Identity Assurance, Management and Credentialing for the State of West Virginia
Nowhere is the power of NextgenID and its ID*TRUST™ Platform solution more evident than in the State of West Virginia (WV) where the Division of Homeland Security and Emergency Management awarded a contract to develop a Personal Identity Verification – Interoperable (PIV‐I) credential system, to be deployed initially for State First Responders (FRAC) and then migrate to a much broader, statewide program that will provide other user benefits. This contract is being performed by NextgenID as the Prime Contractor. The two primary deliverables on this contract are a single “one card” system and a PIV‐I certified managed service run on the behalf of the state. The “one card” use case transitions the state from the practice of issuing separate cards for physical access, logical access, and identity to a single trusted source card that provides all of these functions resulting in reduced issuance costs in various programs and, because of the identity of merit contained on the “one card,” the ability to eliminate identity based fraud and abuse, resulting in significant monetary savings for the state.
The contract also involves working with the Department of Homeland Security (DHS) through the Federal Emergency Management Agency (FEMA) to ensure that the system and cards are interoperable with Federal requirements and systems so a first responder’s credentials and access will not be bounded by state borders. In the State of West Virginia, the Division of Homeland Security and Emergency Management is the primary state agency charged with coordinating the activities of all organizations for homeland security and ER Management within the state. It maintains liaison and cooperates with homeland security, emergency management, emergency service, civil defense agencies and first-responder type organizations from other states and across the US federal government.
Interoperable and federated
It was mandatory that the system and cards be interoperable with Federal requirements so a first responder’s credentials and access will not be bounded by state borders
The WV contract implements the full NextgenID ID*TRUST™ Platform. It provides an identity service that is very high in assurance, implements trusted identities to combat identity theft, significantly reduces identity fraud in administering governmental services, enhances privacy and confidentiality when conducting transactions, improves the timeliness in delivering governmental services, improves convenience to citizens in executing State administered transactions, and reduces the cost of State operations in administration of State transactions under the governance of the State of WV.
The ID*TRUST™ Platform in WV is based on the combined implementation of National Institute of Standards (NIST) ‐ Federal Information Processing Standards (FIPS) 201, General Services Administration (GSA) ‐ approved PIV‐I credentials, and American National Standards Institute (ANSI) standards. The State’s PIV‐I credentials are completely interoperable with Federal and DoD National Guard Personal Identification Verification (PIV) credentials and validation devices. The NextgenID ID*TRUST™ Platform is one of only eight systems approved by the US Government and certified to issue PIV‐I credentials, one of only two with a complete end‐to‐end system, and the only one with the ability to issue a single credential capable of multiple uses.
NextgenID has maximized the use of 2 and 3 factor authentication, digital signing, and device and data encryption to protect privacy, user confidentiality, and the data integrity on digital transactions. In the next phase of the contract, this capability could transition the smart credential token to multiple form factors including smart phones and tablets.
NextgenID achieved FICAM Personal Identity Verification – Interoperable certification issued by CertiPath, an approved GSA federal government certification lab. This certification, initially on behalf of the State of West Virginia, allows NextgenID to issue PIV-I identity credentials to state and local government, healthcare providers, first responders, and government contractors. This certification currently makes NextgenID the only end to end provider of PIV-I credentials using all North American made products.
After successfully passing certification Testing, the first PIV-I cards were issued by the NextgenID ID*TRUST™ Platform system this year as part of a 5,000 card pilot program. NextgenID implemented the system which included final system test and vetting leading to the successful issuance of several hundred credentials to begin. Enrollments were accomplished utilizing the NextgenID Multi Biometric Enrollment (MBE) KIOSKs being deployed throughout West Virginia.
The ID*Capture® Kiosk incorporates a self-contained biometric enrollment station, a portal for data distribution, and an effective chain of trust from the capture point through distribution to the subscribing systems
NextgenID’s biometric-based enrollment system, known as the ID*Capture® Kiosk is the best-in-class offering that has captured the Identity Market’s attention as it eliminates many of the daily challenges experienced with other systems when enrolling thousands of card holders into a structured identity program. This is an on-site task which traditionally has required trained manpower and mountains of cumbersome paperwork.
The ID*Capture® Kiosk incorporates a self-contained biometric enrollment station, a portal for data distribution, and an effective chain of trust from the capture point through distribution to the subscribing systems. The ID*Capture® Kiosk provides fast, high quality, accessible, and secure capture of personal data as part of the credentialing eco-system. It is a fully designed and tested system requiring no expensive facility modifications to install — just plug it into an electrical wall socket, hook it up to an internet connection, and it is ready to start enrolling. It is a high quality, robust, relatively inexpensive tool designed to produce high quality enrollments at high speed.
As a part of the initial issuance program, the State of WV requested that NextgenID also issue West Virginia PIV-I cards directly to key personnel of the US Federal Emergency Management Agency (FEMA). The ID*Capture® Kiosk’s enrollment functions performed beyond expectations and all system goals have been achieved towards the fulfillment of the WV program. Proof of performance and efficiencies of the ID*Capture® Kiosk have been instantiated by WV enrollees who had been enrolled through previous government PIV/PIV-I enrollment systems. After going through the new NextgenID-managed State of WV PIV-I enrollment process, they were duly impressed with the simplicity and functionality of the ID*Capture® Kiosk, and were very complimentary of the significantly reduced time to do enrollments and the efficiency of the system. On average, across several hundred enrollments accomplished during the program, the mean time per enrollment was under ten minutes per person, about four times faster than any other enrollment system on the market today. In one instance, the West Virginia Program Manager surreptitiously timed an enrollment and reported that it took under four minutes to successfully complete.
The NextgenID ID*Trust™ Smart Card includes capabilities for high-assurance personal identity and the ability to securely store attributes/roles established through various commercial/State/Federal stakeholders. The Card also contains all of the required elements for PIV/PIV‐I including identity, certificates, biometrics, and digital signatures. Encryption is used for differential access to content, logical access, physical access, and access/privileges of attribute/role containers.
NextgenID has received all required certifications for its smart card. Other capabilities of the smart card include a secure fingerprint biometric match-on-card and match-off-card within a contact physical format (International Standards Organization [ISO] 7816), as well as contactless (ISO 14443A) modality, Public Key Infrastructure (PKI) support and a contact modality for external application interface and support. A proximity chip and mag-stripe are also included in the smart card to support legacy systems.
With the ID*Trust™ Platform infrastructure in place to deliver seamless interoperability, the ID*Trust™ Smart Card can be used by the State in a multiplicity of ways, which can include:
- First Responder Credential
- State ID card
- State Insurance Card
- Building Physical Access Card
- Medicare and Medicaid
- Emergency Medical Record
- Veterans Administration ID card
- WIC, SNAP, etc.
- Hunting /Fishing License
- Voter Registration Card
- Debit Card
- Credit Card
- Prescriptions Card
- DEA Issued Pharmacist Card
- Computer Access Card
- Driver’s License
- Health Care Record Authentication Card
- Licenses issued for special services and Certification
- Medical Licensing Validation and
- TSA Approved Credential for Law Enforcement.
Working as a team with West Virginia Department of Homeland Security and Emergency Management (DHS-EM) personnel to generate specific system requirements, detailed plans, and schedules for the Identity Program, NextgenID has been successfully performing and managing all aspects of the implementation. NextgenID’s program leadership includes subcontractor management, procurement, logistics, delivery, and project management activities in addition to all required system and personnel certifications, training, and mandated compliance directives. NextgenID implemented and now manages the complete program lifecycle from conceptual design through on-going operations and issuance.
Within the ID*aaS Managed Services model, the NextgenID Program Office and staff can confidently implement new customers very efficiently and within a short period of time. Followon customers reap the benefits of the currently implemented programs policies, procedures, technical infrastructure, and performing personnel. This ensures that the technical solution is in full compliance and fully certified from system architecture and design, security, system functionality and feature set, system integration, documentation, customer support, applicant processing, training, and maintenance. The managed service includes a secure data center compliant with certification requirements that houses the systems servers, networks and data repositories.
NextgenID is an experienced identity solutions market leader and strategic advisor in all of the identity specific areas addressed by ICAM. NextgenID has experience in delivering enabling technologies that deliver compliance benefits and business value. Capabilities that directly address the ICAM solution include:
- Use of standards within the entire production solution space
- Significant process/workflow knowledge surrounding high-integrity/trust/assurance credentialing systems as well as physical security processes and systems
- Solution simplification through the use of a Managed Service offering
- Implementation and operational experience and expertise.