TrustZone™ Physical Access Control System
Whether your facility has two doors or hundreds of access points, BridgePoint’s TrustZone Physical Access Control System (PACS) delivers enterprise class features for controlling access. TrustZone is the only system from a single source that is fully integrated to meet the latest federal standards and guidance. Legacy systems simply cannot deliver strong authentication solutions or meet the requirements being imposed by FICAM and OMB 11-11. Unlike legacy systems, TrustZone was designed from the ground up. Having FIPS-201 and NIST 800-116 core functionality fully integrated within the system, rather than bolted on as an afterthought, ensures seamless PKI functionality.
Government and private sector providers of critical infrastructure recognize that trusted identity is fundamental to enterprise security. The TrustZone solution delivers the agility, ease-of-use and identity assurance needed to control access and secure assets.
Based on Java technology, TrustZone is both database and operating system agnostic. When deployed with TrustAlert Enrollment and Validation Software and TrustPoint Readers, the system is the most secure PACS available. TrustAlert adds PKI-based certificate validation using OCSP (On-Line Certificate Status Protocol) and TrustPoint Readers employ PKI challenge-response at the door to verify the certificate private key. These two PKI mechanisms mitigate the potential of counterfeit or cloned PIV or CAC credentials being used to access the facility.
HSPD-12 Made Simple and Flexible
BridgePoint’s integrated PACS architecture includes four basic sub-systems:
- TrustZone Central Server hardware and software
- TrustZone Central Controller and Door Interface Devices
- TrustAlert Enrollment and Validation Client hardware and software
- EntryPoint and TrustPoint Access Readers that deliver Level 1 to Level 4 assurance levels
“PKI and asymmetric CAK authentication mechanisms should be implemented by a PACS reader capable of full certificate path validation, either on-line or using a cashing status proxy….If a cashing status proxy is utilized, the certificates should be captured when the PIV Card is registered to the PACS.”
--NIST SP-800-116, Paragraph 7.4 PACS Registration
TrustZone offers the unique capability of being able to operate in the lower Level 1 and Level 2 security modes with the capability of higher security Level 3 and 4 modes being switched on without additional cost or upgrades. The system will interoperate with all government issued CAC and PIV credentials and will also operate with PIV Interoperable and compatible credentials.
Facilities that wish to upgrade to use of PKI can install TrustAlert Enrollment Software with the option of capturing PKI certificates from the credentials enrolled. Capturing certificates for future path validation eliminates the need to re-enroll users before activating strong authentication. If TrustPoint Readers are installed, even with the private key challenge-response not activated, the Readers can be reconfigured to employ the private key challenge at a later date, eliminating the cost of replacing readers.
The TrustAlert Enrollment Application is easy to use and eliminates keystrokes by utilizing information from the CAC or PIV. The system administrator can configure a security policy menu to configure TrustAlert’s security settings and enrollment parameters. Designated security officers can override the system in limited cases that are controlled by the Administrator.
The diagram below illustrates how the TrustZone PACS components work to deliver access with strongly trusted authentication using TrustPoint Readers:
Not only does TrustZone deliver the most trusted access, it is loaded with features and functionality expected with any enterprise access system. The user interface, alarm graphics, intrusion detection and audit reporting are state-of-the-art, extremely intuitive and user friendly. TrustZone provides extensive reporting capability and supports drill-down capability in nearly every software module. An audit trail of operator, event, date and time of all system changes are securely retained. The system delivers standard reports and supports the ability for direct SQL queries.
Other features and functionality include:
- Open Architecture
- Scalable and Flexible
- Efficient and Cost-effective
- Network and Serial Controllers
- Nearly Unlimited Credential Holders
- Nearly Unlimited Access Control Devices
- Configurable Access Levels
- Hardware Time Schedules
- Scheduled 1, 2 & 3-Factor Authentication Modes
- Full Support for PKI Mechanisms
- Customizable Holidays
- Easy-to-Use Interface and Application
- Local or Centralized Security Control
- Multiple Client Workstations for Enrollment
- Encrypted Communication
- Event Photo Management
Even if you are not a government agency or a provider of critical infrastructure, you may want to consider utilizing modern smart-chip based credentials. By doing so, you will be aligned with the current best practice being established by HSPD-12. Surprisingly, the cost to implement a system that is “more trusted” is not more expensive than the outdated legacy systems.
BridgePoint offers a system that is very secure, modern and cost effective. Our system delivers Medium Assurance as defined by the National Institute of Standards and Technology (NIST) in Special Publication 800-116.
Contact BridgePoint for information on our innovative and cost effective access solutions.