UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

- Trained on our vast library of engineering resources.

ANSI/INCITS 504-1

Information Technology - Generic Identity Command Set - Part 1: Card Application Command Set

active, Most Current
Buy Now
Organization: ANSI
Publication Date: 24 April 2013
Status: active
Page Count: 118
scope:

This part of the multi-part GICS standard defines a command set for base functionality addressing:

• Identity credential storage (Namespace standardization)

• Authentication protocols

• Biometric verification1

• Confidential protocols

• Digital signatures

In the context of the GICS, this part is based on ISO/IEC 24727-2 and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-73-3. Any additional commands are drawn from ISO/IEC 7816-4, -8, and -9.

The GICS standard defines a command set and a base functionality that offers the possibility to create, personalize, and use a compliant PIV and PIV-I card-application according NIST SP 800-73-3.

The standard defines a set of extensions to the SP 800-73-3 so that card-application issuers may have added flexibility in extending their data model while allowing relying parties to interoperably use the cards from different issuers. These extensions would favor the penetration of GICS standard at three levels. Manufactures will be able to minimize design and implementation costs; card issuers will manage a simple platform based on a successful and largely adopted schema; middleware and operating system providers will be able to adapt to different identity applications that are based on a single GICS standard. The following set of extensions to SP 800-73-3 is addressed in this document:

• Data model extension - The GICS standard allows formulation of different data elements and objects. Various data types are defined allowing card applications to store data according to their needs. The data size, data identifiers, and data access control rules are flexible to meet client-application needs.

• Authentication protocols - The PIV application currently supports Personal Identification Number (PIN) authentication (card authenticating card holder), Internal Authentication (reader authenticating card), External Authentication (card authenticating issuer), Signing, and Encryption. This standard adds Mutual Authentication, Key Agreement, and Secure Messaging protocols.

• GICS and ISO/IEC 24727: GICS standard allows interoperation with middleware compliant with ISO/IEC 24727. At a minimum, the discoverability mechanism (boot strap) based on the Card Capability Description (CCD) and / or Application Capability Description (ACD), as defined in ISO/IEC 24727, is supported by this standard.

• FIPS 140-2 certifications - The GICS standard is designed to allow card-applications constructed on this standard to minimize impact on FIPS 140-2 certification.

1 Note that the document does not completely specify biometric verification but only includes tags for biometric data for future use.

Document History

May 6, 2016
Information Technology – Generic Identity Command Set – Part 1: Card Application Command Set – Amendment 1
A description is not available for this item.
ANSI/INCITS 504-1
April 24, 2013
Information Technology - Generic Identity Command Set - Part 1: Card Application Command Set
This part of the multi-part GICS standard defines a command set for base functionality addressing: • Identity credential storage (Namespace standardization) • Authentication protocols • Biometric...
April 24, 2013
Information Technology - Generic Identity Command Set - Part 1: Card Application Command Set
This part of the multi-part GICS standard defines a command set for base functionality addressing: • Identity credential storage (Namespace standardization) • Authentication protocols • Biometric...

References

Advertisement