Upload
isabella-blake
View
212
Download
0
Embed Size (px)
Citation preview
for Joe Broghamer
Philip S. Lee
May 5, 2005
ImplementingPIV Specifications
HSPD-12 Workshop
2
PIV Implementation Approach
• Adopt Industry Best Practices and Lessons Learned from other Government Smart Card Implementations
• DoD Common Access Card (CAC) Program– Card Profile– Card Management– Card Issuance
• DHS TSA Transportation Worker Identification Credential (TWIC) Program– Enrollment– Identity Management– CMS Integration
3
PIV Identity Verification and Issuance
EmployeeApplication
1:n biometric search
Confirm employment
ID Validation through standard government wide services
Government DB’s
Threat risk
1:n biometric search
Confirm employment
ID Validation through standard government wide services
Government DB’s
Threat risk
Identity VerificationIdentity Verification
Enrollment
Identity Management
System (IDMS)
Card Production & Personalization
21
4
5
Numbers Indicate Functional Areas of Responsibility
Green functions manageChain of Trust for Identity Verification
EmployerSponsorship
Issuer -Card Activation
6
PIV Activated forOperational Use
7
8
ApprovalAuthority3
EmployeeEnrolls
PIV Identity Verification and Issuance
4
PIV Functional Process Flow
Pre-Enrollment Enrollment IndividualFP Images
SegmentationCapture 10 Slaps
Two I-9 Doc Processing
Card Request PackageData Check
and Generate Audit
OPM Portal
GenerateEFTS
Records
EnrollmentDatabase
Duplicate Check
IAFIS & OtherBackground
Checks
Template GenerationANSI 378 Minutiae Templates
Other Templates (MOC)
GenerateCBEFFRecords
Card Management
Card Production
EmployeeApplication
Forms
Card Printing andContact & Contactless
Chip Encoding
Load FP TemplatesFacial Image
Applets EncryptionCertificate
Card Activation
1:1 MOS CardholderVerification
Load PIN
Load Certificates
Facial Image Capture
Physical Access
Logical Access
Desktop/Remote Logon
FP Biometrics1:1 Verification
Email Sign & Encryption
FASC-N
Relying Party Authorization
Operational Use
Biographic Info Capture
Two Best FPCharacterization
5
Enrollment Workstation
PIV Architecture
SQL DBStaging
DB
OpenIT
Agent
IdentityManagement
System
PACS
Meta Directory
CA RepositoryActive Directory
HQActive Directory
CertificateAuthority
Life Cycle Mgmt APINotification API
PACS AdaptorInterface
Card Issuance Workstation
Badging API
Issuance RequestNotifications
IssuanceRevocation
HRSecurity
Clearance
UserProvisioning
Authorization
HQNetworkAdmin
Browser
Hot List Subsystem
Office of SecurityRevocation
Browser
CardManagement& Production
System
PIV Card
PhysicalAccess
Logical Access
6
PIV Implementation Plan
• Sharing Lessons Learned and Seeking Stakeholder Buy-in via Integrated Product Testing (IPT) Process
• Physical and IT/Cyber Access Infrastructure Survey via Stakeholders
• PIV Implementation Plan to OMB by 6/27/05• IDMS DB Integration with HR/Security Clearance DB• Integration of PIV-1 Compliant IDMS, CMS and PACS• Integration of the Enterprise PACS Network with the Agency
IT Network• PIV-1 Implementation Ready by 10/27/05• Agency-wide Migration Strategy for Legacy PACS• Industry Participation toward Open API for Card Life Cycle
Management and Open Badging API for Interoperable Card Issuance System Component
• Migration to PIV-2 Smart Card & Biometrics Solutions by and beyond October 2006