The National Institute of Standards and Technology (NIST) recently released an improved version of its Personal Identity Verification (PIV) Data Generator, a downloadable Java application (http://csrc.nist.gov/piv-program/downloadable-piv-software.html) that can be used to create test data for evaluating PIV systems and cards.
The credit card-sized PIV card contains integrated circuit chips for storing electronic information, a personal identification number and protected biometric data—a printed photograph and two electronically stored fingerprints. Use of these cards by federal employees and contractors is mandated by October 2008 under the Homeland Security Presidential Directive 12 with the technical and operational requirements specified by Federal Information Processing Standard (FIPS) 201. FIPS 201 was developed by NIST in conjunction with other organizations and approved by Commerce Secretary Carlos Gutierrez in February 2005.
The latest version of the PIV Data Generator has been enhanced for dynamic data production and is designed for use with the PIV Data Model Tester (available from the same Web page). The test data objects produced by the PIV Data Generator conform to the FIPS 201 requirements as well as the guidelines set forth in three NIST publications, Interfaces for Personal Identity Verification (SP 800-73-1), Biometric Data Specification for Personal Identity Verification (SP 800-76-1) and Cryptographic Algorithms and Key Sizes for Personal Identity Verification (SP 800-78-1). FIPS 201, as well as the three special publications, may be obtained at http://csrc.nist.gov.
A separate utility within the same download as the Data Generator—the PIV Data Loader—can be used to place generated data onto blank PIV cards to create customized cards for testing the conformance to FIPS 201 and the interoperability of PIV security system components.