In response to Homeland Security Presidential Directive (HSPD) 12, NIST created a program for improving the identification and authentication of Federal employees and contractors to Federal facilities and information systems. This program is Federal Information Processing Standard (FIPS) 201, entitled Personal Identity Verification (PIV) of Federal Employees and Contractors, which as of September 2011 had issued over 5 million credentials. PIV-I expands the interoperable secure PKI credentialing to Non-Federal Issuers (NFI) so that other organizations seeking identity federation can include their own employees. Currently approved PIV-I providers include DigiCert, Entrust, Operational Research Consultants, VeriSign/Symantec, and Verizon Business. The CertiPath bridge also supports PIV-I credential providers such as Citi and HID.
If you have a PIV or PIV-I card, and are interested in digitally signing documents for consent/approval signatures or certified publishing – Adobe Acrobat and Adobe Reader will automatically validate digital signatures via US Federal Common Policy. Through the Adobe Approved Trust List (AATL) program, the following trust anchors are included in version 9 and higher:
- Common Policy — 2010 expiry — Common Hardware, Common High, Medium HW CBP
- Common Policy — 2027 expiry — Common Hardware, Common High, Medium HW CBP
- Federal Common Policy CA — 2030 expiry — Common Hardware, Common High, Medium HW CBP, SHA1 Hardware
- Federal Bridge CA
- CertiPath Bridge CA – G2
There are several ways these certificates can be installed. The easiest is to open the attached file HID_PIV-I_AdobeConfiguration.pdf, which provides a simplified installation experience into Adobe Acrobat and Adobe Reader. You can also download the FDF directly here: HID-PIV-I-Certs-AdobeReader.fdf
Now you can sign a PDF file and it will automatically validate for anyone with Acrobat or Reader version 9.1 or higher.
Sample HID PIV-I Signature document digitally signed with a production HID PIV-I card looks like this: