ID SYSTEMS: Flipping Over FIPS 201
Verifying the identity of individuals both within an organization and among different organizations has become critically important. Although the skill sets and technologies for logical and physical access remain specialized, requirements for uniform security policy enforcement and the adoption of new access control technologies are driving dramatic and necessary changes to integrate both functions and systems, according to recent white paper by the Smart Card Alliance, Princeton Junction, N.J.
A prime example is Homeland Security Presidential Directive 12 (HSPD-12), issued by President George W. Bush in mid-2004. This policy aims to enhance security, increase efficiency, reduce identity fraud, and protect personal privacy.
HSPD-12 also requires that the Federal credential (the Personal Identity Verification or PIV card) be secure and reliable and that:
- Is issued based on sound criteria for verifying an individual’s identity;
- Is strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation;
- Can be rapidly authenticated electronically; and
- Is issued only by providers whose reliability has been established by an official accreditation process
FIPS 201 incorporates three technical publications that may change as the standard is implemented and used. Interfaces for Personal Identity Verification specify the interface and data elements of the PIV card; Biometric Data Specification for Personal Identity Verification specifies technical acquisition and formatting requirements for biometric data of the PIV system; and Cryptographic Algorithms and Key Sizes for Personal Identity Verification specify the acceptable cryptographic algorithms and key sizes for the PIV system.
In addition, a number of guidelines, reference implementations and conformance tests have been identified.
For FIPS 201 and Physical Access Control: An Overview of the Impact of FIPS 201 on Federal Physical Access Control Systems, a Smart Card Alliance Physical Access Council white paper, September 2005, or Physical Access Control Systems and FIPS 201, a Smart Card Alliance Physical Access Council briefing presentation, January 2006, go to www.smartcardalliance.org. For information on how biometrics fits into FIPS 201, check the Biometrics Consortium at www.biometrics.org. NIST data on PIV is at www.csrc.nist.gov/piv-program. Or use the Security Magazine search engine LINX, powered by Google.