Security & Enablement for All of Your Use Cases

The Need for Mobile Derived Credentials

As US Government agencies establish plans to embrace mobile devices as alternatives to traditional desktop computers, special consideration must be given to ensure compliance with HSPD12 / FIPS 201 Personal Identity Verification (PIV) requirements. As such, NIST specification 800-157 outlines how PIV identities can be implemented and deployed directly on mobile devices. The mobile PIV credential is called a Derived PIV Credential.

The Entrust Mobile Derived Credential solution provides government agencies and contractors with a comprehensive, frictionless, and proven solution for placing Derived PIV Credentials onto mobile devices. Entrust Mobile Derived Credentials are easily accessed by employees and help harness the power of mobile as the new desktop by providing secure, anywhere anytime access to work files and systems.

View White Paper

The First Complete Mobile Derived Credential Solution

Deriving Trust from Bound Identities

The Entrust IdentityGuard Mobile Smart Credential application is encoded like a PIV smartcard, with a digital structure that follows the current PIV standard. This allows the Mobile Smart Credential to be encoded by Entrust IdentityGuard with the same certificate types and use the same communication language traditionally used on a physical PIV smartcard. The Entrust IdentityGuard Mobile Smart Credential is available for use on Apple iOS, Google Android and BlackBerry mobile operating systems.

Self-Service Capabilities

Entrust IdentityGuard is unique in its ability to provide a Self-Service Module (SSM); granting users’ access to request and manage their Derived PIV Credentials without the need for administrative interaction. This approach helps reduce operational costs by limiting the need to deploy specialized enrollment stations and kiosks abroad for derived credential enrollment.

PIN Unlock, Reset via SSM

Unlike PIV smartcards, PIN unblock and reset is easily self-managed through both the Entrust IdentityGuard SSM and directly on the mobile device through the Entrust Mobile Smart Credential application. With this solution, there is no need for a specialized kiosk for derived credential issuance and management. If policy does not allow for users to unlock or reset their derived credential PIN, or if the user loses their mobile device, the SSM allows for the old derived credential to be quickly suspended or revoked.

The Derived Credential Enrollment Process

Entrust IdentityGuard can be configured for several different Derived PIV Credential activation methods, providing the most flexible solution to meet the needs of various policies and requirements. These activation methods include:

  • QR Code with password displayed
  • QR Code with password via encrypted email
  • Email with password displayed
  • Email with password via encrypted email

These various activation options provide multiple, secure workflows for allowing a user to generate and activate their Derived PIV Credential.

Use Cases & Authentication Methods

There are two main ways a derived credential could be leveraged to increase security.

authentication methods

  • The first is to provide access to certificate-enabled mobile applications for authentication directly through the mobile device – removing the need for username and password.
  • The second is to use the derived credential to provide logical access to a traditional workstation or laptop; similar in how a PIV smartcard is used for SCLO

entrust derived credential

An advantage of the Entrust Mobile Smart Credential application is that both methods of access can be easily configured, and are enhanced through Entrust partnerships with other leaders in the mobile device industry.

Get Started Now

As U.S. federal agencies continue to investigate their options to bring standard enterprise and mission-critical applications securely to employees’ mobile devices, the Entrust Mobile Smart Credential solution is highly attractive to enterprise road warriors, field workers and government organizations that require high assurance trusted IDS. By partnering with key technology players, Entrust Datacard supports and solves some of the most commonly requested use cases in a variety of government agencies at many different levels with the Entrust IdentityGuard Mobile Derived Credential solution that is ready for deployment today.