Required changes to Table 6 2 in FIPS 201
|
|
- Rachel Bradford
- 8 years ago
- Views:
Transcription
1 The PIV Working Group appreciates the opportunity to provide guidance on the initial scope for ICAM Part B. In addressing your request we created three bodies of content: Required changes to Table 6 2 in FIPS 201 Elements of a Chapter 1 of ICAM B What is an End Point PACS? Discussion of architecture versus functionality Required changes to Table 6 2 in FIPS 201 We believe the following table summarizes reality today based on the body of PIV documents (specifically FIPS 201 1, SP ,) and the GSA Approved Products List. This table will make it easier for the consumer to understand the difference between a trusted and non trusted authentication factor, how they can be combined for higher confidence, and which to select for a given application. Required changes to FIPS 201, Table 6 2 Authentication Factors for Physical Access PIV Assurance Level at the Door Trusted Authenticati on Factors Single NO confidence 0 VIS, CHUID, BIO, PIN to CARD Combination VIS + CHUID, CHUID + BIO SOME confidence 1 BIO (S), CAK, PIN to PACS CHUID (S) HIGH Confidence 2 PKI PIN to PACS + CAK, CHUID (S) + PIN to PACS BIO (S) + CAK, BIO (S) + PIN to PACS, PKI + BIO, CHUID (S) +BIO (S) VERY HIGH Confidence 3 PKI + BIO (S), PIN to PACS + CAK + BIO (S). CHUID (S) + BIO (S) + PIN to PACS Notes: 1. The fundamental premise of ICAM is that only trusted authentication factors will be used, so there is a need to categorize assurance levels based on trusted authentication factors. 2. ICAM focuses on end to end results, including use of the PACS, and is not limited to the card. Hence PIN to PACs, a valuable trusted security measure is included above. 3. CHUID (S) incorporates the signature checking option which results in one trusted authentication factor. CHUID has on trusted authentication factors.
2 4. BIO (S) incorporates the signature checking option which results in one trusted authentication factor. BIO has no trusted authentication factors. 5. BIO A is not shown as there are not good directions for what the attendant should do or how to do it. 6. The assurance achieved at the door cannot be greater than the assurance validated at registration to the PACS. 7. CAK is an Option and may not be present. There are two versions Symmetric and Asymmetric, and either contact or contactless are permitted, though PKI is only Asymmetric on the contact interface. 8. The last entry in the VERY HIGH Confidence does not include a Challenge, though it is three trusted factors. This may deserve some consideration of whether a Challenge becomes a mandatory threshold. Chapter 1 What is an End Point PACS? Assumptions 1. All Options will be made Mandatory (via new or updated standards supported by vendors and users) a. To ensure Interoperability b. To avoid rejection of otherwise good cards c. To ensure only trusted objects are used d. To provide an alternative to the PIV Auth Cert for Physical Access 2. The standards will support HIGH and VERY HIGH Confidence Assurance Levels for Contactless to meet the need for convenient transactions and productivity a. Else folks will bypass the rules to avoid waiting in lines b. Else there will be no environmentally friendly solution 3. PIN to PACS will be recognized as a trusted authentication factor a. Else many agencies will not accept PIV b. Other out of band factors can also be recognized, but the issue of binding must be addressed, whether OTP, cell phone, etc.
3 i. Biometrics should be recognized and an excellent mechanism to bind the person to another trusted authentication factor 4. Cryptography will be used end to end all the time a. All components will carry the time to market and high cost burden of FIPS i. And the burden of transition to FIPS b. PACS Host and PACS Controllers will need to be tested for compliance 5. PKI techniques will be used for all critical components involved in identity processes a. Controller b. Reader if performing challenge/response, signature checking, cert checking i. Else can be done by another component c. Other Security Devices and Systems such as Video and Audio Surveillance 6. Support UUID in addition to or potentially in lieu of the FASC N 7. All PIV Cards will be reissued for compliance and interoperability. a. The normal refresh process can achieve this over time if the compliance changes become mandatory ASAP for all new cards being issued 8. End Point PACS provide direct solutions for card authentication a. They will have to meet the same criteria for their own components anyway b. Device authentication will establish trusted system components. Non Person Entities (NPE) will likely use certificate based authentication to achieve identity convergence between people and things. 9. PACS will continue to perform Intrusion Detection in a converged, UL Listed manner so as to preclude false alarms on authorized access onto secure areas. 10. The Controller will have the Power of a PC a. Able to download firmware for PIV Middleware changes i. And on to the reader if it participates in the process b. To fully utilize the power of the Card c. Will be able to synchronize with the PKI to provide response to local and off line credential validation queries
4 11. The Reader will be more like a sensor only or a USB Reader for a desktop environment a. To ensure only critical components are on the Attack side of the secure perimeter i. Two Part Readers (or Reader/Controller hybrids can also comply) b. To reduce the cost of firmware changes and FIPS 140 and GSA APL re submittal requirements c. Some implementations may consist of a reader that is also a single door controller designed to perform the security process. 12. All PACS will be FISMA Compliant 13. PACS will be bought with Professional Services from the Manufacturer and annual maintenance contracts. Figure 1 Significant Differences between PACS today and PACS ICAM. Discussion of Architecture versus Functionality 1. Multiple architectures exist and will appear over time to achieve the desired functionality
5 2. The functionality can reside anywhere in the architecture, whether in the reader, the controller, the host, or another component. 3. Response time will likely exceed expectations developed from past experiences with 125KHz Proximity cards. The customer should determine their response time requirements and interview suppliers to determine whether they comply. Faster response times might require different architectures or higher cost. Different response times might be acceptable depending on use case (high traffic entry vs, high security area) 4. Critical ICAM Functionality that will have to be in an end point PACS, requiring upgrade or replacement will include: a. Challenge/Response of the Card s Certificate(s) b. Signature Checking c. Certificate Status Checking d. Path Validation e. Ability to support up 128 bit UUID 5. Existing PACS (or indeed Security System) functionality needs to be sustained. For instance UL listings, intrusion integration to prevent false alarms on authorized access, continued operation even under degraded network capabilities, etc. 6. Additional new functionality or specification changes may impact the architecture of the End Point PACS contemplated today.
6 Current State PACS Client Server with PACS Software/Database Multi Door Controller Reader Interface Contactless Reader Figure 2 Current State of PACS
7 A B Server verifies certificates, updates user records Multi Door Controller with local certificates (updated daily) Example upgrade options for PACS to accommodate certificate validation (any transparent readers must replaced with challenge/response readers) C D Smart Reader Interface (to verify certificates) Next generation solutions Figure 3 Example Upgrade Options for PACS to Accommodate Certificate Validation
8 PIV Assurance Level at the Door Single Combination PKI + BIO (S) PIN to PACS + CAK + BIO (S) CHUID (S) + BIO (S) + PIN to PACS PKI PIN to PACS + CAK, CHUID (S) + PIN to PACS BIO (S) + CAK BIO (S) + PIN to PACS PKI + BIO CHUID (S) +BIO (S) BIO (S) CAK PIN to PACS CHUID (S) VIS PIN to CARD CHUID BIO Figure 4 PIV Assurance Level at the Door
What Does it Mean to be PIVish in PACS ICAM PIV in E-PACS Guidance v2.0.2 the short form. December 3, 2012
Federal CIO Council Information Security and Identity Management Committee IDManagement.gov What Does it Mean to be PIVish in PACS ICAM PIV in E-PACS Guidance v2.0.2 the short form December 3, 2012 HSPD-12
More informationGSA FIPS 201 Evaluation Program
GSA FIPS 201 Evaluation Program David Temoshok Director, Federal Identity Policy and Management GSA Office of Governmentwide Policy NIST/DHS/TSA TWIC QPL Workshop April 21, 2010 1 HSPD-12 Government-wide
More informationPractical Challenges in Adopting PIV/PIV-I
UNCLASSIFIED Practical Challenges in Adopting PIV/PIV-I Hank Morris UNCLASSIFIED 2 UNCLASSIFIED // FOUO Purpose and Agenda Purpose: Explore the policy, process, and mechanisms to securely leverage biometrics
More informationEnrolling with PIV and PIV-I Velocity Enrollment Manager
Enrolling with PIV and PIV-I Velocity Enrollment Manager Overview The Homeland Security Presidential Directive 12 (HSPD-12) called for a common identification standard to be adopted by all Federal Government
More informationStrong Authentication for PIV and PIV-I using PKI and Biometrics
Strong Authentication for PIV and PIV-I using PKI and Biometrics Adam Shane PSP, Product Manager and Sr. Systems Design Architect AMAG Technology Bob Fontana CSCIP/G, Vice President-Federal Identity Codebench/HID
More informationSmart Cards and Biometrics in Physical Access Control Systems
Smart Cards and Biometrics in Physical Access Control Systems Robert J. Merkert, Sr. Vice President of Sales Americas Biometric Consortium 2005 Conference September 21, 2005 All Company and/or product
More informationFederal Identity, Credentialing, and Access Management. Personal Identity Verification Interoperable (PIV-I) Test Plan. Version 1.1.
Federal Identity, Credentialing, and Access Management Personal Identity Verification Interoperable (PIV-I) Test Plan Version 1.1.0 Final February 22, 2011 Table of Contents 1 Introduction... 1 1.1 Background...
More informationThe Global Unique ID (GUID)
The Global Unique ID (GUID) CardTech/SecureTech 7.April.2009 CertiPath Commercial PKI Bridge operated by a joint venture of ARINC : Exostar : SITA Agenda Recommendation on the Credential Numbering Scheme
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationExecutive Summary P 1. ActivIdentity
WHITE PAPER WP Converging Access of IT and Building Resources P 1 Executive Summary To get business done, users must have quick, simple access to the resources they need, when they need them, whether they
More informationChapter 15 User Authentication
Chapter 15 User Authentication 2015. 04. 06 Jae Woong Joo SeoulTech (woong07@seoultech.ac.kr) Table of Contents 15.1 Remote User-Authentication Principles 15.2 Remote User-Authentication Using Symmetric
More information1. The human guard at the access control entry point determines whether the PIV Card appears to be genuine and has not been altered in any way.
+ Expiration date + Agency card serial number (back of card) + Issuer identification (back of card). The PIV Card may also bear the following optional components: + Agency name and/or department + Department
More informationNIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics
NIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics Jan Krhovják Outline Introduction and basics of PIV Minimum
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationAudio: This overview module contains an introduction, five lessons, and a conclusion.
Homeland Security Presidential Directive 12 (HSPD 12) Overview Audio: Welcome to the Homeland Security Presidential Directive 12 (HSPD 12) overview module, the first in a series of informational modules
More informationMAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013
MAESON MAHERRY 3 Factor Authentication and what it means to business. Date: 21/10/2013 Concept of identity Identity and Access Management Authoritive Identity Source User Identity Feed and Role Management
More informationFederal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ)
Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ) Version 1.0 January 18, 2011 Table of Contents 1. INTRODUCTION... 3 1.1 BACKGROUND... 3 1.2 OBJECTIVE AND AUDIENCE...
More informationA Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
NIST Special Publication 800-116 A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS) William MacGregor Ketan Mehta David Cooper Karen Scarfone I N F O R M A T I O
More informationDerived credentials. NIST SP 800-63-1 ( 5.3.5) provides for long term derived credentials
Daon your trusted Identity Partner Derived Credentials A Use Case Cathy Tilton Daon 1 February 2012 Derived credentials NIST SP 800-63-1 ( 5.3.5) provides for long term derived credentials Derived credential
More informationIntegration of Access Security with Cloud- Based Credentialing Services
Integration of Access Security with Cloud- Based Credentialing Services Global Identity Summit September 17, 2014 All text, graphics, the selection and arrangement thereof, unless otherwise cited as externally
More informationMoving to Multi-factor Authentication. Kevin Unthank
Moving to Multi-factor Authentication Kevin Unthank What is Authentication 3 steps of Access Control Identification: The entity makes claim to a particular Identity Authentication: The entity proves that
More informationFOUR PILLARS FOR A SUCCESSFUL PIV ECOSYSTEM
FOUR PILLARS FOR A SUCCESSFUL PIV ECOSYSTEM Four Pillars that HSPD-12 Programs must consider for a secure, efficient, interoperable PIV enterprise deployment. Continued HSPD-12 Implementation under OMB
More informationGAO PERSONAL ID VERIFICATION. Agencies Should Set a Higher Priority on Using the Capabilities of Standardized Identification Cards
GAO United States Government Accountability Office Report to Congressional Requesters September 2011 PERSONAL ID VERIFICATION Agencies Should Set a Higher Priority on Using the Capabilities of Standardized
More informationAnnouncing Approval of Federal Information Processing Standard (FIPS) Publication 201-2,
This document is scheduled to be published in the Federal Register on 09/05/2013 and available online at http://federalregister.gov/a/2013-21491, and on FDsys.gov Billing Code 3510-13 DEPARTMENT OF COMMERCE
More informationPhysical Access Control System (PACS) in a Federal Identity, Credentialing and Access Management (FICAM) Framework
Physical Access Control System (PACS) in a Federal Identity, Credentialing and Access Management (FICAM) Framework PACS Best Practices using PKI-Authentication A SIA White Paper Security Industry Association
More informationGovernment Compliance Document FIPS 201, FIPS 197, FIPS 140-2
Government Compliance Document FIPS 201, FIPS 197, FIPS 140-2 AMAG Technology has been providing tailored and unified security solutions across a range of government agencies facilities for many years.
More informationMobile OTPK Technology for Online Digital Signatures. Dec 15, 2015
Mobile OTPK Technology for Online Digital Signatures Dec 15, 2015 Presentation Agenda The presentation will cover Background Traditional PKI What are the issued faced? Alternative technology Introduction
More informationThe Government-wide Implementation of Biometrics for HSPD-12
The Government-wide Implementation of Biometrics for HSPD-12 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy September 24, 2008 1 The HSPD-12 Mandate Home Security
More informationNIST Test Personal Identity Verification (PIV) Cards
NISTIR 7870 NIST Test Personal Identity Verification (PIV) Cards David A. Cooper http://dx.doi.org/10.6028/nist.ir.7870 NISTIR 7870 NIST Text Personal Identity Verification (PIV) Cards David A. Cooper
More informationUsing BroadSAFE TM Technology 07/18/05
Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security
More informationAdvanced Solutions for Critical Infrastructure Protection
Advanced Solutions for Critical Infrastructure Protection Complying with the North American Electric Reliability Corporation Critical Infrastructure Protection standards Get this White Paper Entrust Inc.
More informationBest Practices for the Use of RF-Enabled Technology in Identity Management. January 2007. Developed by: Smart Card Alliance Identity Council
Best Practices for the Use of RF-Enabled Technology in Identity Management January 2007 Developed by: Smart Card Alliance Identity Council Best Practices for the Use of RF-Enabled Technology in Identity
More informationSoftware Token Security & Provisioning: Innovation Galore!
Software Token Security & Provisioning: Innovation Galore! Kenn Min Chong, Principal Product Manager SecurID, RSA Emily Ryan, Security Solution Architect, Intel Michael Lyman, Product Marketing Manager,
More informationVelocity 3.1 KB640 Release Notes
Velocity 3.1 KB640 Release Notes Copyright 2013, Identive Group. Released June 1, 2013. Overview The Velocity 3.1 KB640 release supports newer PIV cards which use the updated FIPS201 data layout, allows
More informationInformation Technology Policy
Information Technology Policy Identity Protection and Access Management (IPAM) Architectural Standard Identity Management Services ITP Number ITP-SEC013 Category Recommended Policy Contact RA-ITCentral@pa.gov
More informationBIOMETRIC SOLUTIONS 2013 ISSUE
BIOMETRIC SOLUTIONS 2013 ISSUE Southern Supplies Limited (SSL) was established on January 14th 1982 with one aim in mind : "To be the preferred supplier to the industries we service." Over time, our expertise
More informationTechnical Implementation Guidance: Smart Card Enabled Physical Access Control Systems Version 2.3
Technical Implementation Guidance: Smart Card Enabled Physical Access Control Systems Version 2.3 Approved by: Government Smart Card Interagency Advisory Board Prepared by: Physical Access Interagency
More informationSTRONGER AUTHENTICATION for CA SiteMinder
STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive
More informationAccess Control Manager
Access Control Manager Avigilon Access Control Manager (ACM) is a revolutionary access control solution, engineered from the ground up by IT and security veterans to deliver a new standard in performance,
More informationAchieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER
with Convenience and Personal Privacy version 0.2 Aug.18, 2007 WHITE PAPER CONTENT Introduction... 3 Identity verification and multi-factor authentication..... 4 Market adoption... 4 Making biometrics
More informationConverged Smart Card for Identity Assurance Solutions. Crescendo Series Smart Cards
Converged Smart Card for Identity Assurance Solutions Crescendo Series Smart Cards Crescendo is the proven smart card solution for a combined logical and physical access control solution. Crescendo smart
More informationI N F O R M A T I O N S E C U R I T Y
NIST Special Publication 800-78-3 DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification W. Timothy Polk Donna F. Dodson William E. Burr Hildegard Ferraiolo David Cooper I N F
More informationAn Operational Architecture for Federated Identity Management
An Operational Architecture for Federated Identity Management March 2011 Implementing federated identity management and assurance in operational scenarios Federated Identity Solution The Federated identity
More informationTrust: When Physical and Logical Security Worlds Collide
Trust: When Physical and Logical Security Worlds Collide Bob Beliles VP. Enterprise Business Development Hirsch Electronics Copyright 2009 Trusted Computing Group Copyright 2009 Trusted Computing Group
More informationI N F O R M A T I O N S E C U R I T Y
NIST Special Publication 800-73-3 Interfaces for Personal Identity Verification Part 1: End-Point PIV Card Application Namespace, Data Model and Representation Ramaswamy Chandramouli David Cooper James
More informationI N F O R M A T I O N S E C U R I T Y
NIST Special Publication 800-78-2 DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification W. Timothy Polk Donna F. Dodson William. E. Burr I N F O R M A T I O N S E C U R I T Y
More informationAC04: Leveraging Physical Identity Risk Management to Streamline Assets, Processes and People. Ajay Sharma Quantum Secure April 11 th 2013
AC04: Leveraging Physical Identity Risk Management to Streamline Assets, Processes and People Ajay Sharma Quantum Secure April 11 th 2013 Provider #: K054 Learning Objectives 1. Discuss the correlation
More informationNo additional requirements to use the PIV I card for physical facility access have been identified.
1. The RFI request document regarding Driver Authentication states that "any one or more of the following methods" will be required: Personal Identification Number (PIN) Non Federal Personal Identity Verification
More informationCard Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006
Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark
More informationContactless Solutions
Contactless Solutions Extends Windows Authentication ACCESS secure. Contactless Solutions Add contactless logical access control to your physical access control system w Three-component solution (Prox
More informationToday, there are three major initiatives for cards and credentials. Every security
What s the Near Future Hold for ID Cards & Credentials? Jeremy Earles, Ingersoll Rand Security Technologies Portfolio Marketing Manager-Credentials & Readers Today, there are three major initiatives for
More informationFrom. Medusa. Midas. Lynn Kluegel Glen Lee. Lee Neely. Melissa Nimmo LA-UR-22904. Unclassified
From to Medusa Midas Lynn Kluegel Glen Lee Lee Neely Melissa Nimmo LA-UR-22904 Goals of the DOE PKI Path Forward Establish a more robust/resilient PKI directory service for obtaining encryption certificates
More informationBest Practices Provide Best Value When Implementing Key Control and Asset Management Systems
Attribute to: Fernando Pires VP, Sales and Marketing Morse Watchmans Best Practices Provide Best Value When Implementing Key Control and Asset Management Systems Abstract Key control and asset management
More informationA Conceptual Model of Practitioner Authentication Prior to Providing Telemedicine Services in Developing Countries
A Conceptual Model of Practitioner Authentication Prior to Providing Telemedicine Services in Developing Countries Leonie Spoerer, Yashik Singh and Maurice Mars Dept of TeleHealth, University of KwaZulu-Natal
More informationMay 2010. For other information please contact:
access control biometrics user guide May 2010 For other information please contact: British Security Industry Association t: 0845 389 3889 f: 0845 389 0761 e: info@bsia.co.uk www.bsia.co.uk Form No. 181.
More informationStrong authentication of GUI sessions over Dedicated Links. ipmg Workshop on Connectivity 25 May 2012
Strong authentication of GUI sessions over Dedicated Links ipmg Workshop on Connectivity 25 May 2012 Agenda Security requirements The T2S U2A 2 Factor Authentication solution Additional investigation Terminal
More informationFuture directions of the AusCERT Certificate Service
Future directions of the AusCERT Certificate Service QV Advanced Plus certificates Purpose Digital signatures non-repudiation, authenticity and integrity Encryption - confidentiality Client authentication
More informationIdentity, Credential, and Access Management. Open Solutions for Open Government
Federal CIO Council Information Security and Identity Management Committee Identity, Credential, and Access Management www.idmanagement.gov Open Solutions for Open Government Judith Spencer Co-Chair, ICAM
More informationChapter 1: Introduction
Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure
More informationDraft Middleware Specification. Version X.X MM/DD/YYYY
Draft Middleware Specification Version X.X MM/DD/YYYY Contents Contents... ii 1. Introduction... 1 1.2. Purpose... 1 1.3. Audience... 1 1.4. Document Scope... 1 1.5. Document Objectives... 1 1.6. Assumptions
More informationCoSign by ARX for PIV Cards
The Digital Signature Company CoSign by ARX for PIV Cards Seamless and affordable digital signature processes across FIPS 201-compliant systems Introduction to Personal Identity Verification (PIV) In response
More informationFinancial Security Symposium 2012. Singapore
Financial Security Symposium 2012 Singapore Identity Assurance Solutions - Establishing Trust in Online Identities LEE Meng Chuan Regional Sales Manager, ASEAN Identity and Access Management (IAM) About
More informationCryptographic and Security Testing Laboratory. Deputy Laboratory Director, CST Laboratory Manager
Cryptographic and Security Testing Laboratory Deputy Laboratory Director, CST Laboratory Manager About our Cryptographic and Security Testing Laboratory Bringing together a suite of conformance testing
More informationEnhancing Web Application Security
Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor
More informationDevice-Centric Authentication and WebCrypto
Device-Centric Authentication and WebCrypto Dirk Balfanz, Google, balfanz@google.com A Position Paper for the W3C Workshop on Web Cryptography Next Steps Device-Centric Authentication We believe that the
More informationSecure Authentication for the Development of Mobile Internet Services Critical Considerations
Secure Authentication for the Development of Mobile Internet Services Critical Considerations December 2011 V1 Mobile Internet Security Working Group, SIMalliance AGENDA SIMalliance presentation What s
More informationComparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software
WHITE PAPER: COMPARING TCO: SYMANTEC MANAGED PKI SERVICE........ VS..... ON-PREMISE........... SOFTWARE................. Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software
More informationStrong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment
Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment IIIIII Best Practices www.gemalto.com IIIIII Table of Contents Strong Authentication and Cybercrime... 1
More informationSafeNet Authentication Client (Windows)
SafeNet Authentication Client (Windows) Version 8.1 SP1 Revision A User s Guide Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete
More informationThe IdenTrust Rule Set: Providing Secure Identities While Protecting Privacy
The IdenTrust Rule Set: Providing Secure Identities While Protecting Privacy IdenTrust accepted in 172 countries Bank-Issued Identities All You Need is One. Enabling an eco-friendly digital world. White
More informationEntrust Smartcard & USB Authentication
Entrust Smartcard & USB Authentication Technical Specifications Entrust IdentityGuard smartcard- and USB-based devices allow organizations to leverage strong certificate-based authentication of user identities
More informationGuide to Evaluating Multi-Factor Authentication Solutions
Guide to Evaluating Multi-Factor Authentication Solutions PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-No-Token / 1-877-668-6536 www.phonefactor.com Guide to Evaluating Multi-Factor
More informationMobile multifactor security
Mobile multifactor security A revolution in authentication and digital signing Mobile multifactor security A revolution in authentication and digital signing Smartphones will continue to ship in high volumes,
More informationSubject: Public Key Infrastructure: Examples of Risks and Internal Control Objectives Associated with Certification Authorities
United States Government Accountability Office Washington, DC 20548 August 10, 2004 The Honorable Tom Davis Chairman, Committee on Government Reform House of Representatives Dear Mr. Chairman: Subject:
More informationPersonal Identity Verification Card
Personal Identity Verification Card By this time, Executive Branch agencies and departments should have the Personal Identity Verification (PIV) part I processes defined and in place. This paper focuses
More informationSecurity Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net
Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those
More informationIdentity, Credential, and Access Management. An information exchange For Information Security and Privacy Advisory Board
Federal CIO Council Information Security and Identity Management Committee Identity, Credential, and Access Management An information exchange For Information Security and Privacy Advisory Board Deb Gallagher
More informationHuman Factors in Information Security
University of Oslo INF3510 Information Security Spring 2014 Workshop Questions Lecture 2: Security Management, Human Factors in Information Security QUESTION 1 Look at the list of standards in the ISO27000
More informationDEPARTMENTAL REGULATION
U.S. DEPARTMENT OF AGRICULTURE WASHINGTON, D.C. 20250 DEPARTMENTAL REGULATION SUBJECT: Identity, Credential, and Access Management Number: 3640-001 DATE: December 9, 2011 OPI: Office of the Chief Information
More informationIntroduction to SAML
Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments
More informationElectronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust
Electronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust Imprivata Confirm ID and the DEA Interim Final Rule on EPCS Technology requirements to comply with the DEA
More informationPage 1. Smart Card Applications. Lecture 7: Prof. Sead Muftic Matei Ciobanu Morogan. Lecture 7 : Lecture 7 : Smart Card Applications
in Open Distributed Processing s 1 in Open Distributed Processing s 2 Prof. Sead Muftic Matei Ciobanu Morogan Lecture 7: 1 2 in Open Distributed Processing s 3 in Open Distributed Processing s Smart s
More informationNuclear Regulatory Commission Computer Security Office Computer Security Standard
Nuclear Regulatory Commission Computer Security Office Computer Security Standard Office Instruction: Office Instruction Title: CSO-STD-2105 Remote Access Security Standard Revision Number: 1.0 Effective
More informationHow To Use Egnyte
INTRODUCING ON DEMAND FILE SERVER FROM BT WHOLESALE APPLICATION STORE WHAT IS ON DEMAND FILE SERVER? The three most common technology challenges facing every small business are data storage, information
More informationVASCO: Compliant Digital Identity Protection for Healthcare
VASCO: Compliant Digital Identity Protection for Healthcare Compliant Digital Identity Protection for Healthcare The proliferation of digital patient information and a surge in government regulations are
More informationMulti-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access
Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies
More informationOffice of the Chief Information Officer Department of Energy Identity, Credential, and Access Management (ICAM)
Department of Energy Identity, Credential, and Access Management (ICAM) Cyber Security Training Conference Tuesday, May 18, 2010 1 Announcement LACS Birds-of-a-Feather Session Logistics Wednesday, May
More information3M Cogent, Inc. White Paper. Beyond. Wiegand: Access Control. in the 21st Century. a 3M Company
3M Cogent, Inc. White Paper Beyond Wiegand: Access Control in the 21st Century a 3M Company Unprecedented security features & capabilities Why Wiegand? The Problem with Wiegand In 1970, John Wiegand invented
More informationTwo Factor Authentication for VPN Access
Trends in cloud computing, workforce mobility, and BYOD policies have introduced serious new vulnerabilities for enterprise networks. Every few weeks, we learn about a new instance of compromised security.
More informationIntegrated Identity Management Whitepaper
Integrated Identity Management Whitepaper Tom Stiles, Identification Systems Group 9600 N. Locust Drive Kansas City, MO 64155 Phone: 816.582.1596 tstiles@identificationssystemsgroup.com Contents 1. Introduction......
More informationFAQs Electronic residence permit
FAQs Electronic residence permit General 1) When was the electronic residence permit introduced? Since 1 September 2011, foreigners in Germany have been issued with the new electronic residence permit
More informationHow Secure are Contactless Payment Systems?
SESSION ID: HT-W01 How Secure are Contactless Payment Systems? Matthew Ngu Engineering Manager RSA, The Security Division of EMC Chris Scott Senior Software Engineer RSA, The Security Division of EMC 2
More informationADDING STRONGER AUTHENTICATION for VPN Access Control
ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows
More informationIDRBT Working Paper No. 11 Authentication factors for Internet banking
IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased
More informationAX.S Series Access Control and I.AM Series Identity Access Management
AX.S Series Access Control and I.AM Series Identity Access Management We selected the Kaba Embedded Access Control System for its features and functions, but what we like the most is how rock solid the
More informationGuard All Security Symposium. Identity and Access Management
Guard All Security Symposium Identity and Access Management The Complex Digital World Welcome to the Identiverse Segments / Brands Product Offerings Applications ID Management Solutions Governmental credentialing
More informationNight Owl 8 channel DVR system with HDMI output, 960H recording and a Free Night Owl Pro App with Owl Scan (No Hard Drive Included)
Night Owl 8 channel DVR system with HDMI output, 960H recording and a Free Night Owl Pro App with Owl Scan (No Hard Drive Included) Night Owl s PE-DVR8 is an advanced 8 channel 960H Security DVR. The DVR
More informationIdentiv is a publicly traded company and its common stock is listed on the NASDAQ Capital Market in the U.S. under the symbol INVE.
About Identiv Identiv is a global security technology company that establishes trust in the connected world, including premises, information, and everyday items. Global organizations in the government,
More informationUS Security Directive FIPS 201
Security US Security Directive FIPS 201 Compliance Strategies Learn about compliance strategies for governmental agencies in meeting requirements of Homeland Security Presidential Directive 12 (HSPD-12),
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More information