SlideShare une entreprise Scribd logo

FIPS 201 / PIV

Anshuman Sinha
Anshuman Sinha

This presentation is smartcard and reader centric view of FIPS 201 / PIV program for Federal agencies for physical and logical access. FIPS 201 is a standard developed to comply by 12th presidential directive (HSPD-12).

TechnologieBusiness
1  sur  47
PIV (FIPS 201) Anshuman Sinha
What is PIV (FIPS 201)? ,[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
What does PIV replace? ,[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Goals of PIV? ,[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
What is PIV II? ,[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV Timeline Anshuman Sinha <anshuman.sinha2@gmail.com> 2004 2005 2006 Feb FIPS 201 HSPD-12 Aug ‘ 04 NPIVP Test Aug More Test Facilities Nov Biometry Specs. Dec ‘ 05 FIPS 201-1 June PIV Card / Reader IOP July Oct ‘ 06 PIV Target
PIV Technology ,[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV Card Technology – Physical Req. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV Card Technology – Platform Req. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV Card Technology – Platform Req. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV – Java Card Architecture Card Operating System Java Card Virtual Machine Java Card Runtime Environment Java Card API Applet 3 Applet 2 Applet 1 Card Manager Currently Selected Applet Smartcard Controller + Crypto Co-processor Anshuman Sinha <anshuman.sinha2@gmail.com> APDU Response
PIV – Multos Architecture MEL Java Basic C Editor Compiler Compiler Compiler Assembler Linker / Optimizer Loader Terminal Sim Debug Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV – Java Card Application .Java Files .class Files AID .CAP Files .EXP Files Converter Compiler Loader Anshuman Sinha <anshuman.sinha2@gmail.com> Smartcard
PIV – Global Platform ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV - Subsystems ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV Card Data Model Mandatory Data Optional Data Anshuman Sinha <anshuman.sinha2@gmail.com> Description Interface Access Rule Card Capabilities Container Contact Always Read Card Holder Unique Id Contact and Contactless Always Read X.509 for PIV Authentication Contact and Contactless Always Read Card Holder Finger Print I Contact PIN Printed Information Buffer Contact PIN Card Holder Facial Image Contact PIN X.509 for Digital Signature Contact PIN X.509 for Key Management Contact Always Read X.509 for Card Authentication Contact Always Read Security Object Contact Always Read
Card Cryptographic Objects ,[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Key Sizes – Time Bound ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV Card Biometry ,[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II Graduations - Physical Access Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels PIV Auth Mechanism Some Confidence VIS, CHUID High Confidence BIO Very High Confidence BIO-A , PKI
PIV II Graduations - Logical Access Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels Local Auth Mechanism Remote Auth Mechanism Some Confidence CHUID PKI High Confidence BIO Very High Confidence BIO-A, PKI
PIV II Auth Mechanisms ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II Auth Mechanisms ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II CHUID Auth Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II BIO AUTH Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II PKI AUTH Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II – Reader Design Goals Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels PIV Auth Mechanism Readers Some Confidence VIS, CHUID Design 1 High Confidence BIO Design 2 Very High Confidence BIO-A , PKI Design 3
PIV II – Reader Design Goals ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II - Physical Access Rdr. IOP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II - Card End Point Card [Single Chip Dual Interface] ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Transition Card [Dual Chip Dual (contact + contactless) Interface] Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II - Card End Point Card [Single Chip Dual Interface] Transition Card [Dual Chip Dual Interface] Transition II Card [Dual Chip Dual Interface] PIV II Applet CAC Applet PIV II Applet CAC Applet Anshuman Sinha <anshuman.sinha2@gmail.com>
PIV II - SP 800-73 ,[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Assurance Levels Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels PIV Physical Auth Mechanism PIV Logical Auth Mechanism Some Confidence VIS, CHUID CHUID High Confidence BIO BIO Very High Confidence BIO-A , PKI BIO-A, PKI
When to ReIssue Identity Cards? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
When to ReIssue? ,[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Upon Lost Notification [Person in Organization] ,[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Temporary Badge Creation ,[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
ReIssuance of PIV Credentials ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
New / Replacement Badge Creation ,[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Security Policies Upto Agency ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
75 bit Weigand (Truncated FASC-N) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
200 bit Weigand (FASCN) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
200 bit Weigand (FASCN + E.Date) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
200 bit Weigand (FASCN + HMAC) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Reissuance Policy for PACS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
Certificate Revocation ,[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>
References ,[object Object],[object Object],[object Object],[object Object],[object Object],Anshuman Sinha <anshuman.sinha2@gmail.com>

Recommandé

Fingerprint Authentication for ATM
Fingerprint Authentication for ATMFingerprint Authentication for ATM
Fingerprint Authentication for ATM
Paras Garg
 
FINGERPRINT BASED STUDENT IDENTIFICATION WITH RFID BASED LIBRARY AUTOMATION
FINGERPRINT BASED STUDENT IDENTIFICATION WITH RFID BASED LIBRARY AUTOMATION FINGERPRINT BASED STUDENT IDENTIFICATION WITH RFID BASED LIBRARY AUTOMATION
FINGERPRINT BASED STUDENT IDENTIFICATION WITH RFID BASED LIBRARY AUTOMATION
Appu S
 
Garbage Monitoring System using Arduino
Garbage Monitoring System using ArduinoGarbage Monitoring System using Arduino
Garbage Monitoring System using Arduino
ijtsrd
 
Water quality monitoring in a smart city based on IOT
Water quality monitoring in a smart city based on IOTWater quality monitoring in a smart city based on IOT
Water quality monitoring in a smart city based on IOT
Mayur Rahangdale
 
Bluetooth paper (IEEE)
Bluetooth paper (IEEE)Bluetooth paper (IEEE)
Bluetooth paper (IEEE)
Kashyap Shah
 
Internet of Things: A Hands-On Approach
Internet of Things: A Hands-On ApproachInternet of Things: A Hands-On Approach
Internet of Things: A Hands-On Approach
Arshdeep Bahga
 
M2M vs IoT: The Key Differences and Similarities
M2M vs IoT: The Key Differences and SimilaritiesM2M vs IoT: The Key Differences and Similarities
M2M vs IoT: The Key Differences and Similarities
Navjyotsinh Jadeja
 
IoT Based Agriculture Monitoring and Smart Irrigation System using Raspberry Pi
IoT Based Agriculture Monitoring and Smart Irrigation System using Raspberry PiIoT Based Agriculture Monitoring and Smart Irrigation System using Raspberry Pi
IoT Based Agriculture Monitoring and Smart Irrigation System using Raspberry Pi
IRJET Journal
 

Recommandé

Fingerprint Authentication for ATM
Fingerprint Authentication for ATMFingerprint Authentication for ATM
Fingerprint Authentication for ATM
Paras Garg
 
FINGERPRINT BASED STUDENT IDENTIFICATION WITH RFID BASED LIBRARY AUTOMATION
FINGERPRINT BASED STUDENT IDENTIFICATION WITH RFID BASED LIBRARY AUTOMATION FINGERPRINT BASED STUDENT IDENTIFICATION WITH RFID BASED LIBRARY AUTOMATION
FINGERPRINT BASED STUDENT IDENTIFICATION WITH RFID BASED LIBRARY AUTOMATION
Appu S
 
Garbage Monitoring System using Arduino
Garbage Monitoring System using ArduinoGarbage Monitoring System using Arduino
Garbage Monitoring System using Arduino
ijtsrd
 
Water quality monitoring in a smart city based on IOT
Water quality monitoring in a smart city based on IOTWater quality monitoring in a smart city based on IOT
Water quality monitoring in a smart city based on IOT
Mayur Rahangdale
 
Bluetooth paper (IEEE)
Bluetooth paper (IEEE)Bluetooth paper (IEEE)
Bluetooth paper (IEEE)
Kashyap Shah
 
Internet of Things: A Hands-On Approach
Internet of Things: A Hands-On ApproachInternet of Things: A Hands-On Approach
Internet of Things: A Hands-On Approach
Arshdeep Bahga
 
M2M vs IoT: The Key Differences and Similarities
M2M vs IoT: The Key Differences and SimilaritiesM2M vs IoT: The Key Differences and Similarities
M2M vs IoT: The Key Differences and Similarities
Navjyotsinh Jadeja
 
IoT Based Agriculture Monitoring and Smart Irrigation System using Raspberry Pi
IoT Based Agriculture Monitoring and Smart Irrigation System using Raspberry PiIoT Based Agriculture Monitoring and Smart Irrigation System using Raspberry Pi
IoT Based Agriculture Monitoring and Smart Irrigation System using Raspberry Pi
IRJET Journal
 
Industry 4.0 and Cyber physical systems Intro
Industry 4.0 and Cyber physical systems IntroIndustry 4.0 and Cyber physical systems Intro
Industry 4.0 and Cyber physical systems Intro
Dr Mohamed Elfarran
 
CAN (Controller Area Network) Bus Protocol
CAN (Controller Area Network) Bus ProtocolCAN (Controller Area Network) Bus Protocol
CAN (Controller Area Network) Bus Protocol
Abhinaw Tiwari
 
Bluetooth and Raspberry Pi
Bluetooth and Raspberry PiBluetooth and Raspberry Pi
Bluetooth and Raspberry Pi
Damien Magoni
 
Air and sound pollution monitoring system
Air and sound pollution monitoring systemAir and sound pollution monitoring system
Air and sound pollution monitoring system
AbhinavRajput49
 
IoT presentation
IoT presentationIoT presentation
IoT presentation
Rohit Mahali
 
Introduction to IoT - Unit I
Introduction to IoT - Unit IIntroduction to IoT - Unit I
Introduction to IoT - Unit I
Dr.M.Karthika parthasarathy
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"
Ahmed Mohamed Mahmoud
 
Smart Gloves for Blind
Smart Gloves for BlindSmart Gloves for Blind
Smart Gloves for Blind
IRJET Journal
 
The Internet of Things (IoT) and its evolution
The Internet of Things (IoT) and its evolutionThe Internet of Things (IoT) and its evolution
The Internet of Things (IoT) and its evolution
Sathvik N Prasad
 
IoT with Arduino
IoT with ArduinoIoT with Arduino
IoT with Arduino
Arvind Singh
 
Building Blocks for IoT Devices
Building Blocks for IoT DevicesBuilding Blocks for IoT Devices
Building Blocks for IoT Devices
Anil Gorthy
 
Pollution control using Internet Of Things
Pollution control using Internet Of ThingsPollution control using Internet Of Things
Pollution control using Internet Of Things
munindhar macherla
 
Edge and Fog computing, a use-case prespective
Edge and Fog computing, a use-case prespectiveEdge and Fog computing, a use-case prespective
Edge and Fog computing, a use-case prespective
Chetan Kumar S
 
1. Internet of Things - M2M to IoT
1. Internet of Things - M2M to IoT1. Internet of Things - M2M to IoT
1. Internet of Things - M2M to IoT
Jitendra Tomar
 
Problem Statements in Rural Area
Problem Statements in Rural AreaProblem Statements in Rural Area
Problem Statements in Rural Area
Nikhil D Prince
 
Twitter Today 2015 - How brand should use Twitter today
Twitter Today 2015 - How brand should use Twitter todayTwitter Today 2015 - How brand should use Twitter today
Twitter Today 2015 - How brand should use Twitter today
Rahmatullah Akbar
 
Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...
Nicholas Davis
 
Step-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformStep-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected Platform
Eric Vétillard
 
Java ring
Java ringJava ring
Java ring
Kaushik Banerjee
 
Eric java card-basics-140314
Eric java card-basics-140314Eric java card-basics-140314
Eric java card-basics-140314
Eric Vétillard
 
Secure Element Solutions
Secure Element SolutionsSecure Element Solutions
Secure Element Solutions
Ugo Chirico
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
Simmi Kamra
 

Contenu connexe

Tendances

Tendances (15)

Industry 4.0 and Cyber physical systems Intro
Industry 4.0 and Cyber physical systems IntroIndustry 4.0 and Cyber physical systems Intro
Industry 4.0 and Cyber physical systems Intro
 
CAN (Controller Area Network) Bus Protocol
CAN (Controller Area Network) Bus ProtocolCAN (Controller Area Network) Bus Protocol
CAN (Controller Area Network) Bus Protocol
 
Bluetooth and Raspberry Pi
Bluetooth and Raspberry PiBluetooth and Raspberry Pi
Bluetooth and Raspberry Pi
 
Air and sound pollution monitoring system
Air and sound pollution monitoring systemAir and sound pollution monitoring system
Air and sound pollution monitoring system
 
IoT presentation
IoT presentationIoT presentation
IoT presentation
 
Introduction to IoT - Unit I
Introduction to IoT - Unit IIntroduction to IoT - Unit I
Introduction to IoT - Unit I
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"
 
Smart Gloves for Blind
Smart Gloves for BlindSmart Gloves for Blind
Smart Gloves for Blind
 
The Internet of Things (IoT) and its evolution
The Internet of Things (IoT) and its evolutionThe Internet of Things (IoT) and its evolution
The Internet of Things (IoT) and its evolution
 
IoT with Arduino
IoT with ArduinoIoT with Arduino
IoT with Arduino
 
Building Blocks for IoT Devices
Building Blocks for IoT DevicesBuilding Blocks for IoT Devices
Building Blocks for IoT Devices
 
Pollution control using Internet Of Things
Pollution control using Internet Of ThingsPollution control using Internet Of Things
Pollution control using Internet Of Things
 
Edge and Fog computing, a use-case prespective
Edge and Fog computing, a use-case prespectiveEdge and Fog computing, a use-case prespective
Edge and Fog computing, a use-case prespective
 
1. Internet of Things - M2M to IoT
1. Internet of Things - M2M to IoT1. Internet of Things - M2M to IoT
1. Internet of Things - M2M to IoT
 
Problem Statements in Rural Area
Problem Statements in Rural AreaProblem Statements in Rural Area
Problem Statements in Rural Area
 

En vedette

Twitter Today 2015 - How brand should use Twitter today
Twitter Today 2015 - How brand should use Twitter todayTwitter Today 2015 - How brand should use Twitter today
Twitter Today 2015 - How brand should use Twitter today
Rahmatullah Akbar
 
Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...
Nicholas Davis
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
Simmi Kamra
 
Technical Overview of Java Card
Technical Overview of Java CardTechnical Overview of Java Card
Technical Overview of Java Card
Anshuman Sinha
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
Sheetal Verma
 

En vedette (17)

Twitter Today 2015 - How brand should use Twitter today
Twitter Today 2015 - How brand should use Twitter todayTwitter Today 2015 - How brand should use Twitter today
Twitter Today 2015 - How brand should use Twitter today
 
Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...
 
Step-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformStep-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected Platform
 
Java ring
Java ringJava ring
Java ring
 
Eric java card-basics-140314
Eric java card-basics-140314Eric java card-basics-140314
Eric java card-basics-140314
 
Secure Element Solutions
Secure Element SolutionsSecure Element Solutions
Secure Element Solutions
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
 
Technical Overview of Java Card
Technical Overview of Java CardTechnical Overview of Java Card
Technical Overview of Java Card
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
 
Secure Elements in Web Applications
Secure Elements in Web ApplicationsSecure Elements in Web Applications
Secure Elements in Web Applications
 
Java card technology
Java card technologyJava card technology
Java card technology
 
IoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutionsIoT summit - Building flexible & secure IoT solutions
IoT summit - Building flexible & secure IoT solutions
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information security
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
 
Javacard
Javacard Javacard
Javacard
 
NFC Basic Concepts
NFC Basic ConceptsNFC Basic Concepts
NFC Basic Concepts
 
Mobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessmentMobile Payment fraud & risk assessment
Mobile Payment fraud & risk assessment
 

Similaire à FIPS 201 / PIV

Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
IJRTEMJOURNAL
 
Cardholder authentication for the piv dig sig key nist ir-7863
Cardholder authentication for the piv dig sig key nist ir-7863Cardholder authentication for the piv dig sig key nist ir-7863
Cardholder authentication for the piv dig sig key nist ir-7863
RepentSinner
 
Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much more
indragantiSaiHiranma
 
SOTP_Introduction
SOTP_IntroductionSOTP_Introduction
SOTP_Introduction
Johnson Wu
 

Similaire à FIPS 201 / PIV (20)

Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
Improvement of a PIN-Entry Method Resilient to ShoulderSurfing and Recording ...
 
Biometric Access and Attendance Terminal
Biometric Access and Attendance TerminalBiometric Access and Attendance Terminal
Biometric Access and Attendance Terminal
 
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control PanelsmartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
 
How to Easily Upgrade to a Next-Generation Transit Payment System
How to Easily Upgrade to a Next-Generation Transit Payment SystemHow to Easily Upgrade to a Next-Generation Transit Payment System
How to Easily Upgrade to a Next-Generation Transit Payment System
 
Ynamono Hs Lecture
Ynamono Hs LectureYnamono Hs Lecture
Ynamono Hs Lecture
 
Cardholder authentication for the piv dig sig key nist ir-7863
Cardholder authentication for the piv dig sig key nist ir-7863Cardholder authentication for the piv dig sig key nist ir-7863
Cardholder authentication for the piv dig sig key nist ir-7863
 
IRJET- SteganoPIN:Two Faced Human-Machine Interface for Practical Enforcement...
IRJET- SteganoPIN:Two Faced Human-Machine Interface for Practical Enforcement...IRJET- SteganoPIN:Two Faced Human-Machine Interface for Practical Enforcement...
IRJET- SteganoPIN:Two Faced Human-Machine Interface for Practical Enforcement...
 
IRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor AuthenticationIRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor Authentication
 
Secure Your Edge-to-Cloud IoT Solution with Intel and AWS - IOT337 - re:Inven...
Secure Your Edge-to-Cloud IoT Solution with Intel and AWS - IOT337 - re:Inven...Secure Your Edge-to-Cloud IoT Solution with Intel and AWS - IOT337 - re:Inven...
Secure Your Edge-to-Cloud IoT Solution with Intel and AWS - IOT337 - re:Inven...
 
Bg24375379
Bg24375379Bg24375379
Bg24375379
 
Color Code PIN Authentication System Using Multi-TouchTechnology
Color Code PIN Authentication System Using Multi-TouchTechnologyColor Code PIN Authentication System Using Multi-TouchTechnology
Color Code PIN Authentication System Using Multi-TouchTechnology
 
IRJET - RFID based Automatic Entry Restricted Mechanism for Home Security
IRJET - RFID based Automatic Entry Restricted Mechanism for Home SecurityIRJET - RFID based Automatic Entry Restricted Mechanism for Home Security
IRJET - RFID based Automatic Entry Restricted Mechanism for Home Security
 
GBM Digital Hub
GBM Digital HubGBM Digital Hub
GBM Digital Hub
 
IRJET- A Noval and Efficient Revolving Flywheel Pin Entry Method Resilient to...
IRJET- A Noval and Efficient Revolving Flywheel Pin Entry Method Resilient to...IRJET- A Noval and Efficient Revolving Flywheel Pin Entry Method Resilient to...
IRJET- A Noval and Efficient Revolving Flywheel Pin Entry Method Resilient to...
 
Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much more
 
Cidway Bank Finance 01 2009 2 Fa Tr
Cidway Bank Finance 01 2009 2 Fa TrCidway Bank Finance 01 2009 2 Fa Tr
Cidway Bank Finance 01 2009 2 Fa Tr
 
Advanced Security System for Bank Lockers using Biometric and GSM
Advanced Security System for Bank Lockers using Biometric and GSMAdvanced Security System for Bank Lockers using Biometric and GSM
Advanced Security System for Bank Lockers using Biometric and GSM
 
Gvm project report g95
Gvm project report g95Gvm project report g95
Gvm project report g95
 
Smart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc paymentSmart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc payment
 
SOTP_Introduction
SOTP_IntroductionSOTP_Introduction
SOTP_Introduction
 

Dernier

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 

Dernier (20)

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 

FIPS 201 / PIV

  • 1. PIV (FIPS 201) Anshuman Sinha
  • 2.
  • 3.
  • 4.
  • 5.
  • 6. PIV Timeline Anshuman Sinha <anshuman.sinha2@gmail.com> 2004 2005 2006 Feb FIPS 201 HSPD-12 Aug ‘ 04 NPIVP Test Aug More Test Facilities Nov Biometry Specs. Dec ‘ 05 FIPS 201-1 June PIV Card / Reader IOP July Oct ‘ 06 PIV Target
  • 7.
  • 8.
  • 9.
  • 10.
  • 11. PIV – Java Card Architecture Card Operating System Java Card Virtual Machine Java Card Runtime Environment Java Card API Applet 3 Applet 2 Applet 1 Card Manager Currently Selected Applet Smartcard Controller + Crypto Co-processor Anshuman Sinha <anshuman.sinha2@gmail.com> APDU Response
  • 12. PIV – Multos Architecture MEL Java Basic C Editor Compiler Compiler Compiler Assembler Linker / Optimizer Loader Terminal Sim Debug Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 13. PIV – Java Card Application .Java Files .class Files AID .CAP Files .EXP Files Converter Compiler Loader Anshuman Sinha <anshuman.sinha2@gmail.com> Smartcard
  • 14.
  • 15.
  • 16. PIV Card Data Model Mandatory Data Optional Data Anshuman Sinha <anshuman.sinha2@gmail.com> Description Interface Access Rule Card Capabilities Container Contact Always Read Card Holder Unique Id Contact and Contactless Always Read X.509 for PIV Authentication Contact and Contactless Always Read Card Holder Finger Print I Contact PIN Printed Information Buffer Contact PIN Card Holder Facial Image Contact PIN X.509 for Digital Signature Contact PIN X.509 for Key Management Contact Always Read X.509 for Card Authentication Contact Always Read Security Object Contact Always Read
  • 17.
  • 18.
  • 19.
  • 20. PIV II Graduations - Physical Access Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels PIV Auth Mechanism Some Confidence VIS, CHUID High Confidence BIO Very High Confidence BIO-A , PKI
  • 21. PIV II Graduations - Logical Access Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels Local Auth Mechanism Remote Auth Mechanism Some Confidence CHUID PKI High Confidence BIO Very High Confidence BIO-A, PKI
  • 22.
  • 23.
  • 24. PIV II CHUID Auth Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 25. PIV II BIO AUTH Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 26. PIV II PKI AUTH Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 27. PIV II – Reader Design Goals Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels PIV Auth Mechanism Readers Some Confidence VIS, CHUID Design 1 High Confidence BIO Design 2 Very High Confidence BIO-A , PKI Design 3
  • 28.
  • 29.
  • 30.
  • 31. PIV II - Card End Point Card [Single Chip Dual Interface] Transition Card [Dual Chip Dual Interface] Transition II Card [Dual Chip Dual Interface] PIV II Applet CAC Applet PIV II Applet CAC Applet Anshuman Sinha <anshuman.sinha2@gmail.com>
  • 32.
  • 33. Assurance Levels Anshuman Sinha <anshuman.sinha2@gmail.com> Assurance Levels PIV Physical Auth Mechanism PIV Logical Auth Mechanism Some Confidence VIS, CHUID CHUID High Confidence BIO BIO Very High Confidence BIO-A , PKI BIO-A, PKI
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.