Overview
ARP Standard Edition is a highly effective product that enables real-time OCSP (or CRL based) revocation checking within Microsoft Office and other CAPI-based applications. As CRLs grow it is important to consider the use of OCSP systems to avoid network bandwidth and local performance issues. By installing ARP, you can make these applications more secure and useable for mission critical and high-value transactions.

Features & Benefits
Many popular applications such as Microsoft Outlook, Internet Explorer and Word use digital certificates and credentials to identify people for signing and encryption operations. However these credentials can become compromised or revoked over time, e.g. as a result of a role change. It's essential to validate credentials in real-time before accepting any signed transactions. But the problem is that these and other popular applications do not check if the credentials are still trustworthy at the time of review, for example, opening a signed email, visiting a secure web site or verifying a signed Word document. ARP Standard Edition plugs this vital security gap automatically and it will check the end-entity certificate in real-time, every time thereby reducing your risk to fraud and liability.

ARP Standard Edition provides seamless integration within Windows and requires no change to the CAPI applications. Its key features include:

No integration required:
ARP Standard Edition installs itself as a revocation provider within the Microsoft Windows CAPI environment. This means that applications such as Microsoft Outlook, Internet explorer and Word and other CAPI-enabled applications can make use of ARP Standard Edition automatically. Note: For Windows Logon status checking ARP Enterprise Edition is required.

Management flexibility:
ARP can be configured and managed centrally using GPO options. Operators can define all the settings that control the OCSP validation requests created by ARP. The degree to which OCSP responses are validated is fully configurable. OCSP transactions can be conducted over SSL and through proxy machines.

High availability:
ARP can connect to multiple online OCSP responders and can thus switch to a resilient responder if the primary Validation Authority server fails. ARP supports the use of locally configured OCSP responder addresses as well as dynamically finding responders using the certificate’s AIA extension.

Support for CRLs:
If you need to operate within a multi-scheme environment where some PKIs use OCSP based identity checking whilst others are CRLs-based, then ARP is ideal as it can automatically switch between the two modes depending on the certificate being validated. This is also very valuable when rolling out a new   OCSP infrastructure to replace CRLs – ARP can handle both automatically.

Powerful Validation Policy Engine:
It is possible to configure whether to check certificates using online OCSP responders, local OCSP cache, online CRL repositories or local CRL cache.

Ease of use:
ARP provides simple system tray balloon windows that can inform users of any trust issues. From these basic windows, users can review more details reasons if they wish to. When calling a help desk the user can be easily instructed to use a transaction viewer to report on exactly what issue was seen.

Transaction History logging:
A detailed log of all identity validations requests and responses is kept within ARP for long-term dispute resolution purposes. A simple to use history viewer is provided for reviewing these past transactions.

PKI neutral:
ARP is fully PKI neutral and will work with PKI components from any vendor (this includes CAs, certificates, CRLs, OCSP responders, smartcards, etc.).

Compliance:
ARP has been IdenTrustTM Compliance Program certified.

Enterprise Edition & SDK: 
ARP is available in server mode for identity checking in server applications like Microsoft IIS, see ARP Enterprise Edition for more details. Ascertia also provides a ARP SDK for integrating ARP into your custom applications (including Java, VB and Delphi apps).

Deployment Scenario
The following diagram shows the ARP deployment scenarios that are possible:

ARP Deployment
(click to enlarge)

Product Information
Click here to see product datasheets, solution sheets and other information for all products.

Product Evaluation
Click here to evaluate products on trial version.

Related Products
An OCSP client for servers and desktops
ARP SDK Software development kit to communicate with ARP Enterprise Edition.
TrustFinder OCSP Server Ascertia’s strategic product for signing, verifying, validating and timestamping PDFs, XML documents and other file types.
OCSP Monitor Monitors any OCSP responder for SLA & configuration issues
OCSP Client Tool An OCSP policy configuration test tool
OCSP Crusher An OCSP performance testing tool