Products
HID® ActivID™ Validation
Scalable and secure PKI certificate validation
Overview
Validation Authority Specs
Validation Responder Specs
Validation Client Specs
Real-time Validation Service
HID ActivID Validation is a comprehensive solution well-suited for large organizations needing to implement real-time validation services across multiple regional networks. It is also a good fit for government agencies and partner networks participating in a federated Public Key Infrastructure (PKI) comprising multiple Certificate Authorities (CAs), in which each party requires the ability to validate the status and authenticity of external credentials. The ActivID Validation solution, comprising the ActivID Validation Authority, the ActivID Validation Responder and the ActivID Validation Client, introduces a distributed infrastructure for certificate validation that improves upon any CRL or Traditional OCSP scheme in the following areas:
Key Benefits
- Security — ActivID Validation Responders have no private keys, so are less vulnerable to exploitation. They cannot provide false responses, even if compromised. Additionally, they use FIPS 140-2 certified cryptography.
- Scalability — ActivID Validation Responders can be rapidly deployed in any number of locations and scale to meet the needs of hundreds of remote sites
- Availability — ActivID Validation Responders can be easily replicated in many locations for high availability, with excellent survivability under attack
- Performance — ActivID Validation Responders can be placed close to relying parties to deliver extremely low latency for OCSP responses
- Cost-effectiveness — ActivID Validation Authority licensing allows for unlimited Validation Responder deployments at a fraction of the cost of the Traditional OCSP model. In addition, there are no per-transaction costs.
- Delegated validation — ActivID Validation Authority supports the Server-based Certificate Validation Protocol (SCVP) to confirm the authenticity of the issuing Certificate Authority (CA). This is especially relevant in a federated PKI comprising multiple CAs in which each party requires the ability to validate the status and authenticity of other’s credentials.
- Ease of management — The ActivID Validation Responders represent stateless, appliance-grade functionality, guaranteeing that only the central ActivID Validation Authority requires management
- Standards compliant — ActivID Validation Authority integrates seamlessly with existing PKI products from HID Global and other vendors, through standards, such as X.509, OCSP, SCVP, LDAP and RESTful API
The ActivID Validation Authority supports the following environments:
- Platforms — Microsoft Windows Server® 2012, 2012 R2, 2016 (64-bit), and 2019 (64 bit) Red Hat® Enterprise Linux® v7.x and 8.x (64-bit)
- Databases — Microsoft SQL Server 2016 and 2017, Oracle® 12c and 19c PostgreSQL 9.x
- Certificate authorities — All industry standards-compliant certificate authorities
- Hardware Security Modules (HSMs) — AEP KeyPer® Enterprise / Plus, Thales (formerly Gemalto SafeNet) Network HSM / PCIe HSM, Thales Trusted Cyber Technologies (formerly SafeNet Assured Technologies) Luna SA for Government, Entrust Datacard (formerly Thales) nShield™ Connect / Connect+ / Connect XC / Solo / Solo+
The ActivID Validation Responder Software supports the following environments:
- Software Version: Microsoft Windows Server® 2012, 2012 R2 and 2016 (64-bit), Red Hat® Enterprise Linux v6.x and 7.x (64-bit)
- Virtual Appliance: VMware virtualization environment; Debian Linux 9.0 operating system
Operating Systems:
- Windows 10
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019