SlideShare a Scribd company logo

FIPS 201 / PIV

Anshuman Sinha
Anshuman Sinha

This presentation is smartcard and reader centric view of FIPS 201 / PIV program for Federal agencies for physical and logical access. FIPS 201 is a standard developed to comply by 12th presidential directive (HSPD-12).

TechnologyBusiness
1 of 47
PIV (FIPS 201) Anshuman Sinha
What is PIV (FIPS 201)? ,[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
What does PIV replace? ,[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Goals of PIV? ,[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
What is PIV II? ,[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV Timeline Anshuman Sinha <anshuman.sinha2@gmail.com> 2004 2005 2006 Feb FIPS 201 HSPD-12 Aug ‘ 04 NPIVP Test Aug More Test Facilities Nov Biometry Specs. Dec ‘ 05 FIPS 201-1 June PIV Card / Reader IOP July Oct ‘ 06 PIV Target
PIV Technology ,[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV Card Technology – Physical Req. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV Card Technology – Platform Req. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV Card Technology – Platform Req. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV – Java Card Architecture Card Operating System Java Card Virtual Machine Java Card Runtime Environment Java Card API Applet 3 Applet 2 Applet 1 Card Manager Currently Selected Applet Smartcard Controller + Crypto Co-processor Anshuman Sinha <anshuman.sinha2@gmail.com> APDU Response
PIV – Multos Architecture MEL Java Basic C Editor Compiler Compiler Compiler Assembler Linker / Optimizer Loader Terminal Sim Debug Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV – Java Card Application .Java Files .class Files AID .CAP Files .EXP Files Converter Compiler Loader Anshuman Sinha <anshuman.sinha2@gmail.com> Smartcard
PIV – Global Platform ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV - Subsystems ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV Card Data Model Mandatory Data Optional Data Anshuman Sinha <anshuman.sinha2@gmail.com> Description Interface Access Rule Card Capabilities Container Contact Always Read Card Holder Unique Id Contact and Contactless Always Read X.509 for PIV Authentication Contact and Contactless Always Read Card Holder Finger Print I Contact PIN Printed Information Buffer Contact PIN Card Holder Facial Image Contact PIN X.509 for Digital Signature Contact PIN X.509 for Key Management Contact Always Read X.509 for Card Authentication Contact Always Read Security Object Contact Always Read
Card Cryptographic Objects ,[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Key Sizes – Time Bound ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV Card Biometry ,[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II Graduations - Physical Access Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels PIV Auth Mechanism Some Confidence VIS, CHUID High Confidence BIO Very High Confidence BIO-A , PKI
PIV II Graduations - Logical Access Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels Local Auth Mechanism Remote Auth Mechanism Some Confidence CHUID PKI High Confidence BIO Very High Confidence BIO-A, PKI
PIV II Auth Mechanisms ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II Auth Mechanisms ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II CHUID Auth Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II BIO AUTH Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II PKI AUTH Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II – Reader Design Goals Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels PIV Auth Mechanism Readers Some Confidence VIS, CHUID Design 1 High Confidence BIO Design 2 Very High Confidence BIO-A , PKI Design 3
PIV II – Reader Design Goals ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II - Physical Access Rdr. IOP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II - Card End Point Card [Single Chip Dual Interface] ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Transition Card [Dual Chip Dual (contact + contactless) Interface] Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II - Card End Point Card [Single Chip Dual Interface] Transition Card [Dual Chip Dual Interface] Transition II Card [Dual Chip Dual Interface] PIV II Applet CAC Applet PIV II Applet CAC Applet Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II - SP 800-73 ,[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Assurance Levels Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels PIV Physical Auth Mechanism PIV Logical Auth Mechanism Some Confidence VIS, CHUID CHUID High Confidence BIO BIO Very High Confidence BIO-A , PKI BIO-A, PKI
When to ReIssue Identity Cards? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
When to ReIssue? ,[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Upon Lost Notification [Person in Organization] ,[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Temporary Badge Creation ,[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
ReIssuance of PIV Credentials ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
New / Replacement Badge Creation ,[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Security Policies Upto Agency ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
75 bit Weigand (Truncated FASC-N) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
200 bit Weigand (FASCN) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
200 bit Weigand (FASCN + E.Date) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
200 bit Weigand (FASCN + HMAC) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Reissuance Policy for PACS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Certificate Revocation ,[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
References ,[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>

Recommended

Introducing ultra-precise time for server-hosted applications
Introducing ultra-precise time for server-hosted applicationsIntroducing ultra-precise time for server-hosted applications
Introducing ultra-precise time for server-hosted applications
ADVA
 
Fluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellFluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshell
N Masahiro
 
AI on Greenplum Using
 Apache MADlib and MADlib Flow - Greenplum Summit 2019
AI on Greenplum Using
 Apache MADlib and MADlib Flow - Greenplum Summit 2019AI on Greenplum Using
 Apache MADlib and MADlib Flow - Greenplum Summit 2019
AI on Greenplum Using
 Apache MADlib and MADlib Flow - Greenplum Summit 2019
VMware Tanzu
 
Challenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with KeycloakChallenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with Keycloak
Hitachi, Ltd. OSS Solution Center.
 
Technical Overview of Java Card
Technical Overview of Java CardTechnical Overview of Java Card
Technical Overview of Java Card
Anshuman Sinha
 
01 introduction v1.00_en
01 introduction v1.00_en01 introduction v1.00_en
01 introduction v1.00_en
confidencial
 
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon Web Services
 
Openhab Grafana and Influxdb
Openhab Grafana and InfluxdbOpenhab Grafana and Influxdb
Openhab Grafana and Influxdb
Code-House
 

Recommended

Introducing ultra-precise time for server-hosted applications
Introducing ultra-precise time for server-hosted applicationsIntroducing ultra-precise time for server-hosted applications
Introducing ultra-precise time for server-hosted applications
ADVA
 
Fluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellFluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshell
N Masahiro
 
AI on Greenplum Using
 Apache MADlib and MADlib Flow - Greenplum Summit 2019
AI on Greenplum Using
 Apache MADlib and MADlib Flow - Greenplum Summit 2019AI on Greenplum Using
 Apache MADlib and MADlib Flow - Greenplum Summit 2019
AI on Greenplum Using
 Apache MADlib and MADlib Flow - Greenplum Summit 2019
VMware Tanzu
 
Challenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with KeycloakChallenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with Keycloak
Hitachi, Ltd. OSS Solution Center.
 
Technical Overview of Java Card
Technical Overview of Java CardTechnical Overview of Java Card
Technical Overview of Java Card
Anshuman Sinha
 
01 introduction v1.00_en
01 introduction v1.00_en01 introduction v1.00_en
01 introduction v1.00_en
confidencial
 
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon CI/CD Practices for Software Development Teams - SRV320 - Anaheim AWS ...
Amazon Web Services
 
Openhab Grafana and Influxdb
Openhab Grafana and InfluxdbOpenhab Grafana and Influxdb
Openhab Grafana and Influxdb
Code-House
 
Unlocking the Power of Apache Flink: An Introduction in 4 Acts
Unlocking the Power of Apache Flink: An Introduction in 4 ActsUnlocking the Power of Apache Flink: An Introduction in 4 Acts
Unlocking the Power of Apache Flink: An Introduction in 4 Acts
HostedbyConfluent
 
IDEF0 Diagram
IDEF0 DiagramIDEF0 Diagram
IDEF0 Diagram
Liang Hao
 
oneAPI: Industry Initiative & Intel Product
oneAPI: Industry Initiative & Intel ProductoneAPI: Industry Initiative & Intel Product
oneAPI: Industry Initiative & Intel Product
Tyrone Systems
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
Torsten Lodderstedt
 
Internet connected ICS/SCADA/PLC
Internet connected ICS/SCADA/PLCInternet connected ICS/SCADA/PLC
Internet connected ICS/SCADA/PLC
qqlan
 
Use Cases for Elastic Search Percolator
Use Cases for Elastic Search PercolatorUse Cases for Elastic Search Percolator
Use Cases for Elastic Search Percolator
Maxim Shelest
 
Red hat ceph storage customer presentation
Red hat ceph storage customer presentationRed hat ceph storage customer presentation
Red hat ceph storage customer presentation
Rodrigo Missiaggia
 
Using Time Window Compaction Strategy For Time Series Workloads
Using Time Window Compaction Strategy For Time Series WorkloadsUsing Time Window Compaction Strategy For Time Series Workloads
Using Time Window Compaction Strategy For Time Series Workloads
Jeff Jirsa
 
09 basics operating and monitoring v1.00_en
09 basics operating and monitoring v1.00_en09 basics operating and monitoring v1.00_en
09 basics operating and monitoring v1.00_en
confidencial
 
Hp dl 380 g9
Hp dl 380 g9Hp dl 380 g9
Hp dl 380 g9
ganeshvm1
 
Introduction to KSQL: Streaming SQL for Apache Kafka®
Introduction to KSQL: Streaming SQL for Apache Kafka®Introduction to KSQL: Streaming SQL for Apache Kafka®
Introduction to KSQL: Streaming SQL for Apache Kafka®
confluent
 
Reliable Event Delivery in Apache Kafka Based on Retry Policy and Dead Letter...
Reliable Event Delivery in Apache Kafka Based on Retry Policy and Dead Letter...Reliable Event Delivery in Apache Kafka Based on Retry Policy and Dead Letter...
Reliable Event Delivery in Apache Kafka Based on Retry Policy and Dead Letter...
HostedbyConfluent
 
Taking your Siemens PLC s7-1200 to industry 4.0
Taking your Siemens PLC s7-1200 to industry 4.0Taking your Siemens PLC s7-1200 to industry 4.0
Taking your Siemens PLC s7-1200 to industry 4.0
DMC, Inc.
 
Deploying Kubernetes on GCP with Kubespray
Deploying Kubernetes on GCP with KubesprayDeploying Kubernetes on GCP with Kubespray
Deploying Kubernetes on GCP with Kubespray
Altoros
 
Kafka for Real-Time Replication between Edge and Hybrid Cloud
Kafka for Real-Time Replication between Edge and Hybrid CloudKafka for Real-Time Replication between Edge and Hybrid Cloud
Kafka for Real-Time Replication between Edge and Hybrid Cloud
Kai Wähner
 
ksqlDB: A Stream-Relational Database System
ksqlDB: A Stream-Relational Database SystemksqlDB: A Stream-Relational Database System
ksqlDB: A Stream-Relational Database System
confluent
 
SINAMICS S120.ppt
SINAMICS S120.pptSINAMICS S120.ppt
SINAMICS S120.ppt
Yogesh Patel
 
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Hitachi, Ltd. OSS Solution Center.
 
Twitter Today 2015 - How brand should use Twitter today
Twitter Today 2015 - How brand should use Twitter todayTwitter Today 2015 - How brand should use Twitter today
Twitter Today 2015 - How brand should use Twitter today
Rahmatullah Akbar
 
Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...
Nicholas Davis
 
Step-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformStep-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected Platform
Eric Vétillard
 
Java ring
Java ringJava ring
Java ring
Kaushik Banerjee
 

More Related Content

What's hot

Unlocking the Power of Apache Flink: An Introduction in 4 Acts
Unlocking the Power of Apache Flink: An Introduction in 4 ActsUnlocking the Power of Apache Flink: An Introduction in 4 Acts
Unlocking the Power of Apache Flink: An Introduction in 4 Acts
HostedbyConfluent
 
IDEF0 Diagram
IDEF0 DiagramIDEF0 Diagram
IDEF0 Diagram
Liang Hao
 
Internet connected ICS/SCADA/PLC
Internet connected ICS/SCADA/PLCInternet connected ICS/SCADA/PLC
Internet connected ICS/SCADA/PLC
qqlan
 
Red hat ceph storage customer presentation
Red hat ceph storage customer presentationRed hat ceph storage customer presentation
Red hat ceph storage customer presentation
Rodrigo Missiaggia
 
Introduction to KSQL: Streaming SQL for Apache Kafka®
Introduction to KSQL: Streaming SQL for Apache Kafka®Introduction to KSQL: Streaming SQL for Apache Kafka®
Introduction to KSQL: Streaming SQL for Apache Kafka®
confluent
 
Reliable Event Delivery in Apache Kafka Based on Retry Policy and Dead Letter...
Reliable Event Delivery in Apache Kafka Based on Retry Policy and Dead Letter...Reliable Event Delivery in Apache Kafka Based on Retry Policy and Dead Letter...
Reliable Event Delivery in Apache Kafka Based on Retry Policy and Dead Letter...
HostedbyConfluent
 
ksqlDB: A Stream-Relational Database System
ksqlDB: A Stream-Relational Database SystemksqlDB: A Stream-Relational Database System
ksqlDB: A Stream-Relational Database System
confluent
 

What's hot (18)

Unlocking the Power of Apache Flink: An Introduction in 4 Acts
Unlocking the Power of Apache Flink: An Introduction in 4 ActsUnlocking the Power of Apache Flink: An Introduction in 4 Acts
Unlocking the Power of Apache Flink: An Introduction in 4 Acts
 
IDEF0 Diagram
IDEF0 DiagramIDEF0 Diagram
IDEF0 Diagram
 
oneAPI: Industry Initiative & Intel Product
oneAPI: Industry Initiative & Intel ProductoneAPI: Industry Initiative & Intel Product
oneAPI: Industry Initiative & Intel Product
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
 
Internet connected ICS/SCADA/PLC
Internet connected ICS/SCADA/PLCInternet connected ICS/SCADA/PLC
Internet connected ICS/SCADA/PLC
 
Use Cases for Elastic Search Percolator
Use Cases for Elastic Search PercolatorUse Cases for Elastic Search Percolator
Use Cases for Elastic Search Percolator
 
Red hat ceph storage customer presentation
Red hat ceph storage customer presentationRed hat ceph storage customer presentation
Red hat ceph storage customer presentation
 
Using Time Window Compaction Strategy For Time Series Workloads
Using Time Window Compaction Strategy For Time Series WorkloadsUsing Time Window Compaction Strategy For Time Series Workloads
Using Time Window Compaction Strategy For Time Series Workloads
 
09 basics operating and monitoring v1.00_en
09 basics operating and monitoring v1.00_en09 basics operating and monitoring v1.00_en
09 basics operating and monitoring v1.00_en
 
Hp dl 380 g9
Hp dl 380 g9Hp dl 380 g9
Hp dl 380 g9
 
Introduction to KSQL: Streaming SQL for Apache Kafka®
Introduction to KSQL: Streaming SQL for Apache Kafka®Introduction to KSQL: Streaming SQL for Apache Kafka®
Introduction to KSQL: Streaming SQL for Apache Kafka®
 
Reliable Event Delivery in Apache Kafka Based on Retry Policy and Dead Letter...
Reliable Event Delivery in Apache Kafka Based on Retry Policy and Dead Letter...Reliable Event Delivery in Apache Kafka Based on Retry Policy and Dead Letter...
Reliable Event Delivery in Apache Kafka Based on Retry Policy and Dead Letter...
 
Taking your Siemens PLC s7-1200 to industry 4.0
Taking your Siemens PLC s7-1200 to industry 4.0Taking your Siemens PLC s7-1200 to industry 4.0
Taking your Siemens PLC s7-1200 to industry 4.0
 
Deploying Kubernetes on GCP with Kubespray
Deploying Kubernetes on GCP with KubesprayDeploying Kubernetes on GCP with Kubespray
Deploying Kubernetes on GCP with Kubespray
 
Kafka for Real-Time Replication between Edge and Hybrid Cloud
Kafka for Real-Time Replication between Edge and Hybrid CloudKafka for Real-Time Replication between Edge and Hybrid Cloud
Kafka for Real-Time Replication between Edge and Hybrid Cloud
 
ksqlDB: A Stream-Relational Database System
ksqlDB: A Stream-Relational Database SystemksqlDB: A Stream-Relational Database System
ksqlDB: A Stream-Relational Database System
 
SINAMICS S120.ppt
SINAMICS S120.pptSINAMICS S120.ppt
SINAMICS S120.ppt
 
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
 

Viewers also liked

Twitter Today 2015 - How brand should use Twitter today
Twitter Today 2015 - How brand should use Twitter todayTwitter Today 2015 - How brand should use Twitter today
Twitter Today 2015 - How brand should use Twitter today
Rahmatullah Akbar
 
Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...
Nicholas Davis
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
Simmi Kamra
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
Sheetal Verma
 

Viewers also liked (16)

Twitter Today 2015 - How brand should use Twitter today
Twitter Today 2015 - How brand should use Twitter todayTwitter Today 2015 - How brand should use Twitter today
Twitter Today 2015 - How brand should use Twitter today
 
Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...
 
Step-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformStep-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected Platform
 
Java ring
Java ringJava ring
Java ring
 
Eric java card-basics-140314
Eric java card-basics-140314Eric java card-basics-140314
Eric java card-basics-140314
 
Secure Element Solutions
Secure Element SolutionsSecure Element Solutions
Secure Element Solutions
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
 
Secure Elements in Web Applications
Secure Elements in Web ApplicationsSecure Elements in Web Applications
Secure Elements in Web Applications
 
Java card technology
Java card technologyJava card technology
Java card technology
 
IoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutionsIoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutions
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information security
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
 
Javacard
Javacard Javacard
Javacard
 
NFC Basic Concepts
NFC Basic ConceptsNFC Basic Concepts
NFC Basic Concepts
 
Mobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessmentMobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessment
 

Similar to FIPS 201 / PIV

Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
IJRTEMJOURNAL
 
Cardholder authentication for the piv dig sig key nist ir-7863
Cardholder authentication for the piv dig sig key nist ir-7863Cardholder authentication for the piv dig sig key nist ir-7863
Cardholder authentication for the piv dig sig key nist ir-7863
RepentSinner
 
Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much more
indragantiSaiHiranma
 

Similar to FIPS 201 / PIV (20)

Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
 
Biometric Access and Attendance Terminal
Biometric Access and Attendance TerminalBiometric Access and Attendance Terminal
Biometric Access and Attendance Terminal
 
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control PanelsmartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
 
How to Easily Upgrade to a Next-Generation Transit Payment System
How to Easily Upgrade to a Next-Generation Transit Payment SystemHow to Easily Upgrade to a Next-Generation Transit Payment System
How to Easily Upgrade to a Next-Generation Transit Payment System
 
Ynamono Hs Lecture
Ynamono Hs LectureYnamono Hs Lecture
Ynamono Hs Lecture
 
Cardholder authentication for the piv dig sig key nist ir-7863
Cardholder authentication for the piv dig sig key nist ir-7863Cardholder authentication for the piv dig sig key nist ir-7863
Cardholder authentication for the piv dig sig key nist ir-7863
 
IRJET- SteganoPIN:Two Faced Human-Machine Interface for Practical Enforcement...
IRJET- SteganoPIN:Two Faced Human-Machine Interface for Practical Enforcement...IRJET- SteganoPIN:Two Faced Human-Machine Interface for Practical Enforcement...
IRJET- SteganoPIN:Two Faced Human-Machine Interface for Practical Enforcement...
 
Fingerprint Authentication for ATM
Fingerprint Authentication for ATMFingerprint Authentication for ATM
Fingerprint Authentication for ATM
 
IRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor AuthenticationIRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor Authentication
 
Secure Your Edge-to-Cloud IoT Solution with Intel and AWS - IOT337 - re:Inven...
Secure Your Edge-to-Cloud IoT Solution with Intel and AWS - IOT337 - re:Inven...Secure Your Edge-to-Cloud IoT Solution with Intel and AWS - IOT337 - re:Inven...
Secure Your Edge-to-Cloud IoT Solution with Intel and AWS - IOT337 - re:Inven...
 
Bg24375379
Bg24375379Bg24375379
Bg24375379
 
Color Code PIN Authentication System Using Multi-TouchTechnology
Color Code PIN Authentication System Using Multi-TouchTechnologyColor Code PIN Authentication System Using Multi-TouchTechnology
Color Code PIN Authentication System Using Multi-TouchTechnology
 
IRJET - RFID based Automatic Entry Restricted Mechanism for Home Security
IRJET - RFID based Automatic Entry Restricted Mechanism for Home SecurityIRJET - RFID based Automatic Entry Restricted Mechanism for Home Security
IRJET - RFID based Automatic Entry Restricted Mechanism for Home Security
 
GBM Digital Hub
GBM Digital HubGBM Digital Hub
GBM Digital Hub
 
IRJET- A Noval and Efficient Revolving Flywheel Pin Entry Method Resilient to...
IRJET- A Noval and Efficient Revolving Flywheel Pin Entry Method Resilient to...IRJET- A Noval and Efficient Revolving Flywheel Pin Entry Method Resilient to...
IRJET- A Noval and Efficient Revolving Flywheel Pin Entry Method Resilient to...
 
Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much more
 
Cidway Bank Finance 01 2009 2 Fa Tr
Cidway Bank Finance 01 2009 2 Fa TrCidway Bank Finance 01 2009 2 Fa Tr
Cidway Bank Finance 01 2009 2 Fa Tr
 
Advanced Security System for Bank Lockers using Biometric and GSM
Advanced Security System for Bank Lockers using Biometric and GSMAdvanced Security System for Bank Lockers using Biometric and GSM
Advanced Security System for Bank Lockers using Biometric and GSM
 
Gvm project report g95
Gvm project report g95Gvm project report g95
Gvm project report g95
 
Smart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc paymentSmart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc payment
 

Recently uploaded

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 

Recently uploaded (20)

Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 

FIPS 201 / PIV

  • 1. PIV (FIPS 201) Anshuman Sinha
  • 2.
  • 3.
  • 4.
  • 5.
  • 6. PIV Timeline Anshuman Sinha <anshuman.sinha2@gmail.com> 2004 2005 2006 Feb FIPS 201 HSPD-12 Aug ‘ 04 NPIVP Test Aug More Test Facilities Nov Biometry Specs. Dec ‘ 05 FIPS 201-1 June PIV Card / Reader IOP July Oct ‘ 06 PIV Target
  • 7.
  • 8.
  • 9.
  • 10.
  • 11. PIV – Java Card Architecture Card Operating System Java Card Virtual Machine Java Card Runtime Environment Java Card API Applet 3 Applet 2 Applet 1 Card Manager Currently Selected Applet Smartcard Controller + Crypto Co-processor Anshuman Sinha <anshuman.sinha2@gmail.com> APDU Response
  • 12. PIV – Multos Architecture MEL Java Basic C Editor Compiler Compiler Compiler Assembler Linker / Optimizer Loader Terminal Sim Debug Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 13. PIV – Java Card Application .Java Files .class Files AID .CAP Files .EXP Files Converter Compiler Loader Anshuman Sinha <anshuman.sinha2@gmail.com> Smartcard
  • 14.
  • 15.
  • 16. PIV Card Data Model Mandatory Data Optional Data Anshuman Sinha <anshuman.sinha2@gmail.com> Description Interface Access Rule Card Capabilities Container Contact Always Read Card Holder Unique Id Contact and Contactless Always Read X.509 for PIV Authentication Contact and Contactless Always Read Card Holder Finger Print I Contact PIN Printed Information Buffer Contact PIN Card Holder Facial Image Contact PIN X.509 for Digital Signature Contact PIN X.509 for Key Management Contact Always Read X.509 for Card Authentication Contact Always Read Security Object Contact Always Read
  • 17.
  • 18.
  • 19.
  • 20. PIV II Graduations - Physical Access Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels PIV Auth Mechanism Some Confidence VIS, CHUID High Confidence BIO Very High Confidence BIO-A , PKI
  • 21. PIV II Graduations - Logical Access Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels Local Auth Mechanism Remote Auth Mechanism Some Confidence CHUID PKI High Confidence BIO Very High Confidence BIO-A, PKI
  • 22.
  • 23.
  • 24. PIV II CHUID Auth Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 25. PIV II BIO AUTH Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 26. PIV II PKI AUTH Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 27. PIV II – Reader Design Goals Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels PIV Auth Mechanism Readers Some Confidence VIS, CHUID Design 1 High Confidence BIO Design 2 Very High Confidence BIO-A , PKI Design 3
  • 28.
  • 29.
  • 30.
  • 31. PIV II - Card End Point Card [Single Chip Dual Interface] Transition Card [Dual Chip Dual Interface] Transition II Card [Dual Chip Dual Interface] PIV II Applet CAC Applet PIV II Applet CAC Applet Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 32.
  • 33. Assurance Levels Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels PIV Physical Auth Mechanism PIV Logical Auth Mechanism Some Confidence VIS, CHUID CHUID High Confidence BIO BIO Very High Confidence BIO-A , PKI BIO-A, PKI
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.