AMAG Technology, Codebench and Datastrip have partnered together to develop a deeply integrated, government approved authentication application. As a result of Homeland Security Presidential Directive (HSPD) 12, employees and contractors of government agencies, port/harbors and other critical infrastructure entities must meet the Federal Information Processing Standard (FIPS) 201 or Transportation Workers Identification Credential (TWIC) requirements for presenting positive identification documents before gaining access into these facilities. Individuals must use a Personal Identity Verification (PIV) or TWIC card to identify themselves before they are registered into an agencyâ€™s physical access control system.
Codebenchâ€™s PIVCheck Plus is a cardholder verification and access control registration software product. When used with Datastripâ€™s biometric mobile terminal, the DSV2+Turbo, the integration package may register new cardholders, can update existing cardholder records with PIV or TWIC data, or spot check the identities of individuals. A four-factor authentication is performed including matching a PIN, viewing the photo of the cardholder, matching the fingerprint and checking the cardâ€™s digital certificates. The cardholder information is automatically entered into AMAGâ€™s Symmetry Security Management System.
"Applications requiring the tightest level of security will find this an invaluable security mechanism to protect not only their employees, but possibly our nationâ€™s borders, critical infrastructure and government facilities," said AMAG Technology President, Bob Sawyer.
To enroll in the system, individuals present their FIPS 201-compliant card to the handheld contact smart card reader. By entering their PIN on a virtual scrambled keypad, their stored biometric template held within the card is made available. The DSV2+Turbo contains an integrated fingerprint reader thus allowing the individual to have his/her live fingerprint sample compared against a stored fingerprint image on the card. The scrambled keypad protects the individual from having onlookers record the PIN, and provides an advanced level of security.
Depending on the type of card, the personâ€™s PIV Authentication Key or Card Authentication Key digital certificate is validated against the appropriate certificate authority to confirm that the individualâ€™s digital certificates are still valid per the issuer.
Additionally, the PIV or TWIC information can be linked to the cardholderâ€™s common access card (e.g., proximity card) allowing the site to continue to use their existing Symmetry access control infrastructure without the need to change readers.
The PIVCheck Certificate Manager keeps the site in regulatory compliance by scheduling an automatic reconnection to the Certificate Revocation List to determine if any certificates have been revoked. The Symmetry SMS is notified if any of the cardholderâ€™s common access control cards should be inactivated.
The application can also be used to spot check users of valid FIPS 201 PIV II-compliant cards at check points or on patrol. The same four-factor authentication used during registration can be used during these spot challenges, thus providing the highest levels of identity assurance.
"The integration between our PIVCheck product suite and AMAGâ€™s Symmetry SMS allows end-users to quickly and easily comply with HSPD-12 regulations, while leveraging their existing security infrastructure," stated Geri Castaldo, CEO of Codebench.