Date Published: December 2009
Author(s)
David Cooper (NIST),
William MacGregor (NIST)
This paper describes architectures for securely injecting secret keys onto smart cards. Specifically, this paper details key injection architectures based on the identity credentials available on the Personal Identify Verification (PIV) Card. The primary goal is to create additional opportunities for the use of the PIV Card in Physical Access Control Systems (PACS). There is significant interest in conducting a fast, accurate, and highly secured authentication transaction using symmetric keys in PACS environments. This paper identifies ways to load site specific symmetric keys onto a PIV Card after the card has been issued, which allows each smart card to share a unique secret key with each PACS with which it interacts. The paper presents four protocols that enable a Card Management System (CMS) to securely load site-specific PACS symmetric keys. Each protocol presents unique security characteristics and uses the PIV Card's card management key in different capacities.
This paper describes architectures for securely injecting secret keys onto smart cards. Specifically, this paper details key injection architectures based on the identity credentials available on the Personal Identify Verification (PIV) Card. The primary goal is to create additional opportunities fo...
See full abstract
This paper describes architectures for securely injecting secret keys onto smart cards. Specifically, this paper details key injection architectures based on the identity credentials available on the Personal Identify Verification (PIV) Card. The primary goal is to create additional opportunities for the use of the PIV Card in Physical Access Control Systems (PACS). There is significant interest in conducting a fast, accurate, and highly secured authentication transaction using symmetric keys in PACS environments. This paper identifies ways to load site specific symmetric keys onto a PIV Card after the card has been issued, which allows each smart card to share a unique secret key with each PACS with which it interacts. The paper presents four protocols that enable a Card Management System (CMS) to securely load site-specific PACS symmetric keys. Each protocol presents unique security characteristics and uses the PIV Card's card management key in different capacities.
Hide full abstract
Keywords
card authentication key; cryptographic key management; FIPS 201; HSPD-12; PACS; Personal Identity Verification; Physcial Access Control Systems; PIV; smart cards;
Control Families
Identification and Authentication;