NIST issues revised draft specs for federal ID cards

NIST issues revised draft specs for federal ID cards

The National Institute of Standards and Technology has released specifications that will firm up biometric plans for governmentwide personal-identity-verification cards.

The revised Special Publication 800-73 is a second draft and does not set any implementation deadlines. It covers both file system and Java Virtual Machine cards, so that agencies such as NASA with existing smart-card programs can comply and card vendors do not have to redesign their products.

Among other things, the draft discusses data flows, card architecture, the client application programming interface and command interface, construction of the card edge, use for physical and logical access, embedding X.509 certificates and using acceptable encryption algorithms.

NIST will accept public comments on the draft until Feb. 14.

Homeland Security Presidential Directive 12 required NIST to develop the specs for a common federal smart card. Agencies must establish compliant card programs by Oct. 25 [see GCN story].

Last week the agency published a complementary biometric-technology draft, Special Publication 800-76, with a comment period ending Feb. 7.

SP 800-76 details how to capture fingerprints and full-frontal facial images correctly. It also defines a common header for all types of biometric data, called the Common Biometric Exchange Formats Framework (CBEFF).

NIST and the Government Smart Card Interagency Advisory Board have spent several months reworking draft Federal Information Processing Standard 201, with final release due by Feb. 28, as well as the draft SP 800-73. Together the three documents will set lifecycle procedures for registration, issuance and use of PIV cards.

NIST's Curt Barker, co-chairman of the PIV project, said the FIPS is now 'in the final approval process.'

The draft 800-76 publication says fingerprint capture must follow the International Committee for Information Technology Standards' 391-2004 data interchange format. There are additional detailed formats for transmitting PIV fingerprint images to the FBI for background checks.

Facial images under 800-76 must conform to the INCITS 385-2004 specification. Fingerprints as well as facial images must be embedded in the CBEFF framework and digitally signed. Reader devices used with the smart cards must comply with the industry BioAPI standard as well as the CBEFF.

(Posted 2:52 p.m. Jan. 31; updated 7:17 a.m. Feb. 1)

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.