This presentation is smartcard and reader centric view of FIPS 201 / PIV program for Federal agencies for physical and logical access. FIPS 201 is a standard developed to comply by 12th presidential directive (HSPD-12).

1. PIV (FIPS 201) Anshuman Sinha

6. PIV Timeline Anshuman Sinha <anshuman.sinha2@gmail.com> 2004 2005 2006 Feb FIPS 201 HSPD-12 Aug ‘ 04 NPIVP Test Aug More Test Facilities Nov Biometry Specs. Dec ‘ 05 FIPS 201-1 June PIV Card / Reader IOP July Oct ‘ 06 PIV Target

11. PIV – Java Card Architecture Card Operating System Java Card Virtual Machine Java Card Runtime Environment Java Card API Applet 3 Applet 2 Applet 1 Card Manager Currently Selected Applet Smartcard Controller + Crypto Co-processor Anshuman Sinha <anshuman.sinha2@gmail.com> APDU Response

12. PIV – Multos Architecture MEL Java Basic C Editor Compiler Compiler Compiler Assembler Linker / Optimizer Loader Terminal Sim Debug Anshuman Sinha <anshuman.sinha2@gmail.com>

13. PIV – Java Card Application .Java Files .class Files AID .CAP Files .EXP Files Converter Compiler Loader Anshuman Sinha <anshuman.sinha2@gmail.com> Smartcard

16. PIV Card Data Model Mandatory Data Optional Data Anshuman Sinha <anshuman.sinha2@gmail.com> Description Interface Access Rule Card Capabilities Container Contact Always Read Card Holder Unique Id Contact and Contactless Always Read X.509 for PIV Authentication Contact and Contactless Always Read Card Holder Finger Print I Contact PIN Printed Information Buffer Contact PIN Card Holder Facial Image Contact PIN X.509 for Digital Signature Contact PIN X.509 for Key Management Contact Always Read X.509 for Card Authentication Contact Always Read Security Object Contact Always Read

20. PIV II Graduations - Physical Access Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels PIV Auth Mechanism Some Confidence VIS, CHUID High Confidence BIO Very High Confidence BIO-A , PKI

21. PIV II Graduations - Logical Access Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels Local Auth Mechanism Remote Auth Mechanism Some Confidence CHUID PKI High Confidence BIO Very High Confidence BIO-A, PKI

24. PIV II CHUID Auth Anshuman Sinha <anshuman.sinha2@gmail.com>

25. PIV II BIO AUTH Anshuman Sinha <anshuman.sinha2@gmail.com>

26. PIV II PKI AUTH Anshuman Sinha <anshuman.sinha2@gmail.com>

27. PIV II – Reader Design Goals Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels PIV Auth Mechanism Readers Some Confidence VIS, CHUID Design 1 High Confidence BIO Design 2 Very High Confidence BIO-A , PKI Design 3

31. PIV II - Card End Point Card [Single Chip Dual Interface] Transition Card [Dual Chip Dual Interface] Transition II Card [Dual Chip Dual Interface] PIV II Applet CAC Applet PIV II Applet CAC Applet Anshuman Sinha <anshuman.sinha2@gmail.com>

33. Assurance Levels Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels PIV Physical Auth Mechanism PIV Logical Auth Mechanism Some Confidence VIS, CHUID CHUID High Confidence BIO BIO Very High Confidence BIO-A , PKI BIO-A, PKI