The pandemic has forced a digital transformation of how and where employees work at an accelerated rate, driving remote work scenarios for tens of thousands of state and federal personnel. These accelerated work scenarios require users to be strongly verified and authenticated. A strong binding between the remote identity proofing process and the authenticator is needed in order to achieve high confidence that the user working remotely is who they say they are. The authenticator plays a pivotal role to maintain the high level of assurance when using an anti-phishing protocol.
The NY State Air National Guard (NY ANG) had these requirements and needed an agile and modern cyber security solution to advance its security beyond basic username and passwords for access to the NY State Disaster Local Area Network (DLAN) system for their remote users. Given NY ANG’s mission, the remote identity proofing solution needed to allow for quick turn around that could be implemented in the field.
Yubico and ID.me had, separately, received NIST grants to work on next generation citizen facing services that could scale user verified Identities and authentication. The advancements and adoption of WebAuthn/FIDO2 standards by popular browsers, platforms, and tech companies provided the ideal opportunity to work together and create a unique, streamlined remote ID proofing solution to not only ID proof NY state civilian and military members, but also bind strong, modern hardware-based authentication, with the seamless delivery of YubiKeys. Together, we will be delivering a joint presentation at the upcoming Identiverse conference, registration details are below.
How do Yubico and ID.me provide remote identity proofing?
ID.me is able to remotely ID proof NY ANG and DMNA (Division of Military and Naval Affairs) members for logging into DLAN. Upon verification, users are able to directly order YubiKeys from ID.me’s online identity verification system. To further simplify, using Yubico APIs, ID.me integrated YubiEnterprise Delivery functionality into the platform, to easily allow a user to order and quickly receive YubiKeys.
Once the YubiKey is received, they sign into DLAN via ID.me, which will then prompt the user to register the YubiKey they just received using WebAuthn and bind it to the ID verified account. With their YubiKey registered, users will now be able to easily log into DLAN and authenticate themselves with their YubiKey. The ID.me system performs the role of the Identity Provider where authentication happens and acts as a federated single sign-on (SSO) to DLAN. The NY ANG team requested configuration of the ID.me access policy to only allow access to DLAN if a successful FIDO authentication has occurred.
As cyber security threats such as phishing and account takeovers continue to be rampant, Yubico and ID.me are helping the NY ANG ensure the security and confidentiality of its networks and data remain safe. This pilot has proven binding remote ID proofing with a modern, hardware-based authenticator (i.e. YubiKey) is the future for an ID verified account. If you are interested in exploring this approach for your organization, or to request a demonstration, please contact us.
Available in multiple form factors, and the ability to be mailed directly to residential addresses, YubiKeys are a high-assurance, DoD-authorized hardware authentication security solution that can be rapidly and easily deployed to remote government workers.
‘New York Air National Guard Takes Flight with Remote ID Proofing and Phishing-Resistant Authentication’
Tuesday, June 22; 7:30am – 8:20am PDT
Panelists include Major Liaquat Ali, RPA Cyber Operations Officer, U.S Air Force; Jerrod Chong, Chief Solutions Officer, Yubico; and Jeremy Haynes, Account Executive, ID.me.