Risk
10/21/2009
03:49 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Smart Card Alliance Outlines Authentication Methods for Government Agencies' New Physical Access Control Systems

New white paper goes beyond specifications for PIV credentials

PRINCETON JUNCTION, NJ, October 21, 2009 " With Personal Identity Verification (PIV) credentials being issued by government agencies for both physical and logical access, many agencies are working on upgrading or replacing their installed physical access control systems (PACS) to meet new PIV requirements. With these agencies in mind, the Smart Card Alliance Physical Access Council has developed a new white paper detailing the types of authentication mechanisms available for PACS to identify people who are entering different areas. The new white paper, Authentication Mechanisms for Physical Access Control, details authentication mechanisms beyond those in the NIST Special Publication (SP) 800-116, "A Recommendation for the Use of PIV Credentials in Physical Access Control Systems." SP 800-116, published in November 2008, provides useful guidance on where to deploy various PIV authentication mechanisms. The Smart Card Alliance has written a number of white papers, available at http://www.smartcardalliance.org/pages/activities-councils-physical-access, to explain the PIV authentication options. However, not all possible authentication mechanisms are included in SP 800-116. The new white paper describes additional methods, their use, and the regulations or requirements that drive their implementation. "The SP 800-116 document provides useful information regarding authentication and the use of PIV credentials for PACS. However, a number of scenarios are not covered. Our security industry experts have written additional guidance for local security authorities who may be left with unanswered questions when faced with installed PACS technologies and occasionally conflicting regulations regarding authentication," said Randy Vanderhoof, executive director of the Smart Card Alliance. "This document highlights some of these situations and suggests some additional authentication mechanisms for security authorities to consider." Some of the alternative authentication mechanisms described in the white paper include: mutual authentication protocol (MAP); mutual registration; and widely deployed mechanisms such as combinations of cards, PINs, and operational or reference biometrics. The white paper also details example implementations using alternative authentication mechanisms, including the Transportation Worker Identification Credential (TWIC) and the Aviation Credential Interoperability Solution (ACIS) program.

Council members involved in the development of this report included: AMAG Technology, CSC, Diebold, Gemalto, Hirsch Electronics, HP Enterprise Services, Identification Technology Partners, IDmachines, JMF Solutions, LLC, Roehr Consulting, XTec, Inc. To hear more about the latest in PIV and PACS implementations, attend the 8th Annual Smart Cards in Government Conference from October 27th to October 30th at the Washington DC Convention Center. With almost 800 registrants and 50 exhibitors and sponsors, the conference is the largest annual event for the government identity and security sector. The Physical Access Council is offering additional training on PACS implementation with smart cards by hosting a full day pre-conference workshop on Next Generation PACS. To register, please visit the Smart Card Alliance Web site. About the Smart Card Alliance Physical Access Council The Smart Card Alliance Physical Access Council is focused on accelerating widespread acceptance, use, and application of smart card technology for physical access control. The Council brings together leading users and technologists from both the public and private sectors in an open forum and works on activities that are important to the physical access industry and address key issues that end user organizations have in deploying new physical access system technology. The Physical Access Council includes participants from across the smart card and physical access control system industry, including end users; smart card chip, card, software, and reader vendors; physical access control system vendors; and integration service providers. About the Smart Card Alliance The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology. Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.smartcardalliance.org. ###

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2886
Published: 2014-09-18
GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during ins...

CVE-2014-4352
Published: 2014-09-18
Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.

CVE-2014-4353
Published: 2014-09-18
Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS.

CVE-2014-4354
Published: 2014-09-18
Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session.

CVE-2014-4356
Published: 2014-09-18
Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen.

Best of the Web
Dark Reading Radio