Efforts to protect information technology systems from hackers, terrorists and even accidental breaches are getting a lot of national attention in the security arena. But a Herndon company, Certipath LLC, is more focused on threats that might walk right through the front door.

Certipath, which verifies personnel credentials for government aviation, aerospace and defense organizations, has created a security system to control physical access to government facilities using credentials stored on smart ID cards.

The company, formed by a joint venture of communications and engineering companies Exostar LLC, Arinc Inc. and Sita SC, designed a system that allows government personnel and employees of federal contractors to access buildings using any government-issued ID card.

After installing the system at its headquarters about six months ago to work out any bugs, Certipath is getting ready to officially debut the system to government agencies in January. CEO Jeff Nigriny says interested agency representatives have been showing up “by the bus loads” for sneak peeks.

“Agencies are all charged with developing access control systems that would use PIV [personal identification verification] credentials for their facilities,” said Judith Spencer, the General Services Administration’s expert on identification management, adding that Certipath’s system “becomes an important tool that agencies can now evaluate and make a decision on.”

The GSA entered into a partnership with Certipath because it wanted to show that a system such as Certipath’s could be made. “Lots of organizations were doubting whether it could be done — and done economically,” Spencer said.

This is the first time anyone has demonstrated a system for verifying credentials that accepts different types of ID cards and allows the cards to be read without having to be swiped through the reader, she added.

Certipath began working on the system’s design in January and in March received funding from the GSA to complete the design. In return, the company will provide the GSA with the technical specifications required to make a cost-effective system that can verify credentials issued by any agency on various ID cards. Certipath is also testing vendors’ hardware and software products for use in its system.

Certipath’s technology has multiple security features, such as its combined use of data from computer chips on ID cards, bioinformatics — think fingerprints — and passwords entered into card readers at building entrances or internal doors.

Through integration with an agency’s human resources data, readers can open doors — or keep them locked — depending on a person’s credentials and employment status.

“It’s the Swiss Army knife of physical access,” said Steve Howard, Certipath’s vice president of operations, who was hired in January after serving on the government team that authored a security standard, known as FIPS 201.

There’s a huge market for the system, Nigriny said, citing the volume of ID management done at the Defense Department alone.

There are signs of buy-in on the concept from vendors too.

By October 2005, Certipath had already signed major defense contractors including The Boeing Co., Lockheed Martin Corp., BAE Systems Inc., Raytheon Co., Northrop Grumman Corp. and European Aeronautic Defence & Space Co. NV as early customers using its technology for linking identity verification systems of private businesses.

Company officials would not disclose revenue figures.

Source: http://washington.bizjournals.com/washington/stories/2009/12/07/story7.html?b=1260162000^2533751

No Comments

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment