PIV Data Model Testing Ketan Mehta mehtaketannist gov

  • Slides: 14
Download presentation
PIV Data Model Testing Ketan Mehta mehta_ketan@nist. gov March 3, 2006

PIV Data Model Testing Ketan Mehta mehta_ketan@nist. gov March 3, 2006

Agenda PIV Test Environment • Test Methodology • Test Areas • Schedule •

Agenda PIV Test Environment • Test Methodology • Test Areas • Schedule •

PIV Test Environment Test Toolkit Application PIV Client Application Programming Interface PIV MIDDLEWARE Host

PIV Test Environment Test Toolkit Application PIV Client Application Programming Interface PIV MIDDLEWARE Host PC PIV Card Command Calls (SP 800 -73) Card Reader Driver Card Reader PIV Card Application PIV CARD (FIPS 201, SP 800 -73, SP 800 -76, SP 800 -78) PIV Card Command Interface PIV Data Model Smart Card Reader

Agenda PIV Test Environment • Test Methodology • Test Areas • Schedule •

Agenda PIV Test Environment • Test Methodology • Test Areas • Schedule •

PIV Test Methodology Inputs FIPS 201 Process Outputs SP 800 -76 Derived Test Requirements

PIV Test Methodology Inputs FIPS 201 Process Outputs SP 800 -76 Derived Test Requirements & Test Assertions SP 800 -78 NIST Test Guidance — SP 800 -85 SP 800 -73 Test Results NPIVP Certificate Lab Testing: Conformance to SP 800 -73 PIV Data Model Testing* Self-certification Lab Activity SP 800 -85 A Agency Activity** SP 800 -85 B * Conformance to FIPS 201, SP 800 -76, and SP 800 -78 ** The process is currently being defined

Agenda PIV Test Environment • Test Methodology • Test Areas • Schedule •

Agenda PIV Test Environment • Test Methodology • Test Areas • Schedule •

Test Areas CHUID Data Object • Security Object • Biometric Data Object • PKI

Test Areas CHUID Data Object • Security Object • Biometric Data Object • PKI Keys and Certificates • Note that all test requirements are designed to: - Validate the format of PIV data - Validate values in the fields - Validate computation such as signatures or data comparison

SP 800 -85 B – PIV Biometrics Testing Test Toolkit Application PIV Client Application

SP 800 -85 B – PIV Biometrics Testing Test Toolkit Application PIV Client Application Programming Interface MIDDLEWARE PIV Card Command Calls Agency / System Integrator Card Reader Driver Data Under Test Smart Card Reader PIV Card Application PIV CARD (SP 800 -73 Conformant) PIV Card Command Interface PIV Data Model q. Finger print stored for FBI Transmission q. Finger print stored for PIV Enrollment q. Finger print minutiae for PIV Card q. Facial Image for PIV Card

SP 800 -85 B – Biometric Data Conformance Enrollment Process Face Templating Fingerprint Templating

SP 800 -85 B – Biometric Data Conformance Enrollment Process Face Templating Fingerprint Templating CBEFF Header Generation PIV-Specific Enrollment Procedures Integrated PIV Biometrics Process Verification Process Fingerprint Matching Documentation (Fingerprint and Facial Acquisition, Equipment, Procedures) Format Validation Tested through SP 800 -85 B Human Inspection - Dependent on the policy requirements and procedural steps - External to PIV Testing Performance Tests - Quality dependent on the MINEX 04 test results - External to PIV testing

SP 800 -85 B – PIV PKI Testing Test Toolkit Application Agency / System

SP 800 -85 B – PIV PKI Testing Test Toolkit Application Agency / System Integrator Card Reader Driver Card Reader Smart Card Reader PIV Card Application PIV Card Command Interface PIV Card PIV Data Model Data Under Test Signature Conformance Algorithm Conformance Certificate Profile Conformance

SP 800 -85 B — Cryptographic Objects Conformance …Signature Conformance Validate signatures on all

SP 800 -85 B — Cryptographic Objects Conformance …Signature Conformance Validate signatures on all signed PIV objects • Validate signature block format on all signed PIV objects • o • Validate encoding of Cryptographic Message Syntax external digital signature Validate values in certain fields of the signature block o o Validate algorithms employed are in agreement with SP 800 -78 Values are consistent with other data objects on the PIV Card

SP 800 -85 B — Cryptographic Objects Conformance …Certificate Conformance Validate the presence of

SP 800 -85 B — Cryptographic Objects Conformance …Certificate Conformance Validate the presence of CRL and OCSP URLs • Validate NACI indicator field •

SP 800 -85 B — BER-TLV Format Conformance • The tags and lengths in

SP 800 -85 B — BER-TLV Format Conformance • The tags and lengths in various data objects should conform to specifications in Appendix A of SP 800 -73.

Tentative Schedule Draft SP 800 -85 B – April 3 rd • Final SP

Tentative Schedule Draft SP 800 -85 B – April 3 rd • Final SP 800 -85 B – April 28 th •

PIV 1 Ketan Mehta Ketan mehtanist gov MayPIV 1 Ketan Mehta Ketan mehtanist gov May
PIV 1 Ketan Mehta Ketan mehtanist gov MayPIV 1 Ketan Mehta Ketan mehtanist gov May
PIV 1 Ketan Mehta Ketan mehtanist gov MayPIV 1 Ketan Mehta Ketan mehtanist gov May
PATENTS PROPOSED AMENDMENTS Mehta Mehta Associates Mehta IPPATENTS PROPOSED AMENDMENTS Mehta Mehta Associates Mehta IP
3 D Measurements by PIV w PIV is3 D Measurements by PIV w PIV is
REFERENCES 1 V K Mehta Rohit Mehta PrinciplesREFERENCES 1 V K Mehta Rohit Mehta Principles
Gov Holcomb Gov in gov Transform how weGov Holcomb Gov in gov Transform how we
UNIT TESTING INTEGRATION TESTING AND SYSTEM TESTING TestingUNIT TESTING INTEGRATION TESTING AND SYSTEM TESTING Testing
MODEL BASIS DATA Definisi Model Data Model dataMODEL BASIS DATA Definisi Model Data Model data
MODEL BASIS DATA Definisi Model Data Model dataMODEL BASIS DATA Definisi Model Data Model data
Recovery gov and Data gov Updates Ken ShafferRecovery gov and Data gov Updates Ken Shaffer
Database Testing Gourav Mehta Associate QA Engineer WhyDatabase Testing Gourav Mehta Associate QA Engineer Why
WHO Model Formulary WMF Dinesh K Mehta SeptemberWHO Model Formulary WMF Dinesh K Mehta September