SecureKey Awarded Federal Digital Credentials Contract
Toronto’s SecureKey recently announced that it has entered into a contract with USPS to provide a new authentication service based in cloud. This is just one of a number of US government-based programmes that have been in development for a number of years, but talk of it has been thin on the ground in the run-up to the announcement, being conspicuous by its absence in tech publications and on websites. Nonetheless, vast teams have been working on it in the background.
The project, branded the Federal Cloud Credential Exchange (FCCX) aims to help individuals to access online service based at various federal or government agencies without having to use multiple different passwords. These services can include facilities for things like health benefits, student loans and retirement information. The first federal agency to offer it up to the public is the Veterans Administration.
Access to 120 Federal Programmes
SecureKey has previously been in charge of running a trusted identity service in Canada. Canadians can use identification keys that have been provided by banks to connect with as many as 120 different government programmes online, with no need to remember additional user names or passwords. These single passwords can be used to find out information on anything from benefits to fishing licences.
The project forms part of Barack Obama’s National Strategy for Trusted Identities in Cyberspace – or NSTIC for short, as well as the federal governments Identity, Credential and Access Management (ICAM) program. The experts behind the technology have a website which can be found at www.idecosystem.org where users will find a note saying “The National Strategy for Trusted Identities in Cyberspace (NSTIC), signed by the President in April 2011, states, ‘A secure cyberspace is critical to our prosperity.’ This powerful declaration makes clear that securing cyberspace is absolutely essential to increasing the security and privacy of transactions conducted over the Internet. The Identity Ecosystem envisioned in the NSTIC is an online environment that will enable people to validate their identities securely, but with minimized disclosure of personal information when they are conducting transactions.”
Support for Tens of Millions of Users
SecureKey is also said to be working on development similar facilities UK government agencies and organisations. It says that the USPS chose it over others largely because of its federated authentication platform, the SecureKey briidge.net Exchange. This is a cloud-based authentication service which will play a pivotal role in the Federal credential program, allowing it to easily broker user credential management capabilities rather than having to create and maintain an authentication service sophisticated to support tens of millions of users on its own.
The service follows federal guidelines in order to protect privacy. The credential exchange is designed to transmit information securely without identities being revealed, whilst restricting the ability of third-party credential providers to track transaction across various agencies. The SecureKey programme is committed to connect identity providers including banks and healthcare services with the most-used online services of consumers through a cloud-based broker service. SecureKey aims to reduce the complexity involved in establishing many-to-many relationships. It claims to cut down
credential management costs for online service providers, whilst making the sign-up process easy for users whilst respecting their privacy.
Benefits for the IRS?
One agency that is likely to benefit from SecureKey’s technology is the IRS. As most people are only likely to log in the IRS service once or a couple of times a year, remembering passwords and usernames can be difficult. The IRS is also prone to fraud and estimates that it loses around $5 billion per year due to it, with SecureKey services likely to reduce the amount notably. It’s estimated that the IRS would save at least $40 million by using SecureKey’s authentication service instead of creating its own equivalent, and would save up to a further $19 million on yearly maintenance costs. Identity fraud affected over 8 million American in 2011 according to studies, but it is hoped that SecureKey’s innovations would lead to this figure tumbling.
Reports have consistently suggested that internet users all over the world are growing tired of remembering various usernames and passwords as well as dealing with multiple, long-winded registration processes. As the registration process can be off-putting and frustrating, organisations can find themselves losing business as a result of it. The contract given to SecureKey is worth $15 million and will last for three years. The FCCX is designed to enable individuals to securely access online services–such as health benefits, student loan information, and retirement benefit information–at multiple federal agencies, without the need of a different password or other digital identification for each service,” according to SecureKey officials.