Strategies for the Implementation of PIV – I Secure Identity …d3nrwezfchbhhm.cloudfront.net/media/piv-i-workshop-2010/... · 2016-05-02 · Strategies for the Implementation of
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
• Dual interface contact and contactless smart card. • SmartMX chip technology • ISO 7816 (T=0 and T=1) contact interface. • ISO 14443A/B-4 (T=CL) contactless interface. • DES3 encryption. • Suitable for high level languages and multi-application OS
(Operating Systems) such as JAVA, JCOP, MULTOS. • Available with 36k, 72k, 128k, <1M (EEPROM) memory • Max number of user applications and files is OS dependent.
Understanding the differences between RFID and RF-enabled smart card technologies is critical in order to correctly assess each technology's fit with a specific application's security and privacy requirements.
RFID and RF-enabled smart card technologies comply with different standards, have different operating ranges and widely varying ability to support security features needed by RF-enabled applications.
Security • Contactless Chip is tamper-resistant • Information stored can be read/write protected • Capable of performing high security encryption • Challenge Response Mutual Authentication • Smart Cards have unique serial numbers • Biometrics support provides One-to-One Match
Intelligence • Capable of Processing, not just storing information • Multi-Application support • Information and Applications on a card can be updated without
having to issue new cards. • PKI & Encryption support
Convenience • Portable easy-to-use form factor • High speed access for high throughput • Useable in harsh or dirty environments (RF) • Fast positive Authentication of Identity
Reliable and Inexpensive • Durable - card bodies • Contactless - manual dexterity, speed, no maintenance • Passive – no batteries • Low Cost - ownership
Flexible • Reader Interface Options = TCP/IP, USB 2.0, Wiegand, Serial data • Many Form Factors
US Government Identity Credential Timeline (cont.)
2010 • National Strategy for Trusted Identities in Cyberspace (NSTIC), • PIV-i 1.1, • PIV-i FAQ, • FICAM Part B Guidance (expected Q4), • Department of Commerce; Cyber security, Innovation and the Internet Economy, • Fed PKI-Policy Authority; Citizen and Commerce Class Common Certificate Policy.
HSPD-12 (Homeland Security Presidential Directive 12) • Issued by President George W. Bush on August 27, 2004 • Mandates the establishment of a standard for identification of Federal
Government employees and contractors. • Requires the use of a common identification credential for both logical and
physical access to Federally controlled facilities and information systems. • Intends to enhance security, increase efficiency, reduce identity fraud, and
protect personal privacy.
FIPS-201 (Federal Information Processing Standard Publication 201) • Issued by National Institute of Standards and Technology (NIST) Feb 25, 2005. • Defines the standard for Personal Identity Verification (PIV) of Federal
Employees and Contractors. • Applies to both physical and logical access control, and other applications as
determined by the individual agencies. • Provides guidance for implementing the HSPD-12 requirements for a common
Federal identification credential that is to be used to access both physical and logical facilities and information systems.
The most important benefits of the FIPS 201 model is the strong assurance that the identity associated with a
credential belongs to the correct individual.
• Specifies a “useful” and “secure” identity card that supports a wide range of use cases. • Enables card support across a wide range of PCs, servers, controllers, systems, and mobile devices. • Defines Policy & Infrastructure. • Defines processes and technical specifications that enable interoperability across organizations. • Fosters competition to reduce prices.
• It is supported by a wide range of manufacturers and integrators.
• It does not compel an organization to use a single vendor for key components (see APL).
• It provides flexible authentication, signature, and encryption functionality.
• It is well positioned to take advantage of emerging technologies, such as biometrics.
• As a standard that will be used by Federal agencies to issue credentials to millions of U.S. Federal employees and contractors, it has the advantage of scale.
• It provides the framework to support interoperable identity credentials across organizations…PIV-i
Personal Identification Verification (PIV) Cards • Cornerstone Electronic Credential in U.S. Federal
Government used in Authentication to both Information Resources and Facilities.
• In HSPD-12 U.S. Federal Departments and Agencies are Required to Issue PIV Cards to Permanent Government Personal and Contractors.
• Issued ONLY by U.S. Federal Entities. • Is Relied On by U.S. Federal and Non-Federal Entities. • Background Investigation – Minimum NACI. • Assert Federal Common Policy Framework (FCPF)
• PIV – Personal Identity Verification Card – an identity card that meets the PIV technical specifications to work with PIV infrastructure elements such as card readers, and is issued by the Federal government in a manner that allows relying parties to trust the card.
• PIV-I - Interoperable Card – an identity card that meets the PIV technical specifications to work with PIV infrastructure elements such as card readers, and is issued by a Non-Federal Issuer (NFI). in a manner that allows Federal government relying parties to trust the card.
Personal Identification Verification – Interoperable (PIV-i) Cards • Cornerstone Credential For All Security Controls For Both Information Resources (LACS) And Facilities Protection (PACS). • Issued by Non-Federal Issuers (NFI). • Intended Primarily For Issuance By Non-Federal Entities. • May Be Relied On By Federal And Non-federal Entities. • Identity and Affiliation Certainty Equivalent to PIV. • No Issuer Background Investigation of Cardholders. • Asserts Federal Bridge Certificate Authority (FBCA) Certificate Policy Object ID’s for PIV-i.
SP-800-78 Cryptographic Algorithms and Key Sizes for PIV
SP-800-116 A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP-800-96
PIV Card / Reader Interoperability Guidelines
SP-800-79
Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations
SP 800-87 Codes for the Identification of Federal and Federally-Assisted Organizations
TWIC ICAM PIV-i / FRAC
www.smartcardalliance.org • Physical Access Control System Migration Options for Using FIPS 201-1
Compliant Credentials, Smart Card Alliance Physical Access Council white paper developed in collaboration with the Open Security Exchange, Security Industry Association and International Biometric Industry Association, September 2007
• FIPS 201 PIV II Card Use with Physical Access Control Systems: Recommendations to Optimize Transaction Time and User Experience, Smart Card Alliance Physical Access Council white paper, May 2007
• Considerations for the Migration of Existing Physical Access Control Systems to Achieve FIPS 201 Compatibility, Smart Card Alliance Physical Access Council white paper, September 2006
• FIPS 201 and Physical Access Control: An Overview of the Impact of Physical Access Control Systems and FIPS 201, a Smart Card Alliance Physical Access Council briefing presentation, January 2006
• FIPS 201 on Federal Physical Access Control Systems, a Smart Card Alliance Physical Access Council white paper, September 2005