DHS ID & CREDENTIALING INITIATIVE IPT MEETING

Similar documents
Transportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005

Interagency Advisory Board Meeting Agenda, February 2, 2009

Keith Ward Northrop Grumman IT Smart Card Security Solutions June 04, 2002

Federated Access. Identity & Privacy Protection

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

DoD Common Access Card Convergence of Technology Access/E-Commerce/Biometrics

Single Secure Credential to Access Facilities and IT Resources

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

Overview of cryptovision's eid Product Offering. Presentation & Demo

Interagency Advisory Board Meeting Agenda, Tuesday, November 1, 2011

SSL Certificates Certificate Policy (CP)

TWIC / CAC Wiegand 58 bit format

Unified PACS with PKI Authentication, to Assist US Government Agencies in Compliance with NIST SP (HSPD 12) in a Trusted FICAM Platform

Helping Meet the OMB Directive

cryptovision s Government Solutions Adam Ross, Ben Drisch cryptovision GmbH

Considerations for the Migration of Existing Physical Access Control Systems to Achieve FIPS 201 Compatibility

There is an increasing desire and need to combine the logical access and physical access functions of major organizations.

Managing PIV Life-cycle & Converging Physical & Logical Access Control

ADmitMac PKI Executive Summary. 2010, Thursby Software Systems, Inc.

Strategies for the Implementation of PIV I Secure Identity Credentials

Securing Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS

Credentialing Project Technical Architecture

Interagency Advisory Board Meeting Agenda, February 2, 2009

Physical Access End-to-End Security

Certification Authority

IMPLEMENTING AN HSPD-12 SOLUTION

(PIV-I) Trusted ID across States, Counties, Cities and Businesses in the US

Secure Solutions. EntryPointTM Access Readers TrustPointTM Access Readers EntryPointTM Single-Door System PIV-I Compatible Cards Accessories

Sphinx Feature List. Summary. Windows Logon Features. Card-secured logon to Windows. End-user managed Windows logon data

Interagency Advisory Board (IAB) Meeting. August 09, 2005

Version 3.4 December 01,

Cryptologic and Cyber Systems Division

Strategies for the Implementation of PIV I Secure Identity Credentials

FiXs - Federated and Secure Identity Management in Operation

Using PIV Technology Outside the US Government

Interagency Advisory Board Meeting Agenda, Wednesday, February 27, 2013

g6 Authentication Platform

Services Directorate Dual Persona User Guide for DoD Enterprise Portal Service Military Sealift Command Version September 8, 2016

Mobile Validation Solutions

Physical Access Control Systems and FIPS 201

Secure Lightweight Activation and Lifecycle Management

PKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006

Identity Management (IdM) is a crosscutting focus area for DHS

Will Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions?

Biometric Use Case Models for Personal Identity Verification

Symantec Managed PKI Overview. v8.15

CERTIFICATE POLICY CIGNA PKI Certificates

Power LogOn s Features - Check List

Technical Overview. Access control lists define the users, groups, and roles that can access content as well as the operations that can be performed.

Strong Authentication for Physical Access using Mobile Devices

Leveraging HSPD-12 to Meet E-authentication E

Biometrics & Smart Cards In Use Today

Axway Validation Authority Suite

Jrsys Mobile Banking Solutions

000027

Using the Prototype TWIC for Access A System Integrator Perspective

Emergency Response Official Credentials: An Approach to Attain Trust in Credentials across Multiple Jurisdictions for Disaster Response and Recovery

DFARS Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017

Oracle Enterprise Single Sign-on Authentication Manager. Release Notes Release E

FICAM Configuration Guide

CertiPath TrustVisitor and TrustManager. The need for visitor management in FICAM Compliant PACS

PRODUCT INFORMATION BULLETIN

The Open Protocol for Access Control Identification and Ticketing with PrivacY

IAB Minutes Page 1 of 6 April 18, 2006

Multiple Credential formats & PACS Lars R. Suneborn, Director - Government Program, HIRSCH Electronics Corporation

SafeNet Authentication Client

Designing and Managing a Windows Public Key Infrastructure

VSP18 Venafi Security Professional

Java Card Technology-based Corporate Card Solutions

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA

DoD Identity & Access Management (IdAM) Portfolio Overview

Interagency Advisory Board Meeting Agenda, March 5, 2009

TWIC Readers What to Expect

Apple Inc. Certification Authority Certification Practice Statement

SignCloud. Remote Digital Signature System

The Leader in Unified Access and Intrusion

OnGuard Integration User Guide. v

Apple Inc. Certification Authority Certification Practice Statement

Interagency Advisory Board Meeting Agenda, Wednesday, May 23, 2012

Integration Guide. SafeNet Authentication Client. Using SAC CBA with BitLocker

DigitalPersona Altus. Solution Guide

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

Physical Access Control Systems and FIPS 201 Physical Access Council Smart Card Alliance December 2005

DCCKI Interface Design Specification. and. DCCKI Repository Interface Design Specification

Office of Transportation Vetting and Credentialing. Transportation Worker Identification Credential (TWIC)

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

TruCredential Software with ISONAS Pure Access Integration Frequently Asked Questions

NFC Identity and Access Control

SERVICE DEFINITION G-CLOUD 7 THALES PSN REMOTE ACCESS. Classification: Open

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop. Scalability: Dimensions for PACS System Growth

Meeting the requirements of PCI DSS 3.2 standard to user authentication

Identiv FICAM Readers

TWIC Transportation Worker Identification Credential. Overview

T A B L E O F C O N T E N T S

VMware AirWatch Integration with OpenTrust CMS Mobile 2.0

XenApp 5 Security Standards and Deployment Scenarios

Interagency Advisory Board Meeting Agenda, April 27, 2011

Northrop Grumman Enterprise Public Key Infrastructure Certificate Policy

Interfaces for Personal Identity Verification Part 1: PIV Card Application Namespace, Data Model and Representation

Transcription:

DHS ID & CREDENTIALING INITIATIVE IPT MEETING October 14, 2004 Part 02 of 02

IMS/CMS Functional Specification General Issuance Requirements Issue a GSC-IS 2.1 compliant dual chip hybrid ICC/DESFire v0.5 smart card capable of encoding both physical and logical access credentials in a single integrated issuance process from a single issuance station. The following cards shall be supported: Axalto Cyberaccess 64K v1 SM4.1 GEMPLUS GEMExpresso Pro 64K v1 Issue cards to only valid persons existing in the authoritative DHS Certificate Authority Repository data source, MS Active Directory 2003 Issue cards through a workflow-oriented operator portal according to the issuance flow outlined. Provide no allowance for cardholder data additions or modifications to source data at the time of issuance (other than the cardholder photograph). All data relevant to the card shall be available and validated prior to issuance Seamlessly integrate Active Directory authoritative cardholder data with an external JDBC personnel data source for single-step card personalization (Contact Chip and DESFire encoding, and printing)

IMS/CMS Functional Specification Card Topology, Photography, and Printing Using a Fargo HDP600LC Smart Card Printer, print the front and back of the smart card in accordance with the card topology and data elements identified Generate and Print PDF417 and Code 39 Bar Codes in accordance with the requirements Capture a 300 DPI cardholder photograph using the Canon G5 camera. The photograph capture interface shall provide for photo cropping and enhancement in color, contrast and white balance. The final resulting photograph shall be stored to the enterprise MS 2003 Active Directory repository.

IMS/CMS Functional Specification Logical Access Issuance Requirements Issue a Java Card 2.1 smart card in accordance with Global Platform version 2.0 standards for Secure Channel card communications to the ICC for all key-related operations Issue a card with the card data model profile as specified Issue a card with three X.509 compliant PKI certificates to the card from a MS Windows 2003 CA using customized DHS certificate templates as detailed in Appendix E to perform the following functions. All certificates shall be issued using 1024 RSA encryption. The CMS and CA shall provide for escrow and recovery of the encryption certificate private key. Windows PKI logon with fingerprint biometric authentication to DHS Net Domain Email Signing (Outlook) Email encryption (Outlook) Client side Web site authentication through MS Internet Explorer 5.5, 6.0 and Netscape Navigator 6.2 for Windows Issue a card capable of ICC authentication using Match On Card (MOC) fingerprint biometrics applet incorporating a BSP from Precise Biometrics. Biometric authentication shall be the default method of authentication in lieu of PIN entry. Provide for enrollment of 2 fingerprints during original card issuance, only one fingerprint bring required for access, the other as an alternate backup Provide for full life cycle management of smartcard holders, including the following; Cardholder and certificate suspension and resumption Cardholder and certificate termination and card recycle for subsequent use Provide middleware client compatibility with Corestreet OCSP CRL validation authority. Provide middleware compatibility with the DoD CAC card to read CAC data and certificates. Provide middleware compatibility (read and enrollment of fingerprint templates) for Precise Biometrics BSP and fingerprint biometric Match on Card (MOC) functionality.

IMS/CMS Functional Specification Physical Access Issuance Requirements Issue a DESFire encoded card capable of providing physical access credentials necessary to authorize access to doors controlled by Lenel OnGuard System. Specifically, encode the DESFire contactless chip with the following information in a free read/write access control condition A single Fingerprint Biometric template A unique individual FASC Number for each cardholder generated by the CMS at issuance according to Cardholder Unique ID (CHUID) FASC-N specification With each card issued, automatically post cardholder and badge data/status information from the CMS and the physical access system. Only card issuance operations occurring in the CMS are currently synchronized with the physical access system.the following life cycle operations are not supported: Card Suspension Card Termination Card Replacement DESFire encoded cards shall be compatible with physical access door readers from Precise Biometrics using Match-on-Reader (MOR) fingerprint biometric authentication functionality

7. Physical and Cyber Access Systems Integration DHS Card Issuance System HR DHS Physical Security Define access rights to physical infrastructure Issue Badge Cardholder Data Preparation and HR / Provisioning System Provision User De-Provision User Define access rights to logical Infrastructure Capture Photo, PIN and Biometrics Encode Contact and Contactless Smart Card Backward Compatible Badging Functions PACS Client PACS Security Server PACS Interface Users Groups Roles Notify changes in card state CMS APIs CMS Logical Security Server Issue Badge Source: Lenel

Physical and Cyber Access Systems Integration Physical Access Readers Contactless (ISO 14443) Interface PIN or Fingerprint Biometrics Compliant to PACS Tech Info Guidance from PAIIWG Working with any Head-end systems and Controllers Interface between PACS Server and IMS/CMS Server Push down Cardholder Info from IMS/CMS to PACS Exchange Cardholder Status for Card Life Cycle Management Working toward a Common Life Cycle and Badging APIs Working with any Head-end Systems Suppliers Source: Lenel

Cardholder Database Preparation Prototype for Future Data Collection HQ PSAMS DAC Smart Card Issuance System HQ AD Cardholder Database HQ E-Dir

Agency A Data Master Cardholder Database Enterprise View Agency B Data Cardholder Data Exchange DHS Master Cardholder Database DHS Card Management System Agency C Data Collects, verifies and transforms data from different systems. A centralized repository for Card Holder Data. Provides the mechanism to generate DHS Access Cards (DAC).

DHS I&C System Architecture 1120 Vermont Ave DIMC Lab Forrestal BLDG. 7th & D HQ AIMS Issuance Server Microsoft 2003 Machine CA HR AD/DC DOE Fargo Card Printer AIMS Issuance Station DIMC Net PIX FIREWALL DCN DHS Net Office Of Security PIX FIREWALL Lenel PACS Server Microsoft 2003 CA Other DHS Networks Meta Connector CoreStreet OCSP Validation Authority CRL Web Server CoreStreet OCSP Responder

DHS PKI-PKE Architecture PKIs CA, RA, Repository (certs, CRLs) Validation Authority/ Responder LANs Validation Responder Secure Email Secure Web Server Database Directory/ Authentication Database Physical Access Servers

DHS Relying Parties for DAC DHS Infrastructure Transformation Program (Smart Card Logon, Secure Email) Homeland Secure Data Network (HSDN) emerge2 The DHS Consolidated IT Irastructure will serve the majority of the 180,000 DHS employees. The goal of the IT Infrastructure Transformation is for the Department to be able to share data from any point in DHS to any decision maker. The program seeks to remove lag time and complexity in accessing data, to create a robust platform on which to quickly launch new capabilities and to provide a cost-effective and reliable infrastructure. HSDN is an enterprise-wide classified network system, and provides shared services for DHS OEs, other Federal agencies, and State and Local governments; with specific controlled interconnections to Intelligence Community and Federal Law Enforcement resources. The mission of this program is to transform the business and financial management policies, processes and systems of DHS into a single solution that addresses the financial management, acquisition and asset management requirements for the department.

DHS Relying Parties for DAC First Responder s Portal Enterprise Web Services Web portal to coordinate all First Responder sites. The vision of this project is to consolidate existing and planned Web pages and Platforms of all the DHS component organizations, including the corporate Internet and Intranet sites. Disaster Management (DisasterHelp.gov) SAFECOM Joint disaster Management egov initiative EP&R/DHS sponsor. Federal umbrella program coordinating standards, policies, procedures, and research and development to enable public safety across local, tribal, state, and federal organizations to improve public safety response through more effective and efficient interoperable communications. GeoSpatial One Stop Part of a multi-agency business case. Department of the Interior (DOI) is the managing partner.

DHS Relying Parties for DAC etravel Part of a multi-agency business case. GSA is the managing partner. Business Gateway etraining (GoLearn) Part of a multi-agency business case. Office of Personnel Management (OPM) is the managing partner. erecords Management Part of a multi-agency business case. National Archives and Records Administration (NARA) is the managing partner. Recruitment One-Stop Enterprise HR Integration (EHRI) Part of a multi-agency business case. OPM is the managing partner. Part of a multi-agency business case. OPM is the managing partner.

DHS ID & CREDENTIALING INITIATIVE IPT MEETING October 14, 2004 End of Document

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback