This document discusses testing the Personal Identity Verification (PIV) data model. It outlines the PIV test environment and methodology. The test areas include the Card Holder Unique Identifier (CHUID) data object, security object, biometric data object, and PKI keys and certificates. The testing will validate that the PIV data conforms to specified formats and standards like FIPS 201, SP 800-73, SP 800-76, and SP 800-78. A schedule for releasing the SP 800-85B guidance on PIV testing is provided.

1. PIV Data Model Testing Ketan Mehta [email_address] March 3, 2006

2. Agenda PIV Test Environment Test Methodology Test Areas Schedule

3. PIV Test Environment PIV Client Application Programming Interface PIV Card Command Calls Card Reader Driver Card Reader PIV Card Application PIV Data Model PIV Card Command Interface PIV MIDDLEWARE (SP 800-73) Host PC Smart Card Reader PIV CARD (FIPS 201, SP 800-73, SP 800-76, SP 800-78) Test Toolkit Application

4. Agenda PIV Test Environment Test Methodology Test Areas Schedule

5. Inputs Process Outputs Derived Test Requirements & Test Assertions Lab Testing: Conformance to SP 800-73 NIST Test Guidance — SP 800-85 Lab Activity SP 800-85A PIV Test Methodology PIV Data Model Testing* Agency Activity** SP 800-85B * Conformance to FIPS 201, SP 800-76, and SP 800-78 ** The process is currently being defined FIPS 201 SP 800-73 SP 800-76 SP 800-78 Test Results NPIVP Certificate Self-certification

6. Agenda PIV Test Environment Test Methodology Test Areas Schedule

7. Test Areas CHUID Data Object Security Object Biometric Data Object PKI Keys and Certificates Note that all test requirements are designed to: - Validate the format of PIV data - Validate values in the fields - Validate computation such as signatures or data comparison

8. PIV Client Application Programming Interface PIV Card Command Calls Card Reader Driver Card Reader PIV Card Application PIV Card Command Interface PIV MIDDLEWARE Agency / System Integrator Smart Card Reader PIV CARD (SP 800-73 Conformant) Test Toolkit Application Finger print stored for FBI Transmission Finger print stored for PIV Enrollment Finger print minutiae for PIV Card Facial Image for PIV Card Data Under Test SP 800-85B – PIV Biometrics Testing PIV Data Model

9. Enrollment Process Face Templating Fingerprint Templating CBEFF Header Generation PIV-Specific Enrollment Procedures Verification Process Fingerprint Matching Documentation (Fingerprint and Facial Acquisition, Equipment, Procedures) - Quality dependent on the MINEX04 test results - External to PIV testing Tested through SP 800-85B - Dependent on the policy requirements and procedural steps - External to PIV Testing Integrated PIV Biometrics Process Format Validation Human Inspection Performance Tests SP 800-85B – Biometric Data Conformance

10. Test Toolkit Application Card Reader Driver Card Reader PIV Card Application PIV Card Command Interface Agency / System Integrator Smart Card Reader Data Under Test Certificate Profile Conformance Algorithm Conformance Signature Conformance PIV Card SP 800-85B – PIV PKI Testing PIV Data Model

11. Validate signatures on all signed PIV objects Validate signature block format on all signed PIV objects Validate encoding of Cryptographic Message Syntax external digital signature Validate values in certain fields of the signature block Validate algorithms employed are in agreement with SP 800-78 Values are consistent with other data objects on the PIV Card SP 800-85B — Cryptographic Objects Conformance …Signature Conformance

12. Validate the presence of CRL and OCSP URLs Validate NACI indicator field SP 800-85B — Cryptographic Objects Conformance …Certificate Conformance

13. The tags and lengths in various data objects should conform to specifications in Appendix A of SP 800-73. SP 800-85B — BER-TLV Format Conformance

14. Tentative Schedule Draft SP 800-85B – April 3rd Final SP 800-85B – April 28th