U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: David Cooper (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 36

Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process

September 29, 2022
Author(s)
Gorjan Alagic, Daniel Apon, David Cooper, Quynh Dang, Thinh Dang, John M. Kelsey, Jacob Lichtinger, Yi-Kai Liu, Carl A. Miller, Dustin Moody, Rene Peralta, Ray Perlner, Angela Robinson, Daniel Smith-Tone
The National Institute of Standards and Technology is in the process of selecting public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify additional digital signature, public

Breaking Category Five SPHINCS+ with SHA-256

September 28, 2022
Author(s)
Ray Perlner, David Cooper, John M. Kelsey
SPHINCS+ is a stateless hash-based signature scheme and a finalist in the NIST PQC standardization process. Its security proof relies on the distinct-function multi-target second-preimage resistance (DM-SPR) of the underlying keyed hash function. The

Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process

July 5, 2022
Author(s)
Gorjan Alagic, David Cooper, Quynh Dang, Thinh Dang, John M. Kelsey, Jacob Lichtinger, Yi-Kai Liu, Carl A. Miller, Dustin Moody, Rene Peralta, Ray Perlner, Angela Robinson, Daniel Smith-Tone, Daniel Apon
The National Institute of Standards and Technology is in the process of selecting public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify additional digital signature, public

Personal Identity Verification (PIV) of Federal Employees and Contractors

January 24, 2022
Author(s)
National Institute of Standards and Technology (NIST), Hildegard Ferraiolo, Andrew Regenscheid, Salvatore Francomacaro, David Cooper, Ketan Mehta, Annie W. Sokol, David Temoshok, Gregory Fiumara, Justin Richer, James L. Fenton, Johnathan Gloster, nabil anwer
FIPS 201 establishes a standard for a Personal Identity Verification (PIV) system (Standard) that meets the control and security objectives of Homeland Security Presidential Directive-12 (HSPD-12). It is based on secure and reliable forms of identity

NIST Test Personal Identity Verification (PIV) Cards Version 2

April 2, 2021
Author(s)
David Cooper
In order to facilitate the development of applications and middleware that support the Personal Identity Verification (PIV) Card, NIST has developed a set of test PIV Cards and a supporting public key infrastructure (PKI). This set of test cards includes

Recommendation for Stateful Hash-Based Signature Schemes

October 29, 2020
Author(s)
David Cooper, Daniel Apon, Quynh H. Dang, Michael S. Davidson, Morris Dworkin, Carl Miller
This recommendation specifies two algorithms that can be used to generate a digital signature, both of which are stateful hash-based signature schemes: the Leighton-Micali Signature (LMS) system and the eXtended Merkle Signature Scheme (XMSS), along with

Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process

July 22, 2020
Author(s)
Dustin Moody, Gorjan Alagic, Daniel C. Apon, David A. Cooper, Quynh H. Dang, John M. Kelsey, Yi-Kai Liu, Carl A. Miller, Rene C. Peralta, Ray A. Perlner, Angela Y. Robinson, Daniel C. Smith-Tone, Jacob Alperin-Sheriff
The National Institute of Standards and Technology is in the process of selecting one or more public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify one or more additional

Status Report on the First Round of the NIST Post-Quantum Cryptography Standardization Process

January 31, 2019
Author(s)
Gorjan Alagic, Jacob M. Alperin-Sheriff, Daniel Apon, David Cooper, Quynh H. Dang, Carl Miller, Dustin Moody, Rene Peralta, Ray Perlner, Angela Robinson, Daniel Smith-Tone, Yi-Kai Liu
The National Institute of Standards and Technology is in the process of selecting one or more public-key cryptographic algorithms through a public competition-like process. The new public- key cryptography standards will specify one or more additional

Protecting Software Integrity Through Code Signing

May 23, 2018
Author(s)
David A. Cooper, Leonard Feldman, Gregory A. Witte
This bulletin summarizes the information found in the white paper Security Considerations for Code Signing, which describes features and architectural relationships of typical code signing solutions that are widely deployed today. The paper also defines

Security Considerations for Code Signing

January 26, 2018
Author(s)
David Cooper, Andrew Regenscheid, Murugiah Souppaya
A wide range of software products (also known as code)--including firmware, operating systems, mobile applications, and application container images--must be distributed and updated in a secure and automatic way to prevent forgery and tampering. Digitally

Derived PIV Application and Data Model Test Guidelines

June 6, 2016
Author(s)
David Cooper, Hildegard Ferraiolo, Ramaswamy Chandramouli, Nabil Ghadiali, Jason Mohler, Steven Brady
NIST Special Publication (SP) 800-157 contains technical guidelines for the implementation of standards-based, secure, reliable, interoperable Public Key Infrastructure (PKI)-based identity credentials that are issued for mobile devices by federal

Best Practices for Privileged User PIV Authentication

April 21, 2016
Author(s)
Hildegard Ferraiolo, David Cooper, Andrew R. Regenscheid, Karen Scarfone, Murugiah P. Souppaya
The Cybersecurity Strategy and Implementation Plan (CSIP), published by the Office of Management and Budget (OMB) on October 30, 2015, requires that federal agencies use Personal Identity Verification (PIV) credentials for authenticating privileged users

PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 compliance)

April 13, 2016
Author(s)
David Cooper, Hildegard Ferraiolo, Ramaswamy Chandramouli, Jason Mohler
NIST Special Publication (SP) 800-73 contains the technical specifications to interface with the smart card to retrieve and use the Personal Identity Verification (PIV) identity credentials. This document, SP 800-85A, contains the test assertions and test

Cardholder Authentication for the PIV Digital Signature Key

June 18, 2015
Author(s)
William Polk, Hildegard Ferraiolo, David Cooper
FIPS 201-2 requires explicit user action by the Personal Identity Verification (PIV) cardholder as a condition for use of the digital signature key stored on the card. This document clarifies the requirement for explicit user action to encourage the

Guidelines for Derived Personal Identity Verification (PIV) Credentials

December 19, 2014
Author(s)
Hildegard Ferraiolo, David A. Cooper, Salvatore Francomacaro, Andrew R. Regenscheid, Jason Mohler, Sarbari Gupta, William E. Burr
This recommendation provides technical guidelines for the implementation of standards-based, secure, reliable, interoperable PKI-based identity credentials that are issued by Federal departments and agencies to individuals who possess and prove control

NIST Test Personal Identity Verification (PIV) Cards

July 12, 2012
Author(s)
David A. Cooper
In order to facilitate the development of applications and middleware that support the Personal Identity Verification (PIV) Card, NIST has developed a set of test PIV Cards and a supporting public key infrastructure. This set of test cards includes not