Examples of Typical Use Cases for Mobile App Certificates
In all the following cases, both the primary PIV Personal Identity Verification (technical standard of "HSPD-12") device and the derived mobile device are intended to each have 3 certificates:
-
1 authentication (AUTH) certificate
-
1 signature (SIGN) certificate
-
1 encryption (ENC) certificate.
The encryption certificate is shared between the PIV device and the mobile device.
The PIV device initially contains 3 credentials:
-
AUTH_1: authentication certificate
-
SIGN_1: signature certificate
-
ENC_1: encryption certificate
The PIV device also stores historical encryption certificates whereas the mobile device stores only the newest shared encryption certificate.
The certificate status is indicated by its color:
-
Active
-
On Hold
-
Revoked
Topics in this section:
