NextgenID's

NGID*Trust Platform

Identity Management Innovation, transforming identity assurance enrolment functions

Security of the NGID*Trust Platform™ Managed Service

Security is the cornerstone within each architectural layer of the NGID*Trust Platform™. Going beyond mandated physical and logical security requirements, the multi-layered security includes automated measures and assessments. The NGID*Trust Platform™ MSO is audited and certified to adhere to the technical standards, implementation directives, and operating guidelines established by the National Institute of Standards and Technology (NIST) and Federal Government Directives.

Enrollment

NextgenID ID*CAPTURE Kiosk’s patented technology, you can perform all levels of identity assurance enrolment functions, including IAL3, in-person operator and applicant compliance.

Credentialing

NextgenID ID*CAPTURE Kiosks complies with applicable government standards including ADA, FBI, GSA, HSPD-12, NIST, ISO, ANSI, HSPD 12, PIV, PIV-I and CAC.

Management & Services

NextgenID ID*CAPTURE Kiosks enables tenants to federal multiple workflows based on their requirements using our management services and Identity as a Service solutions.

The NextgenID*TRUST Platform™

is one of very few U.S. government-certified, end-to-end turn-key solutions for trusted identity enrollment, issuance and management services. A turnkey managed service, it provides enrolling, credentialing and managing trusted identity credentials across the global enterprise. Flexible, scalable and secure it combines people, process, and technology to deliver a total end-to-end credential management and delivers cost effective, on-premise credentialing solutions.

Finding Images

A sound portfolio of security protections

Elemental protections

All system administrative activities require two-factor authentication – Smart Card and PIN, system role authorization and must be conducted by two certified administrators.

Separation of duties

All system users require certification through training specific to their function, and mandatory separation of duties prevents accidental or intentional violations of system, user or network actions.

RBAC in action

Role-based access control (RBAC) allows organizations to define who can carry out specific functions, allowing for centralized, delegated or self-service operations models.

Web and mobile security

Functions are delivered via web-based multi-stage workflows or through an identity agent application on a mobile platform, combining security with ease of use.

Cryptographic audit trails

System administrators use smart cards to digitally sign operations that they perform resulting in a complete audit trail, full traceability and non-repudiation of actions.

Encryption at rest

All sensitive fields contained in the systems databases are explicitly encrypted at rest, using Hardware Security Module (HSM) integrated key management security.

Encryption in transit

All external communications are protected using TLS at the transport layer and secure data envelopes at the application layer. During transmission, the system uses high-integrity ‘secure channels’ to deliver end-to-end encryption.

Biometric security

Biometric enrollment data collected at the ID*Capture® Kiosk is encrypted and transmitted to the backend servers. Upon successful transmission, the enrollment data is purged from the Kiosk.

Strong physical security

The data center has a very high degree of physical security enforced by a GSA-approved physical access control system. Security cameras, motion detectors and an alarm system with 24x7 monitoring protects the facility.

Restricted access

To ensure that no one person can access to the servers, entrance to the data center requires two authorized administrators to simultaneously authenticate at smart card door readers. In addition, no remote access or administration is enabled.

Sound key management

Cryptographic keys, such as the management keys for smart cards and credentials, are stored on a Hardware Security Modules (HSM).

Certificate policies

NextgenID follows the policies and procedures specified in the Certificate Policy approved to be cross certified to the Federal PKI Bridge.

NextgenID's Latest News

April 29, 2020
NextgenID Presents Identity-as-a-Service, Minimizing Identity Enrollment Costs and Offering Long-term Savings


April 15, 2020
NextgenID Announces Supervised Remote In-person Proofing to Enable Government Agencies’ HSPD-12 Identity Credential Issuance to Comply with COVID-19 Safety Guidelines

Jan 13, 2020
NextgenID’s Newly Appointed CEO Continues Support of the Secure Technology Alliance



Jan 7, 2020
Zeva Holdings Group Announces Acquisition of Identity & Access Management Company NextgenID & Names New CEO