Farewell to the smart card? Yubico makes federal play
ID authentication specialist Yubico is making a bid to replace federal employees’ smart cards with its little USB keystick, known as a YubiKey.
“Several agencies are gearing up large-scale procurements,” said Yubico Vice President of Solutions Engineering Jerrod Chong. “They are very excited.”
Chong spoke to FedScoop this week from a Yubico all-hands retreat in Sweden. He said the company was putting its latest product, the YubiKey 4, through laboratory certification for Federal Information Processing Standard 140-2 — the approval that marks cryptographic products as secure.
The certification process is managed by government scientists at the National Institute of Standards and Technology and the testing is done at a nationwide set of NIST-approved laboratories.
Yubico already has other 140-2 certified products, according to the NIST website, and the company website says it has “an aggressive strategy to validate its cryptographic devices against established federal standards.”
“They are the gold standard … not just for the federal government but they’ve been adopted by enterprises all over the world,” said Chong.
But U.S. agencies are bound by law and regulation only to use FIPS-certified products and if the new product wins certification, “It will give agencies more options to deploy strong ID authentication,” he said.
Currently, most approved ID products are smart cards, which require a special reader attached to a computer. The cards hold a PKI encryption key which authenticates the user and encrypts email and an electronic signature.
The YubiKey plugs directly into the USB port of a computer. If it wins certification, government agencies will be able to eliminate the expense of card readers.
“That’s why they’re so excited,” said Chong.
The entry into the federal marketplace is a logical one for the company, said Chong, which already gets 70 percent of its revenue from enterprise customers.
And it’s not just the federal marketplace. Last month, Yubico got a $2.27 million seed money grant from NIST’s National Strategy for Trusted Identities in Cyberspace, or NSTIC. The grant is to develop secure sign on technology for use by citizens of Colorado and Wisconsin.
“We are trying to educate the [identity] ecosystem,” said Chong.