PIV System Architecture

To receive a PIV Personal Identity Verification (technical standard of "HSPD-12") card, applicants are sponsored in the Identity Management System (IDMS) by someone authorized to do so in the company.

Someone operating the enrollment station captures all the information required before a PIV card can be issued to an applicant (demographic data, identity traits, copies of ID documents, etc.). The captured information is submitted to the IDMS.

Someone else with appropriate role(s) to use the IDMS proceeds with a background check according to FIPS 201 Federal Information Processing Standard 201 (NIST standard for HSPD-12/PIV). requirements and then submits all necessary information to the ActivID CMS which initiates the card issuance process. The following figure represents the PIV card issuance model.

PIV Card Issuance Model

ActivID CMS is responsible for PIV card issuance. It supports two issuance models.

• One-step issuance:

  • In this model, ActivID CMS is responsible for complete card personalization Refers generically to a card issuance, re-issuance, or update..

  • The activation process combines both personalization and activation of the card in one step.

  • Once issued, the card can be used to access both physical and logical systems.

• Two-step issuance:

  • In this model, ActivID Batch Management System (BMS) is responsible for creating batch production requests containing all PIV card personalization information (including Biometric and CHUID Card Holder Unique Identifier signed data) and for submitting them to the card production The process of producing a full or partially personalized card that results in the card being bound to a cardholder and put into a locked state. facility.

  • The card production facility notifies ActivID BMS of card production and fulfills the card production requests (encompasses card printing and PIV card personalization, but not personalization of PIV PKI containers).

  • Once produced, the card must be activated at a local issuance station. This process includes 1:1 fingerprint verification of the user and unlocking the card. The activation process also includes personalization of the PKI application and notification back to the IDMS system of card issuance.