Yubico’s recent collaboration with the U.S. National Institute of Standards (NIST) and National Cyber Center of Excellence (NCCoE) resulted in a three-volume draft practice guide for the improvement of mobile authentication methods for public safety professionals and first responders.
In emergency situations, time is of the essence. Minutes and even seconds can sometimes mean the difference between life and death. The joint project was developed with this in mind, with the ultimate goal of creating reliable and secure mobile platforms that can be quickly accessed.
Security concerns and access challenges were a major component to the project. The NCCoE collaborated with Yubico and several other technology vendors to develop mobile authentication and technologies that support: Internet Engineering Task Force (IETF); Request for Comments (RFC) 8252; OAuth 2.0 for Native Apps; FIDO Universal Second Factor (FIDO U2F) and Universal Authentication Framework (FIDO UAF); Security Assertion Markup Language (SAML) 2.0; and OpenID Connect (OIDC) 1.0.
The death of the password is rattling through several industries, and this project operated with the early recognition that the reliance solely on passwords can present security issues and possible breaches. FIDO U2F was implemented to provide additional protection and stronger authentication, and Yubico’s technology was implemented using the NFC-enabled YubiKey in combination with Federation technology OpenID Connect to ensure secure user access.
The NCCoE is also accepting public comments on the guide until June 18, 2018.