SafeNet IDPrime PIV Card

Personal Identity Verification-Interoperable ID Credentials for government agencies, Federal contractors, state and local governments, as well as private sector organizations

Thales’s IDPrime PIV (Personal Identity Verification) card is a FIPS 140-2 and FIPS 201 standards-based card for government agencies, state and local government organizations to issue users credentials that the federal government can trust. The same card can be used for either a CIV or PIV-I-based deployment depending on company policies and use requirements. IDPrime PIV cards deliver high levels of security for identity management, interoperability and trust with federal agencies and departments as well as serving as a form of passwordless authentication.

PIV Benefits

Smart cards conform to the PIV card standard, FIPS 201, to use interoperable identity credentials. Customers can use the cards for physical and logical access to locations and systems. Although the PIV standard was originally intended for use by U.S. federal government and contractors, these same cards can be used for non-federal issuers such as state, local and foreign governments as well as the private sector.

Personal Identity Verification: interoperable ID credentials for federal agencies, government contractors, state and local governments, and private sector organizations.
Multi-factor PKI authentication: strong proof of card holder identity that meets government standards, including the U.S. federal government.
Diverse use cases: digital authentication for main information systems; digital signature and encryptions for eDocuments, email and files.
Wide use case support: works with PIV-based IT infrastructures, new and legacy physical access control systems.
Virtual Contact Interface: virtual Contact Interface (VCI) and Pairing code to enhance privacy through contactless interface, for physical access use cases.
PIV Secure Messaging: PIV Secure Messaging to provide confidentiality and integrity protection to PIV Card application.
Biometric Authentication: Biometric Authentication (On Card Comparison), compliant to SP800-76-2, for enhanced user authentication
Power-On-Self-Test mechanism: fast contactless authentication with an optimized Power-On-Self-Test mechanism as per the latest FIPS140-2 specifications (CMVP IG 9.11).

PIV Technology and Standards

Personal Identity Verification card technology features a dual interface microprocessor chip for use with contact and contactless (ISO 14443) smart card readers, making it easily adaptable for a wide range of use cases. IDPrime PIV cards are FIPS 201 and FIPS 140-2 Level 2 certified.

Specifications

Cryptographic algorithms

Hash

• SHA-224, SHA-256, SHA-384, SHA-512, SHA-1

Symmetric

• AES (128-, 192-, 256-bit)

Asymmetric

• ECC (P-224, P-256, P-384, P-521 bits), RSA (up to RSA 4096 bits) using an on-card security controller with key pair generation and Deterministic Random Bit Generator (DRBG)

ISO Specification Compliance

• ISO 7816 contact interface (T=0 ; T=1)
• ISO 14443 contactless interface compatible with NFC (T=CL)
• IU high coercivity magnetic stripe (optional)

Certifications

FIPS 140-2 Security level 2, FIPS 201-2, and listed on GSA APL (with the certificate #1510)

• Roles, Services, and Authentication: Level 3
• Physical Security: Level 3
• EMI/EMC: Level 3
• Design Assurance: Level 3 SCP03, SCP02, SCP01 supported with scripting according to GP2.2.1 Amendment
• Amendment D ECC (256, 384 ) Asymmetric algorithms supported and FIPS certified

Memory

SafeNet IDPrime PIV card is based on a Java Card platform (IDCore 3130) with 146 KB EEPROM memory with PIV v3.0 applet loaded.

Other Features

• Global PIN and local PIN
• Dynamic Discovery Object management during post issuance
• Dynamic Contactless interface de-activation mechanism
• Fingerprint and iris biometric containers
• Up to 20 Key archiving containers