSL/TLS, and digitally signs requests to the VA Server for deployments that require a high degree of auditability and non-repudiation Supports cryptographic hardware via the standard PKCS #11 interface, including FIPS 140-2 Level 3 and 4, which can be used to accelerate digital signing and SSL/TLS operations In-memory repository of all certificate validation requests, regardless of the validation mechanism Disk-resident CRL repository Improves performance and increases reliability in environments where the underlying network is not always available. Robust failover mechanism supports multiple sources of revocation information, including multiple VA Servers Supports automatic configuration using parameters obtained from the VA Server if the Web or application server supports auto-configuration Facilitates large-scale application deployments VA Validator Toolkits System Specifications VA Validator Toolkits provides a complete set of certificate validation functions, source code examples and reference manuals. The VA Validator Toolkits can save development time and money for commercial or custom PKI-enabled applications, such as network and handheld devices, physical security systems and workflow applications. The VA Validator Toolkits encapsulates the complexities of PKI digital certificate validation in a three-step process that developers can implement through easyto-understand C/C++ and Java interfaces. The VA Validator Toolkit for C/C++ is certified DOD JITC, IdenTrust and FIPS 140-2 Level 1 compliant. These credentials save organizations the time and cost of additional testing and certification. The Validator Java Toolkit uses third-party Java security providers to execute cryptographic functions. Learn More To learn more about how Axway Validation Authority Suite can provide your organization with a comprehensive, scalable and reliable framework for real-time validation of digital certificates and access permissions within PKI environments, visit us at www.axway.com/contact-us. Delivery options Hardened Linux appliance Software application Platforms (64-bit support) Sun Solaris 10 Red Hat Linux 5, 6 Axway Appliance (Windows and Linux) Windows 2003, 2008, 2012, XP, Vista and Windows 7 Cryptographic Hardware (FIPS 140-2 Levels 2, 3 &4) Thales SafeNet AEP Networks Load Balancers Cisco CSS and CSM Foundry BigIron F5 Big IP Resonate Dispatch www.axway.com 5

For more information, visit www.axway.com Copyright Axway 2014. All rights reserved. 6 www.axway.com DS_VA_EN_DC_080415

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information