Identity One Logo
Get Support

FIPSlink Server Certificate Manager

FIPSlink Server Certificate Manager is the server for clients and re-validates all registered FIPS 201 FRAC, CAC, PIV, PIV-I, TWIC certificates on a policy-based compliance schedule.  Server Certificate Manager can be configured to suspend a PACS badge associated with an invalid certificate, revoked certificate or a TWIC FASC-N is on the CCL. generate alarms in the PACS and can send an e-mail to a distribution list for notification when it discovers an invalid certificate.

  • Enables FIPS 201 compliance: For validation of and registration with physical access control systems (PACS). Can update an existing cardholder record, or insert one if one does not already exist 
  • Active or passive badge suspension: Checks card certificate serial number is on Certificate Revocation List (CRL) or FASC-N is on TWIC CCL
  • Modular Solution: Provides maximum deployment flexibility
  • Operates with compliant fingerprint capture devices: COTS FIPS 201 PIV-II and ANSI INCITS 378
  • Supports multiple credentials: PIV, PIV-I, TWIC, CAC, CIV, and FRAC
  • Integrated with several fixed biometric readers: Sends certificate revocation status, TWIC Privacy Key (TPK), etc. to the fixed reader upon request
  • Integrated with industry leading Access Control Systems: AMAG Symmetry, Honeywell Pro-Watch, Lenel OnGuard, Genetec Security Center, System Galaxy

FIPSlink Handheld Validation,
Access Control and Mustering

Validate: CAC | PIV | TWIC

FIPSlink handheld validation and access control is a FIPS 201 FICAM compliant CAC, PIV and TWIC validation and access control solution with direct integration to physical access control systems (PACS).

Handhelds are configured with a high assurance validation policy using any of the following combinations:
• Contact or contactless read
• CAK or PIV authenticate (Challenge/Response)
• PIV PIN, PACS PIN or No PIN
• Fingerprint or Face* Biometric Verification (*Coming soon)
• Trusted Certificate Path and Revocation Status
• Required Certificate Attributes

Access: Offline, Online and Hybrid

Each handheld device optionally emulates 1 or more doors from the physical access control system (PACS). The handheld device operates offline with manual synchronization, online with real-time connectivity and door control or automatically switching between online and offline modes. When offline FIPSlink handhelds use a cached local dataset for access decisions. When online FIPSlink can send a request to PACS to open a door or boom gate in real-time the same as a standard physical reader.

FIPSlink automatically synchronizes Access Points, Access Schedules, Access Rights, Holidays, Credentials and People from PACS. Access logs are uploaded into PACS in real-time or stored locally and uploaded when connectivity is available.

Multiple Card Technology Support

In addition to CAC, PIV and TWIC FIPS 201 cards, FIPSlink also supports validation and access control with standard commercial cards for installations that are in the process of migrating to high assurance card technologies or installations that will continue to use standard card technology in combination with high assurance card technologies.

The following additional card technologies are supported:

  • HID iClass (PACSData)
  • HID SEOS (PACSData)
  • MiFare Classic (CSN)
  • MiFare Desfire (CSN)
  • Proximity

Multiple Card Technology Support

FIPSlink for Handheld Validation supports multiple hardware vendors.  For best results, specialized Android devices from Coppernic, CredenceID, IDEMIA and HID are recommended. FIPSlink requires Android 7.1 or newer and works with NFC, embedded IDEMIA & Integrated Biometrics fingerprint readers and embedded vendor specific contact card readers. Below are details on the specialized handhelds supported by FIPSlink. 

  • Website: https://www.coppernic.fr/en/access-er-e-id/
  • Manufacturer: Coppernic
  • Model: AccessER / AccessER eID
  • BAA: No
  • TAA: Yes
  • Ingress Protection (IP): IP67
  • Drop / MIL-STD: MIL-STD-810G
  • Power/Charge: Dock and USB- C
  • Wi-Fi: Yes
  • Cellular: Yes
  • Ethernet: Dock (via included USB-C/Ethernet)
  • Contact CAC/PIV/TWIC: Yes
  • Contactless CAC/PIV/TWIC: Yes
  • Contactless Prox: Option
  • Contactless MiFare Desfire/Classic: Yes
  • Contactless iClass: Option
  • Contactless iClass SEOS: Option
  • Operating System: Android

  • Website: https://credenceid.com/credenceeco-identifier-biometric-reader/
  • Manufacturer: CredenceID
  • Model: CredenceEco
  • BAA: No
  • TAA: No
  • Ingress Protection (IP): IP65
  • Drop / MIL-STD: MIL-STD-810H
  • Power/Charge: USB- C
  • Wi-Fi: Yes
  • Cellular: Yes
  • Ethernet: 3rd party USB-C to Ethernet adapter
  • Contact CAC/PIV/TWIC: Yes
  • Contactless CAC/PIV/TWIC: Yes
  • Contactless Prox: No
  • Contactless MiFare Desfire/Classic: Yes
  • Contactless iClass SE: No
  • Contactless iClass SEOS: No
  • Operating System: Android

  • Website: https://credenceid.com/credence3-identifier-biometric-reader/
  • Manufacturer: CredenceID
  • Model: Credence-3
  • BAA: No
  • TAA: No
  • Ingress Protection (IP): IP65
  • Drop / MIL-STD: MIL-STD-810H
  • Power/Charge: USB- C
  • Wi-Fi: Yes
  • Cellular: Yes
  • Ethernet: 3rd party USB-C to Ethernet adapter
  • Contact CAC/PIV/TWIC: Yes
  • Contactless CAC/PIV/TWIC: Yes
  • Contactless Prox: No
  • Contactless MiFare Desfire/Classic: Yes
  • Contactless iClass SE: No
  • Contactless iClass SEOS: No
  • Operating System: Android

  • Website: https://www.hidglobal.com/products/verifier-sentry-2/
  • Manufacturer: HID
  • Model: Verifier Sentry 2
  • BAA: No
  • TAA: Yes
  • Ingress Protection (IP): IP65
  • Drop / MIL-STD: MIL-STD-810H
  • Power/Charge: Dock & proprietary cable
  • Wi-Fi: Yes
  • Cellular: Yes
  • Ethernet: Proprietary cable connected to handheld
  • Contact CAC/PIV/TWIC: Yes
  • Contactless CAC/PIV/TWIC: Yes
  • Contactless Prox: No
  • Contactless MiFare Desfire/Classic: Yes
  • Contactless iClass: Yes
  • Contactless iClass SEOS: No
  • Operating System: Android

  • Website: https://www.irisid.com/productssolutions/hardwareproducts/icam-m300/
  • Manufacturer: IrisID
  • Model: iCAM 300
  • BAA: No
  • TAA: Yes
  • Ingress Protection (IP): Unknown
  • Drop / MIL-STD: Unknown
  • Power/Charge: Dock & USB-C
  • Wi-Fi: Yes
  • Cellular: Yes
  • Ethernet: 3rd party USB-C to Ethernet adapter
  • Contact CAC/PIV/TWIC: Yes
  • Contactless CAC/PIV/TWIC: Yes
  • Contactless Prox: No
  • Contactless MiFare Desfire/Classic: Yes
  • Contactless iClass SE: No
  • Contactless iClass SEOS: No
  • Operating System: Android

  • Website: https://www.idemia.com/biometric-tablet/
  • Manufacturer: IDEMIA
  • Model: ID Screen
  • BAA: No
  • TAA: No
  • Ingress Protection (IP): IP65
  • Drop / MIL-STD: Unknown
  • Power/Charge: Proprietary and USB- C
  • Wi-Fi: Yes
  • Cellular: Yes
  • Ethernet: 3rd party USB-C to Ethernet adapter
  • Contact CAC/PIV/TWIC: Yes
  • Contactless CAC/PIV/TWIC: Yes
  • Contactless Prox: No
  • Contactless MiFare Desfire/Classic: Yes
  • Contactless iClass SE: No
  • Contactless iClass SEOS: No
  • Operating System: Android

  • Website: https://www.idemia.com/biometric-tablet/
  • Manufacturer: IDEMIA
  • Model: ID Screen 60
  • BAA: No
  • TAA: No
  • Ingress Protection (IP): IP65
  • Drop / MIL-STD: 40″ drop test
  • Power/Charge: Proprietary and USB- C
  • Wi-Fi: Yes
  • Cellular: Yes
  • Ethernet: 3rd party USB-C to Ethernet adapter
  • Contact CAC/PIV/TWIC: Yes
  • Contactless CAC/PIV/TWIC: Yes
  • Contactless Prox: No
  • Contactless MiFare Desfire/Classic: Yes
  • Contactless iClass SE: No
  • Contactless iClass SEOS: No
  • Operating System: Android

FIPSlink Desktop Validation

FIPSlink Validation Client is a PC-based solution for three-factor authentication,  verifying FIPS 201 credential data and matching a live biometric  against the templates stored on the card. Digital certificates are verified against the issuer’s validation authority, SCVP or OCSP responder. All cards are validated using FIPS 201 challenge-response (CAK or PAK) in order to identify forged or cloned cards. Works with all PIV, PIV-I, TWIC, CAC, and FRAC cards. The results of Validation are logged in FIPSlink and can be logged (via FIPSlink Server) into compatible PACS. PACS can also be queried to provide access granted or access denied output that is then displayed within the FIPSlink Validation Client.

Features

  • Integrated with industry leading Access Control Systems: AMAG Symmetry, Honeywell Pro-Watch, Lenel OnGuard, Genetec Security Center, System Galaxy
  • Supported Contact Fingerprint Readers: IDEMIA MorphoSmart 1300 / 1350, IDEMIA MorphoSmart 300 / 350
  • Supported SmartCard Readers: Tested and recommended readers include IDENTIV uTrust 4701 and HID Omikey 5427. FIPSlink Validation Client supports all Windows PC/SC smartcard readers.

FIPSlink Mobile Registration

FIPSlink Mobile Registration Client is an Android based solution that provides three-factor authentication, extracting and verifying FIPS 201 credential data and matching a live biometric against the templates stored on the card. Digital certificates are verified against the issuer’s validation authority, SCVP or OCSP responder. All cards are validated using FIPS 201 challenge-response (CAK or PAK) in order to identify forged or cloned cards. Works with all PIV, PIV-I, TWIC, CAC, and FRAC cards. After validation, FIPSlink Mobile Registration Client performs automated registration of FASC-N, photo and printed information (via FIPSlink Server) into compatible PACS. Updates a cardholder record if it already exists in the PACS, or inserts a new record if one does not exist.

Features

  • Integrated with industry leading Access Control Systems: AMAG Symmetry, Honeywell Pro-Watch, Lenel OnGuard, Genetec Security Center, System Galaxy
  • Supported Android Devices: Coppernic C -One E-ID2, CredenceID CID2, CredenceID Tab, IDEMIA ID Screen.

FIPSlink Registration

FIPSlink Registration validates and registers CAC, FRAC, PIV, PIV-I and TWIC cardholders and cards into Physical Access Control Systems (PACS). FIPSlink Registration is supported on Windows PC’s, Android handhelds and Android Tablets. PIN and Biometrics (Fingerprint or Face) are verified as the first steps. The digital certificates are verified against the issuer’s validation authority, SCVP or OCSP responder. All cards are validated using (CAK or PAK) in order to identify forged or cloned cards. Works with all PIV, PIV-I, TWIC, CAC, and FRAC cards. After validation, FIPSlink Registration performs automated registration of FASC-N, photo and printed information (via FIPSlink Server) into compatible PACS. FIPSlink Registration updates a cardholder record if it already exists in the PACS, or inserts a new record if one does not exist.

Features

  • Integrated with industry leading Access Control Systems: AMAG Symmetry, , Lenel OnGuard, Genetec Security Center, System Galaxy
  • Supported Contact Fingerprint Readers: IDEMIA MorphoSmart 1300 / 1350, IDEMIA MorphoSmart 300 / 350
  • Supported SmartCard Readers: Tested and recommended readers include IDENTIV uTrust 4701 and HID Omikey 5427. FIPSlink Registration Client supports all Windows PC/SC smartcard readers.
  • Supported Contactless Biometric Readers: IDEMIA MorphoWave Compact Series, IDEMIA VisionPass Series, IRISID iCAM 7000 Series
Facebook-f Twitter Linkedin-in Youtube

Proudly made in the USA.

BOOK A DEMO

SOLUTIONS

PRODUCTS

PARTNERS

COMPANY

Copyright 2024 Identity One LLC. All Rights Reserved.
Close