Delegated Path Discovery & Validation

Advanced SCVP validation authority

For business applications relying on PKIs the process of trusting digital certificates is complex. It requires the ability to locate certificates from online resources in order to construct a valid certificate path to one or more trust anchors.  Once a certificate path is successfully constructed it then needs to be subjected to a multi-step validation process, where many fields and extensions inside each certificate in the path are reviewed and validated according to a complex set of PKI rules.

ADSS SCVP Server provides all of the above functionality in a centralised manner. This allows business applications to delegate all of the responsibility for certificate path discovery and validation to this trusted Validation Authority. This greatly simplifies development of business applications that rely on PKIs, by hiding all the inherent complexity.

Key points:

  • complies with IETF RFC 5055 and RFC 3379 for delegated path discovery (DPD) and delegated path validation (DPV) of digital certificates
  • FIPS 201 certified SCVP Server and on the GSA Approved Product List (APL#682)
  • First product to pass the latest and most comprehensive NIST PKITS path discovery and validation (PD-VAL) test suite. See the FPKI PD-VAL Product List (PPL)
  • Supports dynamic Delegated Path Discovery (DPD) even in complex bridge CA, mesh and cross-certification PKI topologies
  • Supports full certificate validation using RFC 5280 and RFC 3379 validation algorithm, including validation of Key Usage, Extended Key Usage, Certificate Policies, Name validation, policy mapping and other related checks
  • Supports revocation checking using advanced OCSP and CRL handling
  • Provides ability to create multiple validation profiles each with their own final trust anchors, path building and validation settings
  • Support historical certificate validation service
  • ADSS Client SDK provides the client-side SCVP functionality for easy integration with business applications using high-level Java and .NET calls
  • Provides ability to split front-end SCVP service from back-end operations for maximising performance
  • High-performance architecture including caching of intermediate CA certificates and revocation info
  • Detailed logging and human-readable SCVP transaction viewers for easy problem solving
  • Configurable management reporting on service usage, top clients & most validated certificates
  • Strong security, latest crypto algorithms & independently evaluated and certified by multiple entities

ADSS server architecture

ADSS Server is a powerful server application providing multiple e-Trust services as shown in the diagram below. Although it's a single product, its service modules are licensed individually and branded accordingly. Your investment in ADSS Server is therefore future-protected as you can license new service modules over time as your e-Trust business needs grow. Multiple ADSS service modules may be installed on the same ADSS Server instance, saving on hardware, software and management costs. All of the ADSS Service modules use the same GUI layout and style thereby making training simple for administrators. Ascertia tracks the latest industry standards and is committed to adding new service modules as required by our customers.

3rd Party Apps
(e.g. Logical Access Control Systems (LACS), Physical Access Control System (PACS), etc.)
Core ADSS Server modules Trust Manager | Key Manager | Secure Logging | HSM & DB Manager | Reporting | Client Manger | Dual Control CRL Manager | Access Control | System Integrity Checker | Auto Archiver
PKI services (each separately licensed) e-Trust Services (each separately licensed) Base Modules of ADSS Server (available by default)

The above diagram shows a range of client applications (relying party application) using the ADSS SCVP Service module. Due to the wide acceptance the standard, there are large number of SCVP-enabled applications, including Physical Access Control Systems (PACS). Click on any of the ADSS service modules to jump to the relevant product page.

The power of ADSS Server is that all of this functionality is available from one unified product, which minimises training costs, provides a single platform for management control and logging, and lowers the total cost of hardware and software ownership.

Request Info


Sales Inquiries:
+44 (0)800 772 0 442


Years of Digital Signature