PKI – Public Key Infrastructure
When it comes to PKI, the right partner makes all the difference.
Choosing the right partner who understands and has delivered compliant identity management solutions is
critical to your organization’s success. With ORC, you get the strength and experience of the premier organization in the Information Assurance industry. ORC will implement a system that’s right the first time and ready to support you through the lifecycle of identity management.
ORC is certified by the Federal Government to facilitate public access to the services offered by Government agencies through use of information technologies, including on-line access to computers for purposes of reviewing, retrieving, providing, and exchanging information. ORC’s Digital Certificate Credentials are authorized to provide trusted individual or business identity information for use by the DoD, FirstGov and participating Government agencies. These Credentials can be used to:
- Authenticate to government and organization websites containing Sensitive But Unclassified (SBU) information.
- Contract for the purchase of goods or services.
- Verify the identity of electronic mail correspondents.
- Verify the identity of web/ application servers.
- Verify the identity of individuals accessing data servers.
- Verify the integrity of software and documents posted on data servers
ORC’s Digital Certificate Credential services include:
- Department of Defense External Certificate Authority (DoD ECA)
- Access Certificates for Electronic Services (ACES)
- GSA Shared Service Provider (SSP)
These certificate authorities (CA’s), owned and operated by ORC, issue level 3 and level 4 compliant digital certificates (all employing an in-person vetting process) to agencies, businesses, associations and individuals who wish to conduct electronic business and services with the Federal Government and the DoD. Under these programs, ORC is the only trusted third party authorized to issue Medium Assurance, Medium Hardware Assurance, Server Certificates and Code Signing Certificates:
- Medium Assurance certificates are generated and protected in a software-based cryptographic module (FIPS 140-1/2 level 1) and are intended for applications handling sensitive medium value information based on the relying party’s assessment, with the exception of transactions involving issuance or acceptance of contracts and contract modifications.
- Medium Token Assurance certificates are generated and protected in a token-based cryptographic module (FIPS 140-1/2 level 2 or higher) and are intended for applications handling sensitive medium value information based on the relying party’s assessment, with the exception of transactions involving issuance or acceptance of contracts and contract modifications.
- Medium Hardware Assurance certificates are generated and protected in a hardware-based cryptographic module (FIPS 140-1/2 level 2 or higher) and are intended for all applications operating in environments appropriate for medium assurance but which require a higher degree of assurance and technical non-repudiation based on the relying party’s assessment.
- Code Signing Certificates assert a Medium Hardware Assurance and provide trusted verification of the integrity of software and documents.
- Server Certificates provide trusted verification of the identity of web/ application servers and enable those servers to support encrypted (Secure Sockets Layer) transaction protection.
ORC also provides analysis of an organization’s business and technical policies across application and data resources for implementation of various devices such as smart cards, security tokens, cell phones and personal computers, to providing a higher degree of automation. ORC provides:
- Security support – A group of security professionals will be on hand to assist relying parties in security issues regarding Certification and Accreditation.
- Test support – A test lab environment available to prove out the infrastructure connections and functions required by the relying parties. The test support personnel would develop test plans and procedures and document products and methods that meet the authentication/ Relying Party requirements.
- Technical/ business policy coordination – A group of professionals tasked with documenting and meeting technical and business requirements of the enterprise.
Because time is of the essence (and cost is always a factor), ORC’s proven PKI and associated services eliminate the lead-time needed to become operational while waiting for in-house development efforts. The heavy lifting has already been done. ORC enables an organization to quickly deploy a fully operational capability, providing the highest levels of identification and authorization of users and devices, securing of sensitive data, time-stamping and archiving of data, and an auditable process flow. Further, the credentials used to accomplish all of these requirements are interoperable with any other agency or organization choosing to accept Federal-compliant credentials. And, of equal or greater importance, because the trial and error phase has been previously facilitated, the resulting answers can be immediately gleaned, thereby mitigating overall costs dramatically.
ORC offers thes services based on existing technology and open systems standards and provides interoperability among users and relying parties (Government, Businesses, customers and citizens) at the assurance level and rigor required by the owner of the protected resource.