Personal Identity Verification (PIV) Enablement Solutions



Similar documents
Free ACA SOLUTION (IRS 1094&1095 Reporting)

Contents. Presentation contents: Basic EDI dataflow in Russia. eaccounting for HR and Payroll. eaccounting in a Cloud

Key Management System Framework for Cloud Storage Singa Suparman, Eng Pin Kwang Temasek Polytechnic

A Secure Web Services for Location Based Services in Wireless Networks*

Rural and Remote Broadband Access: Issues and Solutions in Australia

Continuity Cloud Virtual Firewall Guide

Maintain Your F5 Solution with Fast, Reliable Support

Product Overview. Version 1-12/14

Architecture of the proposed standard

ITIL & Service Predictability/Modeling Plexent

CARE QUALITY COMMISSION ESSENTIAL STANDARDS OF QUALITY AND SAFETY. Outcome 10 Regulation 11 Safety and Suitability of Premises

REPORT' Meeting Date: April 19,201 2 Audit Committee

UTILITY SOLUTIONS. Security & Site Monitoring. Substation Automation Solutions. Protection & Control Systems. Optical Communication Networks

Cisco Data Virtualization

Adverse Selection and Moral Hazard in a Model With 2 States of the World

Swisscom Cloud Strategy & Services

Remember you can apply online. It s quick and easy. Go to Title. Forename(s) Surname. Sex. Male Date of birth D

Moving Securely Around Space: The Case of ESA

Important Information Call Through... 8 Internet Telephony... 6 two PBX systems Internet Calls... 3 Internet Telephony... 2

Entry Voice Mail for HiPath Systems. User Manual for Your Telephone

Developing Economies and Cloud Security: A Study of Africa Mathias Mujinga School of Computing, University of South Africa mujinm@unisa.ac.

SCHOOLS' PPP : PROJECT MANAGEMENT

IBM Healthcare Home Care Monitoring

Category 7: Employee Commuting

WORKERS' COMPENSATION ANALYST, 1774 SENIOR WORKERS' COMPENSATION ANALYST, 1769

A Project Management framework for Software Implementation Planning and Management

Information Management Strategy: Exploiting Big data and Advanced Analytics

Asset set Liability Management for

Use a high-level conceptual data model (ER Model). Identify objects of interest (entities) and relationships between these objects

Planning and Managing Copper Cable Maintenance through Cost- Benefit Modeling

Designing a Secure DNS Architecture

An Broad outline of Redundant Array of Inexpensive Disks Shaifali Shrivastava 1 Department of Computer Science and Engineering AITR, Indore

Development of Financial Management Reporting in MPLS

Enforcing Fine-grained Authorization Policies for Java Mobile Agents

YOU HAVE A MISSION WE HAVE TECHNOLOGY SAVING TIME TO BUILD YOUR CAMP S BOTTOM LINE

Fleet vehicles opportunities for carbon management

IHE IT Infrastructure (ITI) Technical Framework Supplement. Cross-Enterprise Document Workflow (XDW) Trial Implementation

5 2 index. e e. Prime numbers. Prime factors and factor trees. Powers. worked example 10. base. power

Entity-Relationship Model

Thursday, March 18, :07 PM Page 1 of 16

Mainframe Integration

June Enprise Rent. Enprise Author: Document Version: Product: Product Version: SAP Version:

Title: Patient Safety Improvements through Real-Time Inventory Management

Caution laser! Avoid direct eye contact with the laser beam!

Secure User Data in Cloud Computing Using Encryption Algorithms

Lecture 20: Emitter Follower and Differential Amplifiers

The example is taken from Sect. 1.2 of Vol. 1 of the CPN book.

Job Description. Programme Leader & Subject Matter Expert

STATEMENT OF INSOLVENCY PRACTICE 3.2

Siemens IT Solutions and Services Pvt. Ltd.

STUDENT. Achieve More! AT A GLANCE BECOME A CWI. I fee. Learn More: OPPORTUNITIES TO

CalOHI Content Management System Review

PLUG AND PLAY SERVER LOAD BALANCING AND GLOBAL SERVER LOAD BALANCING FOR TACTICAL NETWORKS

union scholars program APPLICATION DEADLINE: FEBRUARY 28 YOU CAN CHANGE THE WORLD... AND EARN MONEY FOR COLLEGE AT THE SAME TIME!

Combinatorial Analysis of Network Security

How To Fund A Farm In Colombia

FACULTY SALARIES FALL NKU CUPA Data Compared To Published National Data

Dolphin Management 6. a u. h r. e D oc. n Sec. t GPS

LG has introduced the NeON 2, with newly developed Cello Technology which improves performance and reliability. Up to 320W 300W

Human Resources and Organisational Development Services. Service Area Name: Services to Schools Account Manager:

Cookie Policy- May 5, 2014

C H A P T E R 1 Writing Reports with SAS

a m e s y s AMESYS INTELLIGENCE SOLUTIONS C RITIC A L SYSTEM ARCHITEC T SERVICES PROVIDED C O N T A C T S

Who uses our services? We have a growing customer base. with institutions all around the globe.

Presentation on Short-Term Certificates to the CAPSEE Conference. September 18, 2014

Business rules FATCA V. 02/11/2015

Nimble Storage Exchange ,000-Mailbox Resiliency Storage Solution

5.3.2 APPROACH TO PERFORMANCE MANAGEMENT

Category 1: Purchased Goods and Services

81-1-ISD Economic Considerations of Heat Transfer on Sheet Metal Duct

Enrolling with PIV and PIV-I Velocity Enrollment Manager

DENTAL CAD MADE IN GERMANY MODULAR ARCHITECTURE BACKWARD PLANNING CUTBACK FUNCTION BIOARTICULATOR INTUITIVE USAGE OPEN INTERFACE.

by John Donald, Lecturer, School of Accounting, Economics and Finance, Deakin University, Australia

TraSiCAD Version 2.8. TraSiCAD - Traffic Sign Computer Aided Design V2.8. ORDER / REGISTRATION FORM - TraSiCAD V2.8

FEASIBILITY STUDY OF JUST IN TIME INVENTORY MANAGEMENT ON CONSTRUCTION PROJECT

Cost Benefit Analysis of the etir system Summary, limitations and recommendations

Congressional Budget Submission. U. S. Department of Justice. FY 2009 Performance Budget. Justice Information Sharing Technology (JIST)

ESA Support to ESTB Users

I. INTRODUCTION. Figure 1, The Input Display II. DESIGN PROCEDURE

Econ 371: Answer Key for Problem Set 1 (Chapter 12-13)

Enterprise Resource Planning (ERP) Systems

Payment Hub Project A Worldwide Electronic Banking System,

606 EDUCATIONAL LEADERSHIP

Our Company. 14 years active in ECM concepts Microsoft competence in ERP integration International projects

M.1 Emergency Response Continuity of Operations Plan

erkeley / uc berkeley extension Be YoUR Best / be est with berkeley / uc berkeley With BerkELEY exten xtension / be your best with berkele

Data warehouse on Manpower Employment for Decision Support System

Data Encryption and Decryption Using RSA Algorithm in a Network Environment

Managing Risk with Composite Information Systems

YouthWorks Youth Works (yüth- w rkz), n.

Hardware Modules of the RSA Algorithm

ENVIRONMENT FOR SIGNAL PROCESSING APPLICATIONS DEVELOPMENT AND PROTOTYPING Brigitte SAGET, MBDA

Foreign Exchange Markets and Exchange Rates

An IAC Approach for Detecting Profile Cloning in Online Social Networks

Transcription:

Prsonal Idntity Vrification (PIV) Enablmnt Solutions pivclass Govrnmnt Solutions

Affordabl Prsonal Idntity Vrification (PIV) Enablmnt Solutions from a Singl, Trustd Supplir Complt Solution for PIV Enablmnt HID Global s pivclass Govrnmnt Solutions portfolio is an xtnsiv product family that maks it asy for U.S. Fdral Govrnmnt, govrnmnt contractors and othr facilitis to comply with scurity rgulations and to us thir Prsonal Idntity Vrification (PIV) and othr smart cards for physical accss control, rsulting in complianc, introprability and high scurity. FIPS 201 Complianc Without Th Nd to Rip and Rplac Th pivclass modular approach provids govrnmnt agncis th ability to us thir PIV idntity cards for strong public ky infrastructur (PKI)-basd validation for physical accss control. Th solution nabls this functionality without th nd to rip and rplac xisting physical accss control systms (PACS), rducing costs, and rmoving complxitis to mak it asy and affordabl to acquir, install and maintain compliant physical accss control systms. pivclass accomplishs this in part by communicating with an agncy s PACS and xtrnal trust authority PKIs to dlivr functionality spcifid by National Institut of Standards and Tchnology (NIST) Fdral Information Procssing Standards Publication 201 (FIPS 201). An Intgratd Solution from a Singl Providr Dlivring fully tstd and validatd turnky govrnmnt solutions from a singl, trustd sourc, pivclass authnticats PIV crdntials across th full rang of assuranc lvls as dfind by th fdral govrnmnt s Spcial Publication 800-116 (SP 800-116). pivclass products also support th Transportation Workr Idntification Crdntial (TWIC) Radr Spcification. Th pivclass portfolio includs pivclass Rgistration Engin, pivclass Crtificat Managr, pivclass Radr Srvics, pivclass Authntication Modul (PAM) and a complt lin of pivclass radrs, nabling agncis to quickly and asily acquir all of th ncssary componnts for thir PIV-nabld accss control systms.

Achiving Complianc Mad Simpl How it Works Working togthr to dlivr strong authntication at th door and during th initial cardholdr rgistration, th pivclass solution nsurs th card is th originally rgistrd card and th cardholdr is th prson h/sh claims to b. It also vrifis th card has not bn forgd, altrd, clond, lost, stoln, shard, rvokd or xpird. pivclass accomplishs this by prforming th following functions: Automatically rgistrs cards into th PACS databas with no manual data ntry. Excuts full path discovry and crtificat rvocation chcking using CRL, OCSP or SCVP. Priodically rtrivs card rvocation status from issuing crtificat authoritis. Cachs validation data and offrs dgradd mod sttings to allow continud validation whn accss to card issur validation data (.g., CRL) is unavailabl. Validats cardholdr crdntials both during a card s rgistration into local accss control softwar and at th door. Validats visiting cardholdr crdntials from othr agncis (i.., provids crtificat path discovry and validation ssntial for introprability across govrnmnt agncis and any othr ntitis cross-crtifid with th Fdral Bridg). Provids cntralizd configuration and managmnt of pivclass products via a graphical usr intrfac. Allows configuration of trustd card issurs, authntication mods, Wigand output format and mor. Provids cntralizd distribution of firmwar updats to pivclass Authntication Moduls. Collcts dtaild log activity for display and xport. PIV-Enablmnt for Existing PACS Th pivclass modular approach allows agncis to dploy diffrnt pivclass componnts ovr tim as thir budgt allows and as thy work toward achiving complianc. Th pivclass off-th-shlf softwar is intgratd with mor than 30 physical accss control systms and dos not rquir any softwar dvlopmnt.

pivclass Radrs Mt Any Authntication Mod and Any Assuranc Lvl Controlld Aras Limitd Aras Exclusion Aras pivclass Radrs Th pivclass Govrnmnt Solution suit includs a broad slction of radrs for agncis to mt any scurity lvl and th NIST SP 800-116 guidlins. pivclass radrs work with th pivclass Authntication Modul to mt rquirmnts for: Any assuranc lvl: controlld, limitd or xclusion. Any authntication mod: CHUID, CAK, PIV + PIN, or PIV + PIN + BIO; also, FASC-N rads for non-sp800-116 uncontrolld aras, and th additional TWIC authntication mods, CHUID + BIO and CAK + BIO. Narly any card typ, contact or contactlss, including PIV, PIV-I, CIV (a.k.a., PIV-C), TWIC, FRAC and CAC. Additionally, pivclass radrs provid fully functional backward compatibility with xisting iclass and HID Prox radrs, asing th transition from lgacy cards to PKI-basd crdntials. Th radrs also support bidirctional communication to th PAM. Assuranc Lvls and Authntication Mods Most Fdral facilitis hav likly compltd a risk assssmnt that dsignatd ach door and portal as rquiring an uncontrolld, controlld, limitd or xclusion assuranc lvl. NIST SP 800-116 spcifis which authntication mods ar rquird for which assuranc lvls. For instanc, a door lading to a high scurity ara will rquir a mor advancd radr (in ordr to prform additional idntity chcks, such as biomtric fingrprint match) than a lowr scurity door. Figur 1 illustrats th diffrnt scurity lvls and th attack vctors addrssd by th pivclass solution. Mt Any Assuranc Lvl Scurs against cards that ar... Scurity Ara (pr NIST SP800-116 & Risk Assssmnt) Authntication Factors Authntication Mods Rvokd Countrfit or Altrd Copid or Clond Lost or Stoln Uncontrolld Non FASC-N Controlld 1 CHUID + VIS Controlld 1 CAK Limitd 2 PIV + PIN Exclusion 3 PIV + PIN + BIO Shard BIO: Biomtric; CAK: Card Authntication Ky; CHUID: Cardholdr Uniqu Idntifir; FASC-N: Fdral Agncy Smart Crdntial Numbr; PIN: Prsonal Idntification Numbr; PIV: Prsonal Idntity Vrification (PIV) Authntication Ky; VIS: Visual Figur 1

pivclass Authntication Modul Dos th Havy Lifting for PIV Validation pivclass Authntication Modul Th pivclass Authntication Modul (PAM) is an mbddd computr packagd in a small form factor with pr-installd, updatabl firmwar. Th PAM is installd btwn a supporting radr (such as a pivclass radr) and th xisting accss control panl, and provids configurabl Wigand output to th controllr. This nabls th systm to b upgradd to support PIV cards for accss control; th accss control panls do not hav to b rplacd or vn rconfigurd, and th hadnd accss control softwar dos not nd to b nhancd with nw faturs. Similarly, much of your xisting wiring may b rusabl. Radrs pass card information to th PAM, which prforms th rquird authntication to validat (or invalidat) th cardholdr crdntial. If validatd, th badg ID is thn passd to th xisting accss control panl for th accss authorization dcision. Sinc th PAM rgularly rcivs and cachs cardholdr crdntial status from th pivclass Crtificat Managr, th rsult is narly raltim PKI-basd high scurity at th door. In its rol, th PAM dos th havy lifting of cryptographic oprations for PIV cardholdr crdntial authntication ach tim a card is prsntd to a radr. Each PAM can procss up to two radrs at on or two doors. Incrasd Ovrall Systm Scurity Th pivclass solution is architctd for th scurity-conscious yt cost-snsitiv scurity administrator. Th pivclass Authntication Modul typically sits insid th scur primtr, whr it not th radr prforms th critical cryptographic functions. This architctur locats th PKI oprations within th scur primtr rathr than in an xpnsiv, PKI-capabl radr placd on th inscur/attack sid of th door.

pivclass Softwar Communicats with Trust Authoritis pivclass Softwar Componnts: pivclass Rgistration Engin: rads, validats, authnticats and automatically rgistrs valid crdntials into PACS databas without any manual data ntry. pivclass Crtificat Managr: priodically rvalidats th status of digital crtificats and updats th PACS with any chang in status; can automatically suspnd any card associatd with a rvokd crtificat; can snd an mail to a distribution list for notification. pivclass Radr Srvics: configurs and manags pivclass radrs via th PAM. pivclass Rgistration Engin and pivclass Crtificat Managr Th pivclass Rgistration Engin is a softwar modul that rads, validats, authnticats and rgistrs crdntials with a PACS automatically without manual data ntry. Th softwar validats multipl card typs, including PIV, PIV-I, CIV (PIV-C), CAC NG, CAC EP, TWIC and FRAC. Th pivclass Crtificat Managr is a softwar modul that, aftr crdntial rgistration, rgularly communicats with xtrnal trust authoritis to chck th status of cachd crtificats. Upon dtrmining a status chang, th softwar can suspnd any card associatd with a rvokd crtificat and/or snd an mail to a distribution list for notification. pivclass Crtificat Managr also snds that information via Ethrnt (AES256 ncryption optional) to th pivclass Authntication Moduls (PAMs) for nforcmnt. pivclass Radr Srvics snds mod updats, TWIC Privacy Kys (TPKs), and othr information to PAMs and supports multipl authntication mods including FASC-N, CHUID, CAK, PIV + PIN, CHUID + BIO, CAK + BIO, and PIV + PIN + BIO. Typically, an agncy will install th pivclass Rgistration Engin on ach workstation whr crdntial rgistration is to occur. pivclass Crtificat Managr softwar is rquird for ongoing rvalidation of crtificats aftr rgistration and is usually placd on th PACS srvr, although altrnativ configurations can b implmntd to mt spcific nds. Th communication flow btwn pivclass lmnts and othr parts of th architctur is dtaild in Figur 2. Gnuin HID With Gnuin HID, th U.S. Fdral Govrnmnt, govrnmnt contractors and othr facilitis bnfit from th broadst product lin of trustd, fully introprabl scur idntity solutions in th markt. Gnuin HID solutions ar dsignd and built in IS0 9001 crtifid facilitis; includ worldwid agncy crtifications; and ar backd by global product warrantis. Supportd by industrylading xprtis and th strongst dlivry and rspons platform availabl, Gnuin HID solutions rinforc th long-standing trust that whn customrs purchas from HID Global, thy ar invsting with absolut confidnc. G s E c u r N U i d I t n N t i E y pivclass Systm Diagram PACS Controllr/Panl Existing Physical Accss Control Systm (PACS) PACS Softwar Existing Scurity Mgmt Systm Had-nd Validation Authoritis Fdral Bridg, CRL, OCSP, SCVP, TWIC Canclld Card List pivclass Authntication Modul pivclass Rgistration Engin & pivclass Crtificat Managr Authntication Modul & Radr Functions Signatur chcks Privat ky challng Conformity & frshnss chcks PIN & BIO chcks Rgistration Engin & Crtificat Managr Functions Crdntial Rgistration Path discovry and validation Rvocation chcking Figur 2

hidglobal.com

G E N U I N E s c u r i d t n t i y An ASSA ABLOY Group brand North Amrica: +1 949 732 2000 Toll Fr: 1 800 237 7769 Europ, Middl East, Africa: +44 1440 714 850 Asia Pacific: +852 3160 9800 Latin Amrica: +52 55 5081 1650 2013 HID Global Corporation/ASSA ABLOY AB. All rights rsrvd. HID, HID Global, th HID Blu Brick logo, th Chain Dsign, Gnuin HID, iclass, pivclass and pivclass Authntication Modul ar tradmarks or rgistrd tradmarks of HID Global or its licnsor(s)/supplir(s) in th US and othr countris and may not b usd without prmission. All othr tradmarks, srvic marks, and product or srvic nams ar tradmarks or rgistrd tradmarks of thir rspctiv ownrs. 2013-06-12-pivclass-solutions-br-n hidglobal.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information