CyProtect AG - Tumbleweed Validation Authority Overview

Tumbleweed Validation Authority Overview

Tumbleweed Validation Authority™:
The Most Widely Deployed Validator of Digital Certificates

Banks, governments, and businesses worldwide rely on their Public Key Infrastructure (PKI) and digital certificates to secure everything from corporate network access to multi-million dollar electronic transactions to physical access of military facilities. Trusting an invalid certificate can expose an organization to potential fraud, theft, and compromise. Organizations rely on the Tumbleweed Validation Authority™ Suite, the leading identity validation solution, to protect the integrity of their PKI. Digital certificate validation enables organizations to maximize their return on investment by ensuring their PKI safeguards all their secure applications.

PKI enabled systems depend on digital certificates, electronic credentials issued by a certificate authority (CA), to establish identity and trust. However, digital certificates alone are not enough to ensure the integrity of PKI solutions. Electronic credentials, like passports, credit cards, security badges, and other physical credentials, can become expired, revoked, or otherwise invalid over time. Similar to point of sale credit card authorizations, digital certificate status must be validated whenever the certificate is to be trusted.

The Tumbleweed Validation Authority (VA) offers a comprehensive, scalable, and reliable framework for real-time validation of digital certificates. VA is a proven, fourth-generation solution that has been deployed by hundreds of customers worldwide for over six years, including the US Department of Defense and all branches of the US military, US Department of Homeland Security and US intelligence communities, as well as top financial institutions globally.

The VA is CA neutral and supports numerous well accepted international security standards and open technologies. VA is certified FIPS 140-1, DOD JITC, Identrus, and Common Criteria compliant, and is part of the Identrus, SWIFT Trust Act, BACS and Global Trust Authority financial trust infrastructures. The VA interoperates with cryptographic hardware, including FIPS 140-2 Level 3 and 4 devices as well as smart cards such as DOD Common Access Card.

The VA suite consists of several products that provide a flexible, cost-effective, and robust solution ideally suited to a wide range of client applications in diverse operating environments.

Tumbleweed Valicert Validation Authority (VA Server)

A high-performance multi-platform server that processes client digital certificate status queries using a number of different protocols including OCSP, SCVP, and VACRL. The VA Server offers numerous advanced features including support for multiple CAs, various validation trust models, CA-specific validation policies, VA-to-VA mirroring (replication) of CA and VA manufactured CRLs and delta-CRLs,  distributed Repeater-Responder caching of pre-computed and dynamic OCSP responses. The VA Server provides robust non-repudiation features including digitally signed responses, digitally signed logs, and CRL archive. The VA Server also provides superior operational capabilities through the support of FIPS 140-2 Level 3 and Level 4 compliant cryptographic hardware, as well as robust monitoring, administration, and auditing.

Additionally, the VA product line includes the Tumbleweed Valicert VA Repeater Appliance and Repeater Servlet. The VA Repeater Appliance is a hardware-software appliance solution, leveraging Tumbleweed’s secure, hardened Linux-based platform. The VA Repeater Appliance can be installed in less than thirty minutes, offering organizations the lowest total cost of ownership and an ideal solution for distributed computing environments. The Repeater Servlet provides a light-weight solution for deploying a high-scale, high-reliability digital certificate infrastructure, leveraging the platform independence of Java. The Repeater Servlet is an ideal solution for distributed hosted computing environments.

Server Validator

A flexible client application for enabling digital certificate validation in the most widely used secure Web servers and Web application servers available on UNIX, Windows, and Apple platforms including Microsoft ISA, Apache, Oracle Application Server, Red Hat Strong Hold, BEA WebLogic, and IBM Lotus Domino, with support for automatic configuration and fail-over support through the use of multiple validation mechanisms.

Desktop Validator, Standard and Enterprise

Flexible client solutions for enabling Microsoft Windows based desktop and server applications respectively to validate digital certificates via the Microsoft Cryptographic API (CAPI), including support for FIPS 140-2 Level 2 smart cards such as DOD Common Access Card, flexible default and CA specific validation rules, robust fail-over mechanism with multiple revocation data sources, remote management via Microsoft SMS, CA Unicenter, and Microsoft Active Directory. DV can also be automatically configured via the VA Server for ease of large-scale deployment.

Validator Toolkit

A complete set of certificate validation functions, source code examples and reference manuals that enables certificate validation integration into third party or custom applications developed in C/C++ or Java such as network and hand-held devices, physical security systems, and custom PKI-enabled workflow applications.

Interested in Tumbleweed solutions? Please contact us.