The Presidential Mandate (HSDP12) and Secure Credentials

In-line with a greater need for higher security in personal identity credentials, the US government has initiated the Personal Identity Verification (PIV) program for all federal agencies personnel and contractors.  The President issued a mandate that all agencies are to upgrade physical and logical access control to utilise smart card technology.  In response to this, Keycorp has worked with partner StepNexus, to develop an application for MULTOS that is designed to comply with the FIPS201 (specifically SP800-73) specification.  The platform is the Keycorp MULTOS 64K dual-interface product on the Infineon SLE66CLX640P secure silicon.

MULTOS PIV Application

• The MULTOS PIV application meets the SP800-73 specification as set out by NIST.
  
  
• Supports T=0; T=1; PPS on ISO7816 contact interface
  
  
• Supports T=CL; Type A (106kbps) or Type B (up to 424kbps); on the ISO14443 contactless interface
  
  
• Supports 2048-bit RSA key-pair generation
  
  
• Cardholder Facial image file up to 12KB
  
  
• X.509 certificates for PIV authentication, digital signature, key management and card authentication
  
  
• Full CHUID or FASC-N over contactless interface

Supported APDU Commands

As defined by SP800-73, the PIV application supports the commands as follows:

PIV Data Objects

The PIV application supports the PIV data objects as shown below:

Data Object Name	BER-TLV tag	App Version 4.1 Container Size (bytes)
Card Holder Unique Identifier	0x5FC102	404
Card Holder Fingerprint	0x5FC103	3437
X.509 Certificate for PIV Authentication	0x5FC105	1914
Security Object	0x5FC106	4054
Card Capability Container	0x5FC107	124
Card Holder Facial Image	0x5FC108	12729
Printed Information	0x5FC109	1914
X.509 Certificate for Digital Signature	0x5FC10A	1914
X.509 Certificate for Key Management	0x5FC10B	1914
X.509 Certificate for Card Authentication	0x5FC101	1914