PIV Gateway™ CA

Private Certificate Authorities supporting X.509 certificates/platform certificates

What is PIV Gateway CA

PIV Gateway™ CA is a cloud-based private certification authority solution that supports the issuance of X.509 certificates as well as platform certificates.

By utilizing PIV Gateway™ CA, it becomes possible to establish an authentication infrastructure equivalent to AAL3¹ , enabling the secure configuration of networks and systems within the organization while reducing operational costs.

PIV Gateway™ CA also supports the issuance of platform certificates. Leveraging platform certificates allows for the verification of device authenticity and traceability, thereby improving supply chain trust.

¹AAL3（Authenticator Assurance Level 3）Definition of authentication strength specified in NIST SP800-63（ https://pages.nist.gov/800-63-3-Implementation-Resources/63B/AAL/ ）

PIV Gateway™ CA Functions

・Certificate Authority

⚪︎X509 Certificate
⚪︎Platform / Delta Platform Certificate
⚪︎CRL
⚪︎OCSP

・Backed by HSM

・Open API

・Protected Security Audit Logs with HMAC

PIV Gateway™ CA Features

Platform Certificate Support

PIV Gateway™ CA supports the issuance of platform certificates.

A platform certificate, standardized by the Trusted Computing Group, ensures the configuration of a computer and includes information such as model name, serial number, and a list of hardware components.

By leveraging platform certificates, it becomes possible to detect forged or altered devices or components and unexpected modifications.

FIPS 140-2 Authenticated HSM（Hardware Security Module）

PIV Gateway™ CA securely generates and manages the keys necessary for certificate creation using FIPS 140-2 authenticated, tamper-resistant HSM.

FedRAMP/ISMAP Registered Infrastructure

PIV Gateway™ CA operates on a highly reliable cloud service registered with FedRAMP and ISMAP.

Cost-Effectiveness and Scalability

PIV Gateway™ CA is a private certification authority utilizing a cloud environment. It achieves cost-effectiveness and scalability unique to cloud services, eliminating the need for expensive HSM server costs and human costs for environment setup and operation.

Use Cases

Building a secure authentication infrastructure without using IDs and passwords

Many cyber attackers exploit authentication and authorization system flaws, often involving the theft of IDs and passwords for impersonation.

By constructing a secure authentication infrastructure using certificates, the risk of cyber attacks can be significantly reduced. Additionally, it helps lower the costs associated with managing account IDs and passwords while improving user convenience.

Verification of Device Authenticity

Platform certificates issued by PIV Gateway™ CA include information such as model name, serial number, and the Hardware Bill of Materials (H-BOM) of the device.

The H-BOM contains details about various components like CPU, memory, SSD, hard disk, NIC, firmware and OS. This enables the verification of device authenticity by aiming to detect forged devices, forged internal components, replaced components, and unauthorized configuration changes.

Adaptation to the U.S. Government's Supply Chain Security Enhancement

In recent years, the U.S. government has been promoting supply chain security enhancement through the use of TPM (Trusted Platform Module) and platform certificates². They emphasize ensuring the authenticity, integrity, and traceability of devices.

The platform certificates issued by PIV Gateway™ facilitate the assurance of computer authenticity, integrity, and traceability concerning various changes post-factory shipment, aligning with the requirements of the U.S. government's initiatives.

²U.S. Government Initiatives