SlideShare a Scribd company logo

FIPS 201 / PIV

Anshuman Sinha
Anshuman Sinha

This presentation is smartcard and reader centric view of FIPS 201 / PIV program for Federal agencies for physical and logical access. FIPS 201 is a standard developed to comply by 12th presidential directive (HSPD-12).

TechnologyBusiness
1 of 47
PIV (FIPS 201) Anshuman Sinha
What is PIV (FIPS 201)? ,[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
What does PIV replace? ,[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Goals of PIV? ,[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
What is PIV II? ,[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV Timeline Anshuman Sinha <anshuman.sinha2@gmail.com> 2004 2005 2006 Feb FIPS 201 HSPD-12 Aug ‘ 04 NPIVP Test Aug More Test Facilities Nov Biometry Specs. Dec ‘ 05 FIPS 201-1 June PIV Card / Reader IOP July Oct ‘ 06 PIV Target
PIV Technology ,[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV Card Technology – Physical Req. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV Card Technology – Platform Req. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV Card Technology – Platform Req. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV – Java Card Architecture Card Operating System Java Card Virtual Machine Java Card Runtime Environment Java Card API Applet 3 Applet 2 Applet 1 Card Manager Currently Selected Applet Smartcard Controller + Crypto Co-processor Anshuman Sinha <anshuman.sinha2@gmail.com> APDU Response
PIV – Multos Architecture MEL Java Basic C Editor Compiler Compiler Compiler Assembler Linker / Optimizer Loader Terminal Sim Debug Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV – Java Card Application .Java Files .class Files AID .CAP Files .EXP Files Converter Compiler Loader Anshuman Sinha <anshuman.sinha2@gmail.com> Smartcard
PIV – Global Platform ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV - Subsystems ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV Card Data Model Mandatory Data Optional Data Anshuman Sinha <anshuman.sinha2@gmail.com> Description Interface Access Rule Card Capabilities Container Contact Always Read Card Holder Unique Id Contact and Contactless Always Read X.509 for PIV Authentication Contact and Contactless Always Read Card Holder Finger Print I Contact PIN Printed Information Buffer Contact PIN Card Holder Facial Image Contact PIN X.509 for Digital Signature Contact PIN X.509 for Key Management Contact Always Read X.509 for Card Authentication Contact Always Read Security Object Contact Always Read
Card Cryptographic Objects ,[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Key Sizes – Time Bound ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV Card Biometry ,[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II Graduations - Physical Access Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels PIV Auth Mechanism Some Confidence VIS, CHUID High Confidence BIO Very High Confidence BIO-A , PKI
PIV II Graduations - Logical Access Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels Local Auth Mechanism Remote Auth Mechanism Some Confidence CHUID PKI High Confidence BIO Very High Confidence BIO-A, PKI
PIV II Auth Mechanisms ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II Auth Mechanisms ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II CHUID Auth Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II BIO AUTH Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II PKI AUTH Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II – Reader Design Goals Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels PIV Auth Mechanism Readers Some Confidence VIS, CHUID Design 1 High Confidence BIO Design 2 Very High Confidence BIO-A , PKI Design 3
PIV II – Reader Design Goals ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II - Physical Access Rdr. IOP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II - Card End Point Card [Single Chip Dual Interface] ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Transition Card [Dual Chip Dual (contact + contactless) Interface] Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II - Card End Point Card [Single Chip Dual Interface] Transition Card [Dual Chip Dual Interface] Transition II Card [Dual Chip Dual Interface] PIV II Applet CAC Applet PIV II Applet CAC Applet Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II - SP 800-73 ,[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Assurance Levels Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels PIV Physical Auth Mechanism PIV Logical Auth Mechanism Some Confidence VIS, CHUID CHUID High Confidence BIO BIO Very High Confidence BIO-A , PKI BIO-A, PKI
When to ReIssue Identity Cards? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
When to ReIssue? ,[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Upon Lost Notification [Person in Organization] ,[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Temporary Badge Creation ,[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
ReIssuance of PIV Credentials ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
New / Replacement Badge Creation ,[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Security Policies Upto Agency ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
75 bit Weigand (Truncated FASC-N) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
200 bit Weigand (FASCN) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
200 bit Weigand (FASCN + E.Date) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
200 bit Weigand (FASCN + HMAC) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Reissuance Policy for PACS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Certificate Revocation ,[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
References ,[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>

Recommended

Technical Overview of Java Card
Technical Overview of Java CardTechnical Overview of Java Card
Technical Overview of Java CardAnshuman Sinha
 
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...FIDO Alliance
 
Adaptive Authentication: What, Why and How?
Adaptive Authentication: What, Why and How?Adaptive Authentication: What, Why and How?
Adaptive Authentication: What, Why and How?WSO2
 
DI Amsterdam meetup windows hello core slides 20200319
DI Amsterdam meetup windows hello core slides 20200319DI Amsterdam meetup windows hello core slides 20200319
DI Amsterdam meetup windows hello core slides 20200319Martin Sandren
 
BEng Degree
BEng DegreeBEng Degree
BEng DegreeMohammad Saqib Mirza
 
Identity Access Management (IAM)
Identity Access Management (IAM)Identity Access Management (IAM)
Identity Access Management (IAM)Prof. Jacques Folon (Ph.D)
 
Bebês de proveta e clonagem humana
Bebês de proveta e clonagem humanaBebês de proveta e clonagem humana
Bebês de proveta e clonagem humanawelkley
 
High School transcript
High School transcriptHigh School transcript
High School transcriptAuden Fortier
 

Recommended

Technical Overview of Java Card
Technical Overview of Java CardTechnical Overview of Java Card
Technical Overview of Java CardAnshuman Sinha
 
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...FIDO Alliance
 
Adaptive Authentication: What, Why and How?
Adaptive Authentication: What, Why and How?Adaptive Authentication: What, Why and How?
Adaptive Authentication: What, Why and How?WSO2
 
DI Amsterdam meetup windows hello core slides 20200319
DI Amsterdam meetup windows hello core slides 20200319DI Amsterdam meetup windows hello core slides 20200319
DI Amsterdam meetup windows hello core slides 20200319Martin Sandren
 
BEng Degree
BEng DegreeBEng Degree
BEng DegreeMohammad Saqib Mirza
 
Identity Access Management (IAM)
Identity Access Management (IAM)Identity Access Management (IAM)
Identity Access Management (IAM)Prof. Jacques Folon (Ph.D)
 
Bebês de proveta e clonagem humana
Bebês de proveta e clonagem humanaBebês de proveta e clonagem humana
Bebês de proveta e clonagem humanawelkley
 
High School transcript
High School transcriptHigh School transcript
High School transcriptAuden Fortier
 
Palo alto NGfw2023.pptx
Palo alto NGfw2023.pptxPalo alto NGfw2023.pptx
Palo alto NGfw2023.pptxahmad661583
 
Single Sign On - The Basics
Single Sign On - The BasicsSingle Sign On - The Basics
Single Sign On - The BasicsIshan A B Ambanwela
 
JavaCard development Quickstart
JavaCard development QuickstartJavaCard development Quickstart
JavaCard development QuickstartMartin Paljak
 
IBM entitled software support, how to use
IBM entitled software support, how to useIBM entitled software support, how to use
IBM entitled software support, how to useIBM I community Israel
 
Certificate of Diploma - BCIT
Certificate of Diploma - BCITCertificate of Diploma - BCIT
Certificate of Diploma - BCITCurtis Yost
 
Transcript
TranscriptTranscript
TranscriptSteven Cassidy
 
NTU transcript
NTU transcriptNTU transcript
NTU transcriptChee Seng Lim
 
Deakin university diploma/dku degree
Deakin university diploma/dku degreeDeakin university diploma/dku degree
Deakin university diploma/dku degreeDiplomaTranscript
 
How EverTrust Horizon PKI Automation can help your business?
How EverTrust Horizon PKI Automation can help your business?How EverTrust Horizon PKI Automation can help your business?
How EverTrust Horizon PKI Automation can help your business?mirmaisam
 
Deakin
DeakinDeakin
DeakinGovardhanam Karthik
 
Privleged Access Management
Privleged Access ManagementPrivleged Access Management
Privleged Access ManagementLance Peterman
 
PowerPoint簡報教學
PowerPoint簡報教學PowerPoint簡報教學
PowerPoint簡報教學kiroro
 
RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~5 6
 
PG Kasirye- Accounting Academic transcript
PG Kasirye- Accounting Academic transcriptPG Kasirye- Accounting Academic transcript
PG Kasirye- Accounting Academic transcriptPhillip Kasirye
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 
BSc diploma.PDF
BSc diploma.PDFBSc diploma.PDF
BSc diploma.PDFJasurbek Bozorov
 
Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security SecureAuth
 
College transcript
College transcriptCollege transcript
College transcriptsped12
 
Twitter Today 2015 - How brand should use Twitter today
Twitter Today 2015 - How brand should use Twitter todayTwitter Today 2015 - How brand should use Twitter today
Twitter Today 2015 - How brand should use Twitter todayRahmatullah Akbar
 
Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Nicholas Davis
 
Step-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformStep-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformEric Vétillard
 
Java ring
Java ringJava ring
Java ringKaushik Banerjee
 

More Related Content

What's hot

Palo alto NGfw2023.pptx
Palo alto NGfw2023.pptxPalo alto NGfw2023.pptx
Palo alto NGfw2023.pptxahmad661583
 
JavaCard development Quickstart
JavaCard development QuickstartJavaCard development Quickstart
JavaCard development QuickstartMartin Paljak
 
IBM entitled software support, how to use
IBM entitled software support, how to useIBM entitled software support, how to use
IBM entitled software support, how to useIBM I community Israel
 
Certificate of Diploma - BCIT
Certificate of Diploma - BCITCertificate of Diploma - BCIT
Certificate of Diploma - BCITCurtis Yost
 
Deakin university diploma/dku degree
Deakin university diploma/dku degreeDeakin university diploma/dku degree
Deakin university diploma/dku degreeDiplomaTranscript
 
How EverTrust Horizon PKI Automation can help your business?
How EverTrust Horizon PKI Automation can help your business?How EverTrust Horizon PKI Automation can help your business?
How EverTrust Horizon PKI Automation can help your business?mirmaisam
 
Privleged Access Management
Privleged Access ManagementPrivleged Access Management
Privleged Access ManagementLance Peterman
 
PowerPoint簡報教學
PowerPoint簡報教學PowerPoint簡報教學
PowerPoint簡報教學kiroro
 
RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~5 6
 
PG Kasirye- Accounting Academic transcript
PG Kasirye- Accounting Academic transcriptPG Kasirye- Accounting Academic transcript
PG Kasirye- Accounting Academic transcriptPhillip Kasirye
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 
Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security SecureAuth
 
College transcript
College transcriptCollege transcript
College transcriptsped12
 

What's hot (18)

Palo alto NGfw2023.pptx
Palo alto NGfw2023.pptxPalo alto NGfw2023.pptx
Palo alto NGfw2023.pptx
 
Single Sign On - The Basics
Single Sign On - The BasicsSingle Sign On - The Basics
Single Sign On - The Basics
 
JavaCard development Quickstart
JavaCard development QuickstartJavaCard development Quickstart
JavaCard development Quickstart
 
IBM entitled software support, how to use
IBM entitled software support, how to useIBM entitled software support, how to use
IBM entitled software support, how to use
 
Certificate of Diploma - BCIT
Certificate of Diploma - BCITCertificate of Diploma - BCIT
Certificate of Diploma - BCIT
 
Transcript
TranscriptTranscript
Transcript
 
NTU transcript
NTU transcriptNTU transcript
NTU transcript
 
Deakin university diploma/dku degree
Deakin university diploma/dku degreeDeakin university diploma/dku degree
Deakin university diploma/dku degree
 
How EverTrust Horizon PKI Automation can help your business?
How EverTrust Horizon PKI Automation can help your business?How EverTrust Horizon PKI Automation can help your business?
How EverTrust Horizon PKI Automation can help your business?
 
Deakin
DeakinDeakin
Deakin
 
Privleged Access Management
Privleged Access ManagementPrivleged Access Management
Privleged Access Management
 
PowerPoint簡報教學
PowerPoint簡報教學PowerPoint簡報教學
PowerPoint簡報教學
 
RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~RPで受け入れる認証器を選択する ~Idance lesson 2~
RPで受け入れる認証器を選択する ~Idance lesson 2~
 
PG Kasirye- Accounting Academic transcript
PG Kasirye- Accounting Academic transcriptPG Kasirye- Accounting Academic transcript
PG Kasirye- Accounting Academic transcript
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
 
BSc diploma.PDF
BSc diploma.PDFBSc diploma.PDF
BSc diploma.PDF
 
Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security
 
College transcript
College transcriptCollege transcript
College transcript
 

Viewers also liked

Twitter Today 2015 - How brand should use Twitter today
Twitter Today 2015 - How brand should use Twitter todayTwitter Today 2015 - How brand should use Twitter today
Twitter Today 2015 - How brand should use Twitter todayRahmatullah Akbar
 
Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Nicholas Davis
 
Step-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformStep-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformEric Vétillard
 
Eric java card-basics-140314
Eric java card-basics-140314Eric java card-basics-140314
Eric java card-basics-140314Eric Vétillard
 
Secure Element Solutions
Secure Element SolutionsSecure Element Solutions
Secure Element SolutionsUgo Chirico
 
Digital certificates
Digital certificatesDigital certificates
Digital certificatesSimmi Kamra
 
Secure Elements in Web Applications
Secure Elements in Web ApplicationsSecure Elements in Web Applications
Secure Elements in Web ApplicationsOlivier Potonniée
 
Java card technology
Java card technologyJava card technology
Java card technologyAmol Kamble
 
IoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutionsIoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutionsEric Larcheveque
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information securityDevam Shah
 
Digital certificates
Digital certificates Digital certificates
Digital certificates Sheetal Verma
 

Viewers also liked (16)

Twitter Today 2015 - How brand should use Twitter today
Twitter Today 2015 - How brand should use Twitter todayTwitter Today 2015 - How brand should use Twitter today
Twitter Today 2015 - How brand should use Twitter today
 
Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...
 
Step-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformStep-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected Platform
 
Java ring
Java ringJava ring
Java ring
 
Eric java card-basics-140314
Eric java card-basics-140314Eric java card-basics-140314
Eric java card-basics-140314
 
Secure Element Solutions
Secure Element SolutionsSecure Element Solutions
Secure Element Solutions
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
 
Secure Elements in Web Applications
Secure Elements in Web ApplicationsSecure Elements in Web Applications
Secure Elements in Web Applications
 
Java card technology
Java card technologyJava card technology
Java card technology
 
IoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutionsIoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutions
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information security
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
 
Javacard
Javacard Javacard
Javacard
 
NFC Basic Concepts
NFC Basic ConceptsNFC Basic Concepts
NFC Basic Concepts
 
Mobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessmentMobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessment
 

Similar to FIPS 201 / PIV

Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...IJRTEMJOURNAL
 
How to Easily Upgrade to a Next-Generation Transit Payment System
How to Easily Upgrade to a Next-Generation Transit Payment SystemHow to Easily Upgrade to a Next-Generation Transit Payment System
How to Easily Upgrade to a Next-Generation Transit Payment SystemFEIG Electronics
 
Ynamono Hs Lecture
Ynamono Hs LectureYnamono Hs Lecture
Ynamono Hs Lectureynamoto
 
Cardholder authentication for the piv dig sig key nist ir-7863
Cardholder authentication for the piv dig sig key nist ir-7863Cardholder authentication for the piv dig sig key nist ir-7863
Cardholder authentication for the piv dig sig key nist ir-7863RepentSinner
 
IRJET- SteganoPIN:Two Faced Human-Machine Interface for Practical Enforcement...
IRJET- SteganoPIN:Two Faced Human-Machine Interface for Practical Enforcement...IRJET- SteganoPIN:Two Faced Human-Machine Interface for Practical Enforcement...
IRJET- SteganoPIN:Two Faced Human-Machine Interface for Practical Enforcement...IRJET Journal
 
Fingerprint Authentication for ATM
Fingerprint Authentication for ATMFingerprint Authentication for ATM
Fingerprint Authentication for ATMParas Garg
 
IRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor AuthenticationIRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor AuthenticationIRJET Journal
 
Secure Your Edge-to-Cloud IoT Solution with Intel and AWS - IOT337 - re:Inven...
Secure Your Edge-to-Cloud IoT Solution with Intel and AWS - IOT337 - re:Inven...Secure Your Edge-to-Cloud IoT Solution with Intel and AWS - IOT337 - re:Inven...
Secure Your Edge-to-Cloud IoT Solution with Intel and AWS - IOT337 - re:Inven...Amazon Web Services
 
Color Code PIN Authentication System Using Multi-TouchTechnology
Color Code PIN Authentication System Using Multi-TouchTechnologyColor Code PIN Authentication System Using Multi-TouchTechnology
Color Code PIN Authentication System Using Multi-TouchTechnologyIRJET Journal
 
IRJET - RFID based Automatic Entry Restricted Mechanism for Home Security
IRJET - RFID based Automatic Entry Restricted Mechanism for Home SecurityIRJET - RFID based Automatic Entry Restricted Mechanism for Home Security
IRJET - RFID based Automatic Entry Restricted Mechanism for Home SecurityIRJET Journal
 
IRJET- A Noval and Efficient Revolving Flywheel Pin Entry Method Resilient to...
IRJET- A Noval and Efficient Revolving Flywheel Pin Entry Method Resilient to...IRJET- A Noval and Efficient Revolving Flywheel Pin Entry Method Resilient to...
IRJET- A Noval and Efficient Revolving Flywheel Pin Entry Method Resilient to...IRJET Journal
 
Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreindragantiSaiHiranma
 
Cidway Bank Finance 01 2009 2 Fa Tr
Cidway Bank Finance 01 2009 2 Fa TrCidway Bank Finance 01 2009 2 Fa Tr
Cidway Bank Finance 01 2009 2 Fa Trlfilliat
 
Advanced Security System for Bank Lockers using Biometric and GSM
Advanced Security System for Bank Lockers using Biometric and GSMAdvanced Security System for Bank Lockers using Biometric and GSM
Advanced Security System for Bank Lockers using Biometric and GSMIRJET Journal
 
Gvm project report g95
Gvm project report g95Gvm project report g95
Gvm project report g95G0VIND G0URAV
 
Smart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc paymentSmart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc paymentKona Software Lab Limited.
 

Similar to FIPS 201 / PIV (20)

Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
 
Biometric Access and Attendance Terminal
Biometric Access and Attendance TerminalBiometric Access and Attendance Terminal
Biometric Access and Attendance Terminal
 
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control PanelsmartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
 
How to Easily Upgrade to a Next-Generation Transit Payment System
How to Easily Upgrade to a Next-Generation Transit Payment SystemHow to Easily Upgrade to a Next-Generation Transit Payment System
How to Easily Upgrade to a Next-Generation Transit Payment System
 
Ynamono Hs Lecture
Ynamono Hs LectureYnamono Hs Lecture
Ynamono Hs Lecture
 
Cardholder authentication for the piv dig sig key nist ir-7863
Cardholder authentication for the piv dig sig key nist ir-7863Cardholder authentication for the piv dig sig key nist ir-7863
Cardholder authentication for the piv dig sig key nist ir-7863
 
IRJET- SteganoPIN:Two Faced Human-Machine Interface for Practical Enforcement...
IRJET- SteganoPIN:Two Faced Human-Machine Interface for Practical Enforcement...IRJET- SteganoPIN:Two Faced Human-Machine Interface for Practical Enforcement...
IRJET- SteganoPIN:Two Faced Human-Machine Interface for Practical Enforcement...
 
Fingerprint Authentication for ATM
Fingerprint Authentication for ATMFingerprint Authentication for ATM
Fingerprint Authentication for ATM
 
IRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor AuthenticationIRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor Authentication
 
Secure Your Edge-to-Cloud IoT Solution with Intel and AWS - IOT337 - re:Inven...
Secure Your Edge-to-Cloud IoT Solution with Intel and AWS - IOT337 - re:Inven...Secure Your Edge-to-Cloud IoT Solution with Intel and AWS - IOT337 - re:Inven...
Secure Your Edge-to-Cloud IoT Solution with Intel and AWS - IOT337 - re:Inven...
 
Bg24375379
Bg24375379Bg24375379
Bg24375379
 
Color Code PIN Authentication System Using Multi-TouchTechnology
Color Code PIN Authentication System Using Multi-TouchTechnologyColor Code PIN Authentication System Using Multi-TouchTechnology
Color Code PIN Authentication System Using Multi-TouchTechnology
 
IRJET - RFID based Automatic Entry Restricted Mechanism for Home Security
IRJET - RFID based Automatic Entry Restricted Mechanism for Home SecurityIRJET - RFID based Automatic Entry Restricted Mechanism for Home Security
IRJET - RFID based Automatic Entry Restricted Mechanism for Home Security
 
GBM Digital Hub
GBM Digital HubGBM Digital Hub
GBM Digital Hub
 
IRJET- A Noval and Efficient Revolving Flywheel Pin Entry Method Resilient to...
IRJET- A Noval and Efficient Revolving Flywheel Pin Entry Method Resilient to...IRJET- A Noval and Efficient Revolving Flywheel Pin Entry Method Resilient to...
IRJET- A Noval and Efficient Revolving Flywheel Pin Entry Method Resilient to...
 
Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much more
 
Cidway Bank Finance 01 2009 2 Fa Tr
Cidway Bank Finance 01 2009 2 Fa TrCidway Bank Finance 01 2009 2 Fa Tr
Cidway Bank Finance 01 2009 2 Fa Tr
 
Advanced Security System for Bank Lockers using Biometric and GSM
Advanced Security System for Bank Lockers using Biometric and GSMAdvanced Security System for Bank Lockers using Biometric and GSM
Advanced Security System for Bank Lockers using Biometric and GSM
 
Gvm project report g95
Gvm project report g95Gvm project report g95
Gvm project report g95
 
Smart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc paymentSmart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc payment
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 

FIPS 201 / PIV

  • 1. PIV (FIPS 201) Anshuman Sinha
  • 2.
  • 3.
  • 4.
  • 5.
  • 6. PIV Timeline Anshuman Sinha <anshuman.sinha2@gmail.com> 2004 2005 2006 Feb FIPS 201 HSPD-12 Aug ‘ 04 NPIVP Test Aug More Test Facilities Nov Biometry Specs. Dec ‘ 05 FIPS 201-1 June PIV Card / Reader IOP July Oct ‘ 06 PIV Target
  • 7.
  • 8.
  • 9.
  • 10.
  • 11. PIV – Java Card Architecture Card Operating System Java Card Virtual Machine Java Card Runtime Environment Java Card API Applet 3 Applet 2 Applet 1 Card Manager Currently Selected Applet Smartcard Controller + Crypto Co-processor Anshuman Sinha <anshuman.sinha2@gmail.com> APDU Response
  • 12. PIV – Multos Architecture MEL Java Basic C Editor Compiler Compiler Compiler Assembler Linker / Optimizer Loader Terminal Sim Debug Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 13. PIV – Java Card Application .Java Files .class Files AID .CAP Files .EXP Files Converter Compiler Loader Anshuman Sinha <anshuman.sinha2@gmail.com> Smartcard
  • 14.
  • 15.
  • 16. PIV Card Data Model Mandatory Data Optional Data Anshuman Sinha <anshuman.sinha2@gmail.com> Description Interface Access Rule Card Capabilities Container Contact Always Read Card Holder Unique Id Contact and Contactless Always Read X.509 for PIV Authentication Contact and Contactless Always Read Card Holder Finger Print I Contact PIN Printed Information Buffer Contact PIN Card Holder Facial Image Contact PIN X.509 for Digital Signature Contact PIN X.509 for Key Management Contact Always Read X.509 for Card Authentication Contact Always Read Security Object Contact Always Read
  • 17.
  • 18.
  • 19.
  • 20. PIV II Graduations - Physical Access Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels PIV Auth Mechanism Some Confidence VIS, CHUID High Confidence BIO Very High Confidence BIO-A , PKI
  • 21. PIV II Graduations - Logical Access Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels Local Auth Mechanism Remote Auth Mechanism Some Confidence CHUID PKI High Confidence BIO Very High Confidence BIO-A, PKI
  • 22.
  • 23.
  • 24. PIV II CHUID Auth Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 25. PIV II BIO AUTH Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 26. PIV II PKI AUTH Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 27. PIV II – Reader Design Goals Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels PIV Auth Mechanism Readers Some Confidence VIS, CHUID Design 1 High Confidence BIO Design 2 Very High Confidence BIO-A , PKI Design 3
  • 28.
  • 29.
  • 30.
  • 31. PIV II - Card End Point Card [Single Chip Dual Interface] Transition Card [Dual Chip Dual Interface] Transition II Card [Dual Chip Dual Interface] PIV II Applet CAC Applet PIV II Applet CAC Applet Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 32.
  • 33. Assurance Levels Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels PIV Physical Auth Mechanism PIV Logical Auth Mechanism Some Confidence VIS, CHUID CHUID High Confidence BIO BIO Very High Confidence BIO-A , PKI BIO-A, PKI
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.