This is version 1 2 3 4 5 6 7 . It is not the current version, and thus it cannot be edited.

Back to current versionRestore this version

Overview#

Derived Credential, generically, is a credential (or a ticket or token) that was derived based on the claims or other credentials of the Credential Holder which are issued to permit access to a particular Protected Resource.

Derived Credential defined by NIST as used with PIV can be issued to any PIV Credential Holder, regardless of whether the original credential was issued by MyID or a third-party issuer, either on-premises or via a managed service.

The Electronic Authentication Guideline, NIST.SP.800-63, defines a derived credential more broadly as: A credential issued based on Proof-of-Possession and control of a claim associated with a previously issued credential, so as not to duplicate the Identity Proofing process.

This would be similar to the adding of a Payment Card to a Digital Wallet so the representation within the Digital Wallet is a Derived Credential from the Payment Card.

More Information#

There might be more information for this subject on one of the following:

• Credential
• Proof of Control

---

• [#1] - Protecting Derived Credentials without Secure Hardware in Mobile Devices - based on information observed on 2014-04-02
• [#2] - Guidelines for Derived Personal Identity Verification (PIV) Credentials - based on information obtained 2014-12-30