PIVMan Takes a Step Beyond FIPS

Corestreet Ltd. recently released the PIVMan, a handheld card reader system that validates and authenticates a variety of credentials in the field, with or without an available network connection. Security Technology & Design’s Marleah Blades spoke...


Let’s say there’s a natural disaster. First responders show up, they secure the perimeter; they’re responsible for controlling access to that perimeter. Then a bunch of other people start showing up. Some of those people are allowed to be there, some aren’t allowed to be there. They all have some kind of card, so if you’re a first responder and you have an EMT show up, he swipes his FIPS card or his state of Pennsylvania card or whatever he has into the handheld. The handheld authenticates him and shows his picture and asks his for my fingerprint or PIN depending on the card. And then it shows you, yep, that’s really Phil, he’s valid, and he’s authorized for hazardous material cleanup, for example, so that you can efficiently direct them to where they need to go.

Now it does all this in a combination of hardware and software, so it’s a complete solution that a customer gets bundled. There’s the software piece—server-side software—that does all the data collection and aggregation. Then there’s some software that runs on the handheld, and then there’s the actual handheld itself. The hardware is provided by our manufacturing partner called DAP in Canada. We picked the best ruggedized outdoor handheld device we could find.

What really sets us apart are the software capabilities of being able to read any card, and show the identity and the privileges, and that without requiring any network connectivity.

You can’t assume that there’s any network connectivity available. This is meant to be used in an emergency or disaster, when the cell networks are usually the first to go down. But even if there’s no disaster, you’re outside, and you don’t want to say, we can only scan cards under this tree where you have good network reception, but not over here. Whenever (the handhelds) can get network connectivity, they automatically look for it. Then they download all this data and refresh themselves, but when you actually put a card into a handheld, it already has all the information on it at that time so it can very quickly do the authentication and the validation and the identity and the privileges without making any network connections. So you know it’s going to work even if everything else is broken.