How ActivID CMS Manages Sensitive Information

Depending on the customer deployment, it is possible for ActivID Credential Management System (CMS) to manage “Sensitive Information.” Sensitive Information is split into two categories of information: Secret Information and Personally Identifiable Information (PII). Examples of Secret Information are: Personal Identification Numbers (PIN), answers to security questions, credentials to connect to third-party systems, and secret cryptographic keys. Examples of Personally Identifiable Information are:

  • Identification data specific to a person (name, address, identifying number or code, telephone number, Email address, any locally unique number tied to an individual (for example, an account name), etc.).

  • Biometric data (fingerprints, digital color photograph, etc.).

  • Personal status data (military status, grade, rank, etc.).

  • Credential identification (Credential issuance location, credential serial number (all past and current Card ID numbers will be held), Digital certificate(s) serial number, PIV Personal Identity Verification (technical standard of "HSPD-12") credential issuance and expiration dates, Cardholder Unique Identification Number (CHUID or FASC-N), Public Key Infrastructure (PKI) certificates or a public key itself, etc.).

  • Organization Identification (government agency code, department code, etc.).

  • Infrastructure identification that can be used to identify uniquely a corresponding individual (Terminal S/N, personal device S/N, device IP address, etc.).    

ActivID CMS relies on its authentication and access control capacities to prevent unauthorized third-party access to Sensitive Information.

However, when there is a need to troubleshoot the system, ActivID CMS has a feature that creates log files on the ActivID CMS server which can be used to troubleshoot the issue. In order to do that, an HID Global Customer Support representative may request access to those log files. When the log files are moved outside of the ActivID CMS server, they are not protected by the access control rules from the Operating System of the server or ActivID CMS any longer. This can be a concern for customers who do not want to share any Sensitive Information at all.

By design, ActivID CMS does not output Secret Information in log files, and usually this does not hinder troubleshooting. PII data, however, can be present in the log files. In order to protect the customer PII data—and still be able to share the log files in order to troubleshoot issues—ActivID CMS provides a Log Anonymizer Tool.

Options for Dealing with PII

There are three options for dealing with Personally Identifiable Information:

  • Remove it,

  • Anonymize it, or

  • Leave it in clear text.

ActivID CMS automatically “removes” some information (by not logging it in the first place). Any remaining PII can be removed by using the ActivID CMS Log Anonymizer Tool. It is possible to leave PII in the clear. However, by default, this option is disabled.

The ActivID CMS Log Anonymizer Tool parses a set of log files and replaces all PII defined in a property file with anonymous values. The following PII are recorded in ActivID CMS log files:

  • cn

  • UID

  • Userid

  • sAMAccountName

  • DN

  • SMId

  • mail

  • PIV

  • WalletId

  • CertRequest

  • CertResponse