Smart Card
From MgmtWiki
Full Title or Meme
A User Device in the shape of a credit card that contains (at a minimum) a communications channel and secure store and processing with user secrets.
Context
Problems
Solutions
- All solutions depend on Late Binding Tokens that "account at a particular origin (of the Relying Party, such as http://www.company.com) the device creates a new key pair usable only at that origin and gives the origin the public key to associate with the account."
PIV Card
- The PIV card is the first instantiation of Personal Identity Verification (PIV) user credential used for access to US government resources both digital and physical.
- Later the concept of Derived Credential was created to extend the capability of PIV into other form factors, such as Smart Phones.
- [nist.gov/news-events/events/2020/12/draft-fips-201-3-virtual-public-workshop FIPS 201-3 Virtual Public Workshop has the notice and recording of the migration from PIV-2 to PIV-3.
