Overview

Exostar's Federated Identity Service (FIS) is a comprehensive PKI solution that enables full lifecycle management of certificates, strong authentication practices and controlled access to applications through Exostar's Managed Access Gateway (MAG) platform. FIS minimizes risk and assures resources and intellectual assets are protected over the extended enterprise. Because it is operationally modeled after, and is compliant with CertiPath (the PKI cross-certification bridge) security policies and federal best-practice guidelines, FIS is ideal for enabling sensitive online transactions and secure access to information.

Certificate Types

• Authentication/Identity:  Digital certificates can be used to prove identity and to allow access to online services (similar to a driver’s license in the non-online world).

• Signature:  Digital certificates can be used to sign electronic documents, proving data has been authored by an individual and not been tampered with (similar to a wet ink signature and wax seal).
• Encryption:  Digital certificates can be used to encrypt sensitive data preventing non- authorized parties accessing it (similar to a key to a safe).

Assurance Levels

Exostar issues certificates with varying assurance (strength) levels.  The strength of a certificate directly corresponds to the level of proof required to obtain a particular certificate and the security used to store the private key associated with the certificate.

• Basic Level of Assurance (BLOA):  Does not require in-person identity check (no proofing required) and is stored on a user’s hard drive.
• Medium Level of Assurance (MLOA) Software:  Stronger than BLOA and requires in-person identity check (in-person proofing required) and is stored on a user’s hard drive.
• Medium Level of Assurance (MLOA) Hardware:  Stronger than MLOA Software and requires in-person identity check (in-person proofing required) and is stored on a USB Security Device (token).

When users download a BLOA Digital Software Certificate, an Identity Certificate is installed to the user’s hard drive. When a user downloads MLOA Digital Certificates, the user has to complete in-person proofing. For MLOA Software Digital Certificates, all three certificate types are installed to a user’s hard drive. For MLOA Hardware Digital Certificate, all three certificate types are installed onto a USB token.

Exostar's Secure Email Service is an end-to-end solution which enables customers to rapidly deploy SecureEmail without infrastructure or technology investments in PKI. The service is supported by Exostar's member-only hosted LDAP proxy to provide certificate look-up for our members and a range of digital certificates.

Exostar LDAP Proxy is designed to automate the process of discovery of end user encryption certificates to support secure email. It is a members-only service.

System Check

To run a system check, please go here.