Definition[]
The NIST FIPS 201 Personal Identity Verification (PIV) standard represents a rapid (and potentially two-factor) authentication scheme using symmetric keys.
Overview[]
The benefits of symmetric card authentication key (CAK) usage are: strong authentication compared to using the Card Holder Unique Identifier (CHUID), doesn't need a PIN to activate, and can be performed over a contactless interface. The bad side of symmetric (CAK) authentication is that the symmetric key challenge-response schemes require the CAK to be known by the verifier, but the cross-agency verifier will not know the CAK.