|
| Register for our Free Newsletters |
|
 |
|
|
|
|
|
|
|
|
| Other Carouselweb publications |
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
Codebench Products Gain Approvals For US Government Access Market
|
|
Atsec Information Security
: 10 June, 2010 (New Product) |
|
|
PIVCheck Desktop and mobile editions for Personal Identity Verification has gained GSA FIPS 201 evaluation success enabling the products to be marketed to US Government departments |
|
atsec information security, an accredited laboratory for the GSA FIPS 201 Evaluation Program (GSA EP) which runs a product approval program for PIV-related products destined for the US Government market, is proud to announce the successful GSA FIPS 201 evaluation of two Codebench products:
• PIVCheck Desktop Edition
• PIVCheck Mobile Edition
As a result of its evaluation, atsec has determined that the Codebench products above meet FIPS 201 requirements on behalf of the GSA EP, who ultimately grants the approval. These products are now listed on the FIPS 201 Evaluation Program Approved Product List (APL). The APL only lists those products and services that are in compliance with the current version of the Standard and it's supporting NIST Special Publication 800-116, which provides recommendations for the Use of PIV Credentials in Physical Access Control Systems (PACS).
Codebench is the first company with solutions evaluated for GSA product category "CAK Authentication System", as well as "Caching Status Proxy," "PIV Authentication System," and "CHUID Authentication System."
CAK authentication is a reader-to-card challenge/response protocol that ensures that the PIV credential is genuine and is not a forgery or clone, while CHUID authentication involves verifying that the credential's CHUID, or cardholder unique identifier, has not been altered. Both CAK and CHUID authentication can be performed over the card's contactless interface and do not require a PIN. Contactless verification of PIV credentials will likely become a requirement for both High and Very High Assurance access control readers.
"PIVCheck products help to verify that credentials are valid at the time of registration into the PACS," said Geri Castaldo, chief executive officer of Codebench. "This ensures that card and identity issues are resolved before the card is used as an access control token."
The product entries are included on the GSA FIPS 201 Evaluation Program Approved Product List as follows:
* CHUID Authentication System
The CHUID Authentication System product category provides the capability to access and determine authenticity of the CHUID stored on a PIV Card and makes an authorization decision based on the CHUID elements stored on the PIV Card.
* CAK Authentication System
The CAK Authentication System product category provides the ability to perform an asymmetric cryptographic challenge/response with the optional Card Authentication Key (CAK) stored on PIV Card and makes an authorization decision based on the FASC-N data element stored on the PIV Card.
FIPS 201 (with its supporting documents) is the mandatory standard that addresses the Homeland Security Presidential Directive 12 mandate (HSPD-12). HSPD-12 mandates a government-wide standard for secure and reliable forms of identification issued by the Federal Government to its employees and contractors.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
