There are many options in the marketplace today for establishing identity in computer-based business transactions. However, only one solution offers the strong, robust identity credential required for high value transactions and has become the government standard for identity assertion.
This solution is the Public Key Infrastructure (PKI) –based digital credential. In addition to its strength as an identity credential, the PKI credential offers a versatility that enhances business workflow productivity and security through non-repudiation for digitally signed objects, real-time access control decision-making, and protection for data in transit and at rest.
The technology behind PKI is known as asymmetric key encryption, which is comprised of two mathematically-linked random bit streams or keys – one of which is used to encrypt data, after which the other is required to perform the decryption. The private key is kept in the exclusive possession of the PKI certificate owner; while the public key, as the name infers, can be shared or published. It is the public key that is linked to the PKI Digital Certificate, which in turn is bound to the identity of the private key holder. The manner in which the keys are used is determined by which function they are performing. The simple beauty of this technology, and the thing that makes it unique, is that there are NO shared secrets. The private key is kept in the sole possession of the PKI certificate owner and cannot be derived from its associated public key.
The strength of the PKI is determined by the technical specifications of the asymmetric key encryption technology, the documentation that governs the binding of the public key to the individual identity and the protection of the infrastructure responsible for that binding. A PKI operating in a federated environment must establish a balance with the other members of the federated environment that denotes comparable levels of trust based on the technical specifications of the underlying technology and the requirements of the governing documentation.
A Bridge Certification Authority provides the means to establish that balance. It is a collection of Public Key Infrastructure components and governing documentation used to facilitate peer-to-peer interoperability among its cross-certified PKI Issuers.
In the health community, a network infrastructure element must be available to enable the recognition of digital credentials issued by multiple identity providers and to link identity providers together for the benefit of enterprises and agencies. The SAFE Identity Bridge Certification Authority is that infrastructure element.
The SAFE Identity Bridge Certification Authority (SIBCA) is a cryptographic infrastructure that enables individuals and online services to trust each other’s digital identities for high assurance electronic transactions. The SIBCA facilitates trust across multiple organizations via the approved PKI Issuers cryptographically-bound to our infrastructure through cross-certification with the SIBCA.
The SAFE Identity Bridge Trust Community is comprised of the SIBCA-certified credential issuers, the asserting organizations that utilize their services, and the organizations that rely on the resulting cryptographically-based identity assertions.
Identity credentials issued in accordance with the SAFE Identity Federated Trust requirements may be purchased from any of the following SAFE-certified credential providers.
The SAFE Identity Bridge Certification Authority (SIBCA) is an interoperability mechanism for ensuring trust across independent PKI domains. Membership in the SIBCA is available for Public Key Infrastructure (PKI) operators that can demonstrate comparability with the security principles and operational criteria of the SAFE Identity community.
PKI operators interested in attaining cross certification with the SIBCA must submit an Application for Cross-certification along with the following documentation to the SAFE Identity Policy Management Authority (PMA)
Upon successful completion of the document review and the interoperability testing, the results are submitted to the SAFE Identity PMA for final review and approval to cross-certify. For more information or to initiate the cross-certification processContact Us
The integrity of digital credentials varies widely from one provider to the next. Figuring out who to trust, why to trust them and how their security aligns with your needs can be a challenge. This makes trust hard.
The SAFE Identity Trust Framework, carefully cultivated over 15 years, can make trust much easier. The Trust Framework defines the policies and standards necessary to use secure and interoperable digital credentials that meet your needs. Issuers certified by SAFE are compliant with these policies and standards, ensuring this same security and interoperability across the ecosystem – and making trust a lot simpler for you.
Are you ready to consider your next steps ?Rely on SAFE
1900 Reston Metro Plaza,
Suite 303, Reston, VA 20190