The IT Law Wiki

PIV card

32,081pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

A PIV card (personal identity verification card) is

[a] physical artifact (e.g., identity card, "smart" card) issued to an individual that contains stored identity credentials (e.g., photograph, cryptographic keys, biometric data) so that the claimed identity of the cardholder can be verified against the stored credentials by another person (human readable and verifiable) or an automated process (computer readable and verifiable).[1]

Overview Edit

A PIV card contains a range of features — including a common appearance, security features, photographs, cardholder unique identifiers (CHUID), fingerprints, and PKI certificates — to enable enhanced identity authentication at different assurance levels. To use the enhanced electronic capabilities, specific infrastructure needs to be in place. This infrastructure may include biometric (fingerprint) readers, personal ID number (PIN) input devices, and connections to information systems that can process PKI digital certificates and the CHUIDs. Once acquired, these various devices need to be integrated with existing agency systems. For example, PIV system components may need to interface with human resources systems, so that when an employee resigns or is terminated and the cardholder's employment status is changed in the human resources systems, the change is also reflected in the PIV system.

References Edit

  1. NIST Special Publication 800-73-3, at 1 n.1.

Also on Fandom

Random Wiki