Solving the Challenge of FIPS 201 Card Issuance

Lenel offers a sneak preview of its IdentityDefender solution for FIPS 201 credential management and issuance


The GovSec show, which is coupled with a conference for law enforcement and one for emergency preparedness professionals, is a place where you can see a variety of heavy technologies, from tactical security systems designed for military installations to hazmat equipment and even essential access control devices.

But in 2006, we're sure that for government facility security managers, at least a good bit of the time will be spent listening to presentations on the HSPD-12/FIPS 201 issues that are leading government facilities into converged access control with a "one card" solution.

And even though the show hasn't started, we can already imagine the frank discussions among those in charge of government facilities as they come to grips with the HSPD-12 directive of converged access.

"What technology are you looking at?" "Are we going to have to change all of our card systems?" "Have you even started to coordinate this with your network people?" "Where on Earth are we expected to get the budget money to make these changes?" -- They are all questions that will likely pop up between security managers on the show floor and in the lecture halls.

At is most simple, the FIPS 201/HSPD-12 directive and movement is designed to ensure security not only of our governmental facilities, but also of the data that resides in our government's logical network. It's a directive that not only requires a common credential for facilities and networks, but it's designed to ensure that only the people who belong to be inside those facilities can get there, and that only the persons given privileges to be on that network can be there.

Lenel, long known for its software that manages access control and video surveillance needs, is planning to make a splash tomorrow at GovSec with a new solution that ties together the essentials for providing a secure government ID card.

The company gave SecurityInfoWatch.com a sneak-peek at its new IdentityDefender brand, which is an end-to-end identity credentialing solution designed to meet FIPS 201 requirements for government facilities.

According to Erik Larsen, product manager of identity solutions at Lenel, the new system is a step away from the company's traditional access control and video management solutions, and instead solves the problem of how government facilities will meet federal requirements that ensure that the correct information is on the card, that the correct person is receiving a federal workplace ID, and that the card meets those government standards.

"IdentityDefender is more than a physical access control system," explains Larsen. "It's a platform that allows an organization to issue credentials, a.k.a. badges, in a secure manner."

Larsen explained how the IdentityDefender system works. Here's what it is and what it does:

The core of IdentityDefender is the IdentityDirector module. It's a server application that manages how applicant data is collected, who is collecting it, how it is processed, signed and verified, and how a credential/card is finally issued and validated. Running on a Windows platform, the IdentityDirector module is the "glue" of the card issuance process, and communicates the standards and data back in forth in a secure and automated manner.

To start the process of a FIPS 201-compliant card issuance, it communicates with another module, the IdentityCollector, which is a web-based module that oversees the processes of acquiring the information that FIPS 201 specifies. In common Lenel fashion, it's designed with an open architecture in mind, so that it can link up with common biometric and data collection hardware items for inputting the information. The web-based format makes it especially friendly for remote offices.

"It tells the sponsor employer and the applicant what is required, the required biometrics, the required documents," says Larsen, "and this software automates a secure collection of that data. The key with IdentityCollector is that the operator or sponsor of the employee doesn't have to make the decisions."

This content continues onto the next page...