GlobalPlatform Configures Messaging Specification to Support Personalization of PIV Cards
Special configuration offers benefits to government ID programs worldwide
25 June, 2007 – GlobalPlatform, the international smart card specification organization, has published a special configuration of its Messaging Specification v1.0 to support a standardized process for batch personalization of Personal Identity Verification (PIV) cards, for use by any U.S. government agency or third party bureau.
The new PIV configuration of GlobalPlatform’s existing Messaging Specification, which meets the requirements of the US Government’s ‘Policy for a Common Identification Standard for Federal Employees and Contractors’ outlined in the Federal Information Processing Standard (FIPS) 201, offers the potential for a faster and more efficient pre-issuance stage in the PIV card lifecycle.
It could also result in economies of scale for the U.S. Government, if many or all agencies adopt the configuration and base their PIV programs on GlobalPlatform’s open and interoperable technology, which now supports PIV requirements at both the card and systems level.
The U.S. Department of Defense was particularly interested in a commercial off-the shelf solution which would allow the Common Access Card (CAC) program to move from a proprietary pre-issuance format to a standard messaging format as proposed by GlobalPlatform. While the development of the PIV Configuration for Messaging v1.0 meets the enhanced identification and authentication requirements of the U.S. Government, it is a publicly available document. It can therefore be adapted to offer standardization benefits for governments world-wide choosing to deploy similar smart card based ID programs.
Lynne Prince , Division Chief of Card Technology and Identity Solutions, a division of the Defense Manpower Data Center which is responsible for issuing all U.S. DoD identity cards, comments: “As an active member of GlobalPlatform, the U.S. DoD collaborated closely with the GlobalPlatform PIV Task Force on this configuration. In addition to presenting a secure and compliant standard for use by the U.S. Government, this development also represents a base line of standardization work applicable to any government world-wide.”
Christophe Biehlmann, Chair of the GlobalPlatform Systems Committee and Software Architect at Datacard Group, adds: “One of GlobalPlatform’s aims is to address the standardization needs of specific markets and environments by offering configurations of its card, device and systems technology. Not only has this recent development been successful in meeting the requirements of the US DoD, but it has also provided us with some technical updates which will be incorporated into the next version of the GlobalPlatform Messaging Specification, v1.1, scheduled for release in Q4 07.”
The new PIV Configuration for Messaging v1.0 is now available for public download at www.globalplatform.org.
The GlobalPlatform Messaging Specification v1.0 standardizes communication between components within a systems infrastructure, by:
- Defining the roles of the ‘actors’ in the infrastructure and what needs to be communicated between them, and
- Defining the format and data requirements of messages to be exchanged.
The new PIV configuration of this specification defines GlobalPlatform Messaging options specifically relevant to PIV, or FIPS201 compliant, cards, by mapping PIV requirements against traditional messaging roles and defining mandatory messages to be exchanged in the PIV environment.
A primary goal of the configuration is to allow interoperable implementations of the corresponding GlobalPlatform XML messages, and to set clear expectations regarding the behavior of the systems which generate or process these messages.
The new PIV Configuration for Messaging will be used by developers, architects or system integrators intending to provide or use the interface needed to personalize PIV cards in batch.
*About Personal Identity Verification (PIV) of Federal Employees and Contractors
Source: Computer Security Resource Center – http://csrc.nist.gov/piv-program/
In response to Homeland Security Presidential Directive (HSPD)-12, the US National Institute of Standards and Technology (NIST) Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors for access to Federal facilities and information systems. Federal Information Processing Standard (FIPS) 201, entitled Personal Identity Verification of Federal Employees and Contractors, was developed to satisfy the requirements of HSPD 12, approved by the Secretary of Commerce, and issued on February 25, 2005.
FIPS 201 incorporates three technical publications specifying several aspects of the required administrative procedures and technical specifications that may change as the standard is implemented and used. NIST Special Publication 800-73, “Interfaces for Personal Identity Verification” specifies the interface and data elements of the PIV card; NIST Special Publication 800-76, Biometric Data Specification for Personal Identity Verification” specifies the technical acquisition and formatting requirements for biometric data of the PIV system; and NIST Special Publication 800-78, “Cryptographic Algorithms and Key Sizes for Personal Identity Verification” specifies the acceptable cryptographic algorithms and key sizes to be implemented and used for the PIV system.
In addition, a number of guidelines, reference implementations, and conformance tests have been identified as being needed to: implement and use the PIV system; protect the personal privacy of all subscribers of the PIV system; authenticate identity source documents to obtain the correct legal name of the person applying for a PIV “card”; electronically obtain and store required biometric data (e.g., fingerprints, facial images) from the PIV system subscriber; create a PIV “card” that is “personalized” with data needed by the PIV system to later grant access to the subscriber to Federal facilities and information systems; assure appropriate levels of security for all applicable Federal applications; and provide interoperability among Federal organizations using the standards.
GlobalPlatform is the global leader in smart card infrastructure development and its proven, technical specifications for cards, devices and systems are known as the standard for smart card infrastructure. GlobalPlatform is a member driven association with cross-industry representation from all world continents. For more information about GlobalPlatform, visit: www.globalplatform.org