Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Draft Special Publication 800-73-4, Interfaces for Personal Identity Verification, and Draft Special Publication 800-78-4, Cryptographic Algorithms and Key Sizes for Personal Identity Verification, are now available
May 13, 2013

#1 -- NIST announces that Draft Special Publication 800-73-4, Interfaces for Personal Identity Verification, is now available for public comment. This document has been updated to align with Candidate Final FIPS 201-2. Major changes in draft SP 800-73-4 include:

  • Removal of Part 4, The PIV Transitional Data Model and Interfaces;
  • The addition of specifications for secure messaging and the virtual contact interface, both of which are optional to implement;
  • The specification of an optional Cardholder Universally Unique Identifier (UUID) as a unique identifier for a cardholder;
  • The specification of an optional on-card biometric comparison mechanism, which may be used as a means of performing card activation and as a PIV authentication mechanism; and
  • The addition of a requirement for the PIV Card Application to enforce a minimum PIN length of six digits.

#2 --- NIST announces that Draft Special Publication 800-78-4, Cryptographic Algorithms and Key Sizes for Personal Identity Verification, is now available for public comment. The document has been modified add algorithm and key size requirements for secure messaging and to add requirements for Cryptographic Algorithm Validation Program (CAVP) validation testing. In particular, the following changes are introduced in draft SP 800-78-4:

  • Algorithm and key size requirements for the optional PIV Secure Messaging key have been added.
  • RSA public keys may only have a public exponent of 65,537. (Client applications are still encouraged to be able to process RSA public keys that have any public exponent that is an odd positive integer greater than or equal to 65,537 and less than 2256.)
  • A new Section was added to provide requirements for CAVP validation testing.

Comment period on both publication CLOSED on: June 14, 2013. Questions? Send email to: piv_comments@nist.gov.

Created December 22, 2016, Updated August 17, 2017