DoD Implementation Guide for CAC PIV End-Point - Common ...

DoD Implementation Guide for CAC PIV End-Point
Appendix I Addressing of Data Objects
The addressing schemes specified for CAC (NISTIR 6887) and PIV are the same. Some
terms used frequently in discussions of object addressing are defined below.
RID – Registered Identifier
GSC-IS OID – File ID or Object ID, 2 byte identifier of a particular container, as defined in
the GSC-IS 2.1, not to be confused with a globally unique data object name in ASN.1 form
(dot separated numeric values), the “OID” used by PIV end-point
PIX – 2-11 byte Proprietary Identifier extension
AID – Application Identifier
Universal AID – used to select generic containers or cryptographic modules, and referred
to at the BSI level.
The RIDs of note are as follows:
A0 00 00 01 16 DoD PIV Transitional GSC-IS 2.1 data model, also PIV data model as
specified by Table 1 in Section 1.7 of SP 800-73-1
A0 00 00 00 79 DoD – CAC data model. The CCC follows the GSC-IS 2.1 (and PIV )
data model
A0 00 00 03 08 NIST – PIV end-point data model
From the BSI view in GSC-IS, PIV objects are referenced with a 7 byte Universal AID as
follows:
RID (5 bytes)
Resource Identifier
In the middleware, this value is used to look up the Application Card URL in the CCC to
retrieve the application ID (referred to as the PIX in SP 800-73-1) associated with this file.
For CAC, the application ID and the object ID in the CCC are always the same, since each
applet instance services a single container.
From the Card Edge view in GSC-IS and PIV, a SELECT command is issued to select applets
and file objects. An applet selection data field contains a 5-16 byte identifier that can be a
RID or a RID qualified by PIX.
RID (5 bytes)
Resource Identifier
GSC-IS OID (2 bytes)
Object Identifier
PIX (0-11 bytes)
Proprietary Identifier Extension
42