FIPS 201-Compliant PIV Card Reading, Personalization, and Middleware
PIVPack™ is an SDK that enables a software application with formatting, validating, and parsing of biometric, biographic, and security object data in compliance with FIPS 201 and companion documents SP 800-76 and SP 800-73. PIVPack includes Security Library and also Smart Card Library, a NIST-certified PIV Middleware API.
PIVPack can be used to incorporate data formatting and security functionality into PIV registration, personalization, and card reader applications. PIVPack can also be used to create equivalent XML files, such as for registration data transport.
PIVPack is certified by US GSA as compliant with the product category of PIV Middleware. It is listed on the GSA Approved Products List (APL).
Biometric Data Formatting
PIVPack enables designers to build compliant data formatting and parsing into system workflow through a simple API. All data formatting, reading, and writing performed by PIVPack is managed by XML-based configuration files that describe the details of the data object to be created, parsed or validated. The biometric facial image may optionally be retained and/or stored on the card, in which case it must be compliant with ANSI/INCITS 385. The fingerprint images must be compliant with ANSI/INCITS 381 and retained for archival purposes. The fingerprint templates stored on the card must be compliant with ANSI/INCITS 378. Each object must be “wrapped” with a PIV Patron Format variant of CBEFF.
Biometric Security Library
Several of the data containers on the PIV card must be signed. To address this requirement, PIVPack includes a supplemental library called “Biometric Security Library” which implements compliant encryption and hashing algorithms to verify the signatures and the SOd. PIVPack parses the data and accesses the certificates for use by the Biometric Security Library. Additionally, the Biometric Security Library can utilize the document signing certificates and the private keys provided by the PKI to sign the data objects.
PIVPack includes several components useful for enrolment, personalization, and card reading:
- Data collection and error checking according to SP 800-73 and SP 800-76
- PIV file formatting and reading in full compliance with SP 800-73 and SP 800-76 for PIV ID card personalization
- Fingerprint minutiae extraction (optional add-on) and template creation in compliance with ANSI/INCITS 378 (MINEX certification pending)
- Security object generation and PKI authentication in compliance with SP 800-73
- Certified PIV middleware API
- PC/SC smart card interface