Complete End-to-End Interoperability Showcased at Recent NIST PIV
Demonstration; New and Enhanced Technologies, Shared Service Provider
Partnership Help Federal Agencies Meet the HSPD-12 Challenge
BEDFORD, Mass., July 19 /PRNewswire-FirstCall/ -- RSA Security (Nasdaq:
RSAS) today announced extensions to the company's Homeland Security
Presidential Directive 12 (HSPD-12) solution for U.S. federal government
agencies, a mandate requiring federal employees and contractors to use a
new standard (FIPS 201) for physical and logical access by October 2006.
Among the enhancements are new middleware technology and extensions to
the company's digital certificate management solution. The company is also
showcasing a new HSPD-12 partnership, as well as the results of a recent
end-to-end HSPD-12 interoperability demonstration.
This news builds on the November 2005 release of RSA(R) Card Manager, a
Personal Identity Verification (PIV) card and identity management system
that helps federal agencies comply with HSPD-12. An interoperable system,
RSA(R) Card Manager supports a broad range of third-party HSPD-12
solutions, including PIV-II cards, biometrics technology and externally
managed public key infrastructure (PKI) offered by approved Shared Service
Providers (SSP).
"RSA Security's card management system, as part of a comprehensive
HSPD-12 solution, provides an effective option for enabling U.S. federal
agencies to comply with the HSPD-12 mandate," said Kirk Brafford, Vice
President, Federal Enterprise Systems at MAXIMUS, Inc. "We are pleased to
be working with RSA Security to help deliver the solutions that meet the
needs of our customers in the U.S. federal government."
"As U.S. federal agencies work to comply with HSPD-12, the vendor
community has a responsibility to deliver interoperable solutions that
ensure customers are not locked in to any one technology provider.
Flexibility and choice are absolutely critical," said Kristin Parker,
Senior Associate at Booz Allen Hamilton. "Government agencies need to be
able to leverage existing technology investments and benefit from vendor
flexibility -- all while supporting efforts to address HSPD-12
requirements."
Specific technological advancements and partnerships include:
* RSA(R) Authentication Client is middleware that is designed to serve as
the interface between a PIV card and the applications/infrastructure
making use of digital certificates for actions such as authentication,
encryption and digital signing. RSA Authentication Client is
particularly important to current RSA Security customers, as the
technology is engineered to enable federal agencies to leverage
existing RSA SecurID(R) infrastructure with PIV-II compliant smart
cards. The middleware is capable of managing certificates on smart
cards issued by any FIPS 201 validated PIV-II card vendor.
* RSA(R) Certificate Manager (formerly RSA Keon(R) technology), an
industry-leading digital certificate management system, was enhanced to
support the extended properties and attributes necessary to operate a
FIPS 201 compliant environment. RSA Certificate Manager is included in
the Federal Bridge Certification Authority (FBCA) -- an information
system designed to enable government agencies to accept public key
certificates issued by another government agency. This certification
provides assurances that the technology will interoperate with the FBCA
as required for U.S. federal agencies.
* Widepoint Corporation's Operational Research Consultants (ORC)
subsidiary has entered into a strategic partnership with RSA Security.
Specifically, federal agencies choosing externally managed public key
infrastructure (PKI) may leverage ORC as their SSP in conjunction with
RSA Security HSPD-12 technology. ORC also plans to integrate RSA
Certificate Manager into its Shared Service Provider infrastructure.
National Institute of Standards and Technology -- Cooperative Research
and Development Agreement Interoperability Demonstration
In June 2006, RSA Security participated in a National Institute of
Standards and Technology (NIST) Cooperative Research and Development
Agreement (CRADA) demonstration, showcasing end-to-end interoperability of
the company's HSPD-12 solution with RSA Card Manager at its core. In
addition, RSA Security also demonstrated the ability of RSA Authentication
Client to perform advanced secure user functions, such as digitally signing
e-mail and documents. The demonstration included:
* User enrollment and identity proofing: A sponsored user was
automatically added into RSA Card Manager from Microsoft(R) Active
Directory(R) directory service, and the user's identity was then
verified (proofed) at enrollment by a pre-defined registrar.
* Image, biometrics and document capture: During enrollment, RSA Card
Manager leveraged third-party biometric technology (from Precise
Biometrics, Inc.), along with an off-the-shelf digital camera and
scanner, to capture the user's photograph, biometric templates
(fingerprint) and identification documents.
* Biometric matching: Prior to PIV card issuance, RSA Card Manager
leveraged third-party biometric readers (from Precise Biometrics, Inc.)
to confirm the user identity against previously captured biometric
templates.
* PIV card personalization and issuance: RSA Card Manager personalized
and issued a functional third-party PIV card (an Oberthur PIV EP on
ID-One Cosmo 64 v5 Dual Smart Card from Oberthur Card Systems) complete
with digital certificates and user biometric templates.
* PIV card usage: Finally, the PIV card was used for network login using
the logon certificate and newly created PIN. In addition, both an
e-mail message and a PDF document were digitally signed using the
signing certificate on the PIV card. As required by FIPS 201, the user
was prompted to enter a PIN prior to the signing operation.
RSA Card Manager: Meeting the HSPD-12 Challenge
RSA Card Manager software is designed to enable organizations to
implement smart card-based identity management, provisioning,
authentication devices and policy enforcement -- increasing overall
security, improving the end user experience and addressing regulatory
requirements. The solution serves the complete smart card credential
lifecycle, including card and credential issuance, replacement and
cancellation, as well as smart badging and applet management.
RSA Card Manager is engineered to offer other HSPD-12-related benefits
including interoperability with any FIPS 201 validated PIV-II card, and
support for a wide variety of biometric and Shared Service Provider
solutions. RSA Card Manager delivers out-of-the-box PIV workflows, roles,
card templates and integration, enabling agencies to get up and running
quickly and efficiently.
"As federal agencies grapple with the challenges associated with
HSPD-12, in terms of both process and technology, RSA Security has
delivered an end-to-end and interoperable solution that will provide a
effective option for our customers' short- and long-term needs," said
Shannon Kellogg, director of government and industry affairs at RSA
Security. "We look forward to continuing to provide leading technology
expertise and customer service, and helping federal agencies successfully
meet HSPD-12 requirements in 2006 and beyond."
More information on RSA Card Manager is available at
http://www.rsasecurity.com/cardmanager. Further details regarding RSA
Security's efforts to serve the U.S. federal government are available at
http://www.rsasecurity.com/government.
About RSA Security Inc.
RSA Security Inc. is the expert in protecting online identities and
digital assets. The inventor of core security technologies for the
Internet, the Company leads the way in strong authentication, encryption
and anti-fraud protection, bringing trust to millions of user identities
and the transactions that they perform. RSA Security's portfolio of
award-winning identity & access management solutions helps businesses to
establish who's who online -- and what they can do.
With a strong reputation built on a 20-year history of ingenuity,
leadership and proven technologies, we serve more than 21,000 customers --
including financial institutions representing hundreds of millions of
consumers around the globe -- and interoperate with over 1,000 technology
and integration partners. For more information, please visit
http://www.rsasecurity.com
RSA Security, RSA, and SecurID are either registered trademarks or
trademarks of RSA Security Inc. in the United States and/or other
countries. Microsoft and Active Directory are registered trademarks of
Microsoft Corporation in the United States and other countries. All other
products or services mentioned are trademarks of their respective
companies.
For more information:
Sandra Heikkinen Dave Howell
OutCast Communications RSA Security Inc.
415-345-4703 (781) 515-6303
rsa@outcastpr.com dhowell@rsasecurity.com
SOURCE RSA Security Inc.
 back to top
Related links:
http://www.rsasecurity.com/
CONTACT:
Sandra Heikkinen of OutCast Communications,
for RSA Security Inc., +1-415-345-4703, rsa@outcastpr.com; or
Dave Howell of RSA Security Inc., +1-781-515-6303,
dhowell@rsasecurity.com
|
