Highly regulated industries including US Federal, mandate strong authentication tied to the user’s smart/PIV card for all their corporate resource access. Considering the physical validation associated with issuing a smart/PIV card, it is considered as a safe and trusted source of identity for resource access.
While this does not pose much of a user experience challenge while accessing physical resources or devices with larger form factor like desktops and laptops, the experience is very poor when it comes to smart/PIV card based access on mobile devices. Traditional approaches to this problem required an external smart card reader that was either connected via USB or Bluetooth. They did technically work, but the experience was poor, expensive, and not exactly mobile either. There were multiple issues with the traditional approach:
- Smart card readers are bulky and expensive
- Attaching or tethering an external smart card reader to mobile phones or tablets creates usability and portability issues
- Smart card readers do not natively integrate with mobile operating systems and therefore can only be used by third party applications
These issues came in the way of organizations enabling their workforce to be more productive by allowing corporate resource access from their mobile devices and these regulated organizations were left behind in the mobile and digital transformation journey.
To address this challenge, NIST mooted the concept of Derived Credentials. In discussions with PKI vendors, NIST published a Special Publication 800-157 that detailed the “Guidelines for Derived PIV Credentials”. While the concept of derived credentials took shape, the implementation of the solution had its own challenges around ensuring both security and ease of use of the solution.
Entrust Datacard, a leading PKI vendor and IBM MaaS360 with Watson, a leading UEM solution came together last year to address these technical and end user challenges to bring to market a solution that was scalable and secure, adhering to the NIST guidelines as well as making it easy to deploy and user for organizations. The integrated solution from IBM MaaS360 and Entrust datcard allows organizations to:
- Provide seamless integration of Derived PIV Credential creation, issuance and renewals
- Provide strong multifactor authentication to a wide range of resources including native profiles, Email, PIV enabled web sites, 3rd party apps etc eliminating reliance on less secure authentication methods such as passwords
- Provide cost savings by incorporating the user’s previously established PIV identity into the new Derived PIV Credential, thereby eliminating the need for further identity proofing
Join us for a webinar on 30th October to know more about the solution from IBM MaaS360 and Entrust datacard and how it solves the strong authentication challenges for highly regulated industries.
*** This is a Security Bloggers Network syndicated blog from Entrust Datacard Blog authored by Entrust Datacard Blog. Read the original post at: https://www.entrustdatacard.com/blog/2018/october/derived-piv-credentials-solving-authentication-challenges-for-highly-regulated-industries