1 / 14

Status of U.S. Smart Card Deployment

Jim Dray Porvoo 7/ World eID Meeting May 2005. Status of U.S. Smart Card Deployment. History. Government Smart Card Program 2000 Interoperability Specification NISTIR 6887 Basis for some agency deployments Department of Defense Common Access Card Transportation Worker Identification Card

rimona
Download Presentation

Status of U.S. Smart Card Deployment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Jim Dray Porvoo 7/ World eID Meeting May 2005 Status of U.S. Smart Card Deployment

  2. History • Government Smart Card Program 2000 • Interoperability Specification NISTIR 6887 • Basis for some agency deployments • Department of Defense Common Access Card • Transportation Worker Identification Card • No strong mandate for card deployment across agencies • Gradual progress up to 27 August 2004...

  3. Homeland Security Presidential Directive 12 • Signed by the President 27 August 2004 • Federal agencies are directed to deploy secure and reliable forms of authentication for employees and contractors that can be rapidly authenticated electronically • NIST is directed to develop the technical framework and promulgate a Federal Information Processing Standard for Personal Identity Verification

  4. Federal Information Processing Standard 201 • Published 25 February 2005 • Technical framework for Personal Identity Verification (PIV) • Two implementation phases: • Meet control objectives by October 2005 (I) • Deploy interoperable PIV card systems (II) • Each agency will negotiate a Phase II completion date with the Office of Mangement and Budget

  5. Special Publication 800-73 • “Interfaces for Personal Identity Verification” 8 April 2005 • Technical specifications for PIV card interface, client API, and data model • Based on evolution of GSC concepts: • Unified card interface • Technology neutral (VM card, file system card) • Standards compliant (ISO)

  6. Other PIV Special Publications • SP800-76: Biometric Data Specification for Personal Identity Verification (Draft) • SP800-78: Cryptographic Algorithms and Key Sizes for Personal Identity Verification • SP800-79: Issuer Organization Accreditation Guidance (comment draft 17 June)

  7. Non-government Standards • ISO 24727: Smart card interoperability framework • Considering a national standard (ANSI) to fill the gap between GSC and ISO 24727

  8. ISO 24727 • ISO JTC1/SC17 WG4/TF9 • Teresa Schwarzhoff(NIST), Convener • http://www.iso.org/jtc1/sc17/wg4/tf9 • Standardize a set of programming interfaces for Identification, Authentication, Signature • The primary focus is interoperability between applications, middleware, cards

  9. ISO 24727 Document Status • Part 1 • Overarching framework • Status: First Committee Draft ballot completed, CD resolution of comments: May 31, 2005 • Part 2 • Describes common card interface • Status: In CD ballot stage, closes August 2005 • Part 3 • New territory for smart card standards: Client API, middleware • Set of services: connection, discovery, retrieval, identity, cryptography • Status: Possible CD candidate by Oct 2005

  10. U.S. Smart Card Landscape • GSC Interoperability Specification is a legacy card framework • ISO 24727 is the future framework • PIV (SP800-73) is a card application specification looking for a framework • A U.S. National Standard may provide an intermediate path between GSC and ISO 24727?

  11. U.S. GSC Planned Work • Formal Standards, international coordination • PIV Reference Implementation (25 June) • PIV Conformance Test Program (25 August) • Procurement Guidance: General Services Administration • Deployment Guidance: Office of Management and Budget • And so on...

  12. Major Challenges • PIV Infrastructure • Business model changes for Federal agencies • Positioning the PIV application specification with respect to ISO 24727 • Conformance testing • Commercial product availability does NOT appear to be a problem in the SP800-73 domain • 3 cards already claim PIV compliance (beta)!

  13. Our PIV work in the U.S. has only begun, but the timing is good. After all, I retire in eight years so I may live to see full deployment of PIV cards. Conclusion

  14. james.dray@nist.gov: GSC Chief Architect teresa.schwarzhoff@nist.gov: GSC Standards Program Manager william.barker@nist.gov: PIV Project Manager PIV Website: http://csrc.nist.gov/piv-project Contact Details

More Related