Success Story: IdenTrust

Secure, easy-to-manage validation of digital certificates with Axway Validation Authority

  • Headquarters

    San Francisco, California U.S.A.
  • Industry

  • Challenge

    IdenTrust credentials are digital certificates backed by a global public key infrastructure (PKI) — IdenTrust needs to be able to validate the status of digital certificates in order to verify the identity of its users

  • Solution

  • Results

    • Enables validation of IdenTrust-issued digital certificates in order to verify the identity of IdenTrust users
    • Support for widely adopted international security standards Internet Engineering Task Force (IETF) specifications for Online Certificate Status Protocol (RFC 2560) and Transport Layer Security (RFC 2246)
    • Provides high performance and availability
    • Support for leading vendor hardware signing modules — a critical feature for many IdenTrust members

Offering secure audit logging, CRL archiving and robust server monitoring, Axway Validation Authority provides a secure and easy-to-manage IdenTrust Global ID digital certificate validation solution.

The Axway Validation Authority™ is used to run the IdenTrust Root responder, which offers validation services for IdenTrust issued digital certificates worldwide since 1998. IdenTrust members rely on the Validation Authority for trusted, nonrepudiable electronic transactions that value millions of dollars every day.


IdenTrust™ LLC was founded by ABN AMRO, Bank of America, Bankers Trust (since acquired by Deutsche Bank), Barclays, Chase Manhattan, Citigroup, Deutsche Bank and HypoVereinsbank and is currently comprised of 60 plus financial institutions in more than 166 countries, representing millions of business relationships.

The financial institutions that are part of the IdenTrust system serve as IdenTrust Certificate Authorities (CA’s), issuing unique digital IdenTrust Global ID’s to their customers. These IdenTrust credentials are digital certificates backed by the power of a global public key infrastructure (PKI).

Once certified by an IdenTrust CA, one trading partner can conclusively identify any other IdenTrust trading partner. The IdenTrust infrastructure provides the means by which financial institutions, governments, and commercial entities can leverage the Internet to transact with domestic and global partners, in less time, for less money and with complete assurance of identity, confidentiality, integrity and non-repudiation.

Business Value

In a typical buy-sell transaction, a seller would ask his/her financial institution to validate the IdenTrust Global ID of a buyer. The seller’s financial institution would electronically contact the buyer’s financial institution, which in turn would confirm the identity of its customer, the buyer. IdenTrust will validate the respective financial institution’s identity as part of the process.

The Axway Validation Authority (VA) is the most widely deployed validation solution in the IdenTrust community. Additionally, the VA is used to run the IdenTrust Root responder, which offers validation services for IdenTrust issued digital certificates worldwide since 1998.

The VA supports numerous international standards, ensuring IdenTrust members interoperability among solutions and maximum return on technology investment. The VA offers a flexible high performance solution with support for hardware signing modules, a critical feature for many of IdenTrust’ members. Offering secure audit logging and CRL archiving, coupled with robust server monitoring, the VA provides a secure and easy to manage IdenTrust Global ID digital certificate validation solution.

About the Axway Validation Authority Suite

Axway Validation Authority ensures the integrity and validity of online transactions. Enterprises rely on public key infrastructure (PKI) and digital certificates for authentication, privacy, and non-repudiation. However, like any physical world credential, digital certificates can expire or be revoked. Organizations must check the status of a digital certificate at time of use to avoid potential compromise resulting from the acceptance of an invalid certificate.

Validation Authority (VA) delivers a comprehensive, scalable, and reliable solution for the real-time validation of digital certificates issued by any Certificate Authority (CA). The VA offers support for numerous international security standards, including IETF Online Certificate Status Protocol (OCSP) and Simple Certificate Validation Protocol (SCVP). A mature, fourth-generation product, the Validation Authority solution consists of the following products:

  • VA Responder Server, a high-performance server available on multiple OS platforms with numerous advanced features including support for multiple CAs, mirroring, digitally signed logs, certificate revocation list archiving, distributed Repeater architecture, and robust monitoring.
  • Server Validator, a robust client application for enabling the most widely used secure Web servers to validate digital certificates.
  • Desktop Validator Standard and Enterprise, flexible client solutions for enabling Microsoft Windows based desktop and server applications respectively to validate digital certificates via the Microsoft Cryptographic API (CAPI).
  • Validation Toolkit, robust toolkit that allows digital certificate validation to be integrated into any third party or custom application developed in C++ or Java.

The VA solution supports numerous hardware signing modules and is interoperable with many best of breed products and applications including wireless and VPN solutions. The VA has been certified FIPS 140-1, JITC, IdenTrust, and Common Criteria (pending) compliant and is the most widely deployed digital certificate validation solution on the market. Customers include leading financial institutions as well as various branches of the US Government, such as the Department of Defense and the Air Force.

Cut total cost of ownership using API-enabled apps