NIST seeking comments on PIV interface standards
- By Jason Miller
- Feb 10, 2006
The National Institute of Standards and Technology has issued draft specifications for smart cards to retrieve and use identity credentials under Federal Information Processing Standard 201
NIST Special Publication 800-73-1
specifies a personal-identification verification data model, communication interface and application programming interface. The document also 'constrains implementers' interpretation of the standards to ease implementation, facilitate interoperability and ensure performance.'
SP 800-73-1 includes standard interfaces for transitional approaches that some agencies, such as the Defense Department, are taking and end-point approaches, which many agencies that don't have card systems in place, are taking. NIST will accept comments through Feb. 28.
The release of the draft specification comes on the heels of NIST's pre-approval to two more smart cards that would meet PIV II. A card from GemPlus SA of Luxembourg and another from Sagem Orga of Paderborn, Germany, are going through the pre-approval process. NIST also has pre-approved three middleware products from Sagem, GemPlus and ActivCard Inc. of Freemonst, Calif.
The smart cards must now undergo testing for compliance with FIPS-140-2 Cryptographic Module Validation Program to ensure they still conform to the security requirements. Because smart cards that include the PIV application are cryptographic modules, conformance to FIPS-140-2 needs to be re-examined to make sure they continue to conform, NIST officials have said.
Oberthur Card Systems of Rancho Dominguez, Calf., had the first card pre-approved,
and its certification is under NIST review, according to NIST's Web site.