Solutions for securing both physical facilities and critical digital assets and infrastructure.
Smart Solutions
Despite extensive investment by companies in cybersecurity solutions and best practices, cyber criminals continue to steal their employees’ credentials in ever more sophisticated phishing attacks.
The damage can be significant, with large organizations standing to lose up to $15 million per year—not to mention the reputational damage and loss of trust that result from a breach.
Certificate-based authentication based on the PIV (FIPS 201) standard along with FIDO2 passkeys offer robust solutions to human factor vulnerabilities, forming the cornerstone of any Zero Trust security framework.
Why IDEMIA
IDEMIA has been a leading provider of PIV and CAC cards to the U.S. Federal Government and large enterprise customers for over 20 years.
IDEMIA offers U.S.-based manufacturing and centralized print bureau services for personalization and fulfillment of PIV cards, and has delivered over 65 million cards to date.
In July 2025, IDEMIA’s ID-One PIV® 243 Card was the first to achieve FIPS 140-3 Level 2 validation from NIST, making it the first new addition to the GSA’s Approved Products List(APL) in four years. (Full press release.)
USB Security Keys: Plug-and-Play Convenience
While PIV cards remain the bedrock of FIPS 201-compliant (PIV) authenticators, there is an increasing demand for USB security keys because of their “plug-and-play” versatility for logical access.
IDEMIA Public Security now offers USB security keys as a convenient way to increase your cybersecurity posture through secure multi-factor authentication (MFA) using PKI-based and FIDO2 cryptographic authentication in multiple configurations.
A secure digital or physical token that verifies a user’s identity for accessing logical systems (e.g., via a workstation) or physical locations (i.e., door access). Smart credentials use advanced encryption and security layers to provide enhanced protection for accessing both digital and physical assets, and can be delivered through hardware tokens like smart cards and USB security keys, or they can be housed on a smartphone.
IDEMIA supplies smart cards and USB tokens in the form of the ID-One® PIV smart card and the Go and Bolt USB security keys.
Fast IDentity Online (FIDO) is an authentication standard that combines widely adopted Web Authentication (WebAuthn) and Client-To-Authenticator Protocol (CTAP) standards that are already available in most web browsers, operating systems, and enterprise applications today. Following the FIDO standard, users can create device-bound passkeys, which allows them to authenticate to websites without needing a password. This provides a secure login that is phishing-resistant and resistant to common man-in-the-middle attacks online.
Both IDEMIA Public Security’s smart cards and USB security keys can be configured with a FIDO applet on which to store FIDO passkeys.
Personal Identity Verification (PIV): government-approved identification following the FIPS 201 standard for PKI (Public Key Infrastructure – see below).
Personal Identity Verification Commercial (CIV) : following the PIV standard, but for commercial use. Has expanded features for use outside U.S. Federal Government agencies.
Public Key Infrastructure (PKI) is a foundational security framework that manages digital certificates and public-key encryption to secure data, authenticate users/devices, and ensure data integrity. It uses asymmetric encryption (a public key for encryption, private key for decryption) to protect communications across networks. It is commonly utilized in SSL/TLS, VPNs, and email.
IDEMIA offers a converged access credential in the form of the ID-One® PIV card. Using a single hardware token with both physical access (PAC) and logical access (LAC) credentials on it offers enterprises and end users convenience and cost savings.
IDEMIA has issued over 70 million smart credentials to government and enterprise customers to date.
IDEMIA’s PIV applet is FIPS 201-certified and supports all the features published in the latest version of the standard by NIST (U.S. National Institute for Standards and Technology).
IDEMIA’s ID-One® PIV 243 cards and ID keys (which use the same applet) are the first to achieve NIST FIPS 140-3 validation, and are currently on the General Services Administration’s Approved Products List (GSA APL).
IDEMIA utilizes its own cryptographic libraries. This limits security vulnerabilities introduced by third-party products, as with the recent issue with Infineon libraries.
A version of IDEMIA’s cryptographic module has undergone additional testing and evaluation by the U.S. National Security Administration (NSA), and has been approved by NSA for use in the SIPR environment (the military’s classified network – the most secure environment).
IDEMIA is a Supplier Security & Privacy Assurance (SSPA) Program-compliant Microsoft partner – already approved by Microsoft and ready to deliver.
IDEMIA’s multi-factor authentication (MFA) products are used by most U.S. federal agencies, including the Department of War.
IDEMIA has served on the Executive Board of the FIDO Alliance since 2013. Our current representative serves as the Treasurer of the Alliance and co-chair of the Government Deployment Working Group.
Smart credentials are used to authenticate users via PKI Certificate-Based Authentication (CBA) and/or FIDO2 to a system like a workstation for daily use.
Advanced setups can allow for data encryption and digital signature for emails and documents.
With printed data onto a smart card, it can be used as a visual identification or badge.
Credentials can also be enhanced with access control Prox, MIFARE® DESFire® EV3™ or LEAF, configured to work with enterprise Physical Access (PAC) systems to truly have a converged identity credential.
In most cases, Windows will automatically download the correct drivers upon first use of the device. Drivers for ID-One® PIV cards and IPS ID Keys can be found here: Microsoft Update Catalog
Additionally, if your organization’s IT department does not allow automatic downloads of drivers from the Microsoft Update Catalog, the Windows installer file for IDEMIA products can be download from our Technical Resources page.
When initialized in NPIVP, in CIV or in CIV+ Configuration, ID-One® PIV® 243 is FIPS 140-3 validated with overall level 2. CMVP Certificate #5024.
FIPS 140-3 Level 3
When initialized in SPE, or in SPE+ Configuration, (i.e. Secure PIN Entry: when the card enforces the encrypted transmission of the PIN for verification even over the contact interface), ID-One® PIV® 243 is FIPS 140-3 validated with overall level 3. CMVP Certificate #5027.
FIPS 201-2 When initialized in NPIVP Configuration, ID-One® PIV® 243 is FIPS 201-2 Compliant™. Its PIV Card Application has been validated by NIST to fully comply with SP800-73-4. NPIVP Certificate #50.
GSA APL When initialized in NPIVP Configuration, and when using Product Part Number 2292732 (i.e. a smart card form factor with composite PETF/PVC card body specially designed to pass NIST stringent physical testing requirements), ID-One PIV® 243 has been approved for use by the U.S. Government and is listed on the IDManagement.gov web site under GSA APL#1513.
MINEX II ID-One® PIV® 243 fingerprint On-Card-Comparison (OCC) algorithm has been validated for interoperability by NIST MINEX II.
IDEMIA is a founding member of the LEAF Community and our goal is to provide highly secure, open standard smart credentials that do not lock our customers into proprietary technology while securing their enterprise.
IDEMIA Smart Credentialing portfolio includes ID-One® PIV smart cards and ID-One® Key Go and ID-One® Key Bolt USB security keys. Below is a table with the difference between the solutions.
*NEW* Technical Resources
Visit our new Technical Resources page to download mini drivers, review documentation, and request assistance.
