Card Management System
PIV/PIV-I Production and Issuance.
Features
Introduction
FIPSlink CMS (Card Management System) is a fully integrated PIV and PIV-I Card Management System for enrollment of people (capturing photo and ANSI378 fingerprint), issuance of certificates for the person and card, writing to the PIV or PIV-I card and printing/laminating the card.
Typical use cases for FIPSlink CMS are:
- Student/Interns
- Short-Term Employees
- Long-Term Contractors
- Site specific PIV / PIV-I cards for upgraded security
- Temporary access (lost or forgotten PIV/PIV-I) cards
- Commercial PIV-I
Enrollment and Issuance Anywhere
FIPSlink CMS Enrollment and Issuance runs on Windows and Android operating systems. Windows based devices are ideal for fixed locations such as badging offices and HR offices. Handheld Android devices are ideal for enrollment and issuance of PIV / PIV-I cards in the field with limited infrastructure and can run on cellular networks.
FIPSlink CMS can run on any Android device; however, a contact card reader/writer is required for issuing PIV / PIV-I cards and a fingerprint reader is required if ANSI378 templates are required. Enrollment can be performed on an Android device while Printing, Laminating and Issuance of the PIV / PIV-I card is done on the HID Fargo HDP5000.
Why FIPSlink CMS?
- Cost effective solution for using PIV / PIV-I cards in place of traditional low assurance credentials like iCLASS, SEOS, Proximity and MiFare Classic/Desfire
- Designed to fill the gap between an Enterprise-Wide CMS and needs for a locally administered system
- Enrollment and Issuance on Android Handheld devices allowing for near instant PIV /PIV-I issuance for disaster zones and site takeovers
- Simple setup and configuration management with built-in certificate authority
- Purchase perpetual license or yearly subscription
- Deploy on-premises or hosted and administered cloud by Identity One
Self Enrollment and Automated Issuance
FIPSlink CMS Enrollment and Issuance allows for self service enrollment and issuance using a kiosk. The Kiosk can be used for issuance of fully personalized PIV / PIV-I cards for temporary use in substitution of permanent PIV / PIV-I cards that have been lost.
The Kiosk also enables pre-authorized self service enrollment of fingerprint and face photo. A drivers license or identification card is scanned and verified against a pre-authorized list of people permitted to self enroll.
Physical Access Control: PIV / PIV-I
PIV and PIV-I cards issued by FIPSlink CMS are tested to work with commonly used FICAM Certified Registration and Validation systems. Tested systems include:
- HID pivCLASS (13.01 Topology – Any PACS)
- Identity One FIPSlink Access (13.01 Topology – Any PACS)
- Technology Industries EntryPoint (13.01 Topology – Any PACS)
- Kastle Systems CPS (13.02 Topology)
- Identiv Velocity (13.02 Topology with pivCLASS embedded)
- Software House CCure (13.02 Topology with Innometrics embedded)
- XTex AuthentX (13.02 Topology)
Card Production (Printing, Laminating and Issuance)
FIPSlink CMS supports Printing, Laminating, and Writing PIV / PIV-I cards using HID Fargo HDP5000 printers. Jobs to Print, Laminate and Issue PIV / PIV-I are processed by the FIPSlink CMS Agent for Printing & Production.
The agent downloads jobs from the FIPSlink CMS Server and starts production as soon as the job is available.
The agent can be installed on any Windows computer and can be installed side by side with the FIPSlink CMS Enrollment and Issuance Client. Jobs for the agent to execute can be submitted for any Enrollment and Issuance client allowing for PIV / PIV-I card production to be completed on Windows and Android devices.
Logical Access Control: PIV / PIV-I
PIV and PIV-I cards issued by FIPSlink CMS are tested to work with Active Directory for logical access control.
Built-in Certificate Authority
FIPSlink CMS has a built-in Certificate Authority (CA). The Certificate Authority is seamlessly integrated into the enrollment and issuance workflows. Certificates can be revoked as needed. The certificate authority serves Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP).
Root certificates and intermediate issuance certificates can be exported so they can be imported to logical access control systems like Active Directory and physical access control validation systems.
Optionally Integrate 3rd Party Certificate Authorities
FIPSlink CMS can be extended to integrate with 3rd party Certificate Authorities. In this mode the Certificate Authority built-in to FIPSlink CMS is disabled. The administration of root and intermediate certificates is performed through the 3rd party certificate authority.
As certificates are needed for the card, FIPSlink CMS requests the 3rd Party Certificate Authority to issue the certificates. All certificate revocation administration and OCSP and/or CRL responses are handled by the 3rd party certificate authority.
Technical Details
System Requirements
FIPSlink CMS Server
Windows Server 2016 or newer
SQL Server 2016 or newer
16GB RAM
8 CPU Cores
100GB HDD
FIPSlink CMS Enrollment Client on Android
Coppernic Access ER Range
HID Sentry 2 Verifier
IDEMIA ID Screen
Other: Android 7.1, NFC Card Reader/Writer
FIPSlink CMS Enrollment Client on Windows
Windows 10 or newer
8GB RAM
2 CPU Cores
60GB HDD
Fingerprint Reader: IDEMIA MSO 300, MSO 330, MSO 1300, MSO 1350
Smartcard Reader/Writer: Any PCSC Compatible Device
FIPSlink CMS Agent for Card Printing & Production on Windows
Windows 10 or newer
8GB RAM
2 CPU Cores
60GB HDD
HID Fargo HDP5000 Card Printer, Laminator, Smartcard Reader/Writer
Identity One is a SBA Hubzone Certified Small Business. The HUBZone program fuels small business growth in historically underutilized business zones with a goal of awarding at least 3% of federal contract dollars to HUBZone-certified companies each year.
FIPSlink by Identity One is GSA FIPS 201 FICAM approved for 13.01 topology for fixed readers. Validation System APL # 10144