"This document focuses on the challenge of electronic authentication from mobile devices, defined as the process of establishing confidence in user identities electronically presented to an information system from a mobile device. The Federal government's current approach to electronic authentication in traditional computing devices requires the use of Personal Identity Verification (PIV) Cards, which are 'credit card size' smart cards using credentials based in public key cryptography. Users must insert these cards into readers built into, or attached to, the computers they use to access government information. While this approach to electronic authentication works reasonably well with desktop and laptop computers, the same approach for mobile devices, lacking the space for integrated smart card readers, would require bulky add-on readers. The purpose of this document is to analyze various current and near-term options for electronic authentication that leverage both the investment in the PIV infrastructure and the unique security capabilities of mobile devices, such as smart phones and tablets. While any of the options discussed in this paper could support government security and interoperability requirements, we believe current trends in the mobile device ecosystem argue for a flexible electronic authentication policy that allows for close integration between the credential and the mobile device."
Draft NISTIR 7981: National Institute of Standards and Technology Interagency Report 7981
National Istitute of Standards and Technology: http://www.nist.gov/