 |
 |
 |
|
 |
Credential Brokerage
Most online security solutions today are “closed-loop” systems – for every online service, you get yet another set of security “credentials”. As users sign up with more web services, password fatigue sets in as the same password is re-stored in each closed loop system. Unfortunately, this means that your security may actually be vulnerable to weak security on some other site where your user has recreated the same password.
What if you could securely retrieve online health records… by using your chip credit card?
What if you could open a new bank account online at a new bank… by tapping your driver’s license?
For online services that are infrequently used, like licensing and tax-relates sites, the problem gets worse – infrequent usage means more password resets, support calls, user frustration and abandoned Userids. In one survey of the U.S. government, one federal agency with 44,000 users had over 700,000 registered userids1. In short, the proliferation of one-off passwords for every website is increasingly becoming an unmanageable security and privacy risk.
That said, there are a few sign-on credentials that are issued with greater rigor and cared for by users with greater vigilance. For example banking credentials, credit cards and government-issued identity cards are all examples of high quality credentials that are not susceptible to password fatigue. However there is no convenient way to use a given credential like a bank card (securely, electronically) other than for its original purpose … until now.
SecureKey Credential Brokerage Service
SecureKey Credential Brokerage Service (CBS) is a secure, cloud-based “hub” that eliminates password fatigue and makes the sign-on process quick and painless for end users. For businesses, governments and other web application developers, CBS eliminates the risks and costs associated with online authentication, password resetting and credential security. When signing in to government or other third-party sites, CBS lets users leverage their existing banking, credit card or other highly valued and protected sign-in process. In addition, the existing credential can be augmented with SecureKey Strong Authentication to provide strong two factor authentication. So without ever issuing a credential or managing a password, a government service or other sensitive site can offer sign in based on a more commonly used or other highly valued sign-in process, and can add an additional layer of 2FA security as needed. By brokering connections between high quality Credential Providers (CPs) such as banks and Relying Party sites (RPs), CBS creates a growing network of security partnerships that increases in value for every participant with each new partner that is added.
The potential to create a vast and secure ecosystem which bridges these parties has been recognized in Canada1, the U.S.2 and elsewhere, spawning a number of initiatives promoting the interoperability of secure identity solutions. In Canada, the Government of Canada will be using SecureKey to kick-start exactly this kind of ecosystem – starting with federal government agencies and participating financial institutions in 2012. Other levels of government are expected to join in as well, as are other banks and credit unions.
NFC-based tablets and mobile devices are also an important part of creating the ecosystem, providing inexpensive and pervasive “terminals” with which to read existing and future real-world contactless cards, as well as a means to deploy Secure Element (SE) memory within which card information may be stored for proximity applications, as well as proxy data to enable authentication of cloud-based authentication and payment applications.
1 Agency response to internal U.S. Government survey, December 2007
2 "Federating Identity Management in the Government of Canada: A Backgrounder.", Treasury Board of Canada Secretariat, March 16, 2011.
3 “National Strategy for Trusted Identities in Cyberspace (NSTIC)”, The White House, April 15, 2011.