Credentialing Made Simple
The IDGuard solution provides all of the enrollment and credential issuance workflows required to issue CIV cards in a single, easy to deploy commercial off-the-shelf product. IDGuard has the flexibility and configurability to take the best elements of PIV and implement them in a way that fits your organization.
A CIV card is a Commercial Identity Verification smart card, previously known as a PIV-Compatible card. It is a credential that provides rapid issuance, and low cost use of PIV technology to meet an organization’s needs in both logical and physical access applications. For those without the need for external trust, IDGuard CIV credentials enable internal trust within an organization, through explicit definition of PKI policies and practices. IDGuard credentials also conforms to the Generic Identity Device Specification (GIDS) v2.0.
CIV cards are used by organizations that do not need the same level of federated trust as a full PIV-compliant solution, but still wish to benefit from using interoperable components and best practice business processes for securing physical (e.g. building access) and logical (e.g. network logon) access to corporate resources.
For organizations with an in-house IT capability and/or larger volumes of employees, IDGuard’s CIV in a Box solution offers a complete system that contains everything needed to start issuing CIV cards. Application and database server tiers are deployed on-site rather than in the cloud, which means that you have total control over your infrastructure, credential issuance and use.
IDGuard Key Features
- Choose the package that best suits your organization
- Maintain control over issuance policy
- Facilitates use of smart card capabilities inherent within Windows 7/8/10, such as smart card log on, secure email and Bitlocker encryption
- FIPS 201 compliant, providing CIV (Commercial Identity Verification) solutions
- Enables physical and logical access convergence by use of IDGuard PACS connectors
- Save time and the development costs of defining and deploying your own issuance standard
- Increase security combined with a reduced total cost of ownership
OpenPGP Card v2.0 on JavaCard Platform
In cryptography, the OpenPGP card is an ISO/IEC 7816-4,-8 compatible smart card implementation that is integrated with many GnuPG functions. Using this smart card, various cryptographic tasks (encryption, decryption, digital signing/verification, authentication etc.) can be performed.
The fundamental idea of OpenPGP smart cards is to store your subkeys on the card, where all cryptographic operations are executed. Thus, secret keys never leave the card, and your keyring on disk contains only so-called stubs pointing to the secret keys on the smart card, but not the secret keys themselves. It allows the storage of secret key material in a secure manner; all versions of the protocol state, "Private keys and passwords cannot be read from the card with any command or function." However, a new key pair may be loaded onto the card at any time, overwriting the existing one.
Our in-house developed OpenPGP cards built on JavaCard platform, conforms to OpenPGP card specification 2.0. It only supports RSA 2048-bit keys and can be obtained from our online webstore. The smart card daemon, in combination with the supported smart card readers, as implemented in GnuPG, can be used for many cryptographic applications. With gpg-agent in GnuPG 2, an ssh-agent implementation using GnuPG, an OpenPGP card can be used for SSH authentication also. There is also a proprietary middleware for Windows available.
Features of the card
- 3 independent 2048 bit RSA keys (signing,encryption,authentication).
- Key generation on card or import of existing keys.
- Signature counter.
- Data object to store an URL to access the full OpenPGP public key.
- Data objects for card holder personal data.
- Data object for login specific data.
- Data object to store a X.509 certificate.
- Length of PIN between 6 and 32 characters.
- T=1 protocol; compatible with most readers.
- Version with chip out ID-000 card.
- Factory reset feature.
- Specification freely available and usable without any constraints.
- Reasonable priced.
Usage of the card
- Sign and encrypt your email.
- Use your card for single sign-on at you computer.
- Log in remotely on your machines using SSH. Because the key is stored in hardware and can never leave the card, you can even do this safely from a potentially insecure machine.
- Use the smart card only for subkeys of your normal GPG key. Using your smart card with subkeys is recommended.
This OpenPGP smart card is indeed a very flexible token that can be used for many things -- use your imagination.
If your organization needs a custom solution, we will be pleased to help you build a system to meet your needs.