The United States Postal Service this week awarded a potential $15.1 million contract to a Canadian firm to make it less costly for government agencies and easier for individuals to securely access federal networks for online services such as health and retirement benefits.
To implement the Federal Cloud Credential Exchange (FCCX), Toronto-based SecureKey will supply its cloud-based authentication and credential brokerage service, briidge.net Exchange, which will allow individuals to use the same passwords and IDs for accessing federal networks without having to frequently change them for security purposes.
Currently, individuals logging into federal websites to get government services typically have to get digital credentials from each separate federal agency. Acting as sort of a middleman, FCCX makes it simpler for individuals to bring their own credentials from an approved commercial service provider and use it to log in at federal websites.
SecureKey’s software-as-a-service solution will also allow federal agencies to cost-effectively broker user credential management capabilities without having to pay vendors to create new authentication infrastructures to handle millions of users.
The FCCX program will also demonstrate the management of privacy risks, the National Institute of Standards and Technology (NIST), one of the program participants, said in a blog post on Aug. 21.
“The vendor that was selected will be employing a proven, ‘double-blind’ architecture, a novel approach that will prevent tracking of credentials used among identity providers and relying parties,” NIST said. “In simple terms, this means that private organizations that issue citizens credentials—and the agencies that accept them—will have no way to track where citizens use them.”
The contract begins as a pilot that will be overseen and managed by the Postal Service and has the potential to go for three years. The FCCX program is a key component of the Obama administration’s National Strategy for Trusted Identities in Cyberspace (NSTIC), which was released in 2011 to outline a framework for public and private sector cooperation to develop technologies, standards and policies as part of an “identity ecosystem” that will enable trust, security and privacy in online series and transactions.
SecureKey is providing a similar service with its briidge.net Exchange Platform to the Canadian government.
Speaking of the FCCX win, Andre Boysen, chief marketing officer for SecureKey, said in a statement that “This system marks a significant milestone in the evolution of cloud computing, leading the way in demonstrating how identities will be utilized and managed in the online world for years to come, and we are thrilled to have been selected by the USPS for this critical national initiative.” He added that in 2012 SecureKey launched its Concierge credential broker service as part of Canada’s Cyber Authentication Renewal initiative.
The Postal Service is working with the NSTIC program, which is overseen by NIST, the White House Office of Management and Budget, the Veterans Administration and the General Services Administration on the FCCX pilot.
Additional federal agencies are expected to announce their participation in the coming months, NIST said in the blog post.