PIV Data Model Testing

Ketan Mehta
mehta_ketan@nist.gov
March 3, 2006
 Agenda

PIV Test Environment

Test Methodology
Test Areas
Schedule
 PIV Test Environment
Test Toolkit Application

Host
PIV Client Application Programming Interface PC
PIV
MIDDLEWARE PIV Card Command Calls
(SP 800-73)

Card Reader Driver

Smart Card
Card Reader Reader

PIV Card Application

PIV Card Command

PIV CARD Interface
(FIPS 201,
SP 800-73, PIV Data Model
SP 800-76,
SP 800-78)
 Agenda

PIV Test Environment

Test Methodology
Test Areas
Schedule
 PIV Test Methodology

Inputs Process Outputs

FIPS 201
Derived Test Requirements
SP 800-73
&
Test Results
SP 800-76 Test Assertions
SP 800-78 NIST Test Guidance SP 800-85

NPIVP Certificate
Lab Testing: PIV Data Model
Conformance to Testing*
SP 800-73
Self-certification
Lab Activity Agency Activity**
SP 800-85A SP 800-85B

* Conformance to FIPS 201, SP 800-76, and SP 800-78

** The process is currently being defined
 Agenda

PIV Test Environment

Test Methodology
Test Areas
Schedule
 Test Areas

CHUID Data Object

Security Object
Biometric Data Object
PKI Keys and Certificates

Note that all test requirements are designed to:

- Validate the format of PIV data
- Validate values in the fields
- Validate computation such as signatures or data comparison
 SP 800-85B PIV Biometrics Testing
Test Toolkit Application

PIV PIV Client Application Programming Interface

Agency /
MIDDLEWARE
System
PIV Card Command Calls Integrator

Card Reader Driver

Data Under Test
Smart Card
Reader Card Reader Finger print stored for FBI
Transmission

PIV Card Application Finger print stored for PIV

Enrollment
PIV Card Command
PIV CARD Interface
(SP 800-73 Finger print minutiae for PIV
Conformant) Card
PIV Data Model

Facial Image for PIV Card

 SP 800-85B Biometric Data Conformance

Enrollment Process Integrated Verification Process

Face Templating PIV Fingerprint Matching
Fingerprint Templating
CBEFF Header Generation Biometrics
PIV-Specific Enrollment Procedures Process

Documentation (Fingerprint and Facial Acquisition, Equipment, Procedures)

Format Validation Human Inspection Performance Tests

Tested through - Dependent on the - Quality dependent

SP 800-85B policy requirements on the MINEX04
and procedural steps test results
- External to PIV - External to PIV
Testing testing
 SP 800-85B PIV PKI Testing
Test Toolkit Application Agency /
System
Integrator
Card Reader Driver

Smart Card
Card Reader Reader

PIV Card Application

PIV Card Command

Interface
PIV Card

PIV Data Model

Signature
Data Under Test Conformance Algorithm Certificate
Conformance Profile
Conformance
 SP 800-85B Cryptographic Objects Conformance
Signature Conformance

Validate signatures on all signed PIV objects

Validate signature block format on all signed PIV
objects
o Validate encoding of Cryptographic Message Syntax
external digital signature
Validate values in certain fields of the signature
block
o Validate algorithms employed are in agreement with SP
800-78
o Values are consistent with other data objects on the PIV
Card
 SP 800-85B Cryptographic Objects Conformance
Certificate Conformance

Validate the presence of CRL and OCSP

URLs
Validate NACI indicator field
 SP 800-85B BER-TLV Format Conformance

The tags and lengths in various data objects

should conform to specifications in
Appendix A of SP 800-73.
 Tentative Schedule

Draft SP 800-85B April 3rd

Final SP 800-85B April 28th