g6 Authentication Platform
|
|
- Maryann Potter
- 5 years ago
- Views:
Transcription
1 g6 Authentication Platform Seamlessly and cost-effectively modernize a legacy PACS to be HSPD-12 compliant l l l l Enrollment and Validation Application Authentication Modules Readers
2 HSPD-12 Enrollment Application & 2-Door Authentication Module Upgrade Legacy Physical Access Systems to Meet HSPD-12 Requirements For Strong Authentication For nearly a decade, Federal Government agencies have struggled with how to modernize their existing physical access control systems (PACS) to operate in the HSPD- 12 environment. The challenge has been elusive: legacy systems are proprietary and based on 30-year old Wiegand communication while HSPD-12 requires use of modern cryptographic tools. Many physical access system providers offer readers that are listed as FIPS-201 compliant on the GSA Approved Products List. Agencies have purchased these components under the implication that their legacy PACS will then be HSPD-12 compliant. Unfortunately, this is not the case. For example, replacing legacy readers with smart card readers capable of reading PIV and CAC credentials is not a secure solution. To trust that a card it is not a clone or copy of the genuine card, the public key certificates on the card must be utilized. The g6 activates use of PKI between the PIV and the legacy PACS to insure the credential can be trusted. The g6 Authentication Platform can modernize many existing PACS to be HSPD-12 compliant. It offers the most modern, streamlined option for agencies to implement PKI cost effectively and one that is: - Simple to implement, - Seamless to operate - Preserves the legacy PACS infrastructure The diagram shows the g6 Architecture for upgrading two doors. The new platform includes 2 g6 Readers, a g6 Authentication Module and the BridgePoint TrustAlert Enrollment and Validation Suite. The only new cables required are two short CAT 6 (or equivalent) patch-cables between the Legacy Panel and the Authentication Module (shown in red). The remaining legacy system components, including the cabling, panels, server and software remain in place, preserving the current investment. HOW the g6 Authentication Platform WORKS The same PKI operations used to secure access to IT networks are used to secure physical access, but they are deployed differently because of latency factors inherent in online real-time validation: one will wait a few seconds for the authentication process when logging onto a network, but those same people will not tolerate that same length of time at a door to be granted access. One solution is to perform the validation operation in advance, cache the results and deny access to any revoked certificates. Latest Government guidance has set a maximum of 6 hours between certificate status checks. The g6 system implements PKI in physical access in 3 seamless steps: 1. At enrollment, the public key-private key pair is verified and the certificates are validated to establish a high degree of confidence the PIV is genuinely issued and has not been revoked. 2. During the enrolled period, frequent re-validation and immediate denial-of-access for any credential that becomes revoked. 3. At a request for access, cryptographic verification that the PIV has the same unique public key-private key pair that was on the credential when enrolled.
3 TRUSTALERT SOFTWARE COMPONENTS Enrollment Application Provides the GUI interface through which the enrollment process is performed. PACS Enrollment Service Provides a uniform interface between Enrollment Software components and a range of PACS systems. Adds personnel and credentials into an integrated PACS system, assigns a default access privilege (level) and disables credentials in the event of a relying certificate being revoked. Credential Repository Service Maintains a secure (FIPS140) credential repository containing copies of relying credentials used during the enrollment process. CERTIFICATE VALIDATION SERVICE (NOTE: not included with the Enrollment Application) TrustAlert enables the PKI validation, solving a major problem for implementing trusted solutions in physical access systems. TrustAlert Enrollment and Validation Application The Service validates presented credentials via OCSP (Online Certificate Status Protocol), SCVP (Server-based Certificate Validation Protocol) or CRL (Certificate Revocation List). TrustAlert is a tightly integrated hardware and software solution that optimizes authentication and enrollment of PIV, CAC, TWIC and PIV-I credentials into compatible access control systems. By importing data directly from the credential, errors that result from manual entry are eliminated and enrollment time is reduced from an average of 10 minutes to 15 seconds. Built on Open Standard RFC-2560 for revocation status and RFC-2580 path validation module. Works both on-premise and in-the-cloud validation models Supports both direct and CA-delegated trust models. Pre-configured for DoD and Federal PKI deployments PDVAL compliant path discovery and validation TrustAlrert includes a Certificate Repository that stores Public Key Certificates from the credentials as they are enrolled. This data store can be used to frequently re-validate the status of enrolled certificates and notify the legacy PACS whenever a certificate is revoked and a credential should be denied access. TrustAlert Enrollment Readers provide strong authentication including PIN challenge, biometric match (optional), and PKI challenge-response verification to both the personal and card authentication certificates on the credential. The GUI displays the results of each step in the authentication process along with data retrieved from the credential. Once the authentication factors are confirmed, data from the credential can be enrolled into a compatible PACS with one simple click on the ENROLL button. The Certificate Repository collects and stores the information necessary from the certificates to validate the current certificate status. Collecting this information on Enrollment enables validation to be implemented at a later date, saving the inconvenience and expense of re-enrolling users at a later date to capture certificates. 2-FACTOR AND 3-FACTOR ENROLLMENT READERS Features: Sturdy construction and Integrated design simplifies the enrollment process for the user Presents same user experience as the BridgePoint Access Readers Eliminates multiple desktop components Eliminates data entry errors Less than 15 Seconds for complete enrollment process Supports PIN challenge Supports PKI Challenge-Response to both personal authentication key (PAK) and card authentication key (CAK) Extracts PHOTO image from chip for displaying in a compatible PACS Data presented in structured XML or ASCII text format suitable for direct input to a compatible PACS Plug and Play USB Interface BridgePoint Systems, Inc. l 530 McCormick St. l San Leandro CA USA l
4 g6 Authentication Module The g6 Authentication Module is installed in series between new g6 Access Readers and the existing Wiegand-based legacy panels. It can be located nearer to the readers or nearer to the panel, which ever is easier. Depending on which location is selected, a short set of cables will be required to connect the Module to either the readers or the legacy panel. BridgePoint s crypto-optimization tools provide the CAK verify operation in approximately 2-seconds for RSA 2048 certificates over the contactless interface and even faster for the PAK over the contact interface. No competitive products match this speed. The g6 Module supports 4 different authentication modes that can be selectable using control lines from the legacy panel: MODE: CAK CAK + Pin to Panel PIV AUTH PIV + PIN + BIO The g6 Authentication Module is compatible with these major systems in addition to the BridgePoint PACS. Features and Functionality No installation of a new network Utilizes existing cabling infrastructure Supports RS-485 serial communication (1,000 times faster than legacy Wiegand communication) No new server required to process certificates g6 Module is optimized to securely operate with BridgePoint Readers Supports 2 Readers and 2 sets of Weigand control lines (Data0, Data1, LED1 and LED2) Supports all PIV, PIV-I, TWIC and CAC credentials including 128 bit GUID 25,000 event History Log (back-up log) AES-256 bi-directional encrypted communication with Readers Diffie-Hellman Key Exchange eliminates need for private keys Supports NSA/NIST Suite B including RSA 1024 & 2048 and ECC 256 Physical Tamper Detection sends alert to legacy PACS on physical attack Logical Tamper Detection mitigates attack by multiple invalid credentials Field upgradable firmware secured with 8-character password protection USB Port supports flash programming and configuration settings LED s provide Power & Connectivity Status Standard ½ Conduit Fitting eliminates mounting box
5 SPECIFICATIONS DIMENSIONS 6-3/8 Wide X 7-1/2 High X 2-1/4 Deep WEIGHT 1 LB 10 OZ MECHANICAL SPECIFICATIONS Enclosure: Fully enclosed UL-94 polycarbonate case with cam lock. Steel back plate provides rigidity and cable strain relief. All cable connections are protected from tampering. Installation: Designed to mount on dry wall or concrete surfaces. Compatible with standard single-gang or double-gang electrical wall boxes. Includes integral ½ Conduit Fitting and space for service loop that maintains low-profile and eliminates need for separate electrical box. Visual LED Indicators: Power, Legacy Controller Connectivity, Access Granted, Access Denied & Tamper Condition. Tamper Detection: Tamper switch provides alarm indication if Cover is removed. Standard Inputs: Supports 2 BridgePoint Readers (1F, 2F or 3F) and 2 Auxiliary Relay Inputs for Authentication Mode Control. Standard Outputs: supports 2 sets of Wiegand Control Lines: Data0, Data1, LED1 and LED2 Legacy Panel Connection: Industry Standard Wiegand Reader Connection: RS-485 bi-directional with AES encryption Local Control: On-board USB Command Line Interface for Application Programming, Configuration and Diagnostics. HARDWARE SPECIFICATIONS Microcontroller: 32-bit 80 MHz RISC Processor with 512K bytes internal RAM and 576K external RAM. Micro OS is strongly resistant to external attack. Memory: 1-Gigabyte Flash Memory Reader Interface: Industry Standard Wiegand or RS-485 Serial Protocol with AES Encryption. Lithium Battery-backed Real Time Clock CABLE REQUIREMENTS AND DISTANCES Readers: Up to 300 feet with CAT5, CAT6 or 4 Conductor 18 AWG cable Legacy PACS Network: 300 feet Interface Controller to Legacy Panel with Cat 6 Cable or 18 AWG cable INPUT POWER 12 Volt DC 1 Amp (2 Readers Connected) DC Power Supply: VAC Cycle V-Infinity EPSA Switching Power Supply - Energy Star Rated (Included) OUTPUT POWER 12Volt DC 300 ma (each Reader Port) ENVIRONMENTAL Indoor Installation Recommended Outdoor: Requires NEMA 4 enclosure - Temperature: -20F to 150F - Humidity: 5% to 95% non-condensing FIRMWARE FEATURES Stand-alone operation transparent to legacy PACS Supports all HSPD-12 Strong Authentication Mechanisms MEMORY: Audit List: 25,000 most recent events (audited locally through USB Port) CREDENTIALS SUPPORTED: PIV, CAC, TWIC, FRAC (48, 56, 75 or 200 bit FASCN are standard; many other formats are supported) PIV-I, BridgePoint CryptoID (128 bit UUID) MiFare, DESfire (UID 32 bit Silicon ID) CERTIFICATE SIGNATURE MATCH USING efasc-n or eguid (Mitigation of Cloned Credentials) - Personal Certificate (32 to 256 bit SHA-2) - Card Auth Certificate (32 to 256 bit SHA-2) SUPPORTED LEGACY PANEL INPUT COMMANDS Commands implemented by Control of two Legacy Panel Auxiliary Relays (up to 4 controllable authentication modes) Scheduled switching of Authentication Mode is dependent on PACS Panel ability to program state of Auxiliary Relays AUTHENTICATION MODES (CAN BE SET IIN AUTHENTICATION MODULE AND CONTROLLED BY TIME & DAY BY PANEL): 1-Factor CAK 2-Factor CAK + PIN to Panel 2-Factor PAK AUTH 3-Factor PIV + PIN + BIO PKI CRYPTOGRAPHIC MODULE PKI Cryptographic Support: 32-bit cryptographic processor with hardware acceleration supports NIST/NSA Suite B Algorithms including: PKI VERIFY (via RSA or ECC Public-Private Key Pair) - PAK Challenge-Response (Personal Certificate) - CAK Challenge-Response (Card Authentication Key) Communication Encryption: Supports AES-256 encryption between Readers and Interface Controllers with Diffie-Helman Dynamic Key Exchange to mitigate man-in-the-middle attacks. No cryptographic keys stored in system. WARRANTY 24 Months from date of installation (25 months from date of shipment) Copyright BridgePoint Systems BridgePoint, TrustPoint, TrustAlert, and epacs are trademarks of BridgePoint Systems, Inc.
Secure Solutions. EntryPointTM Access Readers TrustPointTM Access Readers EntryPointTM Single-Door System PIV-I Compatible Cards Accessories
Secure Solutions l l l l BridgePointTM solutions that will take your security system to the next level EntryPointTM Access Readers TrustPointTM Access Readers EntryPointTM Single-Door System PIV-I Compatible
More informationInteragency Advisory Board Meeting Agenda, Tuesday, November 1, 2011
Interagency Advisory Board Meeting Agenda, Tuesday, November 1, 2011 1. Opening Remarks (Mr. Tim Baldridge, IAB Chair) 2. FIPS 201-2 Update and Panel Discussion with NIST Experts in Q&A Session (Bill MacGregor
More informationFACIAL RECOGNITION TERMINAL SYSTEM
StoneLock is a global leader in designing and manufacturing secure access control solutions. We are proud to build and design the most secure, reliable and user-friendly access control products for both
More informationNext Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop
Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop PACS Integration into the Identity Infrastructure Salvatore D Agostino CEO, IDmachines LLC 8 th Annual
More informationUnified PACS with PKI Authentication, to Assist US Government Agencies in Compliance with NIST SP (HSPD 12) in a Trusted FICAM Platform
Unified PACS with PKI Authentication, to Assist US Government Agencies in Compliance with NIST SP 800 116 (HSPD 12) in a Trusted FICAM Platform In Partnership with: Introduction Monitor Dynamics (Monitor)
More informationSingle Secure Credential to Access Facilities and IT Resources
Single Secure Credential to Access Facilities and IT Resources HID PIV Solutions Securing access to premises, applications and networks Organizational Challenges Organizations that want to secure access
More informationTWIC / CAC Wiegand 58 bit format
This document was developed by the Smart Card Alliance Physical Access Council to respond to requests for sample Wiegand message formats that will handle the additional fields of the Federal Agency Smart
More informationSYSTEM GALAXY HARDWARE. 635-Series
SYSTEM GALAXY HARDWARE 635-Series 635-SERIES CONTROL PANELS Galaxy s 635-series Control Panel provides the most flexible, reliable, and complete access control & security management solution available.
More informationInteragency Advisory Board Meeting Agenda, Wednesday, June 29, 2011
Interagency Advisory Board Meeting Agenda, Wednesday, June 29, 2011 1. Opening Remarks (Mr. Tim Baldridge, IAB Chair) 2. Using PKI to Mitigate Leaky Documents (John Landwehr, Adobe) 3. The Digital Identity
More informationStrategies for the Implementation of PIV I Secure Identity Credentials
Strategies for the Implementation of PIV I Secure Identity Credentials A Smart Card Alliance Educational Institute Workshop PIV Technology and Policy Requirements Steve Rogers President & CEO 9 th Annual
More informationCorporate Commitment to Excellence
Corporate Commitment to Excellence Galaxy Control Systems was established to bring innovative solutions to the security market. Since 1984, Galaxy has maintained an unwavering commitment to excellence
More informationBlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module
BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE Cryptographic Appliances with Integrated Level 3+ Hardware Security Module The BlackVault hardware security platform keeps cryptographic material
More informationINNOMETRIKS INC. Rhino Quick Start Guide
INNOMETRIKS INC Rhino Quick Start Guide Rhino Quick Start Guide Innometriks Inc Fallbrook, Ca. 92028 Phone 760-207-6908 Sales: Sales@innometriksinc.com General Information: Info@innometriksinc.com Customer
More informationIdentiv FICAM Readers
Identiv FICAM Readers Ordering Guide August 2017 Table of Contents Overview.....1 Basic FICAM Implementation.....3 Migration Strategies... 4 Perimeter Access... 4 Update Readers and Controllers... 4 Ad
More informationThere is an increasing desire and need to combine the logical access and physical access functions of major organizations.
Introduction There is an increasing desire and need to combine the logical access and physical access functions of major organizations. This can be as simple as merely having an access card that can be
More informationAxway Validation Authority Suite
Axway Validation Authority Suite PKI safeguards for secure applications Around the world, banks, healthcare organizations, governments, and defense agencies rely on public key infrastructures (PKIs) to
More informationFICAM Configuration Guide
UTC Fire & Security Americas Corporation, Inc. 1212 Pittsford-Victor Road Pittsford, New York 14534 USA Tel 866.788.5095 Fax 585.248.9185 www.lenel.com Overview FICAM Configuration Guide The instructions
More informationDFARS Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017
DFARS 252.204-7012 Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017 As with most government documents, one often leads to another. And that s the case with DFARS 252.204-7012.
More informationMultiple Credential formats & PACS Lars R. Suneborn, Director - Government Program, HIRSCH Electronics Corporation
Multiple Credential formats & PACS Lars R. Suneborn, Director - Government Program, HIRSCH Electronics Corporation Insert Company logo here A Smart Card Alliance Educational Institute Course Multiple credential
More informationInteragency Advisory Board Meeting Agenda, Wednesday, February 27, 2013
Interagency Advisory Board Meeting Agenda, Wednesday, February 27, 2013 1. Opening Remarks 2. Discussion on Revisions Contained in Draft SP 800-63-2 (Bill Burr, NIST) 3. The Objectives and Status of Modern
More informationPowering the enterprise-grade mobile access experience.
Brochure Mobile Reader Pro The new standard for mobile access. Powering the enterprise-grade mobile access experience. Finally, a mobile access solution that integrates seamlessly with existing access
More informationUsing the Prototype TWIC for Access A System Integrator Perspective
Using the Prototype TWIC for Access A System Integrator Perspective AAPA Port Security Seminar and Exhibition, Seattle, WA July 19, 2006 Management and Technology Consultants The Challenge How do I manage
More informationMandate. Delivery. with evolving. Management and credentials. Government Federal Identity. and. Compliance. using. pivclasss replace.
Simplifying Compliance with the U.S. Government Federal Identity Mandate The first in a series of papers on HID Global ss Federal Identity Initiative and Delivery Strategy U.S. government agencies are
More informationACTPRO ACCESS CONTROL. Specification Guide
ACTPRO ACCESS CONTROL Specification Guide Table of Contents Glossary of Terms... 2 General System Specification Overview... 3 Hardware Requirements... 4 Four Door IP Controller... 4 Two Door IP Controller...
More informationACX Series. Access Controller for Ethernet
Access Controller for Ethernet The controllers are the industry s most powerful all-in-one access controllers designed for both critical government and private sector security applications. 0 Features
More informationSecuring Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS
Securing Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS Introduction The expectations and requirements on government contracts for safety and security projects
More informationFIPS SECURITY POLICY FOR
FIPS 140-2 SECURITY POLICY FOR SPECTRAGUARD ENTERPRISE SENSOR August 26, 2011 FIPS 140-2 LEVEL-2 SECURITY POLICY FOR AIRTIGHT NETWORKS SPECTRAGUARD ENTERPRISE SENSOR 1. Introduction This document describes
More informationThe SafeNet Security System Version 3 Overview
The SafeNet Security System Version 3 Overview Version 3 Overview Abstract This document provides a description of Information Resource Engineering s SafeNet version 3 products. SafeNet version 3 products
More informationThe Open Protocol for Access Control Identification and Ticketing with PrivacY
The Open Protocol for Access Control Identification and Ticketing with PrivacY For Secure Contactless Transactions and Enabling Logical and Physical Access Convergence October 2010 Actividentity 2 OPACITY
More informationFIPS and NIST Special Publications Update. Smart Card Alliance Webinar November 6, 2013
FIPS 201-2 and NIST Special Publications Update Smart Card Alliance Webinar November 6, 2013 Today s Webinar Topics & Speakers Introductions: Randy Vanderhoof, Executive Director, Smart Card Alliance FIPS
More informationWeb-based Access Control System. Employee access. EMBEDDED Web Browser
Web-based Access Control System NetAXS-123 Hybrid Access Control Panel Honeywell s web-based NetAXS controller provides solutions for installations of any size. NetAXS-123 enables users to securely manage
More informationIDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller
IDCore Flexible, Trusted Open Platform financial services & retail enterprise > SOLUTION Government telecommunications transport Trusted Open Platform Java Card Alexandra Miller >network identity >smart
More informationUsing PIV Technology Outside the US Government
Using PIV Technology Outside the US Government Author: Bob Dulude Publishing: 10/19/15 Introduction A common perception of many who have heard of the US Government s Personal Identity Verification (PIV)
More informationENTRUST DATACARD DERIVED PIV CREDENTIAL SOLUTION
ENTRUST DATACARD DERIVED PIV CREDENTIAL SOLUTION A Guide to Meet NIST SP 800-157 Requirements +1-888-690-2424 entrust.com Table of contents The Need for Mobile Credentials Page 3 Entrust Datacard: The
More informationDATA SHEET. ez/piv CARD KEY FEATURES:
Personal Identity Verification (PIV) Card ez/piv Card satisfies FIPS 201, HSPD-12. It allows your users to authenticate to z/os Security Server through the use of a government PIV or CAC Card. KEY FEATURES:
More informationPhysical Access Control Systems and FIPS 201
Physical Access Control Systems and FIPS 201 Physical Access Council Smart Card Alliance December 2005 1 This presentation was developed by the Smart Card Alliance Physical Access Council. The goals of
More informationWeb-based Access Control System. Lower Cost of Ownership
Web-based Access Control System NetAXS-123 Hybrid Access Control Panel Honeywell s web-based NetAXS controller provides solutions for installations of any size. NetAXS-123 enables users to securely manage
More informationISC GB-XX ISC GB-XX ISC GB-XX ISC GB-XX
ISC910-1-0-GB-XX ISC911-5-0-GB-XX ISC920-0-0-GB-XX ISC921-5-0-GB-XX The ImproX IXP20 is a fully featured, stand-alone Access Control System supporting up to 1 000 Tagholders and 5 000 transactions. Designed
More informationInteragency Advisory Board Meeting Agenda, February 2, 2009
Interagency Advisory Board Meeting Agenda, February 2, 2009 1. Opening Remarks (Tim Baldridge, NASA) 2. Mini Tutorial on NIST SP 800-116 AND PIV use in Physical Access Control Systems (Bill MacGregor,
More informationStrategies for the Implementation of PIV I Secure Identity Credentials
Strategies for the Implementation of PIV I Secure Identity Credentials A Smart Card Alliance Educational Institute Workshop Access Security Usage Models for PIV I Trusted Identity Credentials Roger Roehr
More informationCREDENTSYS CARD FAMILY
CREDENTSYS CARD FAMILY Credentsys is a secure smart card family that is designed for national ID systems, passports, and multi-use enterprise security environments. The family is certified to FIPS 140-2
More informationThe Leader in Unified Access and Intrusion
Unified PACS with PKI Authentication, to Assist US Government Agencies in Compliance with NIST SP 800-116, FIPS 201 and OMB M 11-11 in a High Assurance Trusted FICAM Platform In Partnership with: The Leader
More informationNext Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop
Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop Total Operational Security Roger Roehr Executive Director, Roehr Consulting 8 th Annual Smart Cards
More informationFiXs - Federated and Secure Identity Management in Operation
FiXs - Federated and Secure Identity Management in Operation Implementing federated identity management and assurance in operational scenarios The Federation for Identity and Cross-Credentialing Systems
More informationPRODUCT INFORMATION BULLETIN
PRODUCT INFORMATION BULLETIN ID-One PIV v2.3.2 The electronic Identity card compliant with US specifications for electronic Table of contents 1. Foreword... 3 2. Introduction to PIV cards features... 4
More informationQuick Start Installation Guide
apc/l Quick Start Installation Guide Version A2 Document Part Number UM-201 May 2010 OVERVIEW The apc/l is an intelligent access control and alarm monitoring control panel which serves as a basic building
More informationPower LogOn s Features - Check List
s s - Check List Versions The software is available in two versions, to meet the needs of all types and sizes of organizations. The list below indicates the features that are included in each version.
More informationSecurity Statement Revision Date: 23 April 2009
Security Statement Revision Date: 23 April 2009 ISL Online, ISL Light, ISL AlwaysOn, ISL Pronto, and ISL Groop are registered trademarks of XLAB d.o.o. Copyright (c) 2003-2009 XLAB d.o.o. Ljubljana. All
More information(PIV-I) Trusted ID across States, Counties, Cities and Businesses in the US
(PIV-I) Trusted ID across States, Counties, Cities and Businesses in the US Brian A. Kowal, cryptovision cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com
More informationChanges to SP (SP ) Ketan Mehta NIST PIV Team NIST ITL Computer Security Division
Changes to SP 800-73 (SP 800-73-4) Ketan Mehta NIST PIV Team NIST ITL Computer Security Division mehta_ketan@nist.gov Smart Card Alliance, Government Conference October 30, 2014 Draft SP 800-73-4 Removed
More informationThis Security Policy describes how this module complies with the eleven sections of the Standard:
Vormetric, Inc Vormetric Data Security Server Module Firmware Version 4.4.1 Hardware Version 1.0 FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation May 24 th, 2012 2011 Vormetric Inc. All rights
More informationSecurity and Certificates
Encryption, page 1 Voice and Video Encryption, page 6 Federal Information Processing Standards, page 6 Certificate Validation, page 6 Required Certificates for On-Premises Servers, page 7 Certificate Requirements
More informationLeveraging HSPD-12 to Meet E-authentication E
Leveraging HSPD-12 to Meet E-authentication E Policy and an update on PIV Interoperability for Non-Federal Issuers December 2, 2008 Chris Louden IAB 1 Leveraging HSPD-12 to Meet E-Authentication E Policy
More informationTAC I/NETTM 1284, 1280, Security Control Unit
TAC I/NETTM The SCU () family of modular, stand-alone controllers are basic building blocks of the I/NET Seven Security Management System, and provide a flexible mix of door control and alarm monitoring
More informationInteragency Advisory Board Meeting Agenda, February 2, 2009
Interagency Advisory Board Meeting Agenda, February 2, 2009 1. Opening Remarks (Tim Baldridge, NASA) 2. Mini Tutorial on NIST SP 800-116 AND PIV use in Physical Access Control Systems (Bill MacGregor,
More information6222 Two Door Module Technical Operations Manual
6222 Two Door Module Technical Operations Manual TABLE OF CONTENTS Specifications...3 Overview...4 Operations...5 Custom Access Mode...5 Standard Access Mode...5 Offline Access Mode...5 Offline Memory...5
More informationSecure Government Computing Initiatives & SecureZIP
Secure Government Computing Initiatives & SecureZIP T E C H N I C A L W H I T E P A P E R WP 700.xxxx Table of Contents Introduction FIPS 140 and SecureZIP Ensuring Software is FIPS 140 Compliant FIPS
More informationL-1 Fingerprint Reader Solutions. V-Flex 4G
L- Fingerprint Reader Solutions V-Flex 4G 4G Biometric Performance Redefined with a Flexible and Powerful Device to Secure any Size Premises Advanced Features Large Template Storage Capacity (0,000 in
More informationXceedium Xsuite. Secured by RSA Implementation Guide for 3rd Party PKI Applications. Partner Information. Last Modified: February 10 th, 2014
Secured by RSA Implementation Guide for 3rd Party PKI Applications Last Modified: February 10 th, 2014 Partner Information Product Information Partner Name Xceedium Web Site www.xceedium.com Product Name
More informationTDSi EXpert type door controllers offer a fully featured door controller with up to 48,000 card memory.
1 EXpert Based Access Control System - Overview TDSi EXpert type door controllers offer a fully featured door controller with up to 48,000 card memory. EXpert2 is capable of controlling 2 doors with the
More informationU.S. E-Authentication Interoperability Lab Engineer
Using Digital Certificates to Establish Federated Trust chris.brown@enspier.com U.S. E-Authentication Interoperability Lab Engineer Agenda U.S. Federal E-Authentication Background Current State of PKI
More informationInteragency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008
Interagency Advisory Board HSPD-12 Insights: Past, Present and Future Carol Bales Office of Management and Budget December 2, 2008 Importance of Identity, Credential and Access Management within the Federal
More informationFrequently asked Questions:
COMPANY Frequently asked Questions: Who is RF IDeas? RF IDeas is an industry leader in the design, development and manufacturing of proximity and contactless reader/writer solutions. We enhance and expand
More informationTFS WorkstationControl White Paper
White Paper Intelligent Public Key Credential Distribution and Workstation Access Control TFS Technology www.tfstech.com Table of Contents Overview 3 Introduction 3 Important Concepts 4 Logon Modes 4 Password
More informationCredential Management in the Grid Security Infrastructure. GlobusWorld Security Workshop January 16, 2003
Credential Management in the Grid Security Infrastructure GlobusWorld Security Workshop January 16, 2003 Jim Basney jbasney@ncsa.uiuc.edu http://www.ncsa.uiuc.edu/~jbasney/ Credential Management Enrollment:
More informationOperated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA
Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA LANL s Multi-Factor Authentication (MFA) Initiatives NLIT Summit 2018 Glen Lee Network and Infrastructure Engineering
More informationTECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION
TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION SMS PASSCODE is the leading technology in a new generation of two-factor authentication systems protecting against the modern Internet threats.
More informationMulti Card Technology
PRX-TSEC tsec Card Reader Sleek and stylish, and with a range of optional features, the tsec series has a solution for everyone. Available in three sizes, multiple card capabilities, with an optional keypad,
More informationSTANLEY MANUFACTURED ACCESS CONTROL ACCESS STARTER KIT EASY-TO-USE AND HIGHLY RELIABLE ACCESS CONTROL
STANLEY MANUFACTURED ACCESS CONTROL ACCESS STARTER KIT EASY-TO-USE AND HIGHLY RELIABLE ACCESS CONTROL 1 Access Control Starter Kit in-a-box 3 2 5 SIMPLE... EVERYTHING YOU NEED FOR A COMPLETE SYSTEM SCALABLE...
More informationManaging PIV Life-cycle & Converging Physical & Logical Access Control
Managing PIV Life-cycle & Converging Physical & Logical Access Control Ramesh Nagappan Sun Microsystems ramesh.nagappan@sun.com Smart cards in Government Conference Oct 23, 2008 Ronald Reagan International
More informationInteragency Advisory Board Meeting Agenda, July 28, 2010
Interagency Advisory Board Meeting Agenda, July 28, 2010 1. Opening Remarks 2 Research Collaboration in the Cloud: How NCI and Research Partners Are Improving Business Processes using Digital Identities
More informationTECHNOLOGY SOLUTIONS BRIEF
TECHNOLOGY SOLUTIONS BRIEF Sponsored by How a Credential is Read In this Paper Knowing more about access technologies work can help you evaluate your choices in this area Learn to better understand how
More informationiclass SE Platform Solutions The New Standard in Access Control
iclass SE Platform Solutions The New Standard in Access Control iclass SE Platform iclass SE SOLUTIONS Next generation access control solutions for increased security, adaptability, and enhanced performance.
More informationINNOMETRIKS INC. Rhino Implementation Guide
INNOMETRIKS INC Rhino Implementation Guide Rhino Implementation Guide Innometriks Inc Fallbrook, Ca. 92028 Phone 760-542-0200 Sales: Sales@innometriksinc.com General Information: Info@innometriksinc.com
More informationNetGen Hardware Installation Guide. for NetGen Ethernet Door Controllers
NetGen Hardware Installation Guide for NetGen Ethernet Door Controllers 0613 Table of Contents BLUEWAVE SYSTEM OVERVIEW...2 THE WI-FI LOCK AND SECURITY COMPANY...2 NETGEN DOOR CONTROLLERS...2 INSTALLATION
More informationGSE/Belux Enterprise Systems Security Meeting
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. 1 In the news Microsoft Exposes Scope of Botnet Threat By Tony Bradley, October 15, 2010 Microsoft's
More informationPhysical Access End-to-End Security
Physical Access End-to-End Security Smart Card Alliance Smart Cards in Government-2003 July 16, 2003 Physical Access 3:45 PM Robert Merkert Director, Strategic Accounts All Company and/or product names
More informationAC-115 Compact Networked Single-Door Controller Hardware Installation and Programming
AC-115 Compact Networked Single- Controller Hardware Installation and Programming Copyright 2013 by Rosslare. All rights reserved. This manual and the information contained herein are proprietary to REL,
More informationTransportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005
Transportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005 Who Am I? How do you know? 2 TWIC Program Vision A high-assurance identity credential that
More informationCryptologic and Cyber Systems Division
Cryptologic and Cyber Systems Division OVERALL BRIEFING IS Someone Scraped My Identity! Is There a Doctrine in the House? AF Identity, Credential, and Access Management (ICAM) August 2018 Mr. Richard Moon,
More informationConfiguring SSH with x509 authentication on IOS devices
Configuring SSH with x509 authentication on IOS devices Contents Introduction Prerequisites Requirements Components Used Configure Network Diagram Deployment considerations Configurations (Optional) Integration
More informationACR880 GPRS Portable Smart Card Terminal
ACR880 GPRS Portable Smart Card Terminal Technical Specifications Subject to change without prior notice Table of Contents 1.0. Introduction... 3 2.0. Features... 4 3.0. Supported Card Types... 5 3.1.
More informationCoSign Hardware version 7.0 Firmware version 5.2
CoSign Hardware version 7.0 Firmware version 5.2 FIPS 140-2 Non-Proprietary Security Policy Level 3 Validation July 2010 Copyright 2009 AR This document may be freely reproduced and distributed whole and
More informationVelocity 3.6 SP2.1 Product Release Bulletin. August 2017
Velocity 3.6 SP2.1 Product Release Bulletin August 2017 Product Release Bulletin for Velocity 3.6 SP2.1 1. utrust TS Government ScramblePad Readers The Hirsch ScramblePad has been infused with the power
More informationDHS ID & CREDENTIALING INITIATIVE IPT MEETING
DHS ID & CREDENTIALING INITIATIVE IPT MEETING October 14, 2004 Part 02 of 02 IMS/CMS Functional Specification General Issuance Requirements Issue a GSC-IS 2.1 compliant dual chip hybrid ICC/DESFire v0.5
More informationAccess Control Reader and Credential Architecture and Engineering Specification: Contactless Smart Card MHz High Frequency Technology
A SMART CARD ALLIANCE ACCESS CONTROL COUNCIL RESOURCE Access Control Reader and Credential Architecture and Engineering Specification: Contactless Smart Card 13.56 MHz High Frequency Technology Version
More informationPW6000 Modular Access Control System PW6000 Intelligent Controllers and Modules
Modular Access Control System The next generation of the PW-Series family improves on the existing PW technology to offer superior features and benefits. The PW-Series Modular Control System is an advanced
More informationpivclass How to Order Guide
pivclass How to Order Guide D00546, B.3 January 2014 The most current version of this document is available for download at http://www.hidglobal.com > Government > PIV & FIPS Solutions. To check order
More informationDBsign for HTML Applications Version 4.0 Release Notes
DBsign for HTML Applications Version 4.0 Release Notes Copyright 2010 Version 4.0 Copyright Notice: The Release Notes has a copyright of 2000-2010 by Gradkell Computers, Inc. This work contains proprietary
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationFIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2
Oracle Solaris Kernel Cryptographic Framework with SPARC T4 and T5 Software Version: 1.0 and 1.1; Hardware Version: SPARC T4 (527-1437-01) and T5 (7043165) FIPS 140-2 Non-Proprietary Security Policy Level
More informationTWIC Readers What to Expect
TWIC Readers What to Expect Walter Hamilton Chairman International Biometric Industry Association Walter Hamilton International Biometric Industry Association 1155 F Street, NW Washington, DC 20004 (727)
More informationRFID Electronic Hotel Locking
RFID Electronic Hotel Locking One key solution Be-Tech hotel locking system supplies the maximum convenience and security to your guests with its one key solution, at the most competitive price in the
More informationPaul A. Karger
Privacy and Security Threat Analysis of the Federal Employee Personal Identity Verification (PIV) Program Paul A. Karger karger@watson.ibm.com Outline Identify specific problem with FIPS 201 Problem of
More informationAlcatel OmniAccess 200 Series
Alcatel OmniAccess Alcatel OmniAccess 200 Series Security Appliance The corporate enterprise s most valued asset is mission critical data whether it is accessed by only a few or many thousands of employees.
More informationNov ember 14, Memo
Memo Subject: Comparison of Validation Capabilities between Axway Desktop Validator and MS Windows Clients as well as Validation Authority Serv er and Windows Serv er Date: December 2016 1/5 1. Introduction
More informationMAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013
MAESON MAHERRY 3 Factor Authentication and what it means to business. Date: 21/10/2013 Concept of identity Access Control User Self-Service Identity and Access Management Authoritive Identity Source User
More informationArchitectural and Engineering Specification. Brivo ACS 5000 Control Panels and ACS Service
Architectural and Engineering Specification Brivo ACS 5000 Control Panels and ACS Service Document Number: MKT-DOC-006 November 22, 2005 Architectural and Engineering Specification Page 1 Table of Contents
More informationSSH Communications Tectia SSH
Secured by RSA Implementation Guide for 3rd Party PKI Applications Last Modified: December 8, 2014 Partner Information Product Information Partner Name Web Site Product Name Version & Platform Product
More informationicam7000s SERIES HARDWARE GUIDE Packing List CONTACTLESS CARD READER RECESS MOUNT (Optional) ISO/ANSI COMPLIANT EASY INSTALLATION What s in the Box
icam7000s SERIES HARDWARE GUIDE ADVANCED MULTIFACTOR BIOMETRIC IRIS READER VERSION 1.0 icam7000s-t (Titanium Color) icam7000s-b (Black Color) DUAL IRIS ISO/ANSI COMPLIANT FACE CAMERA EASY INSTALLATION
More information