PIV Cards Interoperability

The data objects and keys placed on a PIV Card during issuance use specific cryptographic algorithms selected from the acceptable algorithms in [SP800-78]. A PACS application can interrogate the card to learn which algorithms are used.

To attain full interoperability, a relying PACS application will need to support all acceptable algorithms, key lengths, and key material that could be presented, either by a PIV Card [..]

PIV CARDS – Authentication Capability

Deployed PACS readers use proximity or magnetic stripe technology to interface with identity cards and use proprietary protocols to communicate data. Some of these proprietary protocols employ cryptography, but their use is limited to the local site.

Recommendation for the Use of PIV Credentials in PACScredentials that could be used for a new generation of identity management technology for building access. FIPS 201 and its supporting special publications define the credential [..]

PIV Cards | Counterfeiting | Skimming | Cloning | Social Engineering

Terminated PIV Cards

PIV Cards may be terminated for a number of reasons, including a lost or stolen card. A terminated PIV Card could continue to open doors with the CHUID authentication mechanism long after the card has been terminated.

The check for termination should be performed by a status check, using either the Online Certificate Status Protocol (OCSP) or Certificate Revocation Lists (CRL), on a PIV authentication certificate. Credential validation is [..]

PIV Systems – Threat Environment

The PIV System is defined to enhance security and trust in identity credentials, but no practical system can guarantee perfect security. This section discusses known technical threats to PIV authentication mechanisms, especially the CHUID authentication mechanism.

Methods of attack are described in general terms, and this is not an exhaustive list of possible attacks. Attackers often succeed by exploiting overlooked or newly [..]