Personal Identity Verification

Avoid Personal Identity Verification (PIV) Authentication Blind Spots and Assure Your Business-Critical Journeys

Introduction

The U.S. Customs and Border Patrol’s Personal Identity Verification (PIV) authentication process could only monitor some synthetic scenarios, creating personal identity verification (PIV) authentication blindspots. As a result, most user journeys unmonitored and vulnerable to failure, potential revenue leakage, user dissatisfaction, productivity loss and/or potential non-compliance.

The Problem

Civilian U.S. government agencies require PIV card authentication for employees to access varying levels of systems and applications. Most U.S. government IT dev teams were not capable of thoroughly monitoring their applications throughout the entire transaction if they include secure authentication in the middle of the journey. When applications are deployed without end-to-end service-level assurance, the responsible teams are left unaware of app failure and further negative impacts on the business. The U.S. Customs and Border Patrol turned to Apica for help in getting a full view of their critical app journeys. Apica provides service-level assurance for any critical business journey regardless of location, device, authentication, application or scale. Within that, Apica supports many different authentication types, including multi-factor, advanced and physical smart cards, such as PIV cards. With Apica, companies can avoid personal identity verification (PIV) authentication blindspots and complete all their critical business journeys every time.

The Apica Solution

Apica checks the full user journey at the adminstator’s specified interval through complex systems, applications (cloud or private) or any type of authentication method. For security reasons, the authentication credentials are never stored or copied, but seamlessly generated with each request. This is essential for ensuring uptime and reliability of the target application. In the example of the PIV card authentication, Apica scripting was configured to the user’s PIV settings. Then, Apica generated a recording that could be replayed to replicate the user’s navigation of the app. The script navigated to the home page, clicked on the login link sign-in. Once on this page, the Apica scripting solution fetched encrypted user information stored in the Apica database, such as username and pin, to be used in conjunction with the PIV to emulate being authenticated into accessing the site. The user could then view the account summary and verify the current balance. After that, the user logged out of the system.

Conclusion

Apica’s service-level assurance empowers U.S. government agencies to monitor their PIV enabled applications “end-to-end,” without compromising security, revenue, user satisfaction, or productivity. Their essential apps are monitored completely, ensuring a successful business outcome with every transaction.

Ready to Learn More?