Real-time Validation Service

HID ActivID Validation is a comprehensive solution well-suited for large organizations needing to implement real-time validation services across multiple regional networks. It is also a good fit for government agencies and partner networks participating in a federated Public Key Infrastructure (PKI) comprising multiple Certificate Authorities (CAs), in which each party requires the ability to validate the status and authenticity of external credentials. The ActivID Validation solution, comprising the ActivID Validation Authority, the ActivID Validation Responder and the ActivID Validation Client, introduces a distributed infrastructure for certificate validation that improves upon any CRL or Traditional OCSP scheme in the following areas:

Key Benefits

• Security — ActivID Validation Responders have no private keys, so are less vulnerable to exploitation. They cannot provide false responses, even if compromised. Additionally, they use FIPS 140-2 certified cryptography.
• Scalability — ActivID Validation Responders can be rapidly deployed in any number of locations and scale to meet the needs of hundreds of remote sites
• Availability — ActivID Validation Responders can be easily replicated in many locations for high availability, with excellent survivability under attack
• Performance — ActivID Validation Responders can be placed close to relying parties to deliver extremely low latency for OCSP responses
• Cost-effectiveness — ActivID Validation Authority licensing allows for unlimited Validation Responder deployments at a fraction of the cost of the Traditional OCSP model. In addition, there are no per-transaction costs.
• Delegated validation — ActivID Validation Authority supports the Server-based Certificate Validation Protocol (SCVP) to confirm the authenticity of the issuing Certificate Authority (CA). This is especially relevant in a federated PKI comprising multiple CAs in which each party requires the ability to validate the status and authenticity of other’s credentials.
• Ease of management — The ActivID Validation Responders represent stateless, appliance-grade functionality, guaranteeing that only the central ActivID Validation Authority requires management
• Standards compliant — ActivID Validation Authority integrates seamlessly with existing PKI products from HID Global and other vendors, through standards, such as X.509, OCSP, SCVP, LDAP and RESTful API