PIV & CAC Enrollment and Validation Solutions

BridgePoint’s suite of tightly integrated hardware and software products optimize authentication and enrollment of PIV, CAC, TWIC and PIV-I credentials to compatible access control systems. Advanced functionality enables storage of PKI certificates for optional revocation status checking of the public key certificates on the credential (NOTE: requires TrustAlert Certificate Validation Service).
By importing data directly from the credential, errors that result from manual entry are eliminated, and efficiency is significantly increased. Enrollment time is reduced to 15 seconds compared with up to 5 minutes for manual entry.
TrustAlert can be purchased with an optional Certificate Repository that stores Public Key Certificates from the credentials as they are enrolled. This data store can be used to validate the certificate status of enrolled credentials on a scheduled basis per Government guidance for strong authentication in PACS.
The TrustPoint Enrollment Stations provide strong authentication including PIN, biometric, and PKI challenge-response verification to both the personal and card authentication certificates on the credential.


The TrustAlert Enrollment and Validation Application interacts with the TrustPoint Enrollment Readers to provide comprehensive credential data and HSPD-12 authentication mechanisms in one view. 
The window displays the progress in real time as the user is enrolling. The attendant can view the results of the authentication factors including Card Expiration Date, BIO Scan match, Private Key Challenge (CAK and PAK), Certificate Revocation Status and view the Digital Photograph. 
If the pre-configured Security Policy is met, the attendant can click on the Enroll button to complete the PACS Enrollment process. If the security policy is not met, a Supervisor can enter their Supervisor Code to enable an optional Override.


The TrustPoint Desktop Enrollment Reader provides 2-Factor authentication of a PIV Credential by verifying the User’s PIN. 
The Reader extracts the cardholder’s PHOTO and executes a PKI challenge-response to both the Personal Certificate Private Key (PAK) and the Card Authentication Private Key (CAK). The Station exports data from the credential (including the Name, Agency, Expiration Date, Photo and FASC-N) to the BridgePoint TrustAlert application. Once the data is imported, TrustAlert will then “enroll” the user into a PACS with one simple “point and click” action.
The simplicity and speed of a user-friendly device streamlines enrollment, saving time and money.