Special Publication 800-73-4 Interfaces for Personal Identity Verification – Part 1: PIV
Card Application Namespace, Data Model and Representation
ix
Table of Contents
I. REVISION HISTORY .................................................................................................................................... IV
II. CONFIGURATION MANAGEMENT .......................................................................................................... VI
III. NPIVP CONFORMANCE TESTING ......................................................................................................... VII
IV. ERRATA ....................................................................................................................................................... VIII
1. INTRODUCTION ............................................................................................................................................. 1
1.1 PURPOSE ........................................................................................................................................................ 1
1.2 SCOPE ............................................................................................................................................................. 1
1.3 EFFECTIVE DATE ............................................................................................................................................ 1
1.4 AUDIENCE AND ASSUMPTIONS ....................................................................................................................... 2
1.5 DOCUMENT OVERVIEW AND STRUCTURE ....................................................................................................... 2
2. PIV CARD APPLICATION NAMESPACES ................................................................................................. 3
2.1 NAMESPACES OF THE PIV CARD APPLICATION .............................................................................................. 3
2.2 PIV CARD APPLICATION AID ........................................................................................................................ 3
3. PIV DATA MODEL ELEMENTS ................................................................................................................... 4
3.1 MANDATORY DATA ELEMENTS ..................................................................................................................... 4
3.1.1 Card Capability Container .................................................................................................................. 4
3.1.2 Card Holder Unique Identifier............................................................................................................. 5
3.1.3 X.509 Certificate for PIV Authentication ............................................................................................. 7
3.1.4 X.509 Certificate for Card Authentication ........................................................................................... 7
3.1.5 Cardholder Fingerprints ...................................................................................................................... 7
3.1.6 Cardholder Facial Image ..................................................................................................................... 7
3.1.7 Security Object ..................................................................................................................................... 7
3.2 CONDITIONAL DATA ELEMENTS .................................................................................................................... 8
3.2.1 X.509 Certificate for Digital Signature ................................................................................................ 8
3.2.2 X.509 Certificate for Key Management ................................................................................................ 8
3.3 OPTIONAL DATA ELEMENTS .......................................................................................................................... 9
3.3.1 Printed Information ............................................................................................................................. 9
3.3.2 Discovery Object .................................................................................................................................. 9
3.3.3 Key History Object ............................................................................................................................. 10
3.3.4 Retired X.509 Certificates for Key Management ............................................................................... 12
3.3.5 Cardholder Iris Images ...................................................................................................................... 12
3.3.6 Biometric Information Templates Group Template ........................................................................... 12
3.3.7 Secure Messaging Certificate Signer ................................................................................................. 12
3.3.8 Pairing Code Reference Data Container ........................................................................................... 13
3.4 INCLUSION OF UNIVERSALLY UNIQUE IDENTIFIERS (UUIDS) ...................................................................... 13
3.4.1 Card UUID ........................................................................................................................................ 13
3.4.2 Cardholder UUID .............................................................................................................................. 14
3.5 DATA OBJECT CONTAINERS AND ASSOCIATED ACCESS RULES AND INTERFACE MODES ............................. 14
4. PIV DATA OBJECTS REPRESENTATION ............................................................................................... 16
4.1 DATA OBJECTS DEFINITION ......................................................................................................................... 16
4.1.1 Data Object Content .......................................................................................................................... 16
4.2 OIDS AND TAGS OF PIV CARD APPLICATION DATA OBJECTS ..................................................................... 16
4.3 OBJECT IDENTIFIERS .................................................................................................................................... 16
5. DATA TYPES AND THEIR REPRESENTATION ..................................................................................... 18
5.1 KEY REFERENCES......................................................................................................................................... 18
5.1.1 OCC Data .......................................................................................................................................... 20
5.1.2 PIV Secure Messaging Key ................................................................................................................ 20
5.1.3 Pairing Code ...................................................................................................................................... 20
5.2 PIV ALGORITHM IDENTIFIER ........................................................................................................................ 21