I took my TWIC and a "compatible" FIPS 201 credential with me to the show. As opposed to prior years the idea that asymmetric key challenge and response was a quid pro quo for physical access finally came to pass. You can make the statement that there are commercially available contact and contactless readers including biometrics that do the basics with digital certificates. Check for expiration, challenge and response (support the range of keys this might be done with),validation of credential on enrollment and synchronized over time are a set of PACS PKI requirements and again, finally, this is COTS. I think this is a significant step up for the industry and done by a variety of manufacturers to a specification that provides interoperability, pretty big stuff.
Coming up, my visit with the Evaluation Products Working Group for new reader categories....
Was there any trend towards contactless Sal? Or were most of the products converging contact logical access with contactless physical access?
ReplyDeleteCheers,
Dave Birch.
Hey Dave, Good to hear from you.
ReplyDeleteLate to comment on comment. FIPS 201 takes people down that route. It split for the time being, security use the chip, convenience use contactless with the card authentication certificate somewhat of the compromise. I do see it evolving in a future generation but frankly as an industry most of us want to deploy what we've developed.