background image
TecSec PIV Eagle Card - Contactless
Security Policy
Copyright Athena Smartcard Inc. and TecSec Inc., 2009
Version 1.0
Page 20 of 32
Athena and TecSec Public Material ­ may be reproduced only in its original entirety (without revision)
In a Secure Channel Session with Security Level C-MAC:
Service
Type of access
Key
DELETE (card content)
Execute
AP-Smac
DELETE (key)
Execute
AP-Smac
EXTERNAL AUTHENTICATE
Execute
AP-Smac
GET DATA (ISD)
Execute
AP-Smac
GET STATUS
Execute
AP-Smac
INSTALL
Execute
AP-Smac
LOAD
Execute
AP-Smac
PUT KEY
Execute
AP-Smac
SET STATUS
Execute
AP-Smac
STORE DATA
Execute
AP-Smac
In a Secure Channel Session with Security Level C-DECRYPTION and C-MAC:
Service
Type of access
Key
DELETE (card content)
Execute
AP-Senc, AP-Smac
DELETE (key)
Execute
AP-Senc, AP-Smac
EXTERNAL AUTHENTICATE
Execute
AP-Senc, AP-Smac
GET DATA (ISD)
Execute
AP-Senc, AP-Smac
GET STATUS
Execute
AP-Senc, AP-Smac
INSTALL
Execute
AP-Senc, AP-Smac
LOAD
Execute
AP-Senc, AP-Smac
PUT KEY
Execute
AP-Senc, AP-Smac
SET STATUS
Execute
AP-Senc, AP-Smac
STORE DATA
Execute
AP-Senc, AP-Smac
PIV SSD Key Set
Service
Type of access
Key
INITIALIZE UPDATE
Execute
AP-Kenc, AP-Kmac
EXTERNAL AUTHENTICATE
Execute
AP-Kenc, AP-Kmac
PUT KEY
Execute/Write
AP-Kenc, AP-Kmac, AP-Kkek
DELETE (key)
Delete
AP-Kenc, AP-Kmac, AP-Kkek