CoreStreet Validation Authority and Responder Appliance

ActivIdentity CoreStreet Validation Authority and Responder Appliance

The ActivIdentity CoreStreet suite of products includes two server components that together build a secure certificate validation infrastructure, as shown in the diagram below.

ActivIdentity CoreStreet Validation: How it Works

CoreStreet Validation Authority and Responder Appliance Diagram

ActivIdentity CoreStreet Validation Authority - is designed to support both traditional and distributed OCSP implementations. Typically, a PKI environment will deploy one Validation Authority in a single, secured location, which may be the same location as the Certificate Authority (CA). In the case of distributed OCSP the Validation Authority publishes OCSP validation proofs - i.e. pre-signed OCSP responses - to any number of VA Responders, which provide standard OCSP service to relying parties.

ActivIdentity CoreStreet Responder Appliance - represents a unique turnkey solution dedicated to providing high security OCSP certificate validation responses. Consisting of only the most essential software processes and requiring minimal technical knowledge to install, the Responder Appliance addresses many of the concerns associated with certificate validation infrastructure, such as IT costs and support issues.


Designed and pre-configured for the ActivIdentity CoreStreet Validation Authority, the Responder Appliance serves as a local cache for pre-signed OCSP responses. Each response is stored and then sent out to the local relying party making the validation request.

The ActivIdentity CoreStreet Validation Authority and Responder Appliance combination offers the following key features and benefits:

  • Security - VA Responders have no private keys, thus requiring little physical or network protection. VA Responders cannot provide false responses even if compromised. Additionally, the VA uses FIPS 140-2 certified cryptography.
  • Scalability - VA Responders can be rapidly deployed in any number of locations, allowing for scalability to hundreds of remote sites.
  • Availability - Since the VA Responders can be easily replicated in many locations, overall service availability is extremely high with excellent survivability under attack when compared to centralized, trusted topologies.
  • Performance - VA Responders can be placed close to relying parties allowing extremely low latency for OCSP responses.
  • Cost effective - Validation Authority pricing allows for unlimited Responder deployment without additional per user software license fees.
  • Ease of management - Since the Responders represent stateless, appliance-grade functionality, only the central Validation Authority requires management. To ease management, the VA is configurable through a full-featured web interface.
  • Fully licensed - The VA represents the only authorized OCSP implementation covered by ActivIdentity’s intellectual property, such as US patents 5,666,416 and 5,717,758.
  • Standards compliant - While the Validation Authority represents a revolutionary approach to certificate validation, it integrates seamlessly with existing PKI products from ActivIdentity, and other vendors, through standards such as X.509, OCSP, and LDAP. The Validation Authority is FIPS 201 approved.