Tumbleweed Validation Authority Secures FIPS 201 Certification.Certification Allows Federal Agencies to Leverage Tumbleweed's Experience in Deploying PKI (Public Key Infrastructure) A framework for creating a secure method for exchanging information based on public key cryptography. The foundation of a PKI is the certificate authority (CA), which issues digital certificates that authenticate the identity of Validation Solutions within the U.S. DoD and Intelligence Communities REDWOOD CITY, Calif. -- Tumbleweed[R] Communications Corp. (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on :TMWD), a leading provider of email security, file transfer security, and identity validation software and appliances, today announced that the U.S. General Services Administration The General Services Administration (GSA) was established by section 101 of the Federal Property and Administrative Services Act of 1949 (40 U.S.C.A. § 751). The GSA sets policy for and manages government property and records. (GSA (1) (Global mobile Suppliers Association, Sawbridgeworth, U.K., www.gsacom.com) A membership organization of suppliers of GSM products and services. Its goal is to promote GSM as the worldwide mobile communications standard. See GSM Association and GSM. ) has certified the Tumbleweed Validation Authority[TM] as a compliant certificate validation solution meeting requirements for validating digital certificates embedded in Personal Identity Verification (PIV PIV Particle Image Velocimetry PIV Personal Identity Verification (FIPS 201) PIV Pentium 4 PIV Peak Inverse Voltage PIV Personal Identification Verification PIV Post Indicator Valve (firefighting) ) cards of Federal employees and contractors. Based on widely adopted open standards and technologies, including the Online Certificate Status Protocol The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 2560 and is on the Internet standards track. (OCSP OCSP Online Certificate Status Protocol OCSP Off-Campus Study Program , RFC (Request For Comments) A document that describes the specifications for a recommended technology. Although the word "request" is in the title, if the specification is ratified, it becomes a standards document. 2560), the Tumbleweed Validation Authority validates the status of digital certificates in real time, ensuring that revoked credentials cannot be used for smart card login, secure email, web access, wireless, VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. , or other electronic transactions. The certification qualifies Tumbleweed's public key infrastructure (PKI) validation software and appliances for any Federal agency seeking compliance with Homeland Security Presidential Directive 12 (HSPD-12) and the Federal Information Processing Standard Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States Federal government for use by all non-military government agencies and by government contractors. 201 (FIPS (Federal Information Processing Standards) A series of publications issed by the U.S. National Institute of Standards and Technology (NIST) that specifies information security guidelines for federal government departments and agencies. 201). HSPD-12 mandates that on October 27, 2006, Federal agencies must start issuing FIPS 201 compliant common identification cards (smart cards) for controlling physical and logical access to government facilities and information systems. The government will eventually roll out the smart cards to millions of Federal employees and contractors, and FIPS 201 requires that each card must contain a unique credential number, a digital certificate and an expiration date. "GSA's FIPS 201 approval of the Tumbleweed Validation Authority certifies that our product meets Federal PIV requirements for functionality and government-wide interoperability, providing Federal agencies with the flexibility to deploy a single infrastructure capable of multiple validation protocols in both enterprise and Federal Bridge-enabled environments," said Ann Smith, Vice President of Federal Sales for Tumbleweed. "Functionality, flexibility, and interoperability are key factors for agencies to keep in mind as they seek to satisfy current needs and anticipate future requirements relevant to HSPD-12/FIPS 201 compliant solutions. This is especially true for agencies that will need to support trusted relationships with external, cross-certified PKIs." When a government or contractor employee uses the smart card to access a Federal information system or facility, the Tumbleweed Validation Authority enables FIPS 201 mandated digital certificate validation via OCSP in a process that is instantaneous and completely transparent to the end user. The Tumbleweed Validation Authority also meets the GSA's requirements for Delegated Path Discovery
Delegated Path Discovery (DPD) is a method for querying a trusted server for information about a public key certificate. and Validation, enhancing validation services for cross-certified entities. Recently, Tumbleweed authorized reseller, Operational Resource Consultants (ORC), a leading provider of PKI authentication services, was granted certification as an HSPD-12 Shared Service Provider (SSP (1) (Service Switching Point) The local exchange node in an SS7 telephone network. The SSP can be part of the voice switch or in a separate computer connected to it. ), utilizing the Tumbleweed Validation Authority to provide validation services for its Federal customers. The Tumbleweed Validation Authority is the most widely deployed identity validation solution within U.S. Department of Defense (DoD) and Intelligence communities, offering critical infrastructure and identity protection in demanding environments. The product suite also features a broad portfolio of independent third party evaluations and certifications, including Common Criteria Evaluation Assurance Level The Evaluation Assurance Level (EAL1 through EAL7) of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation, an international standard in effect since 1999. (EAL EAL English as an Additional Language EAL Evaluation Assurance Level EAL Eastern Airlines EAL Emergency Action Level EAL Environmental Analysis Laboratory EAL Evidence Analysis Library (American Dietetic Association) ) 3 certification, based on one of the strongest protection profiles for PKI products. The FIPS 201 certification extends to the following components of the Tumbleweed Validation Authority product suite: * Tumbleweed Validation Authority (VA Server) - A FIPS 140-2 high-performance multi-platform solution to process client digital certificate status queries using a number of different protocols including OCSP, SCVP SCVP Simple Certificate Validation Protocol SCVP Society for Cardiovascular Pathology SCVP Static Classification Value Predictor SCVP Server Based Certificate Validation Protocol , and VA certificate revocation lists (CRL CRL - Carnegie Representation Language. Carnegie Group, Inc. Frame language derived from SRL. Written in Common LISP. Used in the product Knowledge Craft. ). The platform also includes the Tumbleweed Valicert VA Repeater, available as software or as a hardware appliance. The VA Repeater Appliance solution offers a secure, hardened Linux-based platform, with Tumbleweed's Repeater Server software to provide a drop-in solution for deploying a high-scale, high-reliability digital certificate infrastructure for distributed hosted computing environments * Server Validator - A flexible plug-in application for enabling digital certificate validation in the most widely used secure Web servers and Web application servers available on UNIX UNIX Operating system for digital computers, developed by Ken Thompson of Bell Laboratories in 1969. It was initially designed for a single user (the name was a pun on the earlier operating system Multics). , Linux, Windows, and Apple server platforms * Desktop Validator (Standard and Enterprise) - Flexible client solutions for enabling Microsoft Windows based desktop and server applications to validate digital certificates via the Microsoft Cryptographic API (CAPI). Includes support for automatically deploying and configuring Desktop Validator plug-ins for ease of large-scale deployment SAFE HARBOR STATEMENT Tumbleweed cautions that forward-looking statements contained in this press release are based on plans and expectations as of the date of the press release, and that a number of factors could cause the actual results to differ materially from the guidance given at this time. These factors are described in the Safe Harbor statement below. Except for the historical information contained herein, the matters discussed in this press release may constitute forward-looking statements that involve risks and uncertainties that could cause actual results to differ materially from those projected, particularly with respect to the functionality and performance of the products in the Tumbleweed Validation Authority product suite, as well as the continued compliance of such products with requirements such as those relevant to HSPD-12 or FIPS. In some cases, forward-looking statements can be identified by terminology such as "may," "will," "should," "potential," "continue," "expects," "anticipates," "intends," "plans," "believes," "estimates," and similar expressions. For further cautions about the risks of investing in Tumbleweed, we refer you to the documents Tumbleweed files from time to time with the Securities and Exchange Commission, particularly Tumbleweed's Form 10-K filed March 16, 2006 and Form 10-Q filed August 8, 2006. Tumbleweed assumes no obligation to update information contained in this press release. Although this release may remain available on Tumbleweed's website or elsewhere, its continued availability does not indicate that Tumbleweed is reaffirming or confirming any of the information contained herein. About Tumbleweed Validation Authority Tumbleweed Validation Authority (VA) (formerly known as Valicert Validation Authority), the leading identity validation solution, enables banks, governments, and businesses worldwide to secure highly valued and trusted transactions, ranging from corporate network access to multi-million dollar electronic transactions to physical access of military facilities. VA is a fourth-generation product line, offering a comprehensive, scalable, and reliable framework for real-time validation of digital certificates, based on numerous well-accepted international security standards and open technologies. VA is Certificate Authority neutral, FIPS 140-1, DOD JITC JITC Joint Interoperability Test Command (formerly Joint Interoperability Test Center) JITC Joint Interoperability Test Center (obsolete; now Joint Interoperability Test Command) , Identrust, and Common Criteria compliant, as well as part of the Identrust, SWIFT Trust Act, BACS BACS Bankers Automated Clearing System BACS Banks Automated Clearing System BACS British Association for Canadian Studies BACS British Association for Chemical Specialities BACS Bachelor of Arts Community Studies BACS Bachelor of Administrative and Commercial Studies and Global Trust Authority financial trust infrastructures. VA has been deployed by hundreds of customers worldwide for over ten years, including the U.S. Department of Defense and all branches of the U.S. military which utilize VA to check the status of more than 3.5 million Common Access Cards used to secure system and network access, email, and other mission-critical resources. About Tumbleweed Communications Corp. Tumbleweed provides security solutions for email protection, file transfers, and identity validation that allow organizations to safely conduct business over the Internet. Tumbleweed offers these solutions in three comprehensive product suites: MailGate[R], SecureTransport[TM], and Validation Authority[TM]. MailGate provides protection against spam, viruses, and attacks, and enables policy-based message filtering, encryption, and routing. SecureTransport enables business to safely exchange large files and transactions without proprietary software. Validation Authority is the world-leading solution for determining the validity of digital certificates. Tumbleweed's enterprise and government customers include ABN Amro, Bank of America
Bank of America (NYSE: BAC TYO: 8648 ) is the largest commercial bank in the United States in terms of deposits, and the largest company of its kind in the world. Securities, Catholic Healthcare West Catholic Healthcare West (CHW) is a California not-for-profit public benefit corporation that operates hospitals in California, Arizona, and Nevada[1]. As such, it is exempt from federal and state income taxes. , JP Morgan Chase & Co., The Regence Group (Blue Cross/Blue Shield), St. Luke's Episcopal Healthcare System, the U.S. Food and Drug Administration, the U.S. Department of Defense, and all four branches of the U.S. Armed Forces. Tumbleweed was founded in 1993 and is headquartered in Redwood City, Calif. For additional information about Tumbleweed go to www.tumbleweed.com or call 650-216-2000. Tumbleweed, the Arrows logo, MailGate, SecureTransport, Tumbleweed Validation Authority and Validation Authority are either registered trademarks or trademarks of Tumbleweed Communications Corp. in the United States and/or other countries. All other trademarks are the property of their respective owners. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion