Codebench PIVCheck Software
PIVCheck is an award-winning software and hardware solution designed to assist security personnel in validating PIV, TWIC, FRAC, and CAC credentials and verify cardholder identities, then harvesting the data for use with a PACS. The software can be deployed on a PC, laptop, or handheld terminal.
PIVCheck Desktop Edition is intended for use in an indoor setting whereas PIVCheck Mobile Edition is intended for verifying credentials and harvesting credential data at locations where network connectivity is neither available nor required.
To extract all of the data elements, the cardholder's PIN is used to unlock the card. The card's authenticity is then verified by issuing a cryptographic challenge to the card. The CHUID and biometric signatures are verified, and the revocation status of the X.509 Certificate for PIV Authentication and the CHUID signing certificates are checked using a flexible combination of Microsoft's Cryptographic API, OCSP, or SCVP.
To ensure that the credential is issued to the person presenting it, a fingerprint image is acquired, and the resulting template is matched with the template encoded on the credential.
For TWICs, PIVCheck can be configured to verify that the cardholder's FASC-N is not on the current TWIC Canceled Card List (CCL). The CCL can be imported, or can be accessed directly if the desktop or mobile verification terminal has Internet connectivity.
For auditing, the credential validation session is logged to an encrypted, serialized data file. The contents of the file can be exported to a removable file system, such as a flash drive.
PIVCheck Certificate Manager
Re-validates the certificates that have been registered with the PACS and "knows" how to suspend the PACS card's access. In most PACS, when a card or cardholder's status changes, the access control panels are updated with the new status. When the cardholder presents their PIV credential to the reader, access is immediately denied. No new equipment needs to be installed at the reader and no network drops are required.
PIVCheck Plus Desktop coupled with PIVCheck Certificate Manager constitute a simple, cost-effective FIPS 201 APL-certified caching status proxy.