FIPS 201 News
Audio from September 26 IAB meeting online now
The September meeting of the influential Government Smart Card Interagency Advisory Board (IAB) was recently held in Washington D.C. FIPS201.com was on hand to cover the event and has provided, as a service to the IAB and the smart card community, an audio recording of the presentations. Click on the link below to access a list of audio and accompanying PowerPoint slides (in pdf format).
Government Smart Card Interagency Advisory Board (IAB) Meeting
Opening Remarks
MP3: click here
Enabling the Mobile Government Workforce with PIV Credentials in a BYOD Future
Neville Pattinson, GemaltoPDF: click here
MP3: click here
Enabling PIV and Federated Access and Privileges within Cloud Services
Ken Ammon, CSO, XceediumPDF: click here
MP3: click here
Demonstration of Means to Provision PIV to Various Relying Party Systems
Joe Broghamer, DHSIdentity Management Reassembled
Jeff Nigriny, CertipathPDF: click here
MP3: click here
Closing Remarks
MP3: click here
Thursby, Precise bundle products
Precise Biometrics announced that it is releasing its Tactivo smart casing for the iPhone and iPad in combination with the secure browsing software from Thursby Software.
The new Tactivo/PKard bundle combines the Tactivo smart card reader and fingerprint sensor hardware with the Pkard Reader v1.1 app for access to Web email, portal, and collaboration sites with two-factor CAC or PIV smart card authentication and FIPS 140-2 security. ??
Special introductory pricing of $249 for the iPhone bundle and $299 for the iPad bundle – $50 off the regular bundle price – creates value for any Federal budget. The PKard Reader v1.1 app is currently available free on Apple’s App Store and future releases will be available to bundle purchasers at no additional cost. ??
Lumenera camera, Tamron lens gets FIPS201 certification
Tamron USA has announced that its partnership with Lumenera has produced a FIPS 201 certified security and surveillance camera.
The Lumenera Lu375C equipped with Tamron’s M12VM412 CCTV lens has been awarded FIPS201 certification and also meets U.S. federal government standards for Personal Identity Verification (PIV) in facial image capturing systems.
Tamron’s M12VM412 lens— with its flat-field megapixel, vari-focal lens and 4-12 mm focal length— produces high quality imagery and is designed for cameras with a half-inch imager size, like Lumenera’s Lu375. The lens can also produce clear images in low-light conditions— a valuable feature in surveillance applications.
Lumenera’s Lu375C is a USB 2.0, 3.1 megapixel color camera ideal for industrial and security environments. The Lu375C features an on-board 2048 x 1536 resolution that yields incredibly sharp, high-quality images.
FIPS201 requirements have led to the standardization of biometric processing for electronic credentials for both logical and physical access control systems. Though no easy task, FIPS201 compliance ensures that Lumenera and Tamron’s camera system will be fully interoperable with any current or future PIV systems.
The camera is currently available for sale, and additional information for the joint initiative can be found at the companies’ websites.
Audio from August 22 IAB meeting online now
The August meeting of the influential Government Smart Card Interagency Advisory Board (IAB) was recently held in Washington D.C. FIPS201.com was on hand to cover the event and has provided, as a service to the IAB and the smart card community, an audio recording of the presentations. Click on the link below to access a list of audio and accompanying PowerPoint slides (in pdf format).
Government Smart Card Interagency Advisory Board (IAB) Meeting
Opening Remarks
Tim Baldridge, IAB ChairUse of PIV-I in Medical Disaster Response Demonstration
Dr. James, AMA and Craig Wilson, FEMA ContractorPDF: click here
Considerations for the User Experience when PIV-Enabling Applications
Bill Erwin, DoDPDF: click here
MP3: click here
Update of the FICAM Trust Framework Provider Adoption Process
Anil John, GSAMP3: click here
Initiatives and Products from Oracle Meeting FICAM Initiatives
Derrick Harcey, OracleMP3: click here
Closing Remarks
Tim Baldridge, IAB Chair
William I. MacGregor, ID thought leader, passes
William I. MacGregor, one of the driving forces behind the government’s FIPS 201 smart card specification passed away last week. MacGregor, Ph.D., CISSP, CISA, served the government and private sector for more than 32 years as a technologist and business strategist, focusing on identity management and enterprise security solutions.
MacGregor joined the Computer Security Division, Information Technology Laboratory at the National Institute of Standards and Technology in 2006, where he served as NIST PIV Program Manager and contributed to the development of U.S. Federal, national, and international standards related to identification and authentication systems.
“Bill was, not only a true thought leader in his field, but a diligent and considerate partner to his management, to his peers, and to those he mentored,” says William C. Barker, NIST’s ITL Cybersecurity Standards and Technology Advisor. “His co-workers, NIST, and the nation will miss him as a person and a scientific leader.”
In this capacity at NIST, he served as an early visionary for the National Strategy for Trusted Identities in Cyberspace and acted as the lead for FIPS 201-2. He served as the Identity Management Systems (IDMS) Program Research & Development co-lead research on Secure Biometric Match-On-Card authentication and with colleagues, on symmetric key injection to smart cards.
MacGregor served as NIST PIV Program Coordinator, with the HSPD-12 Executive Steering Committee, OMB HSPD-12 Support Team, Identity Credentialing and Access Management Committee, Federal Identity Credentialing Committee and Government Smart Cards-Interagency Advisory Board (GSC-IAB). He lead and co-authored several NIST publications in the FIPS 201 standard suite, including SP 800-116, A Recommendation for use of PIV Credentials in Physical Access Control Systems, SP 800-73 Interfaces for Personal Identity Verification, NIST IR 7452 Secure Biometric Match-On-Card Feasibility Study final report.
Prior to joining NIST, Dr. MacGregor was employed by Schlumberger for twenty years and, by Bolt Beranek and Newman for three years. At Schlumberger, his positions including founder and Senior Technology Strategist for an information security business group, Manager of a corporate IT Advanced Technology Group, and business intelligence specialist in information security.
MacGregor received his undergraduate degree in Mathematics from Stanford University, and a PhD in Computer Science from The University of Texas at Austin.
A memorial for MacGregor is scheduled for Wednesday, Aug. 29, from 2 pm to 4 pm ET at the Devol Funeral Home at 10 East Deer Park Dr., Gaithersburg, Md.
Schlage releases FIPS 201-1 AD-series lock
Schlage unveiled its FIPS 201-1 AD-series locks, offering government security personnel a customized electronic locks solution normally reserved for the private sector.
Sold as a complete system in either hard-wire (AD-301) or wireless (AD-401) versions, Schlage’s new electronic locks aim to provide increased connectivity while lowering the cost of opening doors.
The lock and reader and components of Schlage’s new system are FIPS 201-1 compliant and will communicate with the access control system through either RS-485 or Wiegand paths.
The readers will support both PIV and PIV-I cards and will feature hardware an firmware from Ingersoll Rand Security Technologies.
Multiple AD-301 hardwired locks can be configured to one panel, while the wireless AD-401 version will allow for up to 16 access points. Additionally, the wireless AD-401 model can utilize either the RS-485 of Wiegand interface modules. Schlage’s new electronic locks utilize a 900 MHz secure encrypted data transmission.
U.S. government orders Tactivo smart casings
The U.S. federal government has placed an order with Precise Biometrics for the Tactivo smart casing for smart card and fingerprint authentication to mobile devices. It plans to use Tactivo for several pilot projects across many federal government military and civilian agencies.
Tactivo enables companies and organizations to migrate authentication to mobile devices and it’s designed particularly for use with the Bring Your Own Device trend. The casing provides consistent authentication from the iPhone 4, iPhone 4S and soon, the iPad.
Precise Biometrics aims to provide casings for additional pilot programs and eventual deployment upon completion of the pilots. The initial orders are expected to have an impact on the company late this fall and will continue throughout 2013.
4BF announces award for PKI innovation
The 4 Bridges Forum (4BF) has announced an awards program for the recognition of innovative PKI solutions using high-assurance digital identities in both the public and private sectors.
PKI, or public key infrastructure, is a secure and efficient information technology supporting the rapidly expanding global Internet trust network. PKI is employed in a number of security initiatives and enables digital transactions at the intra-governmental, business-to-business and business-to-government levels.
PKI’s Web-based capabilities eliminate the need for paper-based practices- which tend to be slow and costly- and effectively deter identity fraud.
4BF’s award anticipates nominations from U.S. Federal agencies, where the use of PKI and PIV is widely incorporated. PKI is a crucial cog in the PIV credentials that all federal employees are equipped with and use to access Federal buildings and secure networks everyday.
The award will feature a two-tier structure. Award nominations will be gathered from four categories with a single, master award to be chosen from the category winners. The four categories are as follows:
- Innovation: concerned with new and effective uses of PKI
- Business value: concerned with the return on investment (quantitative and qualitative) of PKI
- Federation: concerned with new and effective uses of federation
- Collaboration: the use of PKI or PKI tools to facilitate collaboration or increased community cooperation
The deadline for nominations is September 14, and can be made on the 4BF website. A panel of judges representing each of the four PKI bridges will consider the nominations.
Award winners will be announced in early November, with presentation of the awards to be conducted at the 11th Annual Smart Card Alliance Government Conference in Washington, D.C. on November 27.
The participating members, or PKI bridges, of the 4BF include the Federal PKI Policy Authority, SAFE-BioPharma, CertiPath and the Research and Education Bridge Certification Authority (REBCA).
Ascertia ADSS SCVP server receives FIPS 201 certification
Ascertia, a digital signature and PKI certificate validation software provider, has received the U.S. General Service Administration’s FIPS 201 certification for its ADSS SCVP Server.
Ascertia’s ADSS SCVP Server provides RFC 5055 compliant certificate path validation services. It can delegate certificate path discovery across various PKI topologies, including hierarchy, cross-certificates and mesh architectures.
It also has delegated certificate path validation that meets PKIX RFC3280 with real-time certification status validation. The server can handle multiple validation policies, advance transactional logging and advanced trust anchor management and data caching.
Ascertia says the server also was successfully evaluated against the most recent NIST PKITS path discovery and validation test suite, which tested its compliance with the SHA-256 and ECDSA algorithms.
atsec information security conducted the FIPS 201 testing and used a SafeNet Luna SA HSM.
Episode 96: Analyzing FIPS 201-2
The revised draft of FIPS 201-2 was released and includes quite a few changes. Additional contactless functionality, new biometrics and mobile abilities are all proposed to be included in future generations of the government credential. Neville Pattinson, senior vice president of Government Sales at Gemalto Inc., talks about these changes and some concerns he has about deploying new credentials and an infrastructure to support them.
 iTunes |
 Aggregator |
 m4a |
mp3 |