Becoming FIPS 201 compliant is a challenge

How AMAG Technology helped the DoD become PIV compliant


While the original system used the SEIWG-012 data model, the actual card number was pulled from the Social Security Number field. The Social Security Number was subsequently classified as Personal Privacy Information, and could not be used in the system in that manner. Therefore, AMAG turned to the Electronic Data Interchange Person Identifier (EDI-PI) as the number on the card they would authenticate. In the FIPS-201 solution, the new data model includes the Federal Agency Smart Credential Number (FASC-N) within the Cardholder Unique Identifier (CHUID). The new reader firmware had to read the Federal Agency Smart Credential Number through the contactless interface, but the Electronic Data Interchange Person Identifier data off the contact interface of the older card.

"It was AMAG's vision to provide the highest level of interoperability for Personal Identity Verification cards from all agencies by following the intent of FIPS 201 by reading the Federal Agency Smart Credential Number from the Cardholder Unique Identifier," said Coady. "Access control requires fast throughput, and this new card provided real challenges in that area."

Significant effort by AMAG's product development team was put in on the project upfront to ensure the new FIPS compliant system will save time in the future and be more cost effective. Due to Symmetry's intuitive design, future upgrades will occur via the software, which is the least expensive to change. Expensive hardware upgrades will not be needed because of the dual technology Symmetry smartcard reader.

Lessons Learned

A close partnership among all entities involved was critical to the success of this project. Getting a commitment from the manufacturer, not just the integrator was pivotal. AMAG was involved in every aspect of the installation because migrating to FIPS 201 compliancy was new to everyone. AMAG's engineering and product development team tackled the challenges involved, eventually becoming the expert. At the time, this was so new, integrators were looking for guidance as much as the end users. AMAG was willing to dedicate the time, resources and effort to learn what was needed for the DoD to successfully upgrade to FIPS 201 compliancy.

AMAG Technology is a dedicated partner and has a long history supporting the US Government on smartcard programs, and has learned more from implementing standards compliant solutions than can be gleaned from reading documents. AMAG´s reputation as an innovator of sophisticated government security systems such as the Symmetry Homeland product portfolio has garnered respect in the government sector.

In many FIPS 201 solutions, the Federal Agency Smart Credential Number data isn't available to the security operator – it is not printed on the card or available on a cross-reference list. The system should have a means of reading the Federal Agency Smart Credential Number, and populate the card holder record within the SMS. That will speed up the process of enrollment.

Two-factor authentication was needed. The Symmetry Common Access Card Reader reads the Electronic Data Interchange Person Identifier number on the contact chip, but cannot get to the chip until it unlocks the Common Access Card with the card's PIN. Every time the card is used, the person must enter a PIN. This provides a two factor authentication. The challenge is that the FIPS compliant credential didn't require a PIN for contactless access to the data. The Symmetry application has the ability to require a PIN when using the card. During the transition time period to the contactless card, those with the older cards enter two PINs (the CAC PIN to unlock the card data and the SMS PIN). Contactless card users simply enter the SMS PIN.

The Symmetry Common Access Card Reader includes contact smartcard interface, contactless smartcard interface, keypad and LCD display. The reader is flash ROM programmable, which proved to be a huge cost savings since multiple firmware versions have been provided over the years to meet changing requirements. If not for this feature, various versions of the hardware would have to have been provided, increasing costs to all involved. AMAG's engineering efforts helped the DoD save a considerable amount of money.

The Symmetry Common Access Card Reader supports multiple card data formats. The ability of the reader to know what type of card was being presented and how to read that specific card enabled much of the functionality that was required to achieve compliance.

Future

AMAG Technology's Symmetry smartcard reader made the transition possible and saved money in the process.