GSA, FTS ITI/TFMG, 5203 Leesburg Pike, Suite 1100, Falls Church, VA 22041

70 -- PUBLIC KEY INFRASTRUCTURE DUE 110599 POC Ms. Annette Cole, Technical Manager, (703) 605-9948 E-MAIL: Click here to contact the Technical Manager via e-mail., annette.cole@gsa.gov. Background. On April 2, 1999, the Undersecretary of the Navy designated the Department of the Navy Chief Information Officer (DON CIO) as the DON lead for Smart Card Technology by memorandum directive. The Smart Card Office was chartered on May 24, 1999 to provide focus and management for Smart Card efforts within the DON. The purpose of this RFI is threefold: (1)To announce the current intentions of the Department of the Navy Smart Card Office to deploy smart card technology in two major regions; (2)To engage industry and other interested parties in an exchange of information and initiate a dialogue concerning key technical aspects of the baseline smart card platform, its interface with applications, and its ability to provide core interoperability and cryptographic functions; and (3)To assess the capability of industry to provide the products necessary to meet the outlined specifications and desired functionality. Intended Functionality. The smart card specified in this RFI is intended to support cryptographic functions for a system that utilizes two sets of key pairs and certificates (Authentication and Encryption keys and certificates). Industry should consider some basic assumptions when responding to the RFI. (a) the functionality for the RFI pertains to the baseline smart card platform; (b) the functionality for the RFI deals solely with the interaction and exchange of cryptographic material; (c) the DON SCO desires to deploy in April 2000; (d) the PC client platform will be Windows 95, 98, NT 4.0+; and (e) the issuance of digital keys and certificates will be performed in a PKCS#11 enabled browser. Card Specification. On Card Specification. Standards: ISO 7816, 1-4; EMV; Java Card 2.1 or Windows Powered Smart Card v 1.0; Visa Open Platform 2.0; PC/SC compliant card; The card will contain a defined PKCS#15 file structure for the cryptographic functions of the card; FIPS 140-1, Level 2 certified. Micro-controller and Processing: Minimum of 16K micro-controller (with 16K of available EEPROM); Minimum:8-bit processor; Crypto co-processor with a good random number generator Cryptography: Triple DES; RSA; Minimum 1024 bit RSA key length; SHA-1; MD5; On card key generation-RSA. Questions: (1) Does the above specification address the base configuration to perform the intended card-based functionality (in section 2.1)? (2) Is deployment in April 2000 achievable by industry? What COTS product (s) comply with these specifications? What is the micro-controller platform and its technical processing capabilities (i.e., 8-bit, 16 bit, and more)? (3) Is there anything specified that may be unattainable? If so, what and why? (4) Is there anything specified that is contrary to the direction that industry is heading? If so, what and why? Middleware Specifications. It is anticipated that an implementation of PKCS#11 and Microsoft's CSP will be necessary to get the smart card to communicate with PKI enabled applications. The DON SCO desires to simplify this configuration. A single implementation of both PKCS#11 and CSP isanticipated in all of the necessary clients. We expect that multiple card products will be interfacing to these single implementations. Questions: (5) What interoperability limitations exist with industry's implementations of PKCS#11 and Microsoft's CSP? (6) Is the desire for a simplified configuration attainable? Please describe any technical limitations to achieving this simplified configuration. (7) Please provide any suggestions on how to attain this desired functionality? (8) Can this strategy be implemented technically using the specification in Section 2.1 of this RFI? If yes or no, please explain the answer. (9) If there are alternative implementations in exchanging cryptographic material with PKI-enabled applications, industry is encouraged to provide information. Response Deadline: All responses should be submitted in electronic form (either MS Word 4.0+ or Adobe Acrobat) to FEDSIM or fax to (703) 730-9863 by 4:00PM EST, November 5, 1999. Reference: Detail specifications and reference material on the RFI is posted at www.doncio.navy.mil/focusareas/smartcard/index Posted 10/18/99 (W-SN392677). (0291)

Loren Data Corp. http://www.ld.com (SYN# 0230 19991020\70-0006.SOL)