CoreStreet’s certificate validation technology has been selected by the U.S. Department of Defense (DoD) for its Common Access Card (CAC) program. The new technology will significantly expedite the use of the deployed PKI for email and document signing.
U.S. DEPARTMENT OF DEFENSE PKI PROGRAM MANAGEMENT OFFICE SELECTS CORESTREET DISTRIBUTED OCSP FOR CERTIFICATE VALIDATION IN WORLD’S LARGEST ACCESS CARD PROGRAM
Results from Global 12-Month Pilot Show Savings by Increasing Worker Productivity
Cambridge, Mass.-February 7, 2005-The U.S. Department of Defense PKI Program Management Office (DoD PKI PMO) announced today that it has selected CoreStreet’s technology as one of two solutions to validate digital certificates issued as a key component of the DoD’s Identity Protection and Management Program, which includes the Common Access Card (CAC) Program. The selection caps a year-long global pilot supporting the use of over 13.5 million issued certificates that showed a marked improvement in performance, availability and cost savings over previously deployed technologies.
The Common Access Card Program has been developed to improve security for all employees worldwide who send email, digitally sign documents and access secure systems. Currently, the DoD requires that email be digitally signed in order to validate the authenticity and protect the integrity of the message. Until now, this process required downloading over 30 megabytes of validation data from one central, secured location and typically took more than an hour to complete. With millions of users in the DoD, the cost of lost productivity was significant.
To address the DoD’s validation response time issue, CoreStreet introduced a new architecture-called Distributed Online Certificate Status Protocol (D-OCSP)-that cuts validation time to 65 milliseconds and requires the download of a file no larger than a few hundred bytes. In addition, the technology provides increased security without necessitating costly, secured responders. After evaluating solutions from nine different vendors, the DoD PKI PMO ranked CoreStreet’s Real Time Credential Validation Authority (RTC VA) as one of the two highest ranked solutions under evaluation, making it a clear choice for digital certificate validation within the DoD Public Key Infrastructure (PKI).
“People waited so long for CRLs to download that it cost us tremendously in productivity and drove people to circumvent the security built into our systems,” said Gil Nolte, director of the DoD’s PKI Program Management Office, a component of DoD’s Identity Protection and Management Activities. “With the new architecture from CoreStreet, the process is so quick that it is transparent to the user, and we’re now able to ensure the security and validity of digitally signed communications.”
The Identity Protection and Management Program, which brings together physical and virtual access control, is the DoD program responsible for meeting the requirements of Homeland Security Presidential Directive 12, issued this August. This Directive requires all federal employees and contractors to use a single credential for access to both federally controlled physical locations as well as federally controlled digital information systems. Distributed OCSP enables programs of such scope to achieve their security goals in a way that does not impede productivity.
“The year-long DoD pilot was the most demanding test of an advanced credential validation program ever completed,” said CoreStreet President Phil Libin. “For the entire duration of the pilot, CoreStreet validated all 13.5 million issued certificates in real time, proving that the limitations digital certificates faced in the past have been overcome through D-OCSP. Now that one hurdle has been passed, the next step is to join initiatives on the logical and physical sides to meet the true intent of the Presidential Directive.”
Converged Security: CAC as the “Gold Standard”
Today, nearly 3.5 million personnel use the CAC card for authorized access to buildings and computer networks. As the CAC program grows to meet the convergence requirements of the Presidential Directive, additional government agencies, as well as private-sector contractors, will become part of the program or look to it as the “gold standard” by which to guide their own implementations.
“The U.S. Department of Defense’s selection of CoreStreet is dramatic testament to CoreStreet’s massively scalable security architecture and authorization capabilities,” said Carol Baroudi, partner, Hurwitz & Associates. “We’re talking about validating the credentials of literally millions of government employees and contractors. What could be more critical? Frankly, without CoreStreet’s approach, meeting the Presidential Directive would prove problematic both technologically and fiscally. I feel confident in CoreStreet’s approach and capabilities, and grateful for the price tag.”
Because the D-OCSP infrastructure enables responders to be placed anywhere without protection, they can be moved to the network edge easily, as demonstrated by the use of the Akamai network during the 12-month pilot. This enables fast response time from anywhere in the world, helping CoreStreet technology validate millions of certificates in real time. Additional responders can be added at any time at little cost, enabling the system to scale as fast and as large as necessary.
Industry’s Most Secure and Cost-Effective Validation Solution
The CoreStreet RTC VA manages all PKI deployments, including applications such as secure email and signed documents, and is fully compatible with current security standards, including X.509 digital certificates, and OCSP and SCVP validation protocols. It enables security administrators to revoke an individual’s access rights in real time, in any environment, connected or disconnected, and is being deployed by government agencies and private sector organizations to bridge the gap between logical and physical environments.
In October, the RTC VA became the first OCSP product to receive Common Criteria EAL3 certification from the National Information Assurance Partnership (NIAP).
Typically, an organization already using PKI products can plug in the RTC VA without making any changes to their existing infrastructure. For more information about the RTC VA please visit www.corestreet.com/products/rtcva.html
Every day CoreStreet’s patented technology is used worldwide to authorize critical events that range from opening signed e-mail and documents to granting physical access. The design and economics of the CoreStreet solution make large-scale access programs, which were previously impossible, a reality by enabling organizations to control access to information systems and hundreds of thousands of physical access points both securely and from a central location. CoreStreet’s technology, products, and services are delivered through partnerships with the world’s leading infrastructure providers, lock and access control companies, and security systems integrators. Customers include ASSA ABLOY, Honeywell, the Departments of Defense, and the Department of Homeland Security. CoreStreet is privately funded and headquartered in Cambridge, Mass. More information, including detailed technical whitepapers, industry solution studies, and a list of the patents awarded to the company, is available at www.corestreet.com.