Advertisement

​Federal smart cards about to get smarter

NIST has issued new specifications for the next generation of federal identity verification cards designed to work with mobile devices.

Federal personal identification verification cards ­— better known as PIV cards — are about to get a technical facelift.

The National Institute of Standards and Technology, or NIST, has released updated technical specifications and guidance for the next generation of “smart” identity cards used by federal government employees and contractors to gain access to government facilities and computers.

The next generation PIV cards will enable federal employees to connect securely to government computer networks from smart phones and other mobile devices, and provide enhanced security features to verify the identity of federal workers.

The PIV cards in use today contain a microchip that stores digital credentials, including an employee’s photo, fingerprint information, a PIN code and other details, but require card readers that must be attached to computers and mobile devices to complete the verification process.

Advertisement

The new specifications add protections to wireless communications between the PIV card and a mobile device.

“We specified a secure communication mechanism so that the next generation PIV Card can be used with mobile devices, enabling federal employees to connect securely to government computer networks, encrypt or sign email from such devices,” said NIST computer scientist Hildegard Ferraiolo, co-author of the publications.

The new specifications also provide additional ways to prove, or authenticate, the cardholder’s identity. One method, called on-card biometric comparison, helps preserve a cardholder’s privacy using a technique that eliminates the need for an individual’s fingerprint data to ever leave the card. Another new security feature prevents a cardholder from changing the PIN to one that is too short.

“It’s encouraging to see NIST continue to improve the capabilities and security associated with the government’s PIV card,” said Dave Wennergren, senior vice president at the Professional Services Council. A decade ago, as Navy CIO, Wennergren chaired a Defense Department working group responsible for deploying the Common Access Card, which helped launch the use of digitally encoded identification cards for government employees and contractors.

“These enhancements should continue to increase the value of the card and we should applaud NIST’s work. That said though, we must also face the fact that it takes time to implement a new version of a smart card, particularly for a large agency,” he said. “Even after the preliminary work to buy cards and prepare for issuance, new cards will slowly replace expiring cards over a period of several years,” he said.

Advertisement

Wennergren also cautioned that more than a decade after Homeland Security Presidential Directive 12, “there are still far too many government agencies not using the card’s capabilities for cryptographic log-on to networks, digital signatures and physical access. If it’s only being used as a ‘flash pass,’ the new features are wasted,” he said.

The updated NIST specifications are contained in two documents, one dealing with interfaces for personal identity verification and the other detailing cryptographic algorithms needed to maintain the security of the PIV cards. The publications are intended for U.S. government agencies to upgrade their PIV cards, or for vendors that make the cards or develop hardware and software to work with the cards.

Wyatt Kash

Written by Wyatt Kash

Wyatt Kash is an award-winning editor/journalist and digital content and media specialist who has been covering the government technology market for the past two decades. He currently serves as Senior Vice President of Content Strategy for Washington, DC-based Scoop News Group, where he leads content strategy and development for SNG's clients. Before joining SNG in 2014, he previously led content and community development for InformationWeek; co-led a start-up team at AOL to launch, manage and market an online news platform aimed at government, defense and technology industry executives; and served in senior management and content development positions at The Washington Post's Tech Media group, 1105 Media, Hanley Wood and Lebhar-Friedman. He has interviewed hundreds of CEOs and top executives and spoken on industry trends at events throughout the U.S., Europe, Asia and the Middle East. His editorial teams have been recognized with more than three dozen journalism awards. A graduate of Syracuse University’s S.I. Newhouse School of Public Communications, he earned national honors as a recipient of the G.D. Crain Award, given to one individual annually for outstanding career contributions to editorial excellence in American business media.

Latest Podcasts