Derived PIV/CAC Credential

Government agencies depend on employee mobility to improve productivity, control costs and work with organizations in various markets. But enabling mobility for government agencies can be especially complex, due to strict and specific security regulations. Entrust Datacard eliminates that complexity and enables secure mobility with a portfolio of proven Personal Identity Verification (PIV) solutions.

Entrust Datacard Authentication

A Complete Solution for NIST 800-157

Our popular Derived PIV/CAC Credential solution enables true mobility for government organizations by providing secure, anywhere-anytime access to applications, work files and systems. Our solution includes deployment, user enrollment and credential management.

Our Derived PIV solution aligns with NIST SP 800-157 for compliance with the HSPD12/FIPS 201-2 Personal Identity Verification (PIV) requirements.

Entrust Datacard Authentication

Deriving Trust from Bound Identities

Our mobile smart credential application is encoded like a PIV smartcard, with a digital structure that adheres to PIV standards. This allows the mobile smart credential to be encoded by our solution with the same certificate types and use the same communication language traditionally used on a physical PIV smartcard. The application is available on Apple iOS and Android mobile operating systems.

Entrust Datacard Authentication

Self-Service Capabilities

Entrust IdentityGuard offers a unique Self-Service Module (SSM) that allows for anywhere-anytime onboarding and credential management. The SSM grants secure access to users so they can request and manage Derived PIV Credentials remotely — without IT or administrative support — reducing both operational costs and the need for enrollment kiosks.

Entrust Datacard Authentication

PIN Unlock & Reset via SSM

Unlike PIV smartcards, PIN unlock and reset features are easily self-managed through the Entrust IdentityGuard SSM or directly on the user’s mobile device. There’s no need for a specialized kiosk for derived credential issuance and management. If your policy doesn’t allow for users to unlock or reset derived credential PINs, or if users lose their mobile devices, the SSM allows for remote suspension or revocation of the old derived credential.

The Derived Credential Enrollment Process

Entrust IdentityGuard can be configured for several different Derived PIV Credential activation methods, including:

• QR Code with password displayed

• QR Code with password via encrypted email

• Email with password displayed

• Email with password via encrypted email

These activation options provide secure workflows for generating and activating Derived PIV Credentials.

Use Cases & Authentication Methods

Derived credentials are leveraged to increase security in two ways. An advantage of our mobile smart credential application is that both methods of access can be easily configured and are enhanced through partnerships we maintain with other leaders in the mobile device industry.

Enabling access to certificate-enabled mobile applications for authentication directly through the mobile device — removing the need for username and password

Using the derived credential to provide logical access to a traditional workstation or laptop; similar to how a PIV smartcard is used for SCLO


Request a Demo

Request a demo with an IntelliTrust authentication platform specialist.

Our Products

Cloud-Based Deployment


Secure your enterprise and give your users secure access to everything — applications, networks, computers, doors — with cloud-based multi-factor authentication.

On-Premises Deployment


Experienced security professionals in corporations, banks and government agencies know the name IdentityGuard and trust it to protect and enable what matters to them.

SMS Passcode™

SMS Passcode authenticates users by sending a real-time, session-specific one-time passcode (OTP) to the user’s mobile phone via SMS, app, voice-call or email.

Our Authentication

Entrust Datacard Authentication

Establish Trust

Streamline the onboarding of a wide range of users and devices with a wide range of technologies available in our platform.

Entrust Datacard Authentication

Enable Access & Transactions

Ensure both strong security and exceptional user experiences with these best-in-class technologies.

Entrust Datacard Authentication

Maintain Trust

Continuously protect against advanced threats with technology ranging from behavior analytics to fraud detection.