PIV Gateway™ CA｜Cloud-based private certificate authority

What is PIV Gateway™ CA?

PIV Gateway™ CA is a cloud-based private certificate authority solution that supports X.509 certificate issuance as well as platform certificate issuance.
PIV Gateway™ CA enables the construction of an authentication infrastructure equivalent to AAL3 (Authenticator Assurance Level 3), making it possible to secure an organization's network and systems while reducing operating costs.

PIV Gateway™ CA also supports the issuance of platform certificates. Platform certificates can be used to verify the authenticity and traceability of devices and improve supply chain reliability. This is the world's first commercial certification authority to support platform certificates. (According to our own research as of February 29, 2024)

Features

Platform certificate support

PIV Gateway™ CA supports the issuance of platform certificates.

Platform certificates are certificates that vouch for a computer's configuration as standardized by the Trusted Computing Group and include information such as model name, serial number, and hardware bill of materials for the device. Platform certificates can be used to detect counterfeit or altered devices and components, as well as unexpected changes.

FIPS 140-2 certified HSM (Hardware Security Module)

PIV Gateway™ CA uses a FIPS 140-2 Level 3 certified, tamper-resistant HSM to securely generate and manage the keys needed to create certificates.

FedRAMP / ISMAP registered infrastructure

PIV Gateway™ CA operates on trusted cloud services registered with FedRAMP and ISMAP.

High cost performance and scalability

PIV Gateway™ CA is a private certification authority using a cloud environment. It does not require expensive HSM server costs or personnel resources to build and operate and offers better cost performance and scalability due to being a cloud service.

An on-premises version with the same functionality as the cloud environment is also available.

Use Cases

Establishment of a secure authentication infrastructure that does not use IDs and passwords

Many cyber attackers exploit system and operational flaws related to authentication and authorization, exemplified by ID/password grabbing and spoofing to accomplish their objectives.

Creating a secure authentication infrastructure using certificates not only greatly reduces the risk of cyber attacks, but also reduces the cost of managing account IDs and passwords and improves user convenience.

Verification of device authenticity and configuration status

The platform certificate issued by the PIV Gateway™ CA contains information such as model name, serial number, and hardware bill of materials (H-BOM) for the device.

The H-BOM contains information on various components such as CPU, memory, SSD, hard disks, NICs, firmware and OS, etc., allowing for verification of device authenticity and the ability to detect counterfeit devices, counterfeit internal components, replacement of components or unauthorized configuration changes.

Responding to the U.S. government's push to strengthen supply chain security

In recent years, the U.S. government has been promoting enhanced supply chain security through TPMs and platform certificates, with an emphasis on ensuring device authenticity, integrity, and traceability.*1

Platform certificates issued by PIV Gateway™ CAs enable the traceability and verification of authenticity, and integrity of computers and their various modifications since leaving the factory, meeting U.S. government requirements. *1 Promotion of the US Government

• [NIST SP 800-161 Rev. 1] Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
• Procurement and Acceptance Testing Guide for Servers, Laptops, and Desktop Computers
• [Department of Defense INSTRUCTION NUMBER 8500.01] Cybersecurity
• [NIST SP 1800-34] Validating the Integrity of Computing Devices

Pricing

Certificate Authority

Certificate Issuance（X.509）

Option：OCSP

Line up