cybersecurity; Derived PIV Credential (DPC); Enterprise Mobility Management (EMM); identity; mobile device; mobile threat; multifactor authentication; personalidentity verification; PIV Card; smart card
Homeland Security Presidential Directive-12 (HSPD-12) [1] mandated deployment of a common identity credential in 2004, which resulted inPersonal Identity Verification (PIV) Cards and their supporting infrastructure. The goal was to eliminate wide variations in the quality and security ofauthentication mechanisms used across federal agencies. The mandate called for a common identification standard to promote interoperable authenticationmechanisms at graduated levels of security based on the environment and the sensitivity of data. In response, Federal Information Processing Standards (FIPS)201 specified a common set of credentials in a smart card form factor [2] called a PIV Card. PIV Cards are now used government-wide as aprimary credential for federal employees and contractors. PIV Cards enhance security by using a standard issuance process by which agencies perform identityproofing and background checks. PIV Cards provide multifactor authentication as part of both physical and logical access management to government facilities andfederal information systems.
smart card toolset pro 3.4.2
The figures below depict high-level views of the example implementations of the hybrid architecture used for this solution for DPCs. Detailed, system-levelfigures can be found in Part C of this guide.Figure 4-3 focuses on the mobile device implementation. Here, the Identity Agent application is used to manage the DPC. The Derived PIVAuthentication key is stored in a software key store within the secure container. The supporting cloud and enterprise systems as described above are alsoshown. Figure 4-4 depicts the architecture when an Intel-based device that supports Intel Authenticate is used to store the DPC. Here,the Intercede self-service application is used to manage issuing the DPC. The DPC is then available for smart card log-on and VPN authentication. In thisimplementation, we exercised smart card log-on to observe usage of the DPC. 2ff7e9595c
Comments