Japanese
Contact Us

PIV Gateway™

A security solution that provides a highly secure authentication and authorization system

What is PIV Gateway™?

PIV Gateway™ is the collective name for Cyber Defense Institute's proprietary services that provide a highly secure authentication and authorization mechanism equivalent to U.S. federal government standards. Leveraging PKI (Public Key Infrastructure) and hardware security, PIV Gateway™ verifies both users and devices to ensure strict authentication and authorization in both the physical and cyber domains.

We are committed to standardization based on various specifications and guidelines set by industry organizations such as NIST (National Institute of Standards and Technology), TCG (Trusted Computing Group), IETF (Internet Engineering Task Force), etc. While ensuring interoperability with other systems, at the same time, we aim to develop and apply the system not only to cyberspace, but also to all other areas such as door entry/exit and physical devices.

What problems can PIV Gateway™ solve?

Concerns about the certification system

Customers who face the problems associated with conventional ID/Password based authentication and multi-factor authentication using one-time passwords and SMS which may lead to account being stolen through phishing attacks or unauthorized access, may wish to consider migrating to a stronger authentication method, such as what can be provided with the PIV Gateway.

By combining a security chip and a digital certificate, it is possible to implement an authentication infrastructure with the highest level of authentication strength, AAL3, as defined by the National Institute of Standards and Technology (NIST) in the United States.

Difficult to introduce zero trust

When considering migrating to a Zero Trust architecture, technical complexity, high cost, and barriers such as integration with existing systems may dissuade a customer from moving across to such a system.

However, by providing a cloud-based solution, the burden of hardware purchases, and configuration and management can be reduced while providing a zero-trust authentication implementation. Furthermore, ease of integration with existing systems helps in effectively supporting deployment.

Supply Chain Security Concerns

Current supply chain security measures are mostly based on checklist methods and manual verification, which makes it difficult to fully guarantee the authenticity of computer equipment and software, and checking the status of hardware and firmware is labor intensive, costly, and unreliable.

Ensure traceability of devices and software throughout the supply chain. Computer configuration information and firmware status can be mechanically verified, and risks assessed. This enhances security throughout the supply chain, preventing unexpected changes and the introduction of unauthorized components."

Line up

PIV Gateway™ CA

PIV Gateway™ CA is the world's first cloud-based private CA solution that supports issuance of platform certificates in addition to X.509 certificates.
An authentication infrastructure equivalent to AAL3 can be built, and verification of the authenticity and traceability of devices using platform certificates is possible.

PIV Gateway™ Trust

A password-less multi-factor authentication infrastructure equivalent to AAL3 that uses hardware tokens and digital certificates.
Compatible with RFC9334, OpenID Connect, etc., and works with PIV Gateway™ CA to realize integrated management of authentication and authorization for users and devices easily and inexpensively.

PIV Gateway™ PACS

PIV Gateway™ Chronos is a highly available and accurate NTP time server that provides highly accurate time synchronisation even under GNSS spoofing and jamming attacks.

PIV Gateway™ Chronos

PIV Gateway™ CA is the world's first cloud-based private CA solution that supports issuance of platform certificates in addition to X.509 certificates.
An authentication infrastructure equivalent to AAL3 can be built, and verification of the authenticity and traceability of devices using platform certificates is possible.

Use Cases

Zero Trust in both physical and cyber space by verifying both users and devices

Using digital certificates stored in the TPM, the environmental attribute information (CPU, HDD, NIC, etc., device configuration, access destination, time factor, etc.) of users and access sources is verified to authenticate and authorize network resources. This functionality can also be integrated with physical security such as access doors.

The TPM provides NIST SP800-63B AAL3 levels of authentication strength and a high level of authenticity verification.

Secure your supply chain by protecting your systems from malware and unauthorized hardware

By embedding certificates containing trusted hardware (HBOM) and software (SBOM) information in the device, security via Remote Attestation technology can be implemented to detect tampering by comparing it with the correct data at the time of shipment.

This ensures equipment health at the hardware level, protects systems against risks such as malware and unauthorized hardware entry, and prevents unauthorized changes in the supply chain.

Consult with our specialists for your security needs.

Cyber Defense Institute's core value drive us to provide top-notch cyber security services and ensuring a secure digital environment for our clients.
Trust us with every aspect of your security strategy, from inception to execution.
Contact Us
For confidential inquiries, we also accept requests via email at cdiprivacy(at)protonmail.com.
Please consider using this option if necessary. ※ (at)should be replaced with @.