Dictionary · FIPS PUB 201

Federal Information Processing Standard (FIPS)-approved or National Institute of Standards and Technology (NIST)-recommended. An algorithm or technique that is either 1) specified in a FIPS or NIST Recommendation, or 2) adopted in a FIPS or NIST Recommendation.

The process of establishing confidence of authenticity.

A measurable physical characteristic or personal behavioral trait used to recognize the identity, or verify the claimed identity, of an applicant. Facial images, fingerprints, and iris scan samples are all examples of biometrics.

An automated system capable of: 1) capturing a biometric sample from an end user; 2) extracting biometric data from that sample; 3) comparing the extracted biometric data with data contained in one or more references; 4) deciding how well they match; and 5) indicating whether or not an identification or verification of identity has been achieved.

The stored electronic information pertaining to a biometric. This information can be in terms of raw or compressed pixels or in terms of some characteristic (e.g., patterns.)

The method of taking a biometric sample from an end user.

An individual possessing an issued Personal Identity Verification (PIV) card.

A trusted entity that issues and revokes public key certificates.

A list of revoked public key certificates created and digitally signed by a Certification Authority.

The process of verifying the correctness of a statement or claim and issuing a certificate as to its correctness.

A party whose identity is to be verified using an authentication protocol.

Evidence attesting to one’s right to credit or authority.

The process of comparing a biometric with a previously stored reference.

A parameter used in conjunction with a cryptographic algorithm that determines the specific operation of that algorithm.

A standard for adoption and use by federal departments and agencies that has been developed within the Information Technology Laboratory and published by the National Institute of Standards and Technology, a part of the U.S. Department of Commerce. A FIPS covers some topic in information technology in order to achieve a common level of quality or some level of interoperability.

A security system that provides several levels (e.g., low, moderate, high) of protection based on threats, risks, available technology, support services, time, human concerns, and economics.

A function that maps a bit string of arbitrary length to a fixed length bit string. Approved hash functions satisfy the following properties: 1) One-Way. It is computationally infeasible to find any input that maps to any prespecified output. 2) Collision Resistant. It is computationally infeasible to find any two distinct inputs that map to the same output.

A message authentication code that uses a cryptographic key in conjunction with a hash function.

The process of discovering the true identity (i.e., origin, initial history) of a person or item from the entire collection of similar persons or items.

The process of making a person’s identity known to the Personal Identity Verification (PIV) system, associating a unique identifier with that identity, and collecting and recording the person’s relevant attributes into the system.

Unique data used to represent a person’s identity and associated attributes. A name or a card number are examples of identifiers.

The set of physical and behavioral characteristics by which an individual is uniquely recognizable.

The process of providing sufficient information (e.g., identity history, credentials, documents) to a Personal Identity Verification Registrar when attempting to establish an identity.

Binding of the vetted claimed identity to the individual (through biometrics) according to the issuing authority.

The process of confirming or denying that a claimed identity is correct by comparing the credentials (something you know, something you have, something you are) of a person requesting access with those previously proven and stored in the PIV Card of system and associated with the identity being claimed.

For the purposes of this standard, interoperability allows any government facility or information system, regardless of the PIV Issuer, to verify a cardholder’s identity using the credentials on the PIV Card.

The process of comparing biometric information against a previously stored template(s) and scoring the level of similarity.

A cryptographic checksum on data that uses a symmetric key to detect both accidental and intentional modifications of the data. MACs provide authenticity and integrity protection, but not non-repudiation protection.

Refers to data that is not stored within the PIV card or computation that is not done by the Integrated Circuit Chip (ICC) of the PIV card.

Refers to data that is stored within the PIV card or computation that is done by the ICC of the PIV card.

An online protocol used to determine the status of a public key certificate.

An entity that establishes and vouches for the identity of an applicant to a PIV Issuer. The PIV RA authenticates the applicant’s identity by checking identity source documents and identity proofing, and that ensures a proper background check has been completed, before the credential is issued.

Physical artifact (e.g., identity card, “smart” card) issued to an individual that contains stored identity credentials (e.g., photograph, cryptographic keys, digitized fingerprint representation, etc.) such that a claimed identity of the cardholder may be verified against the stored credentials by another person (human-readable and verifiable) or an automated process (computer-readable and verifiable).

An authorized identity card creator that procures FIPS-approved blank identity cards, initializes them with appropriate software and data elements for the requested identity verification and access control application, personalizes the cards with the identity credentials of the authorized subjects, and delivers the personalized card to the authorized subjects along with appropriate instructions for protection and use.

A secret that a claimant memorizes and uses to authenticate his or her identity. PINs are generally only decimal digits.

An individual who can act on behalf of a department or agency to request a PIV Card for an applicant.

The public part of an asymmetric key pair that is typically used to verify signatures or encrypt data.

A support service to the PIV system that provides the cryptographic keys needed to perform digital signature-based identity verification and to protect communications and storage of sensitive verification system data within identity cards and the verification system.

A cryptographic key that must be protected from unauthorized disclosure to protect data encrypted with the key. The use of the term “secret” in this context does not imply a classification level; rather, the term implies the need to protect the key from disclosure or substitution.

A published statement on a topic specifying characteristics, usually measurable, that must be satisfied or achieved in order to comply with the standard.

Security decisions with respect to extended investigations to determine and confirm qualifications, and suitability to perform specific tasks and responsibilities.

The process of demonstrating that the system under consideration meets in all respects the specification of that system.

Two related keys, a public key and a private key that are used to perform complementary operations, such as encryption and decryption or signature generation and signature verification.