Get documents about "Certificate of Conformance - Excel
Description
Certificate of Conformance document sample
Document Sample
SP 800-85 B Test Case: CHECK_BER_TLV_conformance - Test 3
Format
SP 800-85 B Test Case: CHECK_BER_TLV_conformance - Test 1
Element Mandatory/Optio Max Bytes Description Size Check Format Type
nal
Card Identifier Mandatory 21 Identifies the card type and Yes ASN.1
specific organization Structure
RID Binary
Manufacturer ID Binary
Card Type 1 Yes Numeric
Card ID Binary
Capability Container Version # Mandatory 1 Identifies the version number of Yes Binary
the CCC
Major Version Binary
Minor Version Binary
Capability Grammar Version # Mandatory 1 Identifies the version number of Yes Binary
the CCC grammar
Major Version Binary
Minor Version Binary
Applications CardURL Mandatory 128 The ApplicationsCardURL Yes ASN.1
structure is used to uniquely Structure
reference a container on a smart
card by including its Universal
AID and its associated applet or
directory information.
PKCS#15 Mandatory 1 The PKCS#15 field, if non-zero, Yes Binary
indicates that the smart card
conforms to PKCS#15. If the field
is nonzero, shall indicate the
version of PKCS#15.
Registered Data Model # Mandatory 1 The Registered Data Model Yes Binary
Number indicates the registered
Data Model in use by the smart
card.
Access Control Rule Table Mandatory 17 The Access Control Rules Table Yes ASN.1
allows Access Control Rules to Structure
be recorded only once in the
card. The table definition is either
stored directly in the CCC or in
the Access Control Applet (ACA)
of a VM card in which case the
CCC has a reference to the AID
of the Access Control Applet
Card APDU's Mandatory 0 Application Protocol Data Unit. No None
Facilitates communication
between smart card and client
applications
Redirection Tag Mandatory 0 Used to indicate to BSI that data No None
model tags are being redirected
to specific containers
Cabability Tuples (CTs) Mandatory 0 Defines capabilities, formats, and No None
procedures supported by smart
card
Status Tuples (STs) Mandatory 0 Defines possible status codes for No None
each function
Next CCC Mandatory 0 Used to point to another CCC No None
container. Overrides values in
current the current CCC or
defines new values and fields
Extended Application CardURL Optional 48 Optional field used to point to Yes ASN.1
(optional) applications outside of PIV Structure
containers
Security Object Buffer (optional) Optional 48 Yes ASN.1
Structure
Error detection code Mandatory 0 LRC No None
Content
Content Check
A000000079,
A000000116
Not Specified within
Standard
01, 02, 03, 04
Not Specified within
Standard
Not Specified within
Standard
None
0x00, 0x10, 0x11
0x10
None
None
None
None
None
None
None
None
None
SP 800-85 B Test Case: CHECK_BER_TLV_conformance - Test 3
Element Mandatory/O Bytes Description Size Check Format Type Content Check
ptional
FASC-N Mandatory 25 (40 BCD
digits)
SS 1 BCD Start Sentinel. Leading character which is Yes binary 11010 (BCD)
read first when card is swiped
Agency Code 4 BCD Identifies the government agency issuing Yes Numeric Values from SP 800-
the credential 87
FS 1 BCD Field Separator Yes binary 10110 (BCD)
System Code 4 BCD Identifies the system the card is enrolled Yes Numeric Every digit is between
in and is unique for each site 0 and 9
FS 1 BCD Field Separator Yes binary 10110 (BCD)
Credential Number 6 BCD Encoded by the issuing agency. For a Yes Numeric Every digit is between
given system no duplicate numbers are 0 and 9
active
FS 1 BCD Field Separator Yes binary 10110 (BCD)
CS 1 BCD Credential Series (Series Code). Field is Yes Numeric Every digit is between
available to reflect major system changes 0 and 9
FS 1 BCD Field Separator Yes binary 10110 (BCD)
ICI 1BCD Initial value is 1. Will be incremented after Yes Numeric Every digit is between
each issuance of a card. 1 and 9
FS 1 BCD Field Separator Yes binary 10110 (BCD)
PI 10 BCD Person Identifier Yes Numeric Every digit is between
0 and 9
OC 1 BCD Organization Category Yes Numeric 1 <= OC <= 4
OI 4 BCD Organizational Identifier Yes Numeric
OC=1 – FIPS 95-2 Agency Code Values from SP 800-
87
OC=2 – State Code Digits between 0 and 9
OC=3 – Company Code
OC=4 – Numeric Country Code
POA 1 BCD Person/Organization Association Yes Numeric 1<=POA<=7
Category
POA 1 BCD 1<=POA<=7
1 – Employee
2 – Civil
3 – Executive Staff
4 – Uniformed Service
5 – Contractor
6 – Organizational Affiliate
7 – Organizational Beneficiary
ES 1 BCD End Sentinel Yes binary 11111 (BCD)
LRC 1 BCD Longitudinal Redundancy Character Yes Numeric None
DUNS Mandatory 9 Recommended when the FASC-N Yes Numeric Every digit is between
Agency Code = 9999. D&B DUNS 0 and 9
number for non-federal FASC-N issuer
Organizational Identifier Optional 4 Optional TLV Record. Recommended Yes Alphanumeric From SP 800-87
when the FIPS-95 code for the FASC-N
OI field contains alpha characters
GUID Mandatory 16 Field must be present, and may include Yes Numeric None
either an issuer assigned IPv6 address or
be coded as all zeros.
Expiration Date Mandatory 8 Date(yyyymmdd) Yes YYYYMMDD 2004 <= YYYY <= no
more than 5 yrs from
current date
1 <= MM <= 12
1 <=DD <=31
Authentication Key map Optional TBD Optional TLV Record. May exist for High No None None
Assurance Profile applications.
Asymmetric signature Mandatory TBD Optional TLV Record. Issuer defined No None None. Asymmetric
algorithm, public key and signature. May signature verified as
exist for Medium Assurance Profile part of Digital
applications. Signature
conformance tests
Error detection code Mandatory 1 LRC Yes Numeric None
SP 800-85 B Test Case: CHECK_BER_TLV_conformance - Test 4
CHECK_certificate_profile_conformance - Test 1 to Test 8, Test 10
Element Mandatory/Optional Bytes Description
Certificate Mandatory 1856 X.509 Certificatie for PIV Authentication
(recommended)
CertInfo Mandatory 1 Attributes of X.509 Certificate
MSCUID Optional 38 Optional legacy identifier included for compatibility with
Common Access Card and Government Smart Card
Interoperability Specifications
Error detection code Mandatory 0 LRC
Size Check Format Type Content Check
No Variable (ASN.1 Algorithm and key size requirements checked
structure) as per SP 800-78-1 for various fields within the
certificate.
Test 1 to Test 8, Test 10 - certificate profile
conformance tests
Test 1 verifies signature algorithm used to sign
the certificate.
Test 2 checks for the correct keyUsage.
Test 3 verifies the correct public key algorithm
was used.
Test 4 verifies the public key size is correct.
Test 5 verifies the correct certficate policy is
asserted.
Test 6 verifies if the AIA extension is present.
Test 7 verifies the presence of the interim
status extension.
Test 9 verifies the presence of the FASC-N in
the SubjectAltName extension.
Test 10 verifies the expiration of the PIV Auth
Cert is not beyond the expiration of the PIV
Card.
Yes Bit String 00000000 or 10000000
No Variable None
Yes None None
SP 800-85 B Test Case: CHECK_BER_TLV_conformance - Test 5
CHECK_Biometric_Data_conformance - Test 1-13, Test 27-48
Element Mandatory/Optional Bytes Description Size Check
Fingerprint I and II Mandatory 4000 CardHolder fingerprint inclusion on PIV card Yes
Error detection code Mandatory 0 LRC Yes
Format Type Content Check
Numeric Note : The Fingerprints will
be checked for INCITS-381
compliance when a tool with
such capability is developed.
Numeric None
SP 800-85 B Test Case: CHECK_BER_TLV_conformance - Test 7
CHECK_Biometric_Data_conformance - Test 14-26, Test 49 - 57
Element Mandatory/Optiona Bytes Description Size Check
Image for Visual Verification Mandatory 12704 CardHolder facial image inclusion on PIV card Yes
Error detection code Mandatory 0 LRC Yes
Format Type Content Check
Numeric Note : The Facial Image will
be checked for INCITS-385
compliance with INCIST-385
Tool.
Numeric None
SP 800-85 B Test Case:
Element Mandatory/Optional Bytes
Name Mandatory 32
Emmployee Affiliation Mandatory 20
(Line 1)
Employee Affiliation (Line Mandatory 20
2)
Expiration date Mandatory 9
Agency Card Serial Mandatory 10
Number
Issuer Identification Mandatory 15
Organization Affiliation Optional 20
(Line 1)
Organization Affiliation Optional 20
(Line 2)
Error detection code Mandatory 0
CHECK_BER_TLV_conformance - Test 6
Description Size Check Format Type Content Check
CardHolder Name Yes Alphanumeric Every value is between A(a) and
Z(z) and between 0 and 9
Employees associated work unit Yes Alphanumeric Every value is between A(a) and
Z(z) and between 0 and 9
Employees associated work unit Yes Alphanumeric Every value is between A(a) and
Z(z) and between 0 and 9
Date(yyyymmmdd) Yes YYYYMMMDD 2004 <= YYYY <= no more than 5
yrs from current date
1 <=DD <=31
MMM is one of these: JAN, FEB,
MAR, APR, MAY, JUN, JUL,
AUG, SEP, OCT, NOV, DEC
Unique serial number from issuing department or agency Yes Numeric Every digit is between 0 and 9
(Zone 1)
Combination agency, department, issuer unique identifier Yes Numeric Every digit is between 0 and 9
(Zone 2)
Organization Name Yes Alphanumeric Every value is between A(a) and
Z(z) and between 0 and 9
Organization Name Yes Alphanumeric Every value is between A(a) and
Z(z) and between 0 and 9
LRC Yes LRC None
SP 800-85 B Test Case: CHECK_BER_TLV_conformance - Test 8
CHECK_certificate_profile_conformance - Test 12 to Test 18
Element Mandatory/Optional Bytes
Certificate Mandatory 1856
CertInfo Mandatory 1
MSCUID Optional 38
Error detection code Mandatory 0
mance - Test 12 to Test 18
Description Size Check Format Type Content Check
X.509 Certificate No Variable Algorithm and key size
(ASN.1 requirements checked as per
structure) SP 800-78-1 for various fields
within the certificate.
Test 12 to Test 18 - certificate
profile conformance tests
Test 12 verifies signature
algorithm used to sign the
certificate.
Test 13 verifies the correct
public key algorithm was used.
Test 14 verifies the public key
size is correct.
Test 15 verfies the key usage
extension is correct
Test 16 verifies the asymmetric
key is valid
Test 17 verifies the expiration
dates consistency
Test 18 verifies the RSA public
key exponent size is greater
than or equal to 65, 537.
Attributes of X.509 Certificate Yes Bit String 00000000 or 10000000
Optional legacy identifier included for compatibility with No Variable None
Common Access Card and Government Smart Card
Interoperability Specifications
LRC Yes Numeric None
SP 800-85 B Test Case: CHECK_BER_TLV_conformance - Test 9
CHECK_certificate_profile_conformance - Test 19 to Test 24
Element Mandatory/Optional Bytes Description
Certificate Mandatory 1856 X.509 Certificatie
CertInfo Mandatory 1 Attributes of X.509 Certificate
MSCUID Optional 38 Optional legacy identifier included for compatibility with
Common Access Card and Government Smart Card
Interoperability Specifications
Error detection code Mandatory 0 LRC
Size Check Format Type Content Check
No Variable (ASN.1 Algorithm and key size requirements checked as
structure) per SP 800-78-1 for various fields within the
certificate.
Test 19 to Test 24 - certificate profile
conformance tests
Test 19 verifies signature algorithm used to sign
the certificate.
Test 20 verifies the correct public key algorithm
was used.
Test 21 verifies the public key size is correct.
Test 22 verfies the key usage extension is correct
Test 23 verifies the public key present in the key
management certificate is part of the key pair
corresponding to the private key on the PIV card.
Test 24 verifies the RSA public key exponent size
is greater than or equal to 65, 537
Yes Bit String 00000000 or 10000000
No Variable None
Yes Numeric None
CHECK_BER_TLV_conformance - Test 10
SP 800-85 B Test Case: CHECK_certificate_profile_conformance - Test 25 to Test 35
Element Mandatory/Optional Bytes Description Size Check
Certificate Mandatory 1856 X.509 Certificatie No
CertInfo Mandatory 1 Attributes of X.509 Certificate Yes
MSCUID Optional 38 Optional legacy identifier included for compatibility with No
Common Access Card and Government Smart Card
Interoperability Specifications
Error detection code Mandatory 0 LRC Yes
Format Type Content Check
Variable Algorithm and key size requirements checked as per SP
(ASN.1 800-78-1 for various fields within the certificate.
structure)
Test 25 to Test 35 - certificate profile conformance tests
Test 25 verifies signature algorithm used to sign the
certificate.
Test 26 verifies the correct public key algorithm was
used.
Test 27 verifies the public key size is correct.
Test 28 verfies the key usage extension is correct.
Test 29 verifies the correct certficate policy is asserted.
Test 30 verifies if the crrect extended key usage
extention is asserted.
Test 31 verifies if the AIA extension is present.
Test 32 verifies the presence of the interim status
extension.
Test 33 verifies the ublic key present in the key
management certificate is part of the key pair
corresponding to the private key on the PIV card.
Test 34 verifies the FASC-N is the same same as the
FASC-N present in the CHUID.
Test 35 verifies the RSA public key exponent size is
greater than or equal to 65, 537.
Bit String 00000000 or 10000000
Variable None
Numeric None
SP 800-85 B Test Case: CHECK_BER_TLV_conformance - Test 11
Element Mandatory/Optional Bytes
Mapping of DG to ContainerID Mandatory 100
Security Object Mandatory 900
Error detection code Mandatory 0
Description Size Check Format Type Content Check
used to map ContainerIDs in data model to the 16 Data No Variable None
Groups specified in the Machine Readable Travel
Document (MRTD).
Digital signature of card contents Yes Numeric None
LRC Yes Numeric None
SP 800-85 B Test Case: CHECK_BER_TLV_conformance - Test 12
Element Mandatory/Optional Bytes Description Size Check Format
Type
PIV Card Application AID Mandatory 12 Yes binary
PIN Usage Policy Mandatory 3 Yes binary
First byte Mandatory 1 indicates if only PIV CARD
Applciation PIN or both the PIV
Card Application PIN and Global
PIN satisfy the PIV ACRs for
command execution and PIV data
object access
Second byte Mandatory 1 indicates that the PIV Card
Application PIN or Global PIN is the
primary PIN used.
Content
Check
4F 0B A0 00
00 03 08 00 00
10 00 01 00
0x40 or 0x60
0x10 or 0x20
Related docs
Other docs by yyt21202
Sample Business Card Designs Sample Designs for Ellington Directory Family Ads shown Business
Views: 185 | Downloads: 0
