NCCoE and Industry Collaborate on Mobile Application Single Sign-On Project

Reference Design to Help Public Safety/First Responder Sector Improve Security of Authentication in the Field

Motorola Solutions, Nok Nok Labs, Ping Identity, StrongAuth, and Yubico have joined the National Cybersecurity Center of Excellence (NCCoE) as technology collaborators in the Mobile Application Single Sign-On (SSO) project.* In response to a call in the Federal Register, these companies submitted capabilities that aligned with desired solution characteristics listed in the project description. These technology collaborators were extended a Cooperative Research and Development Agreement (CRADA; see example) allowing them to participate in a consortium where they will contribute expertise and hardware or software to help refine a reference design and build an example standards-based implementation.

As part of this collaboration, NIST will compose and release a publicly available Cybersecurity Practice Guide (Special Publication 1800 series) that will document the reference design and help public safety and first responder (PSFR) organizations implement multifactor authentication and mobile application SSO in their own environments.

Public Safety/First Responder Challenge: Critical Access

PSFR personnel need immediate access to public safety data to ensure they deliver the proper care and support during an emergency. Mobile technologies have helped facilitate this on-demand access; however, the vast diversity of public safety personnel, missions, and operational environments present unique challenges to implementing efficient and secure authentication mechanisms to protect access to sensitive information and systems.

The Mobile Application Single Sign-On project aims to help PSFR personnel efficiently and securely gain access to mission-critical data via mobile devices and applications through multifactor authentication and mobile SSO solutions for native and web applications using standards-based commercially available and open source products.
 

Collaborating on an Innovative Strategy

The NCCoE worked closely with industry to develop a standards-based reference design implementing a mobile SSO experience that reduces the need for repeated authentication to multiple public safety applications and that enhances security with multifactor authentication. In partnership with technology collaborators, the NCCoE reference design will leverage some of the latest features in modern mobile operating systems and an Internet Engineering Task Force best current practice to demonstrate what is possible with today’s commercially available technology.

The NCCoE and its technology collaborators will build the reference design in an NCCoE lab environment. The following depicts the reference design’s high-level architecture, including the commercially available products to be implemented in the build.

project diagram

A more detailed flow of the implementation can be found the latest project description.

The NCCoE’s reference design will demonstrate:

  • Native mobile application SSO via the AppAuth SDK developed by OpenID and Integrated into Motorola Public Safety Applications
  • FIDO U2F multifactor authentication via StrongAuth’s FIDO U2F server and Yubico’s External NFC Authenticator
  • FIDO UAF authentication via Nok Nok labs server and biometric authenticator
  • Identity federation and token translation via Ping’s federation server

How to Participate

The NCCoE anticipates attending and demoing our Mobile SSO lab environment at NIST’s PSCR Stakeholder Meeting as well as the Cloud Identity Summit in June 2017. Interested parties are encouraged to engage with us at these events or through our project web page.

If you have additional comments, questions, or would like to join the Community of Interest helping to guide this project and provide feedback, please email us at psfr-nccoe@nist.gov.

 

*Certain commercial entities, equipment, products, or materials may be identified in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST or NCCoE, nor is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose.