Oberthur releases new PIV, Carillon and Telos partner, Brivo acquired
12 June, 2015
category: Corporate, Digital ID, Government
Oberthur releases next-gen PIV
Oberthur Technologies announced its latest generation of PIV cards, ID-One PIV on Cosmo V8, has been submitted to the General Services Administration for inclusion on the HSPD-12 Approved Products List.
ID-one PIV on Cosmo V8 is the next generation of FIPS 201-2 compliant smart card. It is faster than the current PIV card utilized by U.S. Federal agencies to enable physical access control compliant with FICAM specifications in less than one second, said Rick Patrick, senior vice president in the Identity Group-North America at Oberthur Technologies.
ID-One PIV is a physical and logical security access card solution that provides identity proofing, general authentication services and secures post issuance management. Initially designed for all Federal employees and contractors, the cards also can be issued by non-federal issuers.
Carillon, Telos partner for PIV-I
Carillon Federal Services Inc. and Telos Identity Management Solutions LLC are collaborating on high assurance interoperable Personal Identity Verification (PIV-I) credentials for use with Telos ID’s TSA Designated Aviation Channeling and FBI channeling programs.
Carillon is licensed by the U.S. Government to issue and manage PIV-I credentials for verifying the identities of non-government employees who have been granted physical or logical access to government facilities or technology infrastructure.
Telos ID staff will use the first PIV-I cards for authentication into the Telos ID channeling solutions. Telos ID is one of three organizations named by the Transportation Security Administration as a Designated Aviation Channeler to submit aviation worker information to TSA to conduct background checks as required for all aviation workers with access to the secure areas of an airport. The company’s aviation channeling solution has earned a reputation for efficiency and quality service.
Telos ID’s FBI-authorized non-criminal fingerprint-based background checking service is known as IDVetting. The service supports state and federal government agencies as well as qualifying commercial organizations.
Brivo acquired for $50 million
Brivo announced that the company has been wholly acquired for $50 million by Dean Drako, president and CEO of Eagle Eye Networks. As Brivo’s owner, Drako will serve as the company’s chairman,and Steve Van Till, Brivo’s president and CEO, will continue leading the company.
Brivo’s cloud-based access control system currently services more than 6 million users and over 100,000 access points, providing access control for small and medium businesses, along with scalability and centralized management for global enterprises.
Drako sees the opportunity to accelerate the cloud technology shift already underway in the physical security industry by combining Brivo’s cloud access control with his cloud video surveillance company, Eagle Eye Networks.
GlobalPlatform publishes updated mobile spec
GlobalPlatform has published an upgrade to its Card Specification v2.2 to protect the data exchange between a secure element and a trusted execution environment on a mobile device.
The GlobalPlatform Secure Channel Protocol 11 addresses the increasing number of use cases, such as mobile banking, where applications utilize both the SE and TEE to protect a secure service. The document is particularly relevant to secure application developers and issuers, and can be downloaded free of charge.
In use cases like biometric authentication, virtual private networks (VPN) or mobile banking, the secure element in the device is used to store the critical part of the application and its associated cryptographic keys. In parallel, the trusted application resides in the TEE to enable management of the end user and backend interaction prior to a transaction being authorized. The Secure Channel Protocol 11 protects the data being transferred between these two secure components.
From a technical perspective, data passed between trusted applications stored in the TEE and secure element is protected by the secure channel, which is established by GlobalPlatform’s TEE SE API. Elliptic curve cryptography is used for the generation of the session keys for encryption and authentication. It also provides perfect forward secrecy by using ephemeral keys, preventing the decryption of the data by attackers, should they also get hold of the long-term keys.