The United States Postal Service has tapped Securekey to run the Federal Cloud Credential Exchange (FCCX). The value of the contract could be more than $15 million over three years, with a minimum value of $5.7 million.
The Federal Cloud Credential exchange will enable citizens to use select third-party credentials to access U.S. government sites and services, says Andre Boysen, chief marketing officer at Toronto-based Securekey.
The Postal Service will be approving individual credential providers to work with the exchange but the new service is expected to spur broader federal agency acceptance of approved third-party credentials of varying strengths and types, from simple user names and passwords to PIV cards.
SecureKey will provide its briidge.net Exchange, a cloud-based authentication and credential brokerage service that enables the credential exchange to easily broker user credential management capabilities instead of having to create and manage an authentication infrastructure to handle tens of millions of citizens.
Securekey has set up a similar service in Canada, providing an identity infrastructure for citizens to access government sites and services using banking credentials.
Three of Canada’s largest banks, BMO Financial Group, Scotiabank, and TD Bank Group are the initial Trusted Sign-In Partners, with other financial institutions expected to follow in the coming months.
The service is part of the Government of Canada’s Cyber Authentication Renewal initiative. No passwords or personal information are exchanged. Trusted Sign-In Partners won’t know which government service is being accessed and the government won’t know which Trusted Sign-In Partner is being used.
Consumers are managing dozens, sometimes hundreds, of increasingly complex login IDs, and using them interchangeably with many online services, actually increasing their risk and exposure to damaging online attacks.
SecureKey Concierge mitigates these risks by using existing credentials that consumers have and use frequently from their banks, which actively manages and monitors security for their customers far beyond other conventional providers of online credentials. It also forms the basis for a broader ecosystem for other governments and public and private sector organizations that could benefit from shared authentication by Trusted Sign-In Partners.