LASCON 2014 has ended
Friday, October 24 • 12:00pm - 12:45pm
Derived Credentials – A better user experience for secure applications in the mobile world.

Sign up or log in to save this to your schedule and see who's attending!

The increased use of smart phones in the enterprise and government space has created new opportunities for online identity management. Simultaneously, the convergence poses challenges for the traditional identification models based on Public Key Infrastructure (PKI). For example, a Personal Identity Verification (PIV) badge enabling physical and logical access to buildings and IT resources is not convenient in a mobile environment. Who wants to carry around a government badge, a card reader or attach a phone cradle to their latest mobile device? 

To address this need, and bridge the gap between security and user expectation in the mobile world, National Institute for Standards and Technology (NIST) standards have evolved to propose a new model. The proposal details that some mobile credentials will be derived based on the employee badge (PIV) and stored in the secure element inside the mobile device. Users are thus free to use both derived credentials and the original credentials as proof of their identity. This leads to a very convenient mobile experience without compromising the security associated with classical PKI. For this reason mobile derived credentials are gaining popularity with government and enterprises alike. 

In this talk, we will introduce PIV derived credentials, talk about their deployment architecture and discuss various application use cases that address the security and usability needs of a world that is becoming increasingly mobile. In particular, we will cover the following topics: 

1. Introduction to PIV and associated NIST standards. 
2. Overview of derived credential and how it relates to the original credential. 
3. Examples of applications that benefit from derived credentials on the mobile; e.g. VPN, email signing, email encryption, etc. 
4. Best practices and protocols for loading these derived credentials on a mobile device. 
5. End user experience with respect to the use of derived credentials. 
6. Technical as well as business related challenges that influence adoption of derived credentials. 


Asad Ali

avatar for Benoit Famechon

Benoit Famechon

Program Manager & Architect, Gemalto
Benoit Famechon is a senior program manager and architect at the Identity and Security Labs of Gemalto (Austin). He is currently heading a team to develop Mobile Identity based products using GSMA specification. He has worked in embedded development for Telecommmunication smartcards... Read More →

Friday October 24, 2014 12:00pm - 12:45pm
Cypress Room Norris Conference Center, http://lascon.org/venue/

Attendees (0)