Wednesday, September 26, 2018: 9:00 AM - 11:00 AM
Overview: Across the market, public and private sector innovation and collaboration are driving better identity solutions. Governments – Federal, State and Local – have a supporting role to play in helping to grow a more effective and responsible identity ecosystem by working with industry to identify and reduce barriers, encourage the development of shared principles, governance, standards and trust frameworks, evaluate and document the performance realities of commercial solutions, and offer services that improve identity. This session will focus on the history and evolution of standards, various uses and applications of standards and/or best practices, the significance of utilizing standards to strengthen and streamline interoperability, and approaches to improving efforts between the government, international partners, industry, and academia for continued development and advancement of standards development and maturation.
- Diane Stephens, Moderator, NIST
- Will Graves (DFBA), DoD
- Chris Miles DHS, S&T
- Scott Swann, IDEMIA
- Michael Coleman, F5
- Kamran Atri, CSEngineering
Workshop: Derived PIV Tabletop Discussion
Mr. Chris Brown will lead a tabletop discussion exploring the challenges and issues that organizations face when deploying derived Personal Identity Verification (PIV) credentials and how to overcome them. The discussion will be based on the experiences that the NIST National Cybersecurity Center of Excellence (NCCoE) encountered in developing a practical application of derived PIV credentials using commercial technology that was recently published in NIST SP 1800-12, Derived Personal Identity Verification Credentials.
While PIV cards (smart cards) provide strong security to protect sensitive systems, they also require a physical card reader to access the authentication information contained in the card. However, most mobile devices cannot accommodate a smart card reader. Derived PIV credentials (DPC) are cryptographic credentials that are derived from those in a PIV Card and carried on a mobile device. A mobile device that contains a user’s DPC can authenticate to websites and portals that use verification of PIV Card credentials for access.
Implementing DPC in mobile phones and tablets is challenging due to the wide array of mobile device models and platforms, which offer different ways to store the credentials and different key stores. This is further complicated by the rapid update cycles of proprietary mobile operating systems for which developers must keep pace with the changes.
Attendees will learn how companies like Entrust Datacard, IBM, Intel, Intercede, MobileIron, Verizon, and VMWare came together to demonstrate how to extend the value of identity proofing and vetting of a primary identity credential into mobile devices—and how they can leverage this solution for their own agencies/organizations.