NIST seeking comments on PIV interface standards

The National Institute of Standards and Technology has issued draft specifications for smart cards to retrieve and use identity credentials under Federal Information Processing Standard 201.

NIST Special Publication 800-73-1 specifies a personal-identification verification data model, communication interface and application programming interface. The document also 'constrains implementers' interpretation of the standards to ease implementation, facilitate interoperability and ensure performance.'

SP 800-73-1 includes standard interfaces for transitional approaches that some agencies, such as the Defense Department, are taking and end-point approaches, which many agencies that don't have card systems in place, are taking. NIST will accept comments through Feb. 28.

The release of the draft specification comes on the heels of NIST's pre-approval to two more smart cards that would meet PIV II. A card from GemPlus SA of Luxembourg and another from Sagem Orga of Paderborn, Germany, are going through the pre-approval process. NIST also has pre-approved three middleware products from Sagem, GemPlus and ActivCard Inc. of Freemonst, Calif.

The smart cards must now undergo testing for compliance with FIPS-140-2 Cryptographic Module Validation Program to ensure they still conform to the security requirements. Because smart cards that include the PIV application are cryptographic modules, conformance to FIPS-140-2 needs to be re-examined to make sure they continue to conform, NIST officials have said.

Oberthur Card Systems of Rancho Dominguez, Calf., had the first card pre-approved, and its certification is under NIST review, according to NIST's Web site.

inside gcn

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group