FIPS 201 Framework: Special Pubs ,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005

Special Publication PIV card application definition o NOT a general purpose card platform spec! Part 1: Common data model and migration Part 2: Transition card interfaces Part 3: End point specification

Part 1: Mandatory Data Objects PIV credential element objects o Card Capability Container: Discovery o Cardholder Unique Identifier: PACS 2.2 o PIV Authentication Key o Fingerprint Buffers (2) o Security Object

Part 1: Optional Data Objects Optional PIV credential element objects o Printed Information o Facial Image o Digital Signature Key o Key Management Key o Card Authentication Key

Part 1: Migration Issues Some agencies have smart card deployments Government Smart Card Interoperability Specification (NISTIR 6887) Migration path is based on continuity of the PIV data model Legacy agencies MAY use Part 2 transition specification

SP Part 2 Essentially a PIV profile of GSC-IS Maintains the GSC-IS dual card interfaces o File system o Virtual Machine Developed by the Government Smart Card Interagency Advisory Board Part 2 is informative

SP Part 3 Unified card command interface Compliant with existing international standards (ISO 7816) Technology neutrality: Implementable on any card platform Essential features for: o High degree of PIV card interoperability o Future-proofing PIV framework

Part 3: Data Model Data model is common to both Parts 2 and 3 Different identifiers (BER-TLV) used at the card edge in Part 3

Part 3: Standard Namespaces ASN.1 Object Identifiers in the PIV arc of the Computer Security Object Register at the Client Application Programming Interface PIV RID is the root of card Application Identifiers(AIDs) BER-TLV tags for data objects at the card interface

Part 3: PIV Card Application AID is A xx xx Full PIV RID to be published by NIST Access Control Rules applied to PIV credential objects Provides a set of 8 ISO compliant card interface commands Restricted functionality in contactless mode

Part 3: Client Application Programming Interface Equivalent to GSC-IS Basic Services Interface Provides 9 higher level commands Implemented by middleware PIV middleware is MUCH simpler than GSC-IS middleware because card command mapping is not required

Part 3: Reference Implementation Part 3 compliant implementation PIV card application running in a card simulator Middleware Publicly available Basis for conformance tests Estimated completion date June 25

SP Summary PIV II card application and client application programming interface spec Informative Part 2 transition specification for migrating legacy GSC-IS deployments Normative Part 3 end point specification All agencies are to reach full deployment of Part 3 PIV cards by the end of their PIV II Phase, regardless of the migration path chosen.

Special Publication Overview FIPS 201 relies on cryptography o To protect objects stored on the PIV card o To authenticate the PIV card or cardholder o To authenticate the source and integrity of status information

Cryptographic Strength Requirements SP mandates a transition from 80 bit strength to 112 bits of strength by 1/1/2011 o Cryptographic keys that provide long term data protection transition by 1/1/2009 to provide two years forward security Elliptic Curve Cryptography is specified with a minimum of 112 bits of strength (224 bit keys) o Avoid transition issues

Cryptographic Objects Stored on the PIV Card FIPS 201 specified o Cryptographic keys o Digitally signed objects CHUID Biometrics X.509 Certificates SP specified o Authentication/Integrity Object

Cryptographic keys Asymmetric private keys o PIV Authentication key (Mandatory) o Digital Signature key (Optional) o Key Management key (Optional) May support key transport or key agreement Card Management Key (Optional) o Symmetric key PIV Cardholder Authentication Key (Optional) o May be symmetric or asymmetric

Asymmetric Algorithms for Cryptographic Keys SP limits asymmetric keys to RSA and ECC o RSA must be 1024/2048/ bit keys phased out by 1/1/2011 Digital signature and key management keys transition by 1/1/2008 to provide for forward security Authentication keys transition by 1/1/2011 since forward security is not an issue o ECC must use a recommended curve from FIPS through 283 bit keys No phase out specified

Symmetric Algorithms for Cryptographic Keys SP limits symmetric keys to Triple DES (TDEA) and AES o TDEA must be two key or three key Two key TDEA phased out by 1/1/2011 o AES may be 128, 192, or 256 bit keys No phase out specified

Digitally Signed Objects Signatures may be generated using RSA or ECDSA o RSA may use PKCS #1 or PSS padding schemes o SHA-1, SHA-224, and SHA-256 hash algorithms SHA-1 phased out by 1/1/2011 Phase out depends on card expiration, not signature generation date

SP Security Object ICAO Authentication/Integrity Object Digitally signed hash table o The table includes a message digest for each of the objects (CHUID, keys, etc.) stored on the card o Message digests are generated using SHA-1, SHA-224, or SHA-256 SHA-1 phased out by 1/1/2011 o Signature requirements from previous slide

Status Information FIPS 201 relies upon digitally signed X.509 CRLs and OCSP responses to distribute status information Signatures may be generated using RSA or ECDSA o RSA may use PKCS #1 or PSS padding schemes o SHA-1, SHA-224, and SHA-256 hash algorithms SHA-1 phased out by 1/1/2011 Phase out depends on signature generation date

Special Publication Biometric Data Specification for Personal Identity Verification Major issue: Minutia vs. full image o File size o Interoperability o Privacy Still in draft form

Contact Information Curt Barker PIV Program Jim Dray ): Terry Schwarzhoff NIST Smart Card Program Manager, Standards NIST PIV Website: