By Andy Williams, Contributing Editor
Meet PIVMAN, a handheld ID-verification device that doesn’t need a network connection in order to work. CoreStreet, calls its new product, “the first visible end user application to take advantage of smart cards” that have been issued to verify personal identity. It’s also assuming super hero status thanks to a Spider Man-like comic book produced by CoreStreet to tout PIVMAN’s many strengths.
“It will read any smart card issued by the federal government,” says Phil Libin, CoreStreet president. “It will read European cards. Belgium recently released a national ID card that it will read. It will basically read any card we’ve been able to get our hands on.”
“(It) is the first complete out of the box end user application that answers ‘why’ … we built these infrastructures, spending all this time and money,” said Mr. Libin. Consider the Department of Defense’s Common Access Card: “We started working with them five years ago and they’ve already issued millions of cards, but no one was really using them. People at DoD had spent all this money for a new card, but there were very few applications for it. The same with FIPS 201. PIVMAN is the first actual end user visible application.”
The current PIVMAN handheld is built by Canada’s DAP Technologies, a manufacturer of rugged mobile computing devices. The software that runs it is strictly CoreStreet’s, designed for physical and logical access control. It handles three interfaces: contact, contactless and 2D barcodes. A camera in PIVMAN reads the barcodes.
“Many cards have common interfaces, following either the CAC model or FIPS model,” said Mr. Libin. “The PIVMAN system can read and authenticate the card and tell you if it’s been revoked or not.”
PIVMAN in a first response scenario …
If there’s a disaster, or attack, there are several waves of first responders, explains Mr. Libin. “These people are typically concerned with halting the damage, but pretty quickly after that it becomes a more organized process and you get other types of first responders, such as fire fighters or maintenance workers. You need to control who gets into the disaster scene. You have people with the PIVMAN controlling the perimeter. Anyone getting in presents his or her card, a person scans or swipes the card into the PIVMAN and he quickly knows if it’s a valid card. It also displays what privileges are associated with that card. If you’re allowed to deal with hazardous material, you can be directed to the appropriate place for HAZMAT cleanup and the PIVMAN logs in that activity.”
In also provides two-factor authentication. A photo from the ID card appears on the PIVMAN screen and there is the capability to input a PIN or a fingerprint biometric.
And it does all this without relying on network connectivity or cell towers.
The handheld comes with a charging cradle and when it is online it is updated and downloads the latest ID card data.
The cost of the PIVMAN is set by CoreStreet’s resellers, but a starter kit typically sells for $24,950 and includes two handhelds, charging cradles and the management software, said Mr. Libin. The battery life is meant to support a full shift before it needs to be recharged.
PIVMAN gets some real world experience
PIVMAN recently played a key role in a Department of Homeland Security demonstration held at the Maritime Security Expo. During the demonstration, senior port officials were issued sample FIPS 201-compliant smart cards. Each card was checked by the PIVMAN System before the individuals were admitted into a closed session. Additionally, logs generated by the PIVMAN System were used in creating attendance reports.
“Securing access to our nation’s ports and maritime facilities is a key use-case for the PIVMAN System,” said Mr. Libin following the demonstration. “The mobility of the PIVMAN System speaks to the nature of the maritime industry. Now you will be able to check any individual’s FIPS 201 ID, including TWIC … whether that person is driving a truck or on a ship, the information will always be available, even when networks are not.”
The PIVMAN also played an important role in high-profile tests, including the Winter Fox trial, of a FIPS 201-based credential for first responders.
A company created out of 9-11
CoreStreet itself came out of the September 11 attacks. “We wanted to do something more meaningful. Everyone in the country wanted to do something … so we started CoreStreet. We knew we were going to have to be more serious about security technology, to establish who people are and what they have to do for physical security. We wanted to build systems to do electronic verifications. We knew this was the way the world was moving,” concludes Mr. Libin.
Visit CoreStreet on the web at www.corestreet.com.
Research and evaluate FIPS 201 Approved Products and get the latest info on compliant credentialing systems at FIPS201.com. Click to visit FIPS201.com.