Module Name
ID-One PIV (Type B)
Historical Reason
RNG SP800-131A Revision 1 Transition
Caveat
When operated in FIPS mode with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 8.1
PIV Cert Number
19 [*] or #26 [**]
Security Level Exceptions
- Roles, Services, and Authentication: Level 3
- Physical Security: Level 3
- EMI/EMC: Level 3
- Design Assurance: Level 3
Description
This new generation PIV Card addresses current & future needs of both Federal and Corporate customers with built-in support for all the cryptographic algorithms defined in SP800-78-2 including TDEA, AES, RSA, ECDSA, & ECDH with all possible key sizes as well as key history for over 20 retired decryption keys. It offers Identity proofing (storage of personal data), User authentication, Card authentication, digital signature, encryption, & secure post issuance management in the PIV system. Its fingerprint match-on-card has been validated in the MINEX II PIV Biometric interoperability program.
Approved Algorithms
| AES |
Cert. #978 |
| CVL |
Cert. #4 |
| CVL |
Certs. #216 and #221 |
| ECDSA |
Cert. #120 |
| RNG |
Cert. #555 |
| RSA |
Cert. #471 |
| SHS |
Cert. #949 |
| Triple-DES |
Cert. #770 |
| Triple-DES MAC |
Triple-DES Cert. #770, vendor affirmed |
Other Algorithms
Triple-DES (Triple-DES Cert. #770, key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); AES (AES Cert. #978, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES MAC (AES Cert. #978; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Hardware Versions
P/Ns BF [1, 2] and C0 [3, 4]
Firmware Versions
0801 (with op-codes (071621 and 070534) [1], (071621 and 071891) [2], (071631 and 070544) [3] or (071631 and 071901) [4]) with ID-One PIV Applet Suite V2.3.2 [*] or V2.3.2-a [**]
