Census Bureau testing new derived credentials to leave PIV cards behind

A PIV card. (Wikimedia Commons)


Written by

Thousands of field surveyors roam the country for the U.S. Census Bureau every day, and IT staffers with the agency are now able to give them a new, easier way to access the technology they need to do their jobs.

The bureau is currently experimenting with a new — and potentially simpler — way for its surveyors to securely log in to their laptops in the field. Instead of using personal identity verification, or PIV, cards to access their computers, a pilot program is letting them log in without the hassle of swiping a card, by embedding the PIV credential directly in the laptop.

Known as “derived credentials,” a simple smart card-like device inside a laptop, phone or tablet has the necessary security certificate to provide multifactor authentication for sensitive Census systems.

Adam Carroll, branch chief for enterprise systems in the bureau’s telecommunications office, said Census has been considering using the new technology for years because of its huge potential to make life easier for surveyors.

“Say a census surveyor goes into a house, they have a laptop, they have to log in with a username and password and also an RSA token,” Carroll said at Multicert’s “eID Conference” this week. “They’re fumbling with all these things to log in to actually produce two-factor identification. If they just had a derived credential, they could just log in with a PIN.”

Workers still need access to the PIV cards initially before moving the authentication process within the laptop, and Carroll noted that he’s been working with his staff to visit 60 sites “everywhere you can think of in the country” to get staff these badges.

But now that the bureau’s distributed the PIV cards to thousands of its field surveyors, they can start logging into Census applications directly from their laptops with no need for a complicated sign-in process.

“It saves them time, it saves us money, it’s more efficient for a surveyor if they’re doing an interview,” Carroll said.

This Census experimentation is possible thanks to some recent changes to the PIV cards by the National Institute of Standards and Technology.

In June, the agency announced new technical specifications for the PIV cards that would allow them to work with mobile devices. That enabled federal employees of all stripes to connect securely to government networks from their laptops, smartphones or tablets.

“A secondary derived credential can now be issued right onto the mobile device, so that’s a tremendous cost savings for the federal government,” said Hildegard Ferraiolo, a NIST computer scientist.

Ferraiolo noted that the process of creating the new standards took the better part of two years, and was a painstaking one as NIST navigated the different needs of a multitude of device manufacturers.

“Unfortunately, when we looked at the landscape of mobile devices and tablets, we quickly figured out that one size does not fit all,” Ferraiolo said. “There’s different platforms, different capabilities, so we had to provide different solutions to accommodate mobile devices.”

But with that work done, Ferraiolo hopes the new standards will allow other agencies to follow Census’ lead and start making the transition to take advantage of the new technology.

With 5 million PIV cards in circulation for federal employees and contractors, she thinks the change can make life easier for plenty of people in government.

“We’ve changed our focus on usability and we’ve come up with an alternative format,” Ferraiolo said. “That was the goal.”

-In this Story-

Census Bureau, Commerce Department, Cybersecurity, Departments, identity and access management, Mobile Security, National Institute of Standards and Technology (NIST), Tech
TwitterFacebookLinkedInRedditGoogle Gmail