“The board is working feverishly on the formats,” said Curt Barker, co-chairman of the PIV project at the National Institute of Standards and Technology. The board’s report is due Friday, he said. NIST late last year had put out draft versions of the Special Publication 800-73 as well as Federal Information Processing Standard 201 for PIV cards, as required by Homeland Security Presidential Directive 12.
At a minimum, the first specs required that cards embed contact and contactless chip interfaces, digital left and right index fingerprints, public-key infrastructure certificates and a cryptographic algorithm.
But the two drafts dismayed smart-card vendors as well as agencies such as NASA that already had card projects under way. NIST and the IAB then went back to the drawing board, working toward a Feb. 25 deadline set by the presidential directive [see GCN story].
The draft SP 800-73 described two models for the PIV card—file system-oriented and Java object-oriented—but emphasized the first model, Barker said. Many existing federal smart-card programs use Java.
Meanwhile, the revised FIPS 201 now “is going through the final approval process,” Barker said.
Autor: Susan M. Menke
Quelle: Government Computer News, 26.01.2005
