PIVMan Takes a Step Beyond FIPS

Corestreet Ltd. recently released the PIVMan, a handheld card reader system that validates and authenticates a variety of credentials in the field, with or without an available network connection. Security Technology & Design’s Marleah Blades spoke...


Corestreet Ltd. recently released the PIVMan, a handheld card reader system that validates and authenticates a variety of credentials in the field, with or without an available network connection. Security Technology & Design’s Marleah Blades spoke with Phil Libin, Corestreet’s president, about the new product and its place in the FIPS 201 landscape.

MB: Tell me a bit about the PIVMan. PL: Well, the whole point of all of these smart credential programs, like FIPS, CAC in the DoD, FRAC for first responders, and many of these initiatives underway now, is to produce smart cards that can be given to people as identity cards to make it much easier and faster and more secure to tell who everyone is and whether they’re allowed to be getting into someplace, and to track who and where and to what…. If you have a FIPS card and you just use it as a flash badge, it defeats the purpose of having these cards in the first place. The (HSPD-12) directive calls for them to be electronically verified, but surprisingly, even though there’s been this huge amount of effort to get the cards out there, there are actually very few products that work with them. So PIVMan is the first real solution that takes advantage of the FIPS infrastructure, the CAC infrastructure, the FRAC infrastructure, so that it can read any of these kinds of cards in the field. It can determine whether the card is real, it can authenticate the person, it can tell the card is still active—that it hasn’t been stolen or revoked—and it can display any attributes or privileges associated with the person. So it can make an access decision very quickly using the full infrastructure.

MB: Does the product also work with TWIC and other cards? PL: It works right now with TWIC, MAC—the maritime access card—it works with a couple of the European national ID programs, so it’s very much targeted at the FIPS and FIPS-like community.

MB: PIVMan has recently been tested in the Winter Fox exercises. Can you tell us a little about that? PL: PIV Man has been tested in five different exercises now. Winter Fox was the first major one. It’s a government exercise intended to test cross-jurisdictional interoperability for first responders in emergency situations. So it’s a simulation of a disaster or emergency. And there are lots of different officials from different government agencies, state, federal and local, that have to show up at different scenes and use their cards—they all have different cards from different programs—and scan them through the PIVMAN handheld and actually show that they are allowed to be there, produce the logs and reports after the exercise showing who got in where, who didn’t get in, what they did, all of that kind of stuff.

MB: What’s the technology of the product, and what types of interfaces does it have? For strictly FIPS cards they use the contact interface because they all have a contact interface. For cards that don’t have a contact interface, the thing’s got a barcode scanner on it, so it could read a 2D barcode off of a drivers’ license. It has a contactless reader as well.

This content continues onto the next page...