Electrosoft’s CEO, Dr. Sarbari Gupta, was among the industry’s senior cybersecurity and identity management leaders to present at Authenticate 2023, held in Carlsbad, California in October. Hosted by the FIDO Alliance, the annual event is the industry’s only conference dedicated to all aspects of user authentication — including a focus on FIDO-based sign-ins.

In her educational session, “Leveraging Passkeys for a Federated Federal Government Environment,” Dr. Gupta presented a potential model and functional architecture to implement Derived PIV Passkeys (DPPs) for use between users who possess valid PIV Cards and federal service providers.

“Identity and access management is one of the most pressing federal cybersecurity issues our country is facing,” said Dr. Gupta. “At Authenticate, it was a pleasure to join other leaders and practitioners at the forefront of developing modern, secure ICAM solutions and establishing best practices.”

Session Description

This presentation will describe a potential model and functional architecture for the implementation of Derived PIV Passkeys (DPPs) for use between users who possess valid PIV Cards and federal service providers. DPPs represent a user-friendly, multifactor, phishing-resistant, sync-able, and recoverable authenticator type broadly supported on and between popular IT and mobile platforms. DPPs also benefit from being associated with the strong identity proofing and lifecycle management processes of the federal Personal Identity Verification (PIV) Card based on FIPS 201: Personal Identity Verification of Federal Employees and Contractors.

The operational architecture of DPPs, dictated by the requirements of NIST SP 800-157r1: Guidelines for Derived PIV Credentials, necessitate the use of identity federation technology to transmit authentication assertions from the federal issuing agency system to the federal service provider from which the user seeks to obtain services. Such an architecture has some unique properties, advantages, and disadvantages which will be discussed as a part of this presentation.

The use of DPPs within the U.S. federal enterprise represents a leap into modern authentication for federal users without sacrificing the mature and high assurance identity management processes that have been in use within the federal government since 2005!

Download the full session presentation from the Electrosoft website.

About Electrosoft

Electrosoft delivers comprehensive technology-based solutions and services that propel mission success for federal government customers. Specializing in cybersecurity, Electrosoft supports civilian and defense organizations in advancing cybersecurity postures, modernizing technology ecosystems and adopting agile approaches to improve operational efficiency and security. Recognized for deep domain knowledge and mature management practices, the company is rated at Maturity Level 3 for CMMI-DEV and CMMI-SVC and is certified under ISO 9001, ISO 20000-1 and ISO 27001. The rapidly growing 8(a), economically disadvantaged, women-owned small business (EDWOSB) and WOSB is headquartered in Reston, Virginia. Learn more at www.electrosoft-inc.com.