HHS seeks PKI support for identity smart cards

The Health and Human Services Department seeks information about technologies to support and manage public-key infrastructure credentials on personal identity verification smart cards to meet requirements of Homeland Security Presidential Directive 12 for secure forms of identification.

The smart cards must be compliant with Federal Information Processing Standard 201, a common identification standard for federal employees and contractors, and PKI Common Policy Certificate requirements.

HHS wants to learn about product functionalities, technical architectures and system requirements, and how these products would interoperate with or supplement existing identity management and physical access systems, the department said in a posting this week.

Currently, personal ID verification (PIV) registration, ID card issuance and physical access control are managed locally by each agency using a number of systems, with PIV data maintained in a number of separate databases and directories.

HHS intends to issue three sets of digital certificates?authentication, digital signature and key management certificates?to each PIV card.

Under HSPD-12, agencies this fall had to implement FIPS-201, Part One (PIV I), which called for them to make sure their processes to issue federal identity cards and register employees met certain standards. Agencies have until October 2006 to begin implementing PIV II, which calls for interoperable systems and issuing credentials that use these applications.

Under the request for information, HHS requires that proposed technologies must:

• interoperate with third-party certificate authorities


• work with FIPS-201 digital certificates to be put onto PIV-II smart cards


• provide certificate lifecycle support and


• support HHS additions to the Federal Certificate Profile.