2.1 PIV smart cards
PIV smart cards are defined by the NIST standard SP 800-73. Each PIV card may contain the following data, which is gathered and verified during the Enrollment process.
There are four certificates expected on a PIV card, each in a named container on the card:
-
PIV Authentication
-
Digital Signature
-
Key Management
-
Card Authentication
Smart cards used for FIPS 201 compliance must meet the technical requirements set by the SP800-73 standard. This standard defines the behavior of a smart card and also defines the data it can store.
MyID can support cards that comply with SP800-73-4, and can also personalize the following optional PIV containers on the card:
-
Printed Information
-
Discovery Object
-
Key History Object
-
20 retired X.509 Certificates for Key Management (RSA keys only)
-
Cardholder Iris Images (if iris data is imported to MyID)
One of the measures used to secure the smart cards is the PIV Card Application Administrator Key (sometimes referred to as key reference 9B). This key is shared between the smart cards and the smart card management system, and prevents any unauthorized change to a card’s contents
Note: All PIV cards (of the same device type) managed by a single installation of MyID must share the same 9B key.