NIST updates specs for next-gen PIV cards
The National Institute of Standards and Technology has updated authentication and cryptographic specifications for Personal Identity Verification cards that work with mobile devices and smartphones.
The update to Interfaces for Personal Identity Verification (Special Publication 800-73-4) provides additional ways to authenticate a cardholder’s identity. On-card biometric comparison helps preserve a cardholder’s privacy because the individual's fingerprint data never leave the card. A new specification protects wireless communications between the PIV Card and mobile device when the cardholder uses authentication, signature or encryption services with a mobile device. Another new security feature prevents a cardholder from changing the PIN to one that is too short.
Cryptographic Algorithms and Key Sizes for Personal Identity Verification (Special Publication 800-78-4 May 2015) updates the technical cryptographic details needed to maintain the security of the next-generation PIV Card.
Featuring a microchip with the employee’s photo, PIN, fingerprint information and other details, PIV cards give federal employees and contractors secure access to government facilities and computers.
The next-generation PIV card allows mobile devices to connect securely to government computer networks. It also provides stronger identity assurance for federal workers to enter many government facilities and use computers at those locations.
Connect with the GCN staff on Twitter @GCNtech.