TrustSuite
Home >TrustSuite
Interoperable Digital Identity Enablement Solutions Supporting High-Assurance Physical and Logical Access Control
We conduct aspects of our lives in a digital realm now. The convenience of online services is undeniable, so much so that we often ignore or dismiss news about yet another instance of identity theft, cyber piracy, database hacks and breaches, malware, spear phishing, and other nefarious activities. Given the misuse of online services, the general public has common knowledge of the security problems associated with passwords. CertiPath has dedicated the last 20 years to making this knowledge familiar and to serving higher assurance uses of digital services.
High assurance, in business terms, means that the cost of compromise is high enough that an investment in security to mitigate that risk is warranted. Using high-assurance identity credentials is similar to putting a lock on your front door. The challenge is the interoperability of assurance, data, credential technology, and even the applications that consume those components. Society has spent hundreds of years perfecting identity credentials, their presentation, and their verification; digital identity is still in its infancy by comparison. We cannot expect a ubiquitous identity assurance layer to be applied across the entire Internet anytime soon. Instead, communities of trust are currently the best practice. Communities give us a chance to reduce scope and risk and thus enable more manageable interactions to achieve interoperability.
CertiPath has been providing digital identity services for 20 years and digital identity products for 10. Everything we do is joined by a common theme—making high-assurance digital identity easier to use. We began as standards authors, we became practitioners and implementers, and today we create products for the gaps we find while providing services for our clients.
Our product line, collectively known as the TrustSuite, draws on our knowledge and experience to bring tools that enable organizations to deploy, use, and maintain digital identity across virtually any use. CertiPath is the only digital identity company to fully support both physical access and cyber/logical access. We support government, highly regulated industries, and Fortune 100 organizations equally.
TrustMonitor®
CertiPath’s TrustMonitor, a cloud service and cloud-deployable application supporting public, community, and enterprise-specific settings, enables the near-real time monitoring and validation of personnel credentials across large enterprises and federated identity communities. TrustMonitor’s public cloud service focuses on PKI credentials and issuers who are trusted via the U.S. Federal Bridge, but private instances can be used for any roots of trust an enterprise or community may also wish to monitor. TrustMonitor does the following:
Serves as the core processing engine for status validation, receiving on-demand and periodic validation requests from TrustSuite products such as TrustManager, TrustZero, and CertiPath.io. Third party integrations to TrustMonitor are supported via RESTful APIs.
Proactively tracks and “pushes” updated credential information to those services to achieve quicker propagation and synchronization of credential status changes.
Streamlines the configuration of the trust path, ensuring accurate and up-to-date status for the client’s trust fabric and eliminating the need for complicated and labor-intensive local trust configuration.
Enables configurable constraints both at a global level and at a local level when using TrustZero.
TrustVisitor®
TrustVisitor is CertiPath’s solution for high-assurance visitor management. The platform has been designed from the ground up with a specific view toward federal compliance. TrustVisitor helps organizations and facilities achieve compliance with HSPD-12, M- 19-17, and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-116, Revision 1. TrustVisitor enables approved visitors who have been issued suitable credentials by either the same agency or another agency to be able to use those credentials to facilitate physical access to a facility for the duration of a visit. If approved visitors do not possess such credentials, they are issued temporary credentials via TrustVisitor that interoperate with the PACS in the same electronic fashion.
TrustManager®
TrustManager is CertiPath’s integration solution for provisioning and lifecycle management of personnel records and high-assurance credentials across PACS. Traditionally, this capability has been possible within a single organization. However, TrustManager, when paired with TrustMonitor, supports inter-community federated provisioning as well.
TrustZero®
TrustZero is CertiPath’s cloud-based high-assurance credential validation solution that provides robust business logic and configurability to a PACS’ response to a range of possible validation conditions. TrustZero achieves near real-time knowledge of credentials through a sophisticated layering of status-checking techniques. That knowledge is then provided to the PACS to achieve an immediate cessation of access as may be appropriate. In a future release, as the primary client-premise credential validation component, TrustZero may run independently of TrustMonitor in austere or low-bandwidth locations, providing operational flexibility in PKI validation for local PACS access decisions and enabling a risk-based trade-off approach to credential validation.
IdentityManagerTM
This user-centric, cloud wallet-based web authentication solution supports virtually all forms of authentication currently available online, making passwords unnecessary. IdentityManager is equally well suited to support commercial and federal enterprises. For federal clients, it meets the authentication gateway requirement and the Zero Trust multi-factor authentication requirement of OMB 22-09. It provides step-up and step-down authentication and leverages TrustMonitor to provide the most robust support of PKI-based authentication in the market, be it soft-certificates, PIV, PIV-I, or CAC.