SafeNet IDPrime PIV

Personal Identity Verification (PIV), interoperable ID credentials for federal agencies, government contractors, state and local governments and private sector organizations.

SafeNet IDPrime PIV 4.0 card is a FIPS 201* standards-based card for government use to authenticate individuals for physical and logical access. The same card can be used for either a CIV or PIV-I based deployment depending on policies and requirements. This smart card provides premium privacy protection through mandatory and optional features of the SP800-73-4 standard. Customers can benefit from enhanced performance and built-in biometric capabilities (On Card Comparison), preparing them for enhanced user authentication meeting the most up-to-date algorithmic requirements.

SafeNet IDPrime PIV 4.0 will be generally available for sale in late 2025.

Uses of PIV

  • Based on strong multi-factor PKI authentication, SafeNet IDPrime PIV cards provide proof of cardholder identity that meets U.S. Federal Government standards
  • Digitally authenticates users’ identity for main information systems
  • Identifies users for a variety of physical access systems
  • Digitally signs and encrypts eDocuments, email and files
  • Works with Federal Government PIV-based IT infrastructures, and new and legacy physical access control systems
  • Biometric fingerprint and iris delivers highest level of identity assurance

*Validation in Process

Features & Benefits

  • Compliant with PIV 4.0, FIDO2.1, FIPS 140-3*, FIPS 201 and TAA
  • Streamlined login with NFC
  • Virtual Contact Interface (VCI) and Pairing code to enhance privacy through contactless interface, for physical access use cases
  • PIV Secure Messaging to provide confidentiality and integrity protection to PIV card application
  • Biometric Authentication (On Card Comparison), compliant to SP800-76-2, for enhanced user authentication
  • Fast contactless authentication with an optimized Power-On-Self-Test mechanism

PIV Technology and Standards

PIV card technology features a dual interface microprocessor chip for use with contact and contactless smart card readers, making it interoperable and easily adaptable for a wide range of use cases, including physical access authentication. SafeNet IDPrime PIV cards are certified FIPS 140-3 Level 2, FIPS 201 and listed on the GSA APL.

PIV and the U.S. Federal Government

Most U.S. federal government employees and subcontractors have a PIV card. Driven by the issuance of Homeland Security Presidential Directive 12 (HSPD-12) in 2004, the U.S. federal government has invested significant effort and resources in implementing robust, interoperable credentialing processes and technologies. The resulting standard, FIPS 201, PIV for federal employees and contractors, provides a framework of the policies, processes, and technology required to establish a strong, comprehensive identity credentialing program.

Government Contractors and Critical Infrastructure Organizations

Implementing PIV-I identity credentialing and security systems helps enterprises, including those involved with the nation’s critical infrastructure, to significantly upgrade the security of their information systems and networks. In addition, the fact that PIV-I credentials are trusted and interoperable with the federal government makes it much more efficient and secure for contractors to exchange information securely with their government clients. It also creates opportunities to improve business processes, such as digitally signing and encrypting contracts or specifications.

Technical Specifications

Technical Specifications

SafeNet IDPrime PIV

Contact (ISO 7816)

  • PKI

Contactless (ISO 14443)

  • PKI

Memory

  • Chip: 512 KB FlashList

  • Free memory available for resident keys, certificates, additional applets & data: 104 KB

  • SafeNet IDPrime PIV card is based on a Java Card platform (IDCore 3230) with 146 KB EEPROM memory with PIV v4.0 applet loaded

Standards Supported

  • Java Card: 3.1.0

  • Global Platform: 2.2.1, 2.3 (CTLess)

  • PKI: IDPrime PIV 4.0

  • U2F

  • Base CSP minidriver (SafeNet minidriver)

Certifications

  • Chip: CC EAL6+

  • FIPS 140-3 L2*

  • FIPS 201 (PIV)*

  • TAA Compliant

  • Roles, Services, and Authentication: Level 3

  • Physical Security: Level 3

  • EMI/EMC: Level 3

  • Design Assurance: Level 3 SCP03, SCP02, SCP01 supported with scripting according to GP 2.2.1 Amendment

  • Amendment D ECC (256, 384) Asymmetricalgorithms supported and FIPS certified

Cryptographic Algorithms

  • Hash: - SHA-224, SHA-256, SHA-384, SHA-1

  • RSA: up to RSA 4096 bits

  • ECDSA & ECDH: P-256, P-384

  • Symmetric - AES—For secure messaging and 3DES for Microsoft Challenge/Response only

  • Asymmetric - ECC (P-224, P-256, P-384 , P-521 bits), RSA (up to RSA 4096 bits)

ISO Specification Compliance

  • ISO 7816 contact interface (T=0 ; T=1)

  • ISO 14443 contactless interface compatible with NFC (T=CL)

  • IU high coercivity magnetic stripe (optional)

Other Features

  • Global PIN and local PIN

  • Dynamic Discovery Object management during post issuance

  • Dynamic Contactless interface de-activation mechanism

  • Fingerprint and iris biometric containers

  • Up to 20 Key archiving containers