Overview#

A Credential is a set of claims made by an entity about an identity. [1]

Credential is an object that authoritatively binds an identity and optionally, additional attributes to a claim possessed and controlled by an entity.

Credential is authoritative evidence of an entity’s claimed Identification.

Credentials come in many types, from physical papers, Identity Documents and cards (such as a passport or Payment Card) to electronic items (such as a password or digital certificate), and often incorporate anti-tamper features.

Within the United States federal government a PIV is a credential.

Credential regardless what type, associate an identity with an entity (typically via an identifier) and identify the Organizational Entity that issued the Credential:

  • Your driver’s license includes a license number, your name, and a state seal.
  • An Payment Card includes a card number, your name, and a corporate symbol.
  • A PIV credential contains a picture, the issuing agency logo, and cryptographic key pairs

Some Credential indicate authorizations granted to the entity by the issuing Organizational Entity. For example, a driver’s license includes the authorization to drive a car.

Unlike identities, Credential generally expire. If an identity continues past the expiration date of the Credential, a new credential is issued:

  • Your driver’s license expires after so many years and you receive a new one.
  • Your ATM card expires after so many years and you receive a new one.
  • Your PIV credential expires after three to six years and you receive a new one.

A credential that is lost or compromised before it expires may be revoked by the organization that issued it. Credentials can incorporate something you know (such as a password or PIN), something you have (such as a card), or something you are (such as a fingerprint or iris). Some credentials incorporate more than one option, and are referred to as two-factor or three-factor or multi-factor.

As with Identity Proofing, Credentials have different Level Of Assurance depending on the strength required. The Credential for accessing your bank account is likely stronger than the credential for accessing your health club.

Derived Credential[2]#

NIST has defined Derived credentials to refer to credentials that are derived from those in a Personal Identity Verification (PIV) card or Common Access Card (CAC) and carried in a Mobile Device instead of the card. A CAC card is a PIV card issued by the United States Department of Defense

We assume this would be similar to the adding of a Payment Card to a Digital Wallet.

NIST.SP.800-157 is titled "Guidelines for Derived Personal Identity Verification (PIV) Credentials".

The Electronic Authentication Guideline, NIST.SP.800-63, defines a derived credential more broadly as: A credential issued based on Proof-of-Possession and control of a claim associated with a previously issued credential, so as not to duplicate the Identity Proofing process.

Compromised Credential#

Compromised Credentials are any Credentials that the Owner is not in control of or that another entity has gained access to the credential

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-11) was last changed on 15-Oct-2017 09:05 by jim