The PIVMAN™ System: Use Cases Examples
PIVMAN for credential checking
Many locations, such as military bases and checkpoints, have historically relied on some form of visual ID inspection, coupled with extensive physical lists of revoked individuals, to either grant or deny access. Unfortunately, such methods lack strong authentication and are therefore susceptible to insecurities associated with lost, stolen, or fake IDs. Also, traditional methods have typically had difficulty authenticating individuals and credentials issued by other organizations.
CoreStreet's PIVMAN System makes any perimeter or access point FIPS 201-compliant, allowing strong authentication of individuals without requiring a network connection.
Use case: Military base entrance
- A military officer arrives at the entry to a base
- The entry guard requests the officer's US Department of Defense Common Access Card (CAC)
- The CAC is inserted into the PIVMAN Handheld
- The officer enters his/her PIN
- The PIVMAN Handheld displays the credential status as GOOD or REVOKED
- The guard allows or denies access based on the information
. Military base secure area entry
. Border control
. Port security
. Visitor entry
. Leased facility access
. Special events
PIVMAN for privilege checking
Granting access is a multi-step process, including authentication of cardholders and confirmation of individual access privileges. When dealing with locations beyond a facility's physical access control system, or scenarios with moving boundaries, such as natural disasters, accurate authentication and privilege checking has proven difficult, or entirely impossible.
CoreStreet's PIVMAN System performs strong authentication and privilege checking anywhere, even without a network connection for a nearly unlimited number of people. Depending on the deployment, the PIVMAN System receives privilege information from existing databases and associates these privileges with cardholders, thereby allowing PIVMAN Handhelds to display access privileges once the authentication step is complete.
Use case: Responding to a natural disaster
- A guard stationed at the entrance to a cordoned area requests the FIPS 201 credential of an approaching emergency responder
- The card is inserted into the Handheld and the emergency responder enters his/her PIN
- The PIVMAN Handheld displays the credential status as GOOD and shows the associated privilege, such as “ESF-9: Search and Rescue”
- Using this information, the guard permits access
. Secure locations
. Port security
. Emergency response scenarios
. Border control
PIVMAN for spot checking
As events have shown, there is a great need to check credentials within established perimeters. Although most individuals inside the perimeter are there legitimately, some are not. The ability to reliably check any credential in a mobile environment, even without network connectivity, is critical.
CoreStreet's PIVMAN Handheld is rugged and portable, and requires no network connectivity to check IDs. This means that the device can be taken anywhere and used to check any FIPS 201-compliant credential at anytime.
Use case: Security guard on patrol
- A security guard patrolling a facility at night notices a person walking the grounds
- The guard requests the individual's smart card and inserts it into the PIVMAN Handheld
- The individual enters his/her PIN
- The PIVMAN Handheld displays the credential status and associated privileges
- Based on the information, the guard decides to escort the individual off the property
- The logs from the device are then used to file a comprehensive report
. Guard patrol
. Airport security
. Secure facilities management
PIVMAN for activity logging
Emergencies can occur anywhere at anytime. For administrators, knowing precisely which individuals responded to an event is critical. Unfortunately, such precision is currently unavailable to many responder organizations.
The CoreStreet PIVMAN System reads any FIPS 201-compliant card and generates logs of all activity. The CoreStreet PIV Management Station is designed to collect all activity data from any number of deployed PIVMAN Handhelds. The data can then be used to create comprehensive reports.
Use case: Responding to a fire
- Before entering the area, all firefighter IDs are scanned using the PIVMAN Handheld
- Upon exiting the area, all firefighter IDs are scanned again
- Once the Handhelds are returned to the fire station, they are cradled and the logs are uploaded to the PIV Management Station
- The administrator then uses the logs to create after-action reports
. After-action reports
. Emergency response
. Entry and exit audit trails
. Traffic flow analysis
. Aid distribution