What is FIPS 201? 
FIPS 201 (or Federal Information Processing Standard Publication 201) is a United States federal government standard that outlines the use of the Personal Identity Verification (PIV card) requirements for all federal government agencies (and contractors). The National Institute of Standards and Technology (NIST) Computer Security Division created the FIPS 201 doctrine that outlines the cryptographic algorithm (etc.) standards. These FIPS 201 standards were created in response to HSPD-12, which in essence required that all Fed govt employees use a standard issued government ID that could be used across the different agencies and departments (DOD and otherwise). HSPD 12 was created to increase a higher level of security and allow for easy mobility for cross dept personnel. With HSPD12 now in place, a Navy officer could visit an Army base and vice versa. In the past, no standards existed and there was a high level of ID card fragmentation.
What is the difference between FIPS 201 and FIPS 201-2?
FIPS 201-2 is an update to the FIPS 201 standards established in 2005 and was released September 2013. The key new requirements that used to be optional are now mandatory including (also shown in the NIST graphic below):
1.) CAK (Card Authorization Key)- More or less replaces the use of the CHUID, creating a more trusted authentication key leveraging cryptographic and PKI capabilities
2.) Digital Signature key– used to authenticate and digitally sign documents
3.) Key Management Key– The Management of cryptographic keys and how they’re generated, exchanged, stored, & used
4.) Facial Image- Facial image of govt employee to be stored on card
Optional Requirements in FIPS 201-2
Other optional additions to FIPS 201-2 are the allowance of a virtual contact interface (outlined in SP800-73-4, SP800-78-4, SP 800-85A-2). This provides the option for the PIV credential to be authenticated via a contactless interface as opposes to contact only. Also included is OCC (On Card Comparison) for biometric (also called Biometric Match on Card). Match on Card is a secure authentication protocol that requires the processing of the biometric (Iris, etc) to be performed entirely on the card. One of the biggest additions is the inclusion of Derived Credentials. The Derived Credential allows for the “porting” of your PIV Credential onto a mobile device (i.e. iPhone, Android device). In essence your phone or mobile device becomes your virtual PIV credential that can be used as an official alternative to a physical PIV card. The U.S. Government sees the Derived Credentials as a key component to the future of secure identification as the use and proliferation or mobile devices continues.
For more information about FIPS 201 related products and solutions please go to our website: www.txsystems.com
Tx Systems 