Verifies that the card is not expired; and retrieves the digital photo of the card holder to compare it to the person actually enrolling at the card enrollment station. The “General” version does not validate the Card Authentication Certificate (CAC) even if it is present on the card.
This checking is done in the “High Assurance” version using the PKI (Public Key Infrastructure) validation protocol. In FIPS-High Assurance, in addition to performing the above verifications, it also validates that the credential carried on the card is from a trusted issuing authority (e.g., a federal government agency) by performing these additional validation steps, live by interrogating an approved OCSP (Online Credential Status Protocol) server via the internet by performing a public key private key challenge (PKI) to make sure that the credential has not been cloned or copied; and
FIPS high assurance also checks the status of the credential to make sure that it has not been revoked (CRL) by the issuing authority. Depending on the FIPS card deployment policy of each government agency, some card holders will have the Card Authentication Certificate also on their card which is validated only in the “High Assurance” version of the software as described above. This simply indicates that this card holder is indeed the person who says who she or he is. The software will add this attribute of the card holder during enrollment of this user in the database. The system operator will now have the option of configuring a few E-Plex 5800 door locks as “high assurance” doors which will then grant access to only card holders with high assurance attribute.
For more information on Kaba Access Control products, contact your local locksmith distributor or visit Web Site: www.kabaaccess.com.
Get card access without wires, software or computers by pairing the E-Plex with LearnLok™.