Risk
10/21/2009
03:49 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Smart Card Alliance Outlines Authentication Methods for Government Agencies' New Physical Access Control Systems

New white paper goes beyond specifications for PIV credentials

PRINCETON JUNCTION, NJ, October 21, 2009 " With Personal Identity Verification (PIV) credentials being issued by government agencies for both physical and logical access, many agencies are working on upgrading or replacing their installed physical access control systems (PACS) to meet new PIV requirements. With these agencies in mind, the Smart Card Alliance Physical Access Council has developed a new white paper detailing the types of authentication mechanisms available for PACS to identify people who are entering different areas. The new white paper, Authentication Mechanisms for Physical Access Control, details authentication mechanisms beyond those in the NIST Special Publication (SP) 800-116, "A Recommendation for the Use of PIV Credentials in Physical Access Control Systems." SP 800-116, published in November 2008, provides useful guidance on where to deploy various PIV authentication mechanisms. The Smart Card Alliance has written a number of white papers, available at http://www.smartcardalliance.org/pages/activities-councils-physical-access, to explain the PIV authentication options. However, not all possible authentication mechanisms are included in SP 800-116. The new white paper describes additional methods, their use, and the regulations or requirements that drive their implementation. "The SP 800-116 document provides useful information regarding authentication and the use of PIV credentials for PACS. However, a number of scenarios are not covered. Our security industry experts have written additional guidance for local security authorities who may be left with unanswered questions when faced with installed PACS technologies and occasionally conflicting regulations regarding authentication," said Randy Vanderhoof, executive director of the Smart Card Alliance. "This document highlights some of these situations and suggests some additional authentication mechanisms for security authorities to consider." Some of the alternative authentication mechanisms described in the white paper include: mutual authentication protocol (MAP); mutual registration; and widely deployed mechanisms such as combinations of cards, PINs, and operational or reference biometrics. The white paper also details example implementations using alternative authentication mechanisms, including the Transportation Worker Identification Credential (TWIC) and the Aviation Credential Interoperability Solution (ACIS) program.

Council members involved in the development of this report included: AMAG Technology, CSC, Diebold, Gemalto, Hirsch Electronics, HP Enterprise Services, Identification Technology Partners, IDmachines, JMF Solutions, LLC, Roehr Consulting, XTec, Inc. To hear more about the latest in PIV and PACS implementations, attend the 8th Annual Smart Cards in Government Conference from October 27th to October 30th at the Washington DC Convention Center. With almost 800 registrants and 50 exhibitors and sponsors, the conference is the largest annual event for the government identity and security sector. The Physical Access Council is offering additional training on PACS implementation with smart cards by hosting a full day pre-conference workshop on Next Generation PACS. To register, please visit the Smart Card Alliance Web site. About the Smart Card Alliance Physical Access Council The Smart Card Alliance Physical Access Council is focused on accelerating widespread acceptance, use, and application of smart card technology for physical access control. The Council brings together leading users and technologists from both the public and private sectors in an open forum and works on activities that are important to the physical access industry and address key issues that end user organizations have in deploying new physical access system technology. The Physical Access Council includes participants from across the smart card and physical access control system industry, including end users; smart card chip, card, software, and reader vendors; physical access control system vendors; and integration service providers. About the Smart Card Alliance The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology. Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.smartcardalliance.org. ###

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1421
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

CVE-2013-2105
Published: 2014-04-22
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

CVE-2013-2187
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

CVE-2013-4116
Published: 2014-04-22
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

CVE-2013-4472
Published: 2014-04-22
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Best of the Web