70 likes | 217 Vues
HSPD-12 Workshop. Implementing PIV Specifications. for Joe Broghamer Philip S. Lee May 5, 2005. PIV Implementation Approach. Adopt Industry Best Practices and Lessons Learned from other Government Smart Card Implementations DoD Common Access Card (CAC) Program Card Profile
 
                
                E N D
HSPD-12 Workshop Implementing PIV Specifications for Joe Broghamer Philip S. Lee May 5, 2005
PIV Implementation Approach • Adopt Industry Best Practices and Lessons Learned from other Government Smart Card Implementations • DoD Common Access Card (CAC) Program • Card Profile • Card Management • Card Issuance • DHS TSA Transportation Worker Identification Credential (TWIC) Program • Enrollment • Identity Management • CMS Integration
Identity Management System (IDMS) Enrollment Identity Verification • 1:n biometric search • Confirm employment • ID Validation through standard government wide services • Government DB’s • Threat risk Card Production & Personalization PIV Identity Verification and Issuance PIV Identity Verification and Issuance Approval Authority 2 3 1 Employer Sponsorship 5 Employee Application Employee Enrolls 6 4 7 8 Issuer -Card Activation Numbers Indicate Functional Areas of Responsibility Green functions manageChain of Trust for Identity Verification PIV Activated forOperational Use
OPM Portal PIV Functional Process Flow Duplicate Check Generate EFTS Records Individual FP Images Segmentation Enrollment Pre-Enrollment IAFIS & Other Background Checks Capture 10 Slaps Two I-9 Doc Processing Two Best FP Characterization Enrollment Database Facial Image Capture Biographic Info Capture ANSI 378 Minutiae Templates Generate CBEFF Records Employee Application Forms Template Generation Other Templates (MOC) Card Management Relying Party Authorization Operational Use Card Production Card Activation 1:1 MOS Cardholder Verification Card Request Package Data Check and Generate Audit Card Printing and Contact & Contactless Chip Encoding Logical Access Physical Access Load PIN Desktop/Remote Logon FP Biometrics 1:1 Verification Applets Load FP Templates Facial Image Encryption Certificate Load Certificates Email Sign & Encryption FASC-N
PIV Card PIV Architecture HQ Active Directory PACS Adaptor Interface PACS Logical Access Open IT SQL DB Meta Directory Staging DB Certificate Authority CA Repository Active Directory Physical Access Agent Issuance Revocation Card Management & Production System Identity Management System HR Security Clearance User Provisioning Authorization Issuance Request Notifications Life Cycle Mgmt API Notification API Hot List Subsystem Badging API Card Issuance Workstation HQ Network Admin Browser Office of Security Revocation Browser Enrollment Workstation
PIV Implementation Plan • Sharing Lessons Learned and Seeking Stakeholder Buy-in via Integrated Product Testing (IPT) Process • Physical and IT/Cyber Access Infrastructure Survey via Stakeholders • PIV Implementation Plan to OMB by 6/27/05 • IDMS DB Integration with HR/Security Clearance DB • Integration of PIV-1 Compliant IDMS, CMS and PACS • Integration of the Enterprise PACS Network with the Agency IT Network • PIV-1 Implementation Ready by 10/27/05 • Agency-wide Migration Strategy for Legacy PACS • Industry Participation toward Open API for Card Life Cycle Management and Open Badging API for Interoperable Card Issuance System Component • Migration to PIV-2 Smart Card & Biometrics Solutions by and beyond October 2006
Thanks! Q & A Philip S. Lee (202) 674-5104 (M) Lee@identityalliance.com pleesmart@aol.com