Module Name
ID-One PIV (Type A)
Historical Reason
RNG SP800-131A Revision 1 Transition
Caveat
When operated in FIPS mode with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 8.1
PIV Cert Number
18 [1], #25 [2] or #36 [3]
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Physical Security: Level 4
- EMI/EMC: Level 3
- Design Assurance: Level 3
Description
This new generation PIV Card addresses current and future needs of both Federal & Corporate customers with built-in support for all the cryptographic algorithms defined in SP800-78-2 including TDEA, AES, RSA, ECDSA, & ECDH with all possible key sizes as well as key history for over 20 retired decryption keys. It offers Identity proofing (storage of personal data), User authentication, Card authentication, digital signature, encryption, and secure post issuance management in the PIV system. Its fingerprint match-on-card has been validated in the MINEX II PIV Biometric interoperability program.
Approved Algorithms
| AES |
Cert. #840 |
| CVL |
Cert. #3 |
| CVL |
Certs. #215 and #220 |
| ECDSA |
Cert. #94 |
| RNG |
Cert. #480 |
| RSA |
Cert. #403 |
| SHS |
Cert. #833 |
| Triple-DES |
Cert. #698 |
| Triple-DES MAC |
Triple-DES Cert. #698, vendor affirmed |
Other Algorithms
Triple-DES (Triple-DES Cert. #698, key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); AES (AES Cert. #840, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES MAC (AES Cert. #840; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Hardware Versions
P/Ns B0 and BA
Firmware Versions
FC10 (with op-codes 069778 or 071964) with ID-One PIV Applet Suite V2.3.2 [1], V2.3.2-a [2] or V2.3.4 [3]
