Overview#
Derived Credential is defined by NIST to refer to credentials that are derived from those in a Personal Identity Verification (PIV) card or Common Access Card (CAC) and carried in a Mobile Device instead of the card.Derived Credential, generically, is a credential (or a ticket or token) that was derived based on the claims for the
allows access to a particular Protected Resource based on claims for the subject.
We assume this would be similar to the adding of a Payment Card to a Digital Wallet so the representation within the Digital Wallet is a Derived Credential from the Payment Card.
NIST.SP.800-157 is titled "Guidelines for Derived Personal Identity Verification (PIV) Credentials".
The Electronic Authentication Guideline, NIST.SP.800-63, defines a derived credential more broadly as: A credential issued based on Proof-of-Possession and control of a claim associated with a previously issued credential, so as not to duplicate the Identity Proofing process.
More Information#
There might be more information for this subject on one of the following:- [#1] - Protecting Derived Credentials without Secure Hardware in Mobile Devices
- based on information observed on 2014-04-02