Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Codebench Products Gain Approvals For US Government Access Market

Atsec Information Security : 10 June, 2010  (New Product)
PIVCheck Desktop and mobile editions for Personal Identity Verification has gained GSA FIPS 201 evaluation success enabling the products to be marketed to US Government departments
atsec information security, an accredited laboratory for the GSA FIPS 201 Evaluation Program (GSA EP) which runs a product approval program for PIV-related products destined for the US Government market, is proud to announce the successful GSA FIPS 201 evaluation of two Codebench products:

• PIVCheck Desktop Edition
• PIVCheck Mobile Edition

As a result of its evaluation, atsec has determined that the Codebench products above meet FIPS 201 requirements on behalf of the GSA EP, who ultimately grants the approval. These products are now listed on the FIPS 201 Evaluation Program Approved Product List (APL). The APL only lists those products and services that are in compliance with the current version of the Standard and it's supporting NIST Special Publication 800-116, which provides recommendations for the Use of PIV Credentials in Physical Access Control Systems (PACS).

Codebench is the first company with solutions evaluated for GSA product category "CAK Authentication System", as well as "Caching Status Proxy," "PIV Authentication System," and "CHUID Authentication System."

CAK authentication is a reader-to-card challenge/response protocol that ensures that the PIV credential is genuine and is not a forgery or clone, while CHUID authentication involves verifying that the credential's CHUID, or cardholder unique identifier, has not been altered. Both CAK and CHUID authentication can be performed over the card's contactless interface and do not require a PIN. Contactless verification of PIV credentials will likely become a requirement for both High and Very High Assurance access control readers.

"PIVCheck products help to verify that credentials are valid at the time of registration into the PACS," said Geri Castaldo, chief executive officer of Codebench. "This ensures that card and identity issues are resolved before the card is used as an access control token."

The product entries are included on the GSA FIPS 201 Evaluation Program Approved Product List as follows:

* CHUID Authentication System

The CHUID Authentication System product category provides the capability to access and determine authenticity of the CHUID stored on a PIV Card and makes an authorization decision based on the CHUID elements stored on the PIV Card.

* CAK Authentication System

The CAK Authentication System product category provides the ability to perform an asymmetric cryptographic challenge/response with the optional Card Authentication Key (CAK) stored on PIV Card and makes an authorization decision based on the FASC-N data element stored on the PIV Card.

FIPS 201 (with its supporting documents) is the mandatory standard that addresses the Homeland Security Presidential Directive 12 mandate (HSPD-12). HSPD-12 mandates a government-wide standard for secure and reliable forms of identification issued by the Federal Government to its employees and contractors.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo