NIST issues revised draft specs for federal ID cards

NIST issues revised draft specs for federal ID cards

The National Institute of Standards and Technology has released specifications that will firm up biometric plans for governmentwide personal-identity-verification cards.

The revised Special Publication 800-73 is a second draft and does not set any implementation deadlines. It covers both file system and Java Virtual Machine cards, so that agencies such as NASA with existing smart-card programs can comply and card vendors do not have to redesign their products.

Among other things, the draft discusses data flows, card architecture, the client application programming interface and command interface, construction of the card edge, use for physical and logical access, embedding X.509 certificates and using acceptable encryption algorithms.

NIST will accept public comments on the draft until Feb. 14.

Homeland Security Presidential Directive 12 required NIST to develop the specs for a common federal smart card. Agencies must establish compliant card programs by Oct. 25 [see GCN story].

Last week the agency published a complementary biometric-technology draft, Special Publication 800-76, with a comment period ending Feb. 7.

SP 800-76 details how to capture fingerprints and full-frontal facial images correctly. It also defines a common header for all types of biometric data, called the Common Biometric Exchange Formats Framework (CBEFF).

NIST and the Government Smart Card Interagency Advisory Board have spent several months reworking draft Federal Information Processing Standard 201, with final release due by Feb. 28, as well as the draft SP 800-73. Together the three documents will set lifecycle procedures for registration, issuance and use of PIV cards.

NIST's Curt Barker, co-chairman of the PIV project, said the FIPS is now 'in the final approval process.'

The draft 800-76 publication says fingerprint capture must follow the International Committee for Information Technology Standards' 391-2004 data interchange format. There are additional detailed formats for transmitting PIV fingerprint images to the FBI for background checks.

Facial images under 800-76 must conform to the INCITS 385-2004 specification. Fingerprints as well as facial images must be embedded in the CBEFF framework and digitally signed. Reader devices used with the smart cards must comply with the industry BioAPI standard as well as the CBEFF.

(Posted 2:52 p.m. Jan. 31; updated 7:17 a.m. Feb. 1)

inside gcn

  • russian email hack (Bakhtiar Zein/Shutterstock.com)

    Mueller indictment details hacks on state election systems

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group