CoreStreet releases First Responder

SAN FRANCISCO -- CoreStreet officials say they can validate digital credentials in emergency situations in which public-safety and public health employees have no access to a secure network or database of valid credentials.

With a new application called First Responder, CoreStreet officials at the RSA Conference here said they can now validate identity credentials in real time using public networks and handheld smart card readers loaded with First Responder software. They said the software will be compatible with the forthcoming smart card specifications known as Federal Information Processing Standard (FIPS) 201.

First Responder lets authorities know quickly whether people presenting their smart card IDs are who they claim to be. Authorities then use the software to control people's access to any emergency zone, such as Ground Zero, which public safety officials might designate following a terrorist attack or a natural disaster.

"In this handheld device, there are 5 million people's privileges stored," said Salvatore D'Agostino, vice president of CoreStreet. The information is stored in the form of a compressed validation list and not in a database from which personal information could be extracted if the device were lost or stolen, he said. The device synchronizes in about five seconds with CoreStreet's credential validation authority service, which runs on a secure, remote server.

"This solves a fundamental problem for the Department of Homeland Security," D'Agostino said, adding that the product eliminates the need for a massively scaled, secure infrastructure to validate identity credentials. CoreStreet's real-time credential validation authority server is "like a digital note from the doctor," he said, or, in this case, from the digital certificate authority that issued a particular credential.

He said the company's approach saves time and eliminates excessive hardware that otherwise would be needed for cryptographic computations to validate digital certificates.

Defense Department officials recently announced their selection of CoreStreet as one of two companies to provide digital certificate validation services for DOD's identity credentialing effort known as the Common Access Card program.

At the RSA Conference here, CoreStreet officials also demonstrated how they are using their validation technology in another application called Doors. Like First Responder, Doors will use a FIPS 201-compatible smart card to control physical access to buildings, D'Agostino said. Card access systems that control doors to building and rooms are expensive -- typically about $3,500 each -- because the doors must be wired and connected to a database system that stores access rules, he said.

"Most of the cost of card-based physical access is not really the cost associated with the card readers, but the cost associated with wiring the doors," D'Agostino said.

CoreStreet officials are planning a future product in which wiring will be embedded in an electronic cylinder. With that technology, prices for card access systems could drop to about $500 each, D'Agostino said.

If the FIPS 201 smart card standard is approved later this month, as it is expected to be, federal agencies must begin preparing to issue digital identity credentials based on the new standard to their employees and contractors.

Authority for the governmentwide card standard comes from Homeland Security Presidential Directive 12, which President Bush issued last August. It requires federal agencies to consider additional uses for the card, including its use by local public officials.