CoreStreet Validation Authority
The CoreStreet Validation Authority (VA) is a complete software solution that enables secure, scalable, and reliable digital certificate validation for populations of any size.
Features and Benefits
The CoreStreet Validation Authority is designed to support both traditional and distributed OCSP implementations. CoreStreet developed the distributed OCSP approach to support the needs of large, dispersed organizations. The benefits of this type of deployment include:
SecurityVA Responders have no private keys, so require little physical or network protection. These Responders cannot provide false responses even if compromised. In addition, the Validation Authority has received Common Criteria EAL3 certification
ScalabilityVA Responders can be rapidly deployed in any location, allowing for scalability to hundreds of remote sites.
AvailabilitySince VA Responders can be easily replicated in many locations, overall service availability is extremely high with excellent survivability under attack when compared to centralized, trusted topologies.
PerformanceVA Responders can be placed close to relying parties allowing extremely low latency for OCSP responses.
Cost EffectiveVA pricing allows for unlimited Responder deployment without software fees. In addition, there are no per-transaction costs.
Standards ComplianceWhile the CoreStreet VA represents a revolutionary approach to certificate validation, it integrates seamlessly with existing PKI components through standards such as X.509, OCSP, and LDAP.
Ease of ManagementSince the VA Responders represent stateless, appliance-grade functionality, only the central Validation Authority requires management. The Validation Authority can be configured through a full-featured web interface, command-line tools, or a programmatic API.
The CoreStreet Validation Authority (VA) consists of the components described in the following table:
|CoreStreet Validation Authority||The Validation Authority is the source of the validation proofs. It distributes lists of public validation proofs to any number of Validation Responders.|
|VA Responders||The VA Responders retrieve lists of validation proofs from one or more Validation Authorities and provide individual certificate validation information to relying party applications through an HTTP-based protocol.|
|Relying Party (RP) API||This API is integrated into relying 3rd party applications. Its purpose is to inspect certificates and validate their associated privileges using validation proofs which are retrieved from Responders.|
Each of these components is structured as an extensible set of tools that can be easily integrated into existing infrastructures and business processes. The Validation Authority and Responder products can be deployed as standalone programs whereas the Relying Party API is intended to be integrated into other programs or applications. Standard protocols and formats allow for replacement and/or cross-integration with other commercial products.
Other PKI products
- CoreStreet Desktop Validation Client
- CoreStreet Server Validation Extension
- CoreStreet Responder Appliance 2400D
For more information
- Identity Services Infrastructure — A practical approach to ensuring trust and privacy in government and industry