1.3 Identity Assurance Solution Workflow

Figure 1-1 describes the basic workflow of this solution.

  1. From a workstation, the sponsor accesses the user application associated with the PIV Workflow Driver and submits a request for a PIV card for the applicant.

  2. The PIV Workflow Driver sends the request to the PIV Life Cycle driver.

  3. The PIV Life Cycle driver checks to make sure the request is valid and complete. If it is a valid request, it routes the request to the Enrollment/Biometric Capture driver.

  4. The Enrollment/Biometric Capture driver routes the request to the biometric engine, accessible by the registrar’s workstation.

  5. The applicant meets with the registrar and provides whatever information is required by the company. The following are examples of information that could be included on the PIV card:

    • Signature

    • Photo

    • Fingerprint

    • I9 Form

    A background check is also conducted on the applicant.

  6. After the enrollment data is captured, the registrar submits it again to the Enrollment/Biometric Capture driver.

  7. The Enrollment/Biometric Capture driver sends the enrollment data to the PIV Life Cycle driver.

  8. The PIV Life Cycle driver checks to make sure the data is valid and complete. If the data is valid and complete, it routes the request to the Card Management System driver.

  9. The Card Management System driver sends a Card Production Request (CPR) to the Card Management System.

  10. The activator creates the PIV card for the applicant.

    The applicant meets with the activator to receive the PIV card. The applicant provides a fingerprint scan to confirm his or her identity and to finalize the PIV card creation and issuance. When this is successfully completed, the activator hands over the card.

  11. After the card is physically issued, the activator sends a Card Issue Event back to the Card Management System driver. The Card Issue Event contains all the card data.

  12. The Card Management System driver notifies the PIV Life Cycle driver of the Card Issue Event.

  13. The PIV Life Cycle driver stores the card data and verifies that everything is in order. If so, the applicant can now use his or her card for logical access to the network. The PIV Life Cycle driver notifies the Physical Access Control driver of the card issuance.

  14. The Physical Access Control driver sends the information to the Physical Access Control System. The card is activated for physical access based on the sponsor’s chosen settings.