NIST SP800-85A-2：PIV组件测试指南

需积分: 5 49 浏览量更新于2024-07-16 收藏 909KB PDF 举报

"NIST SP800-85A-2-final.pdf 是一份由美国国家标准与技术研究所（NIST）发布的文档，旨在提供测试需求和测试断言，用于验证符合NIST SP 800-73-3规范的两个组件——PIV中间件和PIV卡应用。这份文档的目的是确保这些组件符合FIPS 201的互操作性目标，并通过测试确保产品的互操作性，从而促进符合FIPS 201的产品在HSPD-12目标下的市场推广和采购。" 本文档详细阐述了PIV（Personal Identity Verification）卡应用程序和中间件接口的测试指南，特别关注于它们对NIST SP 800-73-3规范的遵循情况。NIST SP 800-73-3是一系列针对PIV系统的接口和互操作性的技术要求，这些要求是为了满足联邦信息处理标准（FIPS）201所设定的个人身份验证规定。FIPS 201是美国政府员工和承包商身份管理的标准，而HSPD-12（Homeland Security Presidential Directive 12）则是关于身份管理和标识政策的总统指令。 PIV中间件是连接操作系统和PIV卡应用程序的软件层，它负责管理和处理智能卡上的数据，如证书和凭证，以实现安全的身份验证。测试指南包括了一系列测试用例和断言，以确保中间件能正确地执行与卡应用的交互，如读取、写入和处理卡上的数字签名和加密信息。 PIV卡应用则包含在智能卡上，它们是实现FIPS 201要求的具体功能模块，例如身份验证、访问控制和数据保护。测试这部分内容的目的是确保这些应用遵循NIST SP 800-73-3中定义的接口标准，以确保不同供应商的产品间能够顺利通信。测试过程不仅涵盖了功能性测试，还包括性能、安全性和兼容性测试，以验证PIV系统在真实环境中的可靠性和安全性。通过这些测试，开发者和采购者可以有信心选择和使用已通过验证的中间件和卡应用，确保它们能够无缝集成到更广泛的政府身份认证系统中。这份文档的发布日期是2010年7月，由NIST的信息技术实验室（ITL）的计算机安全分部编写，其负责人包括Patrick D. Gallagher、Ramaswamy Chandramouli、Hildegard Ferraiolo和Ketan Mehta等人。ITL致力于通过提供测量和技术标准的领导力来推动美国经济和社会福利，通过开发测试、方法、参考数据和概念验证实现，以促进信息技术的发展和有效利用。

Special Publication 800-85A-2 PIV Card Application & Middleware Interface Test Guidelines

3.2 PIV Card Application Tests

PIV Card Application tests cover the following:

 The PIV Card Application card command interface as per Part 2 of SP 800-73-3,

including the security conditions for executing each command in the interface as well as

the security conditions for accessing and storing each of the associated data objects.

 Presence of all mandatory data objects as well as accessibility and storage of all

implemented data objects using the identifiers specified in Part 1 of SP 800-73-3.

The tests are performed through test scripts communicating directly with a PIV Card through the

API of the driver that comes with the card reader.

3.2.1 PIV Card Application Card Command Interface Tests

These tests will validate that the card under test can successfully execute the commands in the

PIV card command interface. Successful execution constitutes the card responding with

appropriate data and response status codes to the commands sent by the test system. It also

involves setting state variables within the PIV Card. For example, the criteria for successful

execution of the SELECT command involve the following:

 The Response Status Code returned is “90 00”.

 The application property template is returned with the right format and content.

 The “PIV Card Application” is the value of “currently selected application” (state

variable) on the card.

The card command interface test suite includes conformance tests for the following PIV Card

Application commands:

 Data access commands

 SELECT

 GET DATA

 Card authentication commands

 VERIFY

 CHANGE REFERENCE DATA

 RESET RETRY COUNTER

 GENERAL AUTHENTICATE

 Credential initialization and administration commands

 PUT DATA

 GENERATE ASYMMETRIC KEY PAIR

The card edge commands will be validated against the following conditions:

Page 11

Special Publication 800-85A-2 PIV Card Application & Middleware Interface Test Guidelines

4. Derived Test Requirements

DTRs show the type of tests required based on the specifications in SP 800-73-3. These

specifications cover expected command behavior (in the case of interface specification), data

object representation (in the case of PIV data model) and data contents (in the case of PIV

authentication use cases).

Each DTR consists of the following:

 Actual condition statements taken/derived from the SP 800-73-3 specification – these

include conditions for successful command execution for each command as well as

exception behaviors explicitly called out through ‘shall’ statements in SP 800-73-3.

Those exception behaviors that are implicit in SP 800-73-3 through listing of error codes

associated with each command are tested only through Test Assertions (Appendices B, C

and D) and are not part of the DTR condition statements. The condition statements are

identified by codes starting with ‘AS’ followed by a running sequence that denotes the

section in this document where they occur.

 Required Vendor Information – these include information that the vendors are mandated

to provide in their documentation. The Required Vendor Information is identified by

codes starting with ‘VE’ followed by a running sequence that denotes the section in this

document where they occur.

 Required Test Procedures – these are actions that the tester has to perform in order to

satisfy the requirements stated in actual condition statements. These include verifying the

information mandated in the “Required Vendor Information” for the condition as well as

performing software-based tests. It must be mentioned; however, that some of the

required test procedures will not call out explicitly for verification of information in the

associated “Required Vendor Information”. In these instances it is implicitly assumed

that such information is provided by the vendor and verified by the tester. The Required

Test Procedures are identified by codes starting with TE followed by a running sequence

that denotes the section in this document where they occur.

Validations of some DTRs are not covered by the test assertions provided in this document.

These DTRs require compliance of the component with an external specification or standard

such as ISO/IEC 7816 or ISO/IEC 14443. No required test procedures are provided for these

DTRs, and a note is added to indicate that the assertion is externally tested. The tester checks the

vendor documentation for claimed compliance with such requirement or the presence of an

external test/compliance certificate obtained from the related standards testing body, when

applicable.

Some DTRs cannot be validated through the test tools provided in this document. For example,

the test tool cannot access the asymmetric private keys generated and stored on the card.

Therefore, a note is added to indicate the assertion is not separately tested for these DTRs. The

same note is added for DTRs that make general statements on the nature of the PIV Card and are

validated as a result of the validation of many other DTRs. For example, the statement “each

command that appears on the card command interface shall be implemented by a Card

Application that is resident in the Integrated Circuit Card (ICC)” is validated through the entire

card command interface test and does not require an individual test assertion.

Page 14

Special Publication 800-85A-2 PIV Card Application & Middleware Interface Test Guidelines

5. Test Assertions

Test assertions are statements of behavior, action, or condition that can be measured or tested.

They provide the procedures to guide the tester in executing and managing the test. They

include the purpose of the test, starting conditions and prerequisites, success criteria, and post-

test conditions, when applicable. A list of test assertions can be seen in Appendices B and C.

The following three sets of test assertions are included in this document:

 PIV client API test assertions (see Section 3.1 for overview)

 PIV card command interface test assertions (per Section 3.2.1)

 PIV data objects accessibility and storage test assertions (per Section 3.2.2)

An overview of each of the above classes of test assertions is given in Sections 5.2 through 5.4.

5.1 Mapping from Test Categories to Test Assertions

All the DTRs in Appendix A conceptually come under one of the two broad categories of tests

stated in Section 3 i.e., PIV Middleware tests and PIV Card Application tests. Similarly, each

test assertion makes specific references to the related sections in SP 800-73-3 or the related

DTRs. However, overall there is a many-to-many mapping from the test suite elements

(individual tests) under each of these two broad categories of tests to the DTRs (i.e., one test can

map to many DTRs and one DTR can map to many tests). A similar type of relationship exists

between DTRs and test assertions. To narrow the search space for cross references, Table 5-1

presents a cross-referencing guide showing the relevant DTR sections (with the section in SP

800-73-3 document from which they were derived) and test assertion sections with respect to test

classes in the two broad categories of tests.

Category/Classes of Test DTR Section(s) Test Assertion Section(s)

(1) PIV Middleware Tests (Section

3.1)

A.4 PIV End-Point Client API (Part 3

of SP 800-73-3)

Appendix B—PIV Client API Test

Assertions

(2a) PIV Card Application Tests—

PIV Card Application Card

Command Interface Tests (Section

3.2.1)

(1) A.1 End-Point Concepts and

Constructs (Ch 2, Part 2, of SP 800-

73-3)

(2) A.5 End-Point PIV Card

Application Card Command Interface

(Ch 3, Part 2 of SP 800-73-3)

Appendix C—PIV Card Command

Interface Test Assertions

(2b) PIV Card Application Tests—

PIV Data Object s Accessibility and

Storage Tests (Section 3.2.2)

(1) A.2 End-Point PIV Data Objects

Representation (Ch 4, Part 1 of SP

800-73-3)

(2) A.3 End-Point Data Types and

Their Representation (Ch 5, Part 1 of

SP 800-73-3, and Part 2 of SP 800-

73-3)

Appendix C—PIV Data Objects

Accessibility and Storage Test

Assertions

Table 5-1. Cross-referencing Guide

Page 15

剩余153页未读，继续阅读

艾米的爸爸

粉丝: 798
资源: 314

NIST SP800-85A-2：PIV组件测试指南

NIST SP800-85A-1：PIV组件测试指南

NIST SP800-53安全控制措施标准中英文版发布

源代码解读：NIST SP800-90B 随机数熵评估标准

NIST SP800-85A-1.pdf

NIST SP800-53-rev2-final.pdf

NIST SP800-85b-072406-final.pdf

NIST SP800-65-Final.pdf

NIST SP800-73-2_part3_end-point-client-api-final.pdf

NIST SP800-137 Final.pdf

NIST SP800-63-2.pdf

最新资源