Axway VA Suite protects mission-critical infrastructures by ensuring that revoked or invalid credentials cannot be used for secure email, smart card login, network access (including wireless) or other sensitive electronic transactions. With support for caching and replication of revocation data regardless of format, VA Suite enables cost-effective scalability across a wide range of operational environments, including hardware-software appliances and Java-based solutions for distributed or hosted environments.
Banks, businesses, governments and defence organisations around the world use Axway VA Suite for real-time validation of digital certificates within PKI environments.
Using protocols like OCSP and CRLs can help identify revoked entities, but knowing whose credentials are defective is just the tip of the information iceberg.
Validation is constantly evolving, and Server-based Certificate Validation Protocol (SCVP) is the emerging new standard. While OCSP-based certificate validation provides revocation status of digital certificates in a highly performant and scalable manner, VA Suite’s SCVP technologies take access validation to the next level, enabling applications to delegate both revocation checking and path validation to a trusted server in a single request.
SCVP enables the harvesting of an entity’s credential for the full range of its access rights, cross-validated across multiple certificate chains by highly accredited certification issuers. In real-world terms, this means that not only do you know John Doe’s credential status, you can also:
- Enforce which applications and/or network locations John is authorised to access;
- Enforce John’s level of email access and which company policies apply to his account, whether he be an IT administrator or an HR director;
- Federate John’s physical access rights across multiple buildings and/or geographic locations;
- Provide visibility into the what, where and when of each and every instance of physical and logical access.
VA Suite consists of several products that provide a flexible and robust certificate validation solution, for both standard and bespoke desktop and server applications:
- Validation Authority Server, a high-performance multi-platform server that processes client digital certificate status queries using a variety of protocols, including OCSP, SCVP, CMP, Compact CRL and VACRL.
- Server Validator, a flexible client application for validating digital certificates from the most widely used secure Web servers and Web application servers.
- Desktop Validator, a flexible client application that enables Microsoft Windows-based desktop and server applications to validate digital certificates via the Microsoft Cryptographic API (CAPI).
- Validator Toolkit, a complete set of certificate validation functions, source code examples, and reference manuals that enables certificate validation integration into commercial or bespoke applications developed in C/C++ or Java.
These components may either be used together or integrated with existing solutions using OCSP or SCVP (RFC 5055), by means of open standards.
VA Suite is CA-neutral and supports all widely adopted international security standards and open technologies:
- Certified to meet Common Criteria (EAL 3), FIPS 201, NIST PDVAL, FIPS 140-2, and DoD JITC standards
- SCVP compliant (RFC 5055)
- Entrust-ready and IdenTrust-compliant
- Part of the IdenTrust, SWIFT Trust Act, BACS and Global Trust Authority financial trust infrastructures
- Interoperable with leading cryptographic hardware, including products certified to FIPS 140-2 Level 3 and 4, as well as smart cards such as the DoD Common Access Card and the Federal Personal Identity Verification Card or national eID-card.