Among the original requirements for PIV cards is that they include a chip to contain electronic information, a personal identification number, a printed photograph and two electronically stored fingerprints. However, it was always accepted that the standard would need to be reviewed. Now, explained NIST security researcher Hildegard Ferraiolo, “after implementing the standard, federal departments and agencies learned a number of lessons that, combined with technological changes over the years, made an update worthwhile.”
The update does not require any changes to existing PIV cards, but is designed to make new cards more flexible and effective. Key improvements in the new draft standard include the ability to update cards remotely from the issuing office, the creation of additional credentials that can be used on mobile devices such as smartphones, and additional capabilities designed to provide greater flexibility in selecting the appropriate level of security while using PIV authenticated federal applications.
The new draft is available from NIST, and public comments are invited before 10 August 2012.
Public comment on the related Special Publication 800-76-2 is also invited. This document, a draft update to the 2007 Biometric Data Specification for Personal Identity Verification, allows Agencies to use iris recognition as an alternative to a 6-digit personal identification number for card activation. The document also refines the biometric sensor and performance specifications to improve security.