October 26, 2018 By Alex Cherian
John Bejjani
2 min read

In an effort to secure sensitive data and protect critical assets, IT and security leaders in highly regulated industries, including the U.S. federal government, mandate strong authentication tied to their mobile employees’ smart/personal identity verification (PIV) card for corporate app and resource access. Considering the physical validation associated with issuing a smart/PIV card, it is considered a safe and trusted source of identity for resource access.

While accessing physical resources does not pose much of a user experience challenge when completed on desktops and laptops, the experience is very poor when it comes to smart/PIV card-based access on mobile devices.

Attend the webinar to learn more

Where Traditional Smart Card Methods Fail

Traditional approaches to this problem required an external smart card reader connected via USB or Bluetooth. While these technically worked, the experience was poor, expensive and restrictive to the notion of mobility. Among the reasons for this less-than-ideal user experience are:

  • Smart card readers are bulky and unaffordable;
  • Attaching or tethering an external smart card reader to a smartphone or tablet creates usability and portability issues; and
  • Smart card readers do not natively integrate with mobile operating systems and, therefore, can only be used by third-party applications.

These issues often prevent companies from boosting productivity by allowing employees to access corporate resources from their mobile devices, leaving highly regulated organizations behind in the mobile and digital transformation journey.

Embracing Derived Credentials for Strong Authentication

To address this challenge, the National Institute of Standards and Technology (NIST) endorsed the concept of derived credentials. A derived PIV credential is a new a digital certificate stored on a mobile device that is derived from the trust of a valid PIV card.

In discussions with public key infrastructure (PKI) vendors, NIST published Special Publication 800-157, which details the agency’s “Guidelines for Derived Personal Identity Verificiation (PIV) Credentials.” While the concept of derived credentials took shape, the implementation of the solution had its own challenges around ensuring both security and ease of use.

Integrating the PKI infrastructure with the right unified endpoint management (UEM) solution addresses most of these technical and end user challenges while delivering scalability and security, adherence to NIST guidelines, and ease of deployment and use.

Having the right UEM solution that integrates with the PKI infrastructure allows organizations to:

  • Seamlessly integrate derived PIV credential creation, issuance and renewals;
  • Provide strong multifactor authentication (MFA) to a wide range of resources, including native profiles, email, PIV-enabled websites and third-party apps;
  • Extend simplified authentication options for nonmobile endpoints such as desktops and laptops; and
  • Cut costs by incorporating the user’s previously established PIV identity into the new derived PIV credential, thereby eliminating the need for further identity proofing.

Learn More

Join us for a live webinar on Oct. 30 to learn how IBM MaaS360 with Watson UEM and Entrust Datacard developed an integrated derived PIV credentials solution that solves the strong authentication challenges experienced by IT and security professionals in highly regulated industries.

Attend the webinar to learn more

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today