Strategies for the Implementation of PIV I Secure Identity Credentials

Similar documents
Interagency Advisory Board Meeting Agenda, Wednesday, February 27, 2013

PKI and FICAM Overview and Outlook

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

FIPS and NIST Special Publications Update. Smart Card Alliance Webinar November 6, 2013

FiXs - Federated and Secure Identity Management in Operation

Transportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005

Strategies for the Implementation of PIV I Secure Identity Credentials

Helping Meet the OMB Directive

Multiple Credential formats & PACS Lars R. Suneborn, Director - Government Program, HIRSCH Electronics Corporation

HITPC Stage 3 Request for Comments Smart Card Alliance Comments January, 14, 2013

Will Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions?

Smart Card Alliance Update. Update to the Interagency Advisor Board (IAB) June 27, 2012

Interagency Advisory Board Meeting Agenda, Wednesday, May 23, 2012

(PIV-I) Trusted ID across States, Counties, Cities and Businesses in the US

Securing Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS

Office of Transportation Vetting and Credentialing. Transportation Worker Identification Credential (TWIC)

Paul A. Karger

Interagency Advisory Board Meeting Agenda, February 2, 2009

State of the Industry and Councils Reports. Access Control Council

Mandate. Delivery. with evolving. Management and credentials. Government Federal Identity. and. Compliance. using. pivclasss replace.

Interagency Advisory Board Meeting Agenda, Wednesday, April 24, 2013

Leveraging HSPD-12 to Meet E-authentication E

IMPLEMENTING AN HSPD-12 SOLUTION

TWIC / CAC Wiegand 58 bit format

There is an increasing desire and need to combine the logical access and physical access functions of major organizations.

Secure Government Computing Initiatives & SecureZIP

Interagency Advisory Board Meeting Agenda, April 27, 2011

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

TWIC Transportation Worker Identification Credential. Overview

Secure Solutions. EntryPointTM Access Readers TrustPointTM Access Readers EntryPointTM Single-Door System PIV-I Compatible Cards Accessories

An Overview of Draft SP Derived PIV Credentials and Draft NISTIR 7981 Mobile, PIV, and Authentication

Biometric Use Case Models for Personal Identity Verification

DATA SHEET. ez/piv CARD KEY FEATURES:

Federated Access. Identity & Privacy Protection

000027

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop. Scalability: Dimensions for PACS System Growth

Smart Cards and Authentication. Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security

Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance

Emergency Response Official Credentials: An Approach to Attain Trust in Credentials across Multiple Jurisdictions for Disaster Response and Recovery

Single Secure Credential to Access Facilities and IT Resources

Using PIV Technology Outside the US Government

CertiPath TrustVisitor and TrustManager. The need for visitor management in FICAM Compliant PACS

Unified PACS with PKI Authentication, to Assist US Government Agencies in Compliance with NIST SP (HSPD 12) in a Trusted FICAM Platform

g6 Authentication Platform

Cryptologic and Cyber Systems Division

Leveraging the LincPass in USDA

Interagency Advisory Board Meeting Agenda, Tuesday, November 1, 2011

NFC Identity and Access Control

How to Plan, Procure & Deploy a PIV-Enabled PACS

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

US Federal PKI Bridge. Ram Banerjee VP Vertical Markets

No More Excuses: Feds Need to Lead with Strong Authentication!

Considerations for the Migration of Existing Physical Access Control Systems to Achieve FIPS 201 Compatibility

Physical Access Control Systems and FIPS 201

PIV-Interoperable Credential Case Studies

FICAM in Brief: A Smart Card Alliance Summary of the Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance

Interagency Advisory Board (IAB) Meeting. August 09, 2005

The Leader in Unified Access and Intrusion

CREDENTSYS CARD FAMILY

Mobile Validation Solutions

Thursday, May 15. Track D Security & Access Control

PRODUCT INFORMATION BULLETIN

Interagency Advisory Board Meeting Agenda, December 7, 2009

Interagency Advisory Board Meeting Agenda, December 7, 2009

Smart Card Alliance Comments and Considerations on Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance

The Future of Smart Cards: Bigger, Faster and More Secure

HSPD-12 : The Role of Federal PKI

TWIC Readers What to Expect

Revision 2 of FIPS 201 and its Associated Special Publications

To be covered: S&T Intro TTWG. Research/Pilots. Scope Goals Report

National Cybersecurity Challenges and NIST. Matthew Scholl Chief Computer Security Division

Recommendation on the Credential Numbering Scheme for the FIPS 201 PIV Card Global Unique Identifier

Establishing Trust Across International Communities

Mobile Devices as Identity Carriers. Pre Conference Workshop October 14 th 2013

DoD & FiXs : Identity Superiority

pivclass FIPS-201 Reader Operation and Output Selections APPLICATION NOTE , F.0 February Barranca Parkway Irvine, CA 92618

Version 3.4 December 01,

The Open Protocol for Access Control Identification and Ticketing with PrivacY

Physical Access End-to-End Security

INNOMETRIKS INC. Rhino Quick Start Guide

Interagency Advisory Board Meeting Agenda, July 28, 2010

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

Achieving a FIPS Compliant Wireless Infrastructure using Intel Centrino Mobile Technology Clients

Interagency Advisory Board Meeting Agenda, August 25, 2009

Changes to SP (SP ) Ketan Mehta NIST PIV Team NIST ITL Computer Security Division

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Using the Prototype TWIC for Access A System Integrator Perspective

Dissecting NIST Digital Identity Guidelines

PIV Data Model Test Guidelines

DoD Common Access Card Convergence of Technology Access/E-Commerce/Biometrics

Assuring Identity. The Identity Assurance Framework CTST Conference, New Orleans, May-09

INFORMATION ASSURANCE DIRECTORATE

The Benefits of Strong Authentication for the Centers for Medicare and Medicaid Services

DFARS Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017

Smart Cards & Credentialing in the Federal Government

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

Overview of cryptovision's eid Product Offering. Presentation & Demo

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

Identiv FICAM Readers

DHS ID & CREDENTIALING INITIATIVE IPT MEETING

Transcription:

Strategies for the Implementation of PIV I Secure Identity Credentials A Smart Card Alliance Educational Institute Workshop PIV Technology and Policy Requirements Steve Rogers President & CEO 9 th Annual Smart Cards in Government Conference Washington DC Convention Center November 16-19, 2010

Why Smart Cards?

What is a Smart Card? A Smart Card is one of the latest additions in Information Technology Processing power to serve many different applications (multi-application card) Business and personal information stored securely and only accessible to the appropriate user In short: Data portability, security and convenience

Contact Smart Cards

Contact-less Smart Cards

ISO 14443-4 Dual-Interface Smart Card Contact module with chip Internal antenna with connection points for chip A single chip for both contact and contactless

ISO 14443-4 Dual-Interface Smart Card Dual interface contact and contactless smart card. SmartMX chip technology ISO 7816 (T=0 and T=1) contact interface. ISO 14443A/B-4 (T=CL) contactless interface. DES3 encryption. Suitable for high level languages and multi-application OS (Operating Systems) such as JAVA, JCOP, MULTOS. Available with 36k, 72k, 128k, <1M (EEPROM) memory Max number of user applications and files is OS dependent.

RFID vs. RF-Enabled Understanding the differences between RFID and RF-enabled smart card technologies is critical in order to correctly assess each technology's fit with a specific application's security and privacy requirements.

RF-Enabled Applications

RFID Security RFID and RF-enabled smart card technologies comply with different standards, have different operating ranges and widely varying ability to support security features needed by RF-enabled applications.

RFID Security Levels

RFID Tags & Readers

Contactless RF-Enabled Smart Cards & Readers Stronger security via long keys, encrypted communication, and mutual authentication

ISO 14443 Contactless Smart Reader 13.56 MHz contactless Host Application CPU ISO 14443-4 Reader CPU Smartcard CPU

Contactless Smart Reader Multi-Applications Administrator Smart Reader Logical Access Biometrics Configuration Identification Payment Logical/Physical Access System monitoring Devices control Smart cards edocuments Security Management Transactions Users Information Physical Access Money Digital Signature

Contactless Smart Card Major Benefits Security Contactless Chip is tamper-resistant Information stored can be read/write protected Capable of performing high security encryption Challenge Response Mutual Authentication Smart Cards have unique serial numbers Biometrics support provides One-to-One Match Intelligence Capable of Processing, not just storing information Multi-Application support Information and Applications on a card can be updated without having to issue new cards. PKI & Encryption support

Contactless Smart Card Major Benefits (cont.) Convenience Portable easy-to-use form factor High speed access for high throughput Useable in harsh or dirty environments (RF) Fast positive Authentication of Identity Reliable and Inexpensive Durable - card bodies Contactless - manual dexterity, speed, no maintenance Passive no batteries Low Cost - ownership Flexible Reader Interface Options = TCP/IP, USB 2.0, Wiegand, Serial data Many Form Factors

IDENTITY PAST & PRESENT

US Government Identity Credential Timeline >1991 Department of Defense DoD ID card 1995 Murrah building bombing Oklahoma City, OK, creation of Federal Security Levels 1997 Secure networks with smart card on Navy Smart Battleship ~2000 Common Access Card (CAC) 2003 Executive Office of the President OMB M-04-04 E- Authentication Guidance for Federal Agencies 2004 Homeland Security Presidential Directive (HSPD) 12, one credential for Federal employees and contractors for logical and physical access.

US Government Identity Credential Timeline (cont.) 2005 National Institute of Standards (NIST) Federal Information Processing Standard (FIPS 201), Personal Identity Verification (PIV), 2006 First Responder Authentication Credential (FRAC) CertiPath Aerospace and Defense Industrial Base Bridge, initial Personal Identity Verification Interoperability (PIV-I) deployments 2007 Transportation Worker Identification Credential (TWIC) 2008 Special Publication 800-116, Guidance on Physical Access Control; bi-directional reader comm s, Certificates, PKI 2009 Federal Identity, Credentialing, and Access Management (FICAM) Roadmap, PIV-i baseline

US Government Identity Credential Timeline (cont.) 2010 National Strategy for Trusted Identities in Cyberspace (NSTIC), PIV-i 1.1, PIV-i FAQ, FICAM Part B Guidance (expected Q4), Department of Commerce; Cyber security, Innovation and the Internet Economy, Fed PKI-Policy Authority; Citizen and Commerce Class Common Certificate Policy.

HSPD-12 and FIPS-201 HSPD-12 (Homeland Security Presidential Directive 12) Issued by President George W. Bush on August 27, 2004 Mandates the establishment of a standard for identification of Federal Government employees and contractors. Requires the use of a common identification credential for both logical and physical access to Federally controlled facilities and information systems. Intends to enhance security, increase efficiency, reduce identity fraud, and protect personal privacy. FIPS-201 (Federal Information Processing Standard Publication 201) Issued by National Institute of Standards and Technology (NIST) Feb 25, 2005. Defines the standard for Personal Identity Verification (PIV) of Federal Employees and Contractors. Applies to both physical and logical access control, and other applications as determined by the individual agencies. Provides guidance for implementing the HSPD-12 requirements for a common Federal identification credential that is to be used to access both physical and logical facilities and information systems.

FIPS 201 Standards Benefits The most important benefits of the FIPS 201 model is the strong assurance that the identity associated with a credential belongs to the correct individual. Specifies a useful and secure identity card that supports a wide range of use cases. Enables card support across a wide range of PCs, servers, controllers, systems, and mobile devices. Defines Policy & Infrastructure. Defines processes and technical specifications that enable interoperability across organizations. Fosters competition to reduce prices.

FIPS 201 PIV Card Advantages It is supported by a wide range of manufacturers and integrators. It does not compel an organization to use a single vendor for key components (see APL). It provides flexible authentication, signature, and encryption functionality. It is well positioned to take advantage of emerging technologies, such as biometrics. As a standard that will be used by Federal agencies to issue credentials to millions of U.S. Federal employees and contractors, it has the advantage of scale. It provides the framework to support interoperable identity credentials across organizations PIV-i

PIV Cards Personal Identification Verification (PIV) Cards Cornerstone Electronic Credential in U.S. Federal Government used in Authentication to both Information Resources and Facilities. In HSPD-12 U.S. Federal Departments and Agencies are Required to Issue PIV Cards to Permanent Government Personal and Contractors. Issued ONLY by U.S. Federal Entities. Is Relied On by U.S. Federal and Non-Federal Entities. Background Investigation Minimum NACI. Assert Federal Common Policy Framework (FCPF) Certificate Policy Object ID s for PIV.

PIV & PIV-i Technology PIV Personal Identity Verification Card an identity card that meets the PIV technical specifications to work with PIV infrastructure elements such as card readers, and is issued by the Federal government in a manner that allows relying parties to trust the card. PIV-I - Interoperable Card an identity card that meets the PIV technical specifications to work with PIV infrastructure elements such as card readers, and is issued by a Non-Federal Issuer (NFI). in a manner that allows Federal government relying parties to trust the card. 79

PIV-i PIV Interoperable Cards Personal Identification Verification Interoperable (PIV-i) Cards Cornerstone Credential For All Security Controls For Both Information Resources (LACS) And Facilities Protection (PACS). Issued by Non-Federal Issuers (NFI). Intended Primarily For Issuance By Non-Federal Entities. May Be Relied On By Federal And Non-federal Entities. Identity and Affiliation Certainty Equivalent to PIV. No Issuer Background Investigation of Cardholders. Asserts Federal Bridge Certificate Authority (FBCA) Certificate Policy Object ID s for PIV-i.

Credential Identifiers PIV = FASC-N Federal Agency Smart Credential Number Defined and assigned by U.S. Federal Agencies Place holder for GUID PIV-i = GUID / UUID FASC-N May Not Be Used GUID is defined by RFC 4122

IDENTITY FUTURE

ICAM Defined What is ICAM? The intersection of digital identities, credentials and access control into one comprehensive approach.

FICAM Initiatives Create Digital Identity Achieve Compliance Enable System Interoperability Protect Personally Identifiable Information (PII) Integrate PACS and LACS

FICAM Goals Enhance security across the government by closing gaps. Improve government agency compliance. Improve accessibility of federal agencies to each other and the American public. Address identity management and physical access control issues for federal employees. Reduce costs and improve efficiencies.

FICAM Outcomes Create trusted digital identity representations. Bind those identities to credentials used for access transactions. Leverage credentials to grant authorized access. Enable digital signatures (applications, documents, authorizations )

FICAM Benefits Enhance Security Improve Efficiencies Reduce Costs Improves Accessibility Establishes Common PACS and LACS Protocols Fosters Agency Compliance

HSPD-12, FIPS-201, SP Pubs, & ICAM, PIV, TWIC, PIV-i HSPD-12 TWIC PIV-i / FRAC ICAM FIPS -201 SP-800-73-1 Interfaces for PIV SP 800-87 Codes for the Identification of Federal and Federally- Assisted Organizations SP-800-76-1 Biometric Data Specification for PIV SP-800-96 PIV Card / Reader Interoperability Guidelines SP-800-78 Cryptographic Algorithms and Key Sizes for PIV SP-800-79 Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations SP-800-116 A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)

FIPS 201 SCA Decoder Docs www.smartcardalliance.org Physical Access Control System Migration Options for Using FIPS 201-1 Compliant Credentials, Smart Card Alliance Physical Access Council white paper developed in collaboration with the Open Security Exchange, Security Industry Association and International Biometric Industry Association, September 2007 FIPS 201 PIV II Card Use with Physical Access Control Systems: Recommendations to Optimize Transaction Time and User Experience, Smart Card Alliance Physical Access Council white paper, May 2007 Considerations for the Migration of Existing Physical Access Control Systems to Achieve FIPS 201 Compatibility, Smart Card Alliance Physical Access Council white paper, September 2006 FIPS 201 and Physical Access Control: An Overview of the Impact of Physical Access Control Systems and FIPS 201, a Smart Card Alliance Physical Access Council briefing presentation, January 2006 FIPS 201 on Federal Physical Access Control Systems, a Smart Card Alliance Physical Access Council white paper, September 2005

Steve Rogers President 115 Southport Commons Suites I and J Spartanburg, SC 29306 Smart Card Alliance P: (800) 689-1412 191 Clarksville Rd. Princeton Junction, NJ 08550 (800) 556-6828 www.smartcardalliance.org steve.rogers@iceware.com www.iceware.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback