ActivID KMS and Other ActivID Products

HID PIV (Personal Identity Verification) IDMS (Identity Management System)™ delivers a comprehensive, highly configurable solution to perform identity proofing, enrollment, and credential issuance – even to remote users.

• Manage and track identity proofing lifecycle – Customizable, automated workflows to ensure secure credentials are issued to the right person

• Connect to external background check systems - look up and compile criminal records, commercial records and financial records

• Enforce separation of duties – Maximize the security in the credential production process

• Centralize identification attributes – Including photo, fingerprints, identity documents and background check results

• Convenient self-service issuance – Easy to use activation for remote users

• Comply with standards and mandates – Support PIV & PIV-I, NIST Identity Assurance and more

HID PIV IDMS is part of HID PIV Express / HID PIV Enterprise solution, which is a multi-factor authentication solution that covers the complete lifecycle of the identity: from identity proofing, secure credential issuance, IT systems and physical/facility access, and retirement of the secure credential.

HID’s ActivID Batch Management System (BMS) enables organizations to securely and efficiently transfer large quantities of sensitive employee data to card service bureaus for the production of employee ID cards.

The ActivID Batch Management System extends the functionality of the ActivID Credential Management System (CMS) by creating and managing batches of smart card data and securely transmitting them to a service bureau for card production The process of producing a full or partially personalized card that results in the card being bound to a cardholder and put into a locked state.. Once smart cards are issued, ActivID BMS communicates data back to the ActivID Credential Management System to enable secure activation and lifecycle management of the smart cards. The ActivID Batch Management System is ideally suited for:

• Large enterprises using a card service bureau to personalize smart cards for employees

• Organizations using a card service bureau to personalize PIV or PIV-I cards

Alternatively, the Local Issuance capability of ActivID BMS enables organizations to print and encode batches of smart cards without the need of a service bureau. In this model, ActivID BMS provides a single point of administration, which allocates printing and encoding of smart cards to various agents that are located in different locations.

The ActivID Batch Management System enables organizations to reduce the cost of smart card production by automating the flow of data to and from the card service bureau, or local batch issuance stations. Data confidentiality and integrity is assured through the encryption of smart card batch files.

ActivID BMS is an add-on product to ActivID CMS; it is available as part of the ActivID CMS advanced license. For more information about ActivID BMS and ActivID CMS licenses, contact your HID Global reseller.

The ActivID AAA Server is a strong, scalable RADIUS and TACACS+ compliant authentication server that maps to an existing LDAP Lightweight Directory Access Protocol directory to provide strong user authentication services for a wide range of access points. By offering full authentication, authorization, and accounting (AAA) services, this server enables enterprise customers to secure and manage remote network access with two-factor authentication. AAA stands for:

• Authentication: Accepts or rejects user authentication requests based on stored credentials and/or one-time passwords.

• Authorization: Controls user access based on the appropriate attributes transmitted to the network remote access point (VPN, firewall, router, etc.).

• Accounting: Stores information concerning user activity while connected remotely (connection times, data transfers, etc.).

ActivID AAA Server for Remote Access secures virtual private networks, Web applications, remote terminal services, and more. It includes the following features:

• Open standards-based protocols (for example, Remote Authentication Dial-In User Service [RADIUS], Terminal Access Controller Access-Control System Plus [TACACS+], and 802.1x), authentication (for example, Initiative for Open AuTHentication [OATH] and public key infrastructure [PKI]), and user stores (for example, Lightweight Directory Access Protocol [LDAP] and Structured Query Language [SQL]).

• Support for a combination of hardware tokens, soft tokens, Short Message Service (SMS) one-time passwords (OTP), USB tokens, and smart cards.

• Web-based self-service.

• Web-based help desk administration.

One key advantage to using the ActivID AAA Server is that organizations can continue to manage users through their LDAP directories without requiring LDAP schema extensions.

The ActivID AAA Server for Remote Access offering also includes a software development kit for systems integrators and independent software vendors.

For more information about the ActivID AAA Server for Remote Access, contact your HID Global reseller.

The ActivID Authentication Server is used by governments, enterprises, and banks worldwide to secure access to critical infrastructure, prevent breaches, and achieve compliance with the updated FFIEC guidance, PCI DSS, GDPR, and other online commerce/banking-related mandates, policies and guidelines.

The solution is ideal for:

• Medium to large businesses deploying a single enterprise-wide multi-factor authentication platform

• Providers of multi-tenant authentication cloud-based services

• Governments, banks and healthcare providers securing access to online services for citizens, customers and patients

• Organizations securing mobile employee remote access to networks and applications behind the firewall and in the cloud

• Organizations securing access to partner portals

Organizations can reduce costs by deploying a single platform capable of handling a versatile range of multi-factor authentication methods, enabling users to connect securely from any location, at any time, via their preferred device.

The solution supports multi-factor authentication with all leading mobile phones and tablets, and provides a pluggable platform that is extensible to support future authentication methods. Built-in support for open protocols ensures that it can be easily integrated into enterprise infrastructure, cloud-based services and internet banking engines.

The solution provides the security organizations need to stay ahead of an ever-changing threat landscape, without disrupting user workflow and productivity. Templates and easy-to-define policies simplify user authentication and enable organizations to deploy a flexible authentication solution tailored to their unique requirements.

The ActivID Authentication Server is also available as a hardware appliance (ActivID Appliance) or as a virtual appliance, striking the perfect balance between security, flexibility, cost and convenience.

For more information about the ActivID Authentication Server or ActivID Appliance, contact your HID Global reseller.