By
Integrated mobile and desktop-based solutions for PIV and TWIC cardholder verification and registration into physical access control systems
PIVCheck
PIVCheck Mobile Edition™
A mobile hardware and software solution, with Ethernet, WiFi, and GSM connectivity that provides strong, three-factor authentication, managing the acquisition of cardholder data from a smart card and performing off-card biometric matching. Digital certificates are verified using the issuers validation authoritiy, OCSP responder or repeater. All cards are validated using FIPS-201 challenge-response in order to identify forged or cloned cards. PIVCheck validates all PIV, TWIC, NG CAC, and FRAC cards. TWIC card FASC-Ns are also verified against a live or cached TSA Hot List.
PIVCheck Desktop Edition™
A PC-based software application that provides strong three-factor authentication, managing the acquisition of cardholder data from a smart card and performing on-card biometric matching. Digital certificates can be verified using the issuer's validation authoritiy, local Windows certificate store, OCSP responder or repeater. Additional certificate path validation (CPV) and CRL validation can be configured using Windows CAPI on Windows XP SP 3 or Vista platforms. TWIC card FASC-Ns can also be verified against the TSA Hot List. All cards are validated using FIPS-201 challenge-response in order to identify forged or cloned cards.
Read More | Feature Comparisons
TWICCheck
TWICCheck Basic™
Strong, contactless two-factor authentication on mobile hardware platform with Ethernet, WiFi, and GSM connectivity that allows port security personnel to quickly verify TWIC credentials in any of TWIC's four identification and authentication modes:
| Mode | Description |
| 1 | CHUID Verification |
| 2 | Active Card Authentication (Single Factor) |
| 3 | CHUID Verification + Biometric Authentication (Single Factor) |
| 4 | CHUID Verification + Active Card Authentication + Biometric User Authentication (Dual Factor) |
With this TWIC card reader software, TWIC cards are validated using the contactless interface. TWIC card FASC-Ns are verified against an online TSA hot list if network connectivity is present or the latest cached version when there is no network connectivity. Digital certificates are verified using the TWIC Certificate Authority's OCSP responder, or a local Tumbleweed VA Repeater. In Authentication Modes 2 and 4, all cards are validated using FIPS-201 challenge-response to identify cloned or forged cards.
TWICCheck on Datastrip's DSVII-SC meets or exceeds all USCG TWIC portable reader requirements and was selected by the USCG as for use as its standard-issue portable TWIC reader. TWICCheck on Datastrip hardware also meets all TWIC Reader Pilot ICE requirements for both portable and fixed readers and appears on the approved TWIC reader (ICE) list.
TWICCheck features:
- Simple transition between authentication modes
- Local TPK aquisition/caching using strong encryption
- Ability to import TSA hot list and TWIC CRL
- Ability to export encrypted transaction audit logs
TWICCheck Plus™
In addition to the capabilities of TWICCheck Basic, TWICCheck Plus integrates with the PIVCheck PACS server infrastructure enabling it to display the cardholder's photo and printed information (for previously registered TWIC cardholders). TWICCheck Plus features:
- Client - Transaction audit log upload from mobile biometric terminals
- Client - TPK harvesting, forwarding, and distribution
- Server - Canned transaction log queries as well as direct SQL access
- Server - Ability to export report results to CSV
- Server - Managed TWIC authentication modes and synchronization
- Server - Managed client configuration and synchronization
TWICCheck Plus includes PIVCheck Audit Trail.
PIVCheck Plus
PIVCheck Plus Mobile Edition™
A mobile hardware and software solution, with Ethernet, WiFi, and GSM connectivity that provides strong, three-factor authentication, managing the acquisition of cardholder data from a smart card and performing on-card biometric matching. Digital certificates are verified using the issuer's validation authoritiy, OCSP responder or repeater. All cards are validated using FIPS-201 challenge-response in order to identify forged or cloned cards. PIVCheck validates all PIV, TWIC, NG CAC, and FRAC cards. TWIC card FASC-Ns are also verified against a live or cached TSA Hot List.
PIVCheck Plus Mobile Edition performs seamless, automated registration into compatible Physical Access Control Systems (PACS). It does not require a third-party identity or credential management system.
PIVCheck Plus Mobile Edition includes PIVCheck Audit Trail.
PIVCheck Plus Desktop Edition™
A PC-based software application that provides strong three-factor authentication, managing the acquisition of cardholder data from a smart card and performing on-card biometric matching. Digital certificates can be verified using the issuer's validation authoritiy, local Windows certificate store, OCSP responder or repeater. TWIC card FASC-Ns can also be verified against the TSA Hot List. All cards are validated using FIPS-201 challenge-response in order to identify forged or cloned cards.
PIVCheck Plus Desktop Edition performs seamless, automated registration into compatible Physical Access Control Systems (PACS). It does not require a third-party identity or credential management system.
PIVCheck Plus Desktop Edition includes PIVCheck Audit Trail.
PIVCheck Certificate Manager™
A PC-based application that re-validates imported cardholder certificates on a periodic basis. Certificate Manager can be configured to suspend a PACS badge associated with a revoked certificate.
Digital certificates are be verified using the issuer's validation authoritiy, local Windows certificate store (Windows XP SP3 or Vista), OCSP responder or repeater. TWIC card FASC-Ns are also verified against a live TSA hot List.
Certificate Manager operates in either active or passive mode. Active mode suspends the PACS badge, while passive mode provides notification to site security management.
Available in a variety of configurations, this product ships bundled with the Tumbleweed VA Repeater software that can be activated with a separate license.
Read More | Feature Comparisons
PIVCheck Audit Trail™
Enables mobile biometric terminals or PCs running TWICCheck Plus, PIVCheck Plus Mobile, and PIVCheck Plus Desktop Edition to upload local activity logs to a central database for consolidated activity reporting. Supports any ODBC- or ADO-compliant database, including Oracle, SQL Server, Informix, DB2, and Firebird (included).
PIVCheck Audit Trail provides:
- Canned transaction log queries as well as direct SQL access
- Ability to export report results to CSV
PIVCheck PACS Service SDK™
The PACS Service SDK exposes the biometric and cryptographic data available to fixed TWIC readers in real time. It includes a complete reference implementation of the KeyLookup method described in Appendix B of the TWIC Reader Specification as well as the ExtendedKeyLookup method that provides not only the TWIC Privacy Key but also the following information:
- Current TWIC Authentication Mode
- Cardholder Printed Name
- Cardholder Photo
- TSA hot list check
- Card Auth / PIV Auth certificate revocation status
PIVCheck Mirror™
The entire PIVCheck product suite loves a good network. However, an IT security manager may not view its easy-to-use software update and configuration rollout capability as an asset. PIVCheck Mirror is a self-contained, fully configurable Apache 2.2 web server that runs behind the firewall, allowing the enterprise to leverage the networkability of the product without compromising network security.
Software can be downloaded from an authorized workstation and copied to the PIVCheck Mirror where it becomes available to all PIVCheck and TWICCheck components. The PIVCheck Mirror can also distribute TSA hot lists and CRLs.