IDMS Architecture View

The IDMS is a .Net based server application and is installed on Microsoft IIS. It connects with various ID and security systems to manage the state of the derived credential process as well as issue the credential. The architecture view below details the system connections. Next, the table below provides the accounts and system requirements for installation.

Description	Requirement
IdExchange: This is the IdExchange application that is installed on Microsoft IIS. It contains the logic and workflow definitions for the identity enrollment and credential issuance process including: Registration: The registration module enables the end user to easily create a secure request for a derived credential using their existing PIV card. This module will read and verify the PIV card by verifying the user’s personal identification number (PIN) and the validity of the PIV authentication certificate on the card. Once verified, the system will use the PIV card to create a signed request for a PIV derived credential. Id Verification: The Id Verification module interfaces with the identity system that issued the PIV card to check the validity of the employment status of the user creating the derived credential request. This system enables the verification of the user’s employment status in accordance with NIST 800-157 as well as to help automate the user verification process.	Windows 2012, 2016 IIS 7+ .Net 4.8 or higher
PIVIT: Service that interacts with the device hardware to enable the encoding of MFA devices.	Windows 10 .Net 4.8 or higher
Certificate Authority: Issues the certificates for the derived credential.	RA credential with rights to issue certificates.
SQL Server: The IDMS will store processing data in the SQL Server.	Database account with rights to create tables, write, read and alter data.
Mail Server: The IDMS will send email notification to users.	SMTP Account Email signing/Encryption certificate
HSM: The IDMS stores encryption keys in the HSM.	Client access to the HSM.