HSPD-12 Workshop Implementing PIV Specifications for Joe Broghamer Philip S. Lee May 5, 2005
PIV Implementation Approach • Adopt Industry Best Practices and Lessons Learned from other Government Smart Card Implementations • Do. D Common Access Card (CAC) Program – Card Profile – Card Management – Card Issuance • DHS TSA Transportation Worker Identification Credential (TWIC) Program – Enrollment – Identity Management – CMS Integration 2
PIV Identity Verification and Issuance 2 1 3 Approval Authority Employer Sponsorship Identity Verification Ø 1: n biometric search 5 ØConfirm employment ØID Validation through standard government wide services Employee Application Employee Enrolls 4 Enrollment Numbers Indicate Functional Areas of Responsibility Green functions manage Chain of Trust for Identity Verification ØGovernment DB’s Identity Management System (IDMS) ØThreat risk 7 8 6 Card Production & Personalization Issuer Card Activation PIV Activated for Operational Use 3
PIV Functional Process Flow Enrollment Pre-Enrollment Capture 10 Slaps OPM Portal Two I-9 Doc Processing Facial Image Capture Individual FP Images Segmentation Generate EFTS Records Two Best FP Characterization Duplicate Check IAFIS & Other Background Checks Enrollment Database Biographic Info Capture ANSI 378 Minutiae Templates Employee Application Forms Template Generation Other Templates (MOC) Card Management Card Production Card Request Package Data Check and Generate Audit Card Printing and Contact & Contactless Chip Encoding Card Activation 1: 1 MOS Cardholder Verification Load PIN Load FP Templates Facial Image Applets Encryption Certificate Load Certificates Generate CBEFF Records Relying Party Authorization Operational Use Physical Access Logical Access FP Biometrics 1: 1 Verification Desktop/Remote Logon FASC-N Email Sign & Encryption 4
PIV Architecture PACS Open IT SQL DB Physical Access PACS Adaptor Interface Staging DB Agent HQ Active Directory Logical Access Meta Directory CA Repository Active Directory Issuance Revocation HR Security Clearance User Provisioning Authorization HQ Network Admin Browser Identity Management System Enrollment Workstation Issuance Request Notifications Life Cycle Mgmt API Notification API Hot List Subsystem Office of Security Revocation Browser Certificate Authority Card Management & Production System Badging API Card Issuance Workstation PIV Card 5
PIV Implementation Plan • Sharing Lessons Learned and Seeking Stakeholder Buy-in via Integrated Product Testing (IPT) Process • Physical and IT/Cyber Access Infrastructure Survey via Stakeholders • PIV Implementation Plan to OMB by 6/27/05 • IDMS DB Integration with HR/Security Clearance DB • Integration of PIV-1 Compliant IDMS, CMS and PACS • Integration of the Enterprise PACS Network with the Agency IT Network • PIV-1 Implementation Ready by 10/27/05 • Agency-wide Migration Strategy for Legacy PACS • Industry Participation toward Open API for Card Life Cycle Management and Open Badging API for Interoperable Card Issuance System Component • Migration to PIV-2 Smart Card & Biometrics Solutions by and beyond October 2006 6
Thanks! Q&A Philip S. Lee (202) 674 -5104 (M) Lee@identityalliance. com pleesmart@aol. com 7
Скачать презентацию HSPD-12 Workshop Implementing PIV Specifications for Joe Broghamer
f4f0bac9ef6d770f0298dcea9dae80b3.ppt