jim dray porvoo 7 world eid meeting may 2005
Download
Skip this Video
Download Presentation
Status of U.S. Smart Card Deployment

Loading in 2 Seconds...

play fullscreen
1 / 14

Status of U.S. Smart Card Deployment - PowerPoint PPT Presentation


  • 130 Views
  • Uploaded on

Jim Dray Porvoo 7/ World eID Meeting May 2005. Status of U.S. Smart Card Deployment. History. Government Smart Card Program 2000 Interoperability Specification NISTIR 6887 Basis for some agency deployments Department of Defense Common Access Card Transportation Worker Identification Card

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Status of U.S. Smart Card Deployment' - rimona


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
jim dray porvoo 7 world eid meeting may 2005
Jim Dray

Porvoo 7/ World eID Meeting

May 2005

Status of U.S. Smart Card Deployment
history
History
  • Government Smart Card Program 2000
    • Interoperability Specification NISTIR 6887
    • Basis for some agency deployments
      • Department of Defense Common Access Card
      • Transportation Worker Identification Card
  • No strong mandate for card deployment across agencies
  • Gradual progress up to 27 August 2004...
homeland security presidential directive 12
Homeland Security Presidential Directive 12
  • Signed by the President 27 August 2004
  • Federal agencies are directed to deploy secure and reliable forms of authentication for employees and contractors that can be rapidly authenticated electronically
  • NIST is directed to develop the technical framework and promulgate a Federal Information Processing Standard for Personal Identity Verification
federal information processing standard 201
Federal Information Processing Standard 201
  • Published 25 February 2005
  • Technical framework for Personal Identity Verification (PIV)
  • Two implementation phases:
    • Meet control objectives by October 2005 (I)
    • Deploy interoperable PIV card systems (II)
    • Each agency will negotiate a Phase II completion date with the Office of Mangement and Budget
special publication 800 73
Special Publication 800-73
  • “Interfaces for Personal Identity Verification” 8 April 2005
  • Technical specifications for PIV card interface, client API, and data model
  • Based on evolution of GSC concepts:
    • Unified card interface
    • Technology neutral (VM card, file system card)
    • Standards compliant (ISO)
other piv special publications
Other PIV Special Publications
  • SP800-76: Biometric Data Specification for Personal Identity Verification (Draft)
  • SP800-78: Cryptographic Algorithms and Key Sizes for Personal Identity Verification
  • SP800-79: Issuer Organization Accreditation Guidance (comment draft 17 June)
non government standards
Non-government Standards
  • ISO 24727: Smart card interoperability framework
  • Considering a national standard (ANSI) to fill the gap between GSC and ISO 24727
iso 24727
ISO 24727
  • ISO JTC1/SC17 WG4/TF9
    • Teresa Schwarzhoff(NIST), Convener
    • http://www.iso.org/jtc1/sc17/wg4/tf9
  • Standardize a set of programming interfaces for Identification, Authentication, Signature
  • The primary focus is interoperability between applications, middleware, cards
iso 24727 document status
ISO 24727 Document Status
  • Part 1
    • Overarching framework
    • Status: First Committee Draft ballot completed, CD resolution of comments: May 31, 2005
  • Part 2
    • Describes common card interface
    • Status: In CD ballot stage, closes August 2005
  • Part 3
    • New territory for smart card standards: Client API, middleware
    • Set of services: connection, discovery, retrieval, identity, cryptography
    • Status: Possible CD candidate by Oct 2005
u s smart card landscape
U.S. Smart Card Landscape
  • GSC Interoperability Specification is a legacy card framework
  • ISO 24727 is the future framework
  • PIV (SP800-73) is a card application specification looking for a framework
  • A U.S. National Standard may provide an intermediate path between GSC and ISO 24727?
u s gsc planned work
U.S. GSC Planned Work
  • Formal Standards, international coordination
  • PIV Reference Implementation (25 June)
  • PIV Conformance Test Program (25 August)
  • Procurement Guidance: General Services Administration
  • Deployment Guidance: Office of Management and Budget
  • And so on...
major challenges
Major Challenges
  • PIV Infrastructure
  • Business model changes for Federal agencies
  • Positioning the PIV application specification with respect to ISO 24727
  • Conformance testing
  • Commercial product availability does NOT appear to be a problem in the SP800-73 domain
    • 3 cards already claim PIV compliance (beta)!
conclusion

Our PIV work in the U.S. has only begun, but the timing is good. After all, I retire in eight years so I may live to see full deployment of PIV cards.

Conclusion
contact details

[email protected]: GSC Chief Architect

[email protected]: GSC Standards Program Manager

[email protected]: PIV Project Manager

PIV Website: http://csrc.nist.gov/piv-project

Contact Details
ad