RSA Security Enhances HSPD-12 Solution for U.S. Federal Government Agencies |
(Archive News Story - Products mentioned in this Archive News Story may or may not be available from the manufacturer.)
RSA Security Inc.
20 Crosby Drive
Beford, MA, 01730
USA
Press release date: July 19, 2006
Complete End-to-End Interoperability Showcased at Recent NIST PIV Demonstration; New and Enhanced Technologies, Shared Service Provider Partnership Help Federal Agencies Meet the HSPD-12 Challenge
BEDFORD, Mass., July 19 // -- RSA Security (NASDAQ:RSAS) today announced extensions to the company's Homeland Security Presidential Directive 12 (HSPD-12) solution for U.S. federal government agencies, a mandate requiring federal employees and contractors to use a new standard (FIPS 201) for physical and logical access by October 2006.
Among the enhancements are new middleware technology and extensions to the company's digital certificate management solution. The company is also showcasing a new HSPD-12 partnership, as well as the results of a recent end-to-end HSPD-12 interoperability demonstration.
This news builds on the November 2005 release of RSA® Card Manager, a Personal Identity Verification (PIV) card and identity management system that helps federal agencies comply with HSPD-12. An interoperable system, RSA® Card Manager supports a broad range of third-party HSPD-12 solutions, including PIV-II cards, biometrics technology and externally managed public key infrastructure (PKI) offered by approved Shared Service Providers (SSP).
"RSA Security's card management system, as part of a comprehensive HSPD-12 solution, provides an effective option for enabling U.S. federal agencies to comply with the HSPD-12 mandate," said Kirk Brafford, Vice President, Federal Enterprise Systems at MAXIMUS, Inc. "We are pleased to be working with RSA Security to help deliver the solutions that meet the needs of our customers in the U.S. federal government."
"As U.S. federal agencies work to comply with HSPD-12, the vendor community has a responsibility to deliver interoperable solutions that ensure customers are not locked in to any one technology provider. Flexibility and choice are absolutely critical," said Kristin Parker, Senior Associate at Booz Allen Hamilton. "Government agencies need to be able to leverage existing technology investments and benefit from vendor flexibility - all while supporting efforts to address HSPD-12 requirements."
Specific technological advancements and partnerships include:
o RSA® Authentication Client is middleware that is designed to serve as the interface between a PIV card and the applications/infrastructure making use of digital certificates for actions such as authentication, encryption and digital signing. RSA Authentication Client is particularly important to current RSA Security customers, as the technology is engineered to enable federal agencies to leverage existing RSA SecurID® infrastructure with PIV-II compliant smart cards. The middleware is capable of managing certificates on smart cards issued by any FIPS 201 validated PIV-II card vendor.
o RSA® Certificate Manager (formerly RSA® Keon® technology), an industry-leading digital certificate management system, was enhanced to support the extended properties and attributes necessary to operate a FIPS 201 compliant environment. RSA® Certificate Manager is included in the Federal Bridge Certification Authority (FBCA) - an information system designed to enable government agencies to accept public key certificates issued by another government agency. This certification provides assurances that the technology will interoperate with the FBCA as required for U.S. federal agencies.
o Widepoint Corporation's Operational Research Consultants (ORC) subsidiary has entered into a strategic partnership with RSA Security. Specifically, federal agencies choosing externally managed public key infrastructure (PKI) may leverage ORC as their SSP in conjunction with RSA Security HSPD-12 technology. ORC also plans to integrate RSA Certificate Manager into its Shared Service Provider infrastructure.
National Institute of Standards and Technology - Cooperative Research and Development Agreement Interoperability Demonstration
In June 2006, RSA Security participated in a National Institute of Standards and Technology (NIST) Cooperative Research and Development Agreement (CRADA) demonstration, showcasing end-to-end interoperability of the company's HSPD-12 solution with RSA Card Manager at its core. In addition, RSA Security also demonstrated the ability of RSA Authentication Client to perform advanced secure user functions, such as digitally signing e-mail and documents. The demonstration included:
o User enrollment and identity proofing: A sponsored user was automatically added into RSA Card Manager from Microsoft® Active Directory® directory service, and the user's identity was then verified (proofed) at enrollment by a pre-defined registrar.
o Image, biometrics and document capture: During enrollment, RSA Card Manager leveraged third-party biometric technology (from Precise Biometrics, Inc.), along with an off-the-shelf digital camera and scanner, to capture the user's photograph, biometric templates (fingerprint) and identification documents.
o Biometric matching: Prior to PIV card issuance, RSA Card Manager leveraged third-party biometric readers (from Precise Biometrics, Inc.) to confirm the user identity against previously captured biometric templates.
o PIV card personalization and issuance: RSA Card Manager personalized and issued a functional third-party PIV card (an Oberthur PIV EP on ID-One Cosmo 64 v5 Dual Smart Card from Oberthur Card Systems) complete with digital certificates and user biometric templates.
o PIV card usage: Finally, the PIV card was used for network login using the logon certificate and newly created PIN. In addition, both an e-mail message and a PDF document were digitally signed using the signing certificate on the PIV card. As required by FIPS 201, the user was prompted to enter a PIN prior to the signing operation.
RSA Card Manager: Meeting the HSPD-12 Challenge
RSA Card Manager software is designed to enable organizations to implement smart card-based identity management, provisioning, authentication devices and policy enforcement - increasing overall security, improving the end user experience and addressing regulatory requirements. The solution serves the complete smart card credential lifecycle, including card and credential issuance, replacement and cancellation, as well as smart badging and applet management.
RSA Card Manager is engineered to offer other HSPD-12-related benefits including interoperability with any FIPS 201 validated PIV-II card, and support for a wide variety of biometric and Shared Service Provider solutions. RSA Card Manager delivers out-of-the-box PIV workflows, roles, card templates and integration, enabling agencies to get up and running quickly and efficiently.
"As federal agencies grapple with the challenges associated with HSPD-12, in terms of both process and technology, RSA Security has delivered an end-to-end and interoperable solution that will provide a effective option for our customers' short- and long-term needs," said Shannon Kellogg, director of government and industry affairs at RSA Security. "We look forward to continuing to provide leading technology expertise and customer service, and helping federal agencies successfully meet HSPD-12 requirements in 2006 and beyond."
More information on RSA Card Manager is available at http://rsasecurity.com/cardmanager. Further details regarding RSA Security's efforts to serve the U.S. federal government are available at http://www.rsasecurity.com/government.
About RSA Security Inc.
RSA Security Inc. is the expert in protecting online identities and digital assets. The inventor of core security technologies for the Internet, the Company leads the way in strong authentication, encryption and anti-fraud protection, bringing trust to millions of user identities and the transactions that they perform. RSA Security's portfolio of award-winning identity & access management solutions helps businesses to establish who's who online - and what they can do.
With a strong reputation built on a 20-year history of ingenuity, leadership and proven technologies, we serve more than 21,000 customers - including financial institutions representing hundreds of millions of consumers around the globe -- and interoperate with over 1,000 technology and integration partners. For more information, please visit http://www.rsasecurity.com/
Source: RSA Security Inc.
For more information: CONTACT: Sandra Heikkinen of OutCast Communications, for RSA Security Inc., +1-415-345-4703, rsa@outcastpr.com;
or Dave Howell of RSA Security Inc., +1-781-515-6303, dhowell@rsasecurity.com
Web site: http://www.rsasecurity.com/
|
|
|
|
|
|
| 
