TrustZone™ Physical Access Control System

Whether your facility has two doors or hundreds of access points, Bridge Points TrustZone Physical Access Control System (PACS) delivers enterprise class features for controlling access. TrustZone is the only system from a single source that is fully integreted to meet the latest federal standards and guidance. Legacy systems simple cannot deliver strong authentication solutions or meet the requirement being imposed by FICAM and OMB 11-11. Unlike legacy systems, Trustzone was designed from the ground up. Having FIPS-201 and NIST 800-166 core functionality fully integrated within systems, rather than bolted on as an afterthought, ensures seamless PKI functionality.

Government and private sector providers of critical infrastructure recognize that trusted identify is fundamental to enterprise security. The TrustZone solution delivers the agility, ease-of-use and identify assurance needed to control access and secure assets.

Based on Java technology, TrustZone is both database and operating system agnostic. When developed with TrustAlert Enrollment and Validation Software and TrustPoint Readers, the system is the most secure PACS available. TrustAlert adds PKI-based certificate validation using OCsP (on-line Certificate Status Protocol) and trustline Readers employ PKI challenge-response at the door to verify the certificate private key. these two PKI mechanisms mitigate the potential of counterfeit or cloned PIV or CAC credentials being used to access the facility.

HSPD-12 Made Simple and Flexible

Bridge Point integrated PACS architecture includes four basis sub-systems.

  • TrustZone Central Server hardware and software
  • TrustZone Central Controller and Door Interface Devices
  • TrustAlert Enrollment and validation Client hardware and software
  • EntryPoint and TrustPoint Access Readers that deliver Level 1 to Level 4 assurance levels.

TrustZone offers the unique capability of being able to operate in the lower Level 1 and Level 2 security modes with the capability of higher security Level 3 and 4 modes being switched on without additional cost or upgrades. The system will interoperate with all government issued CAC and PIV credentials and will also operate with PIV Interoperable and compatible credentials.

Facilities that wish to upgrade to use of PKI can install TrustAlert Enrollment Software with the option of capturing PKI certificates from the credentials enrolled. Capturing certificates for future path validation eliminates the need to re-enroll users before activating strong authentication. If TrustPoint Readers are installed, even with the private key challenge-response not activated, the Readers can be reconfigured to employ the private key challenge at a later date, eliminating the cost of replacing readers.

The TrustAlert Enrollment Application is easy to use and eliminates keystrokes by utilizing information from the CAC or PIV. The system administrator can configure a security policy menu to configure TrustAlert?s security settings and enrollment parameters. Designated security officers can override the system in limited cases that are controlled by the Administrator.

The diagram below illustrates how the TrustZone PACS components work to deliver access with strongly trusted authentication using TrustPoint Readers:

NIST Recommandation

PKI and asymmetric CAK authentication mechanisms should be implemented by a PACS reader capable of full certificate path validation, either on-line or using a cashing status proxy.If a cashing status proxy is utilized, the certificates should be captured when the PIV Card is registered to the PACS.

--NIST SP-800-116, Paragraph 7.4 PACS Registration 


Not only does TrustZone deliver the most trusted access, it is loaded with features and functionality expected with any enterprise access system. The user interface, alarm graphics, intrusion detection and audit reporting are state-of-the-art, extremely intuitive and user friendly. TrustZone provides extensive reporting capability and supports drill-down capability in nearly every software module. An audit trail of operator, event, date and time of all system changes are securely retained. The system delivers standard reports and supports the ability for direct SQL queries.

Other features and functionality include:

  • Open Architecture
  • Scalable and Flexible
  • Efficient and Cost-effective
  • Network and Serial Controllers
  • Database-Independent
  • Nearly Unlimited Credential Holders
  • Nearly Unlimited Access Control Devices
  • Configurable Access Levels
  • Hardware Time Schedules
  • Scheduled 1,2 & 3-Factor Authantication Modes
  • Full Suppoort for PKI< Mechanisms/li>
  • Anti-pass-back
  • Easy-to-Use Interface and Application
  • Local or Centralized Security Control
  • Multiple Client Workstations for Enrollment
  • Encrypted Communication
  • Event Photo Management

It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout. The point of using Lorem Ipsum is that it has a more-or-less normal distribution of letters, as opposed to using 'Content here, content here', making it look like readable English. Many desktop publishing packages and web page editors now use

Lorem Ipsum as their default model text, and a search for 'lorem ipsum' will uncover many web sites still in their infancy.