HID ActivID Credential Management System
Securely Issue and Manage High Assurance Credentials
ActivId CMS Specifications
ActivID BMS Specifications
HID PIV IDMS Specifications
Authentication Credential Management System
HID® Global’s ActivID® Credential Management System (CMS) enables organizations to issue an authentication credential that goes beyond perimeter security. Clients can choose from smart cards, security keys, Windows® TPMs and mobile phones for secure access to individual workstations and servers within the firewall, VPNs and applications. This high assurance credential can also enable digital signing and encrypt data, hard drives, documents and emails.
The ActivID Credential Management System is ideal for:
- Medium to large enterprises issuing converged access cards or smart authenticators for employee authentication, data encryption and data signing
- Organizations deploying Personal Identity Verification (PIV) cards and commercial organizations deploying PIV Interoperable (PIV-I) or Commercial Identity Verification (CIV) cards
- Governments issuing citizen identification cards with PKI-based credentials
ActivID CMS is the only offering in the industry that makes it possible for organizations to create, manage and use a single PKI smart card for both IT and physical access — all while utilizing a unified solution from a single vendor.
Organizations deploying ActivID CMS are able to securely provision PKI certificates and other credentials to a range of different devices, including smart cards, virtual smart cards, tokens and mobile devices. It is also scalable to millions of credentials in complex environments with multiple user groups. ActivID CMS interfaces with physical access control systems (PACS) to automate the PIV or PIV-I card enrollment process, enabling users to authenticate at the door without the need to re-enroll their card.
Optional and Supplemental Systems
ActivID Batch Management System (BMS)
The Advanced Edition of ActivID CMS includes HID Global’s ActivID CMS and HID Global’s ActivID BMS. ActivID BMS extends the functionality of ActivID CMS by creating and managing batches of smart card data and securely transmitting them to a service bureau for card production. Once smart cards are issued, ActivID BMS communicates data back to the ActivID CMS to enable secure activation and lifecycle management of the smart cards. The ActivID BMS is ideally suited to:
- Large enterprises using a card service bureau to personalize smart cards for employees
- Organizations using a card service bureau to personalize PIV or PIV-I cards
HID Personal Identity Verification (PIV) Identity Management System (IDMS)™
HID PIV IDMS delivers a comprehensive, highly configurable solution to perform identity proofing, enrollment, and credential issuance – even to remote users.
HID PIV IDMS is part of the HID PIV solution, which is a multi-factor authentication solution that covers the complete lifecycle of the identity, from issuance to retirement of the secure credential.
ActivID CMS Specifications
The ActivID Credential Management System (CMS) gives organizations a method for simply and securely managing deployment of high assurance credentials.
The solution supports:
Extensibility. In conjunction with ActivClient® as well as public key cryptography standards (PKCS) #11-compliant middleware, the ActivID CMS can be used to support the issuance and management of smart cards for a wide variety of desktop, network security, and productivity applications. When fully leveraged, the credentials can be used for both logical and physical access. ActivID CMS also supports the issuance of digital certificates on virtual smart cards and mobile devices to enable flexibility in terms of form factors and assurance level options.
Lifecycle management. Allows for the effective management of an organization’s authentication devices (e.g., smart cards, security keys, Windows TPMs and mobile phones), data (e.g., static passwords, biometrics and demographic data), applets (e.g., one-time password applications and Personal Identity Verification [PIV] applets), and digital credentials (including PKI certificates). ActivID CMS’s unique, patented, post-issuance update capabilities ensure that organizations are in control of their credentials at all times.
Integration. Interoperable with a wide variety of environments, including operating systems, directories, front- or back-end identity management and provisioning systems, certificate authorities, physical access control systems, and card printers — including FARGO® printers. ActivID CMS supports multiple browsers: Microsoft Internet Explorer, Google Chrome and Microsoft Edge.
Robust reporting. Provides full, tamper-evident audit features that log all event activities for reporting.
Strong security. Delivers a secure, transparent method for transmitting sensitive data held on smart cards or smart authenticators connected to user workstations. Keys and personally identifiable information are protected on the server using a Hardware Security Module and are transmitted safely from point of origination to the secure element chip. ActivID CMS also supports stringent U.S. Federal Government standards for PIV and PIV-I.
ActivID BMS Specifications
The ActivID BMS gives organizations a simple and secure method of communicating with card service bureaus that create their smart cards. The solution supports:
- Flexible issuance. Smart cards can either be ready to use, or securely locked for activation by the user.
- Multiple facilities. Enables communication with multiple smart card production facilities, and multiple delivery sites from one system.
- Complete tracking. Tracks each card batch throughout its life cycle.
- Secure communications. Card data is encrypted and digitally signed between ActivID BMS and the service bureau with Secure Sockets Layer (SSL) technology.
ActivID BMS provides increased flexibility by supporting a local issuance model, with both Fargo® and Datacard® printers. Smaller batches of cards can then be printed and personalized with a shorter turnaround.
PIV IDMS Specifications
- REST based API to request credentials, approve credential applications and monitor system activities
- Data repository integrations to eliminate manual data entry
- Lightweight enrollment stations for mobile locations
- Streamlined biometric validation
- Customizable branding and messaging
- On-demand or batch printing options
- Instant applicant status to streamline the enrollment and issuance process
- Self-service capabilities for issuance, activation, update, renewal, and unlock
- Advanced auditing