Single Secure Credential to Access Facilities and IT Resources

Similar documents
A HOLISTIC APPROACH TO IDENTITY AND AUTHENTICATION. Establish Create Use Manage

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

HID Mobile Access. Simple. Secure. Smart.

HID goid Mobile ID Solution

HID goid Mobile ID Solution

hidglobal.com Still Going Strong SECURITY TOKENS FROM HID GLOBAL

The Next Generation of Credential Technology

Using PIV Technology Outside the US Government

HID Passport Datapage Technology

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

Dissecting NIST Digital Identity Guidelines

iclass SE Platform Solutions The New Standard in Access Control

Secure Government Computing Initiatives & SecureZIP

PSD2: Risks, Opportunities and New Horizons

BlackBerry Enterprise Identity

FiXs - Federated and Secure Identity Management in Operation

DigitalPersona for Healthcare Organizations

Securing Federal Government Facilities A Primer on the Why, What and How of PIV Systems and PACS

Managing PIV Life-cycle & Converging Physical & Logical Access Control

PKI is Alive and Well: The Symantec Managed PKI Service

Overview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Who s Protecting Your Keys? August 2018

BlackBerry 2FA. Datasheet. BlackBerry 2FA

Centrify for Dropbox Deployment Guide

Securing Personal Mobile Device Access to Enterprise IT and Cloud Assets with Strong Authentication

CP600 Card Programmer Quick Start Guide

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

Certification Authority

Printing & Encoding Solutions

Sphinx Feature List. Summary. Windows Logon Features. Card-secured logon to Windows. End-user managed Windows logon data

ENTRUST DATACARD DERIVED PIV CREDENTIAL SOLUTION

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS

Solution. Imagine... a New World of Authentication.

Strategies for the Implementation of PIV I Secure Identity Credentials

Printing, Laminating & Encoding Solutions

Ramnish Singh IT Advisor Microsoft Corporation Session Code:

NFC Identity and Access Control

Transportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005

HID FARGO CONNECT CONSOLE

Yubico with Centrify for Mac - Deployment Guide

Helping Meet the OMB Directive

(PIV-I) Trusted ID across States, Counties, Cities and Businesses in the US

DFARS Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017

Mandate. Delivery. with evolving. Management and credentials. Government Federal Identity. and. Compliance. using. pivclasss replace.

The Device Has Left the Building

Asure ID 7. C a rd Pers o n aliz at io n S o f twa re

4TRESS FT2011 Out-of-Band Authentication and Juniper Secure Access

IMPLEMENTING AN HSPD-12 SOLUTION

Identity and Authentication PKI Portfolio

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

g6 Authentication Platform

DATA SHEET. ez/piv CARD KEY FEATURES:

CRESCENDO SERIES Smart Cards. Smart Card Solutions

TWIC Transportation Worker Identification Credential. Overview

white paper SMS Authentication: 10 Things to Know Before You Buy

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

Leveraging the LincPass in USDA

Make security part of your client systems refresh

Printing, Laminating & Encoding Solutions

Crash course in Azure Active Directory

Endpoint Protection with DigitalPersona Pro

There is an increasing desire and need to combine the logical access and physical access functions of major organizations.

Unified PACS with PKI Authentication, to Assist US Government Agencies in Compliance with NIST SP (HSPD 12) in a Trusted FICAM Platform

PKI Credentialing Handbook

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

4TRESS AAA. Out-of-Band Authentication (SMS) and Juniper Secure Access Integration Handbook. Document Version 2.3 Released May hidglobal.

TFS WorkstationControl White Paper

Increase user productivity and security by integrating identity management and enterprise single sign-on solutions.

IDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller

The Problem with Privileged Users

Overview. DigitalPersona Logon for Windows Data Sheet. DigitalPersona s Composite Authentication transforms

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK

Comodo Certificate Manager. Centrally Managing Enterprise Security, Trust & Compliance

Managing the Risk of Privileged Accounts and Passwords

Will Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions?

Interagency Advisory Board Meeting Agenda, December 7, 2009

Security Enhancements

PROGRAM GUIDE RED HAT CONNECT FOR TECHNOLOGY PARTNERS

Power LogOn s Features - Check List

RSA Solution Brief. Providing Secure Access to Corporate Resources from BlackBerry. Devices. Leveraging Two-factor Authentication. RSA Solution Brief

MaaS360 Secure Productivity Suite

Secure Lightweight Activation and Lifecycle Management

FICAM in Brief: A Smart Card Alliance Summary of the Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance

IAM Project Overview & Milestones

Interagency Advisory Board Meeting Agenda, Wednesday, May 23, 2012

SYSTEM GALAXY HARDWARE. 635-Series

Virtual Machine Encryption Security & Compliance in the Cloud

How Next Generation Trusted Identities Can Help Transform Your Business

L-1 Fingerprint Reader Solutions. V-Flex 4G

Business White Paper IDENTITY AND SECURITY. Access Manager. Novell. Comprehensive Access Management for the Enterprise

Put Time Back on your Side

An Overview of Draft SP Derived PIV Credentials and Draft NISTIR 7981 Mobile, PIV, and Authentication

Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance

Mobile Access is the Killer App The Path to Flexible, Secure Credentials Brandon Arcement Senior Director, Product Marketing April 8, 2019

A comprehensive security solution for enhanced mobility and productivity

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Leveraging HSPD-12 to Meet E-authentication E

Transcription:

Single Secure Credential to Access Facilities and IT Resources HID PIV Solutions

Securing access to premises, applications and networks Organizational Challenges Organizations that want to secure access to their premises, applications and networks run into significant challenges: Passwords are insecure and costly to manage Physical and IT access are often silo ed Users digital identities are often not offboarded when leaving the organization Organizations typically have multiple user populations with different needs Government and regulated industries see security mandates and regulations tightening as the reporting of breaches increase. Unfortunately, the technology to address these issues can sometimes require products from up to 12 different vendors. A Comprehensive Solution to Meet Your Identity and Access Needs The HID PIV (Personal Identity Verification) solution addresses all those challenges by leveraging the same government-strength security solution that has already been deployed to more than seven million people across the world. Organizations benefit from the ecosystem created by this large footprint, with many applications, operating systems, and devices supporting natively the PIV credentials. Customers can implement the HID PIV solution to be fully compliant with stringent mandates like PIV or PIV-Interoperable (PIV-I). If strict compliance to government mandates is not required, HID offers a lighter deployment model that still offers the increased security and interoperability of the PIV ecosystem. Your organization benefits from a secure and reliable credential in the form of a smart card that can be used for visual identification, to protect access to facilities and access IT systems. Other form factor options are also available, including USB key, virtual smart card and derived credentials for mobile devices. HID PIV Solutions Deliver: Trusted Identity - HID PIV provides your users with an identity that is trusted within your organization and can optionally be automatically trusted by other organizations you do business with. Comprehensive Security HID PIV leverages the established strength of this existing standard and extends it to systems, networks, and applications resulting in a better security position for your organization. Simplified User Experience By incorporating more capabilities into a single smart card or USB key, users have fewer credentials to remember or manage in order to get access to what they need to do their jobs, and are less likely to circumvent your controls. Easier Deployment and Management The components of HID PIV are designed to work seamlessly together, so it is faster to get up and running, and easier to manage over time. A Complete System HID PIV Enterprise encapsulates the entire PIV management process from establishing identity, to credential creation and issuance, synchronization of connected systems, and credential revocation. HID PIV Solutions Trusted Identity Comprehensive Security Simplified User Experience Easier Deployment and Management A Complete Solution

Sponsor Enroll Vet Authenticate Validate Digitally Sign Decrypt 01 establish 02 create use 03 04 manage use Visual Verification Physical Access IT Access Reset/Change Update Revoke De-provision Replace Establish and Manage the Credential What is PIV / PIV-I / HSPD-12 / FIPS 201 Compliance? The US Federal government is mandated by Homeland Security Presidential Directive 12 (HSPD-12) that all federal employees and onsite contractors have a standard, secure, reliable form of identification. This form of identification is the Personal Identity Verification (PIV) card. PIV Interoperable (PIV-I) is a variation of that standard for non US Federal organizations that is still trusted by the US Federal government. FIPS 201 is the technical standard covering the processes to obtain such a card as well as the interoperability of such a card, including certification processes and listing the products approved by the US Federal Government. Derived Credentials also extend the PIV/PIV-I identity to mobile devices where the use of the card may be impractical. Establishing the Identity Root of Trust Providing strong authentication starts by establishing the identity of the person that will receive the secure credential. HID PIV Solutions can streamline this process by: 1. Integrating with authoritative sources such as HR or contractor management systems for automated sponsorship 2. Performing identity proofing (verifying and capturing approved state or national ID) 3. Enrolling the user fingerprint or iris data so that subsequent interaction with the system can be verified electronically without requiring the ID of the applicant 4. Connecting to external background check systems, including the United States Office of Personnel Management Federal Investigative Services 5. Adjudicating the application to determine if the applicant should receive the credential or not HID PIV solutions provide a customizable HID PIV IDMS (Identity Management System) that is FIPS 201 compliant. Organizations that don t need to comply with PIV or PIV-I can configure the HID PIV solution to skip any of the above steps. Credential Issuance & Lifecycle Management Once an applicant has been approved to get a credential, HID PIV solution will securely issue that credential and manage its lifecycle. The credential itself can be in the form of a FIPS 140-2 certified smart card or USB key with embedded secure element. The smart card can be contact-only or dual interface (contact and contactless), which can be printed using an HID Fargo printer to include a facial image, personal information and/ or organization logo. In addition to issuing and managing smart cards and USB keys, HID PIV can manage virtual and software credentials which are better suited for mobile computing devices such as tablets and smart phones. The credential typically contains digital certificates and the corresponding private keys, user data and an optional one-time password generator for legacy applications. An additional component of HID PIV is ActivID Credential Management System, which securely manages the lifecycle of the credential, including PIN unlock, certificate updates, credential lost/stolen/replacement, and termination. All updates can be done remotely in a highly secure fashion so that branch offices, remote or traveling employees and partners are serviced without requiring them to be physically present.

Credentials for Physical and IT Systems Access Physical Access The credential, when in a card form factor, can be used to access the organization premises. Organizations typically have 2 options: Those that need full compliance with the PIV or PIV-I mandate: the card chip is accessible both via the contact and the contactless interface (also known as dual interface) and enables PKI authentication at the door Those that don t need full compliance with PIV or PIV-I but want to leverage their existing physical access system (PACS) and don t plan to deploy PKI authentication at the door: those organizations can use a combo card with the smart card contact chip for IT authentication and the PACS contactless chip for physical access Organizations can also step up the security of specific doors by requiring 2 and 3 factor authentication including card presence, card presence + PIN entry or card presence + PIN entry + fingerprint validation. HID PIV Enterprise can provide Physical Identity & Access Management (PIAM) to automatically provision and de-provision user access into your organization s PACS. HID PIV Enterprise supports systems from many popular vendors so that large organizations that have many sites can manage the provisioning and de-provisioning of the users identity and access privileges across the organization. IT Systems Access The same credential can be used to replace passwords with stronger authentication in many IT applications, including Microsoft Windows Active Directory, most VPN products, web sites, cloud applications, and more. The user simply inserts his/her card into the smart card reader (or USB key) and types his/her PIN code to login for multi factor authentication. It will also lock itself after too many wrong attempts. The result is better security and better user convenience by eliminating complex, constantly changing passwords that are difficult to remember. Mobile devices can also benefit from the seamless, improved security via virtual smart cards and derived credentials. Legacy applications that are not PKI enabled can often be supported using a One Time Password generated from the smart card and authenticated by an ActivID Appliance and then integrated into the application using protocols like RADIUS or SAML.

Deployment Options HID PIV comes in two editions: HID PIV Express is a customizable, easy to deploy, PIV compliant solution that does not require complex integration between point products HID PIV Enterprise has all of the features of HID PIV Express but adds Physical Identity and Access Management (PIAM) capabilities. These advanced capabilities allow users to create a central PIV identity repository, automate access requirements based on policy rules that are enforced within your PACS systems. Additionally, HID PIV Enterprise includes enhanced process reporting to monitor and manage your credential workflows. For maximum ease of procurement, deployment and maintenance, customers can take advantage of the full HID solution or leverage existing third party components to maximize existing investments. HID PIV solutions helps organizations improve their security posture, comply with mandates, improve the user experience, and is easier to procure, deploy and maintain. For more information about HID PIV Express and Enterprise, please visit: hidglobal.com/hidpiv Advanced Use Cases Users can also use their same credential to digital sign emails or documents, decrypt emails or files, protect their laptop with full disk encryption and boot protection, protect print jobs with secure printing and many other functions. Organizations can optionally use IdenTrust digital certificates so that their user s credentials are automatically trusted by virtually anybody that has a PC or mobile device.

North America: +1 512 776 9000 Toll Free: 1 800 237 7769 Europe, Middle East, Africa: +44 1440 714 850 Asia Pacific: +852 3160 9800 Latin America: +52 55 5081 1650 2017 HID Global Corporation/ASSA ABLOY AB. All rights reserved. HID, HID Global, the HID Blue Brick logo, the Chain Design, Genuine HID, iclass, PIV Enterprise and PIV Express are trademarks or registered trademarks of HID Global or its licensor(s)/supplier(s) in the US and other countries and may not be used without permission. All other trademarks, service marks, and product or service names are trademarks or registered trademarks of their respective owners. 2017-11-15-iam-hidpiv-solutions-br-en PLT-03132 An ASSA ABLOY Group brand hidglobal.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback