Government ID, Smart Cards, Identification and Authentication

NIST releases two papers dealing with identity

Wednesday, September 9, 2009

Two publications from the National Institute of Standards and Technology describe new capabilities for authentication systems using smart cards or other personal security devices within and outside federal government applications.

One report describes a NIST-led international standard, ISO/IEC 24727, which defines a general-purpose identity application programming interface (API). The other is a draft publication on refinements to the Personal Identity Verification (PIV) specification.

NIST is responsible for developing specifications for PIV cards required for the government under HSPD-12. The goal is to develop methods that allow each worker to have a PIV card that works with PIV equipment at all government agencies and with all card-reader equipment regardless of the manufacturer.

Because there is growing interest in using secure identity credentials, like PIV cards, for multiple applications beyond the federal workplace, NIST provided its smart card research expertise in the development of the ISO/IEC 24727 international standard. The standard aims to provide a set of authentication protocols and services common to identity management frameworks.

The new NIST report describes the standard’s general-purpose identity application programming interface, the “Service Access Layer Interface for Identity (SALII),” which enables cards and readers to communicate and operate with applications. The report also describes a proof-of-concept experiment demonstrating that existing PIV cards and readers can work interoperable with ISO/IEC 24727. The applications tested included logging on to Windows or Linux systems, signing and encrypting email, and performing Web authentications.

The report on ISO 24727 can be downloaded here.

The other publication - Special Publication 800-73-3, Interfaces for Personal Identity Verification - provides specifications for PIV-Interoperable and PIV-Compatible cards issued by non-federal issuers, which also may be used with the federal system.

It also provides specifications designed to ease implementation, facilitate interoperability and ensure performance of PIV applications in the federal workplace. The new publication specifies a PIV data model, card edge interface and application programming interface. The report also provides editorial changes to clarify information in the earlier version.

The draft version of NIST SP 800-73-3 is open for public comment through Sept. 13. The document is available online here[end] 

Related Articles
Smart Card Alliance releases NFC transit report

The Smart Card Alliance Transportation Council has published a white paper examining how the transit industry can best make use of NFC technology.

“One of the major challenges facing transit agencies today is how to capitalize on the ever-growing popularity of mobile phones with a solid mobile strategy,” said Transportation Council Chairman Craig Roberts. “This white paper builds on the knowledge base developed in earlier white papers to foster a greater understanding of NFC technology, explain its role in the transit industry, and shed light on key issues facing the transit industry in developing a mobile strategy.”

read more »
NIST seeks proposals for Web-enabled biometric device

The National Institute of Standards and Technology (NIST) wants to see a biometric scanning device that has Web-enabled communication and control that’s built on a publicly-available specification, reports Bank Info Security. To that end, it’s looking for proposals for such a device.

read more »
NIST seeks proposals for NSTIC pilots

The National Institute of Standards and Technology announced a competition to award a approximately $10 million for pilot projects to accelerate progress toward improved systems for interoperable, trusted online credentials that go beyond simple user IDs and passwords.

read more »
Intercede releases new service pack for MyID

Intercede has announced the release of Service Pack 1 for its biometric identity and credential management system MyID PIV v9.

The upgrades included in the new service pack are bringing Personal Identification Verification (PIV), PIV-I and PIV-C credential issuance into one system. Additional upgrades in the service pack are aimed at reducing time and costs involved in help desk functions by improving card expiration date control, policy control, offline unlock, self-service PIN reset and reinstating and re-provisioning of cards all from the system GUI.  

read more »
UnboundID releases SCIM-enabled products

UnboundID, a provider of identity data solutions for cloud, telco, and enterprise computing, released products based on the Simple Cloud Identity Management (SCIM) standard. By supporting SCIM, UnboundID can provide a standardized and simpler solution for organizations provisioning and managing user identities across multiple cloud-based services, including IaaS, PaaS and SaaS offerings.

read more »
Codebench releases PACS SDK

Florida-based Codebench has released IDSync, a software development kit that enables automated provisioning and deprovisioning of users and credentials into a supported physical access control system.

read more »

Copyright © 2012, AVISIAN, Inc. All rights reserved.