Phishing-Resistant MFA

Leading the Market with Smart Card Technology

Smart cards are the earliest and most widely adopted phishing-resistant MFA solutions in the federal market. When available and convenient, PIV and PIV-I credentials should be the go-to choice for agencies. These credentials provide AAL3-strong authentication and are abundant and ubiquitous within federal environments.

Addressing Convenience with Versatile Solutions

While smart cards offer unparalleled security, they aren’t always the most convenient option. XTec offers PKI-based tokens in various form factors to meet your needs:

• USB Tokens
• Wristbands
• NFC Tokens
• And More

XTec Technology: Comprehensive MFA Solutions

We provide smart card MFAs to federal and commercial customers, including:

• Personal Identity Verification (PIV) Credentials
• PIV-Interoperable (PIV-I) Credentials
• Derived Alternate Credentials (DAC)
• Facility Access Card (FAC) Credentials

End-to-End Credential Services

XTec doesn’t just provide the credentials; we offer a full suite of services to manage their entire lifecycle:

• Sponsorship
• Enrollment
• Issuance
• Lifecycle Management
• Termination

The Future is Mobile

In today’s increasingly mobile world, cell phones and tablets are often the preferred platforms for accessing information. However, these devices are typically incompatible with smart card technology, making it inconvenient or even impossible to use smart card readers. Yet, secure access to federal information and systems still requires multi-factor authentication (MFA).

Meeting the Challenge with Derived PIV Credentials

Recognizing this challenge, NIST issued the NIST SP 800-157 Guidelines for Derived PIV Credentials in 2014, which state: “While the use of the PIV Card for electronic authentication works well with traditional desktop and laptop computers, it is not optimized for mobile devices. To accommodate the growing use of mobile devices within the Federal government, FIPS 201 was revised to permit the issuance of an additional credential, a Derived PIV Credential. This credential leverages the current PIV infrastructure and builds upon the trusted identity of the PIV cardholder, achieving substantial cost savings by utilizing the existing identity-proofing results used to issue PIV cards.

XTec’s Advanced Mobile Solutions

XTec has successfully implemented Derived PIV credentials, and more broadly, mobile credentials, as part of our derived and mobility strategy. We cater to the unique needs of individual agencies, offering tailored mobile solutions. For example, our solution has issued over  for DHS laptops, tablets, tokens, and mobile phones.

Seamless Authentication with Derived PIV Credentials

With Derived PIV Credentials, DHS employees and contractors can securely authenticate to DHS systems using an AAL2 MFA credential stored on their devices. This enables convenient access to:

• Email
• Collaboration Tools
• DHS Websites
• Mission-Critical Applications

No more fumbling with card readers—mobile credentials streamline access and enhance productivity.

Why Choose XTec for Mobile Credentials?

• Innovative Solutions: Leveraging advanced technology to provide secure, mobile-friendly MFA.
• Proven Expertise: Successfully deployed over 1,000,000 Derived PIV Credentials for DHS.
• Convenience: Easy and secure access without the need for smart card readers.
• Compliance: Adheres to NIST SP 800-157 and FIPS 201 standards.

The Future of MFA: Fast Identity Online (FIDO)

Fast Identity Online (FIDO) represents the next frontier in multi-factor authentication (MFA). As the FIDO Alliance highlights, FIDO offers a simpler and stronger authentication method. Utilizing a FIDO biometric device allows organizations to achieve MFA with AAL3 assurance.

According to the FIDO Alliance, FIDO Authentication:

• Is a global standard: Based on public key cryptography.
• Enhances user experience: Provides phishing-resistant security with ease.
• Utilizes passkeys: Credentials that are resistant to phishing.

Passkeys:

• Versatile: Sync across devices or bind to a platform or security key.
• Secure and convenient: Replace passwords with secure, fast logins across websites and apps.
• User-friendly: More secure than passwords and SMS OTPs, simpler for consumers, and easier for service providers to deploy and manage.

The U.S. Federal Government is embracing FIDO technology with enthusiasm. The FIDO Alliance, equally excited, released a white paper in October 2023 offering guidance for deploying FIDO Authentication in U.S. government agencies.

XTec’s Cutting-Edge FIDO2 Solutions

As an associate member of the FIDO Alliance, XTec is at the forefront of implementing FIDO technology. We provide FIDO tokens from top-tier manufacturers like Thales and IDEMIA to our federal customers. Our comprehensive Credential Management System (CMS) supports the issuance and management of FIDO credentials, aligning with FIDO Alliance use cases.

Additionally, we are developing a FIDO2 Authentication Server, set to be deployed to our FedRAMP Authorized CSO in 2024, which will complete our end-to-end, cloud-based FIDO2 MFA solution authorized at FedRAMP High.

Why Choose XTec for FIDO2 MFA?

• Top-Tier FIDO Tokens: Access FIDO tokens from leading manufacturers.
• Comprehensive CMS Support: Efficiently issue and manage FIDO credentials.
• Future-Ready Technology: Benefit from our upcoming FIDO2 Authentication Server for a complete, secure, cloud-based MFA solution.

Embrace the future of secure, user-friendly authentication with XTec’s FIDO2 Tokens. Enhance your organization’s security infrastructure with the advanced capabilities of FIDO technology, ensuring robust protection and a seamless user experience.

Unlocking the Power of Biometrics in Multi-Factor Authentication

In the realm of multi-factor authentication (MFA), security is reinforced by three widely accepted factors:

1. Possession: Something you have (e.g., cryptographic tokens)
2. Knowledge: Something you know (e.g., passwords or PIN codes)
3. Inherence: Something you are (e.g., biometric data)

While our previously described technologies focus on possession and knowledge, biometric authentication adds an extra layer of security by leveraging inherent traits such as fingerprints. Fingerprint biometrics are integral to PIV and PIV-I requirements and processes, as well as certain FIDO tokens.

XTec’s Advanced Biometric Authentication Solutions

At XTec, we are committed to delivering state-of-the-art biometric authentication as part of our comprehensive MFA solutions. Our technology seamlessly integrates biometric security at every critical stage:

• Biometric Collection at Enrollment: Capture biometric data during the enrollment process for MFA tokens like PIV Cards or FIDO tokens.
• Biometric Authentication at Issuance: Authenticate users at the time of MFA token issuance using their biometric data.
• Biometric Authentication on Token Usage: Ensure secure access with biometric authentication during the use of MFA tokens, such as with a FIDO biometric token.
• Lifecycle Management: Incorporate biometric authentication throughout the entire lifecycle of MFA credentials for continuous security.

Why Choose XTec for Biometric Authentication?

• Enhanced Security: Strengthen your authentication process with the added layer of biometric verification.
• Seamless Integration: Benefit from a streamlined implementation of biometric data collection and authentication across various stages.
• Proven Expertise: Trust in XTec’s cutting-edge technology and comprehensive solutions to safeguard your organization’s sensitive information.

Embrace the future of secure authentication with XTec’s Biometric Authentication Solutions. Enhance your security infrastructure with the unmatched reliability of biometrics, ensuring your organization’s data and systems are protected by the highest standards of identity verification.

The Need for a Robust Credential Management System

While issuing a single MFA credential may seem manageable, handling thousands or even millions of them requires an advanced management solution. This is where a Credential Management System (CMS) becomes essential.

XTec’s Superior CMS Solution

XTec offers a top-tier CMS designed to efficiently manage large-scale deployments of MFA tokens. Our CMS is provided as a service from our FedRAMP High authorized environments, ensuring the highest level of security and compliance.

Key Features of XTec’s CMS:

• FedRAMP High Authorized: Hosted in environments that meet rigorous federal security standards.
• World-Class Facilities: Operated from purpose-built, state-of-the-art facilities.
• Reliable and Resilient: Our three widely dispersed sites across the U.S. ensure continuous operations, even in the face of large-scale, catastrophic events.

Benefits of Choosing XTec’s CMS:

• Scalability: Seamlessly manage thousands to millions of MFA credentials.
• Security: Benefit from the highest security standards in our FedRAMP High environments.
• Reliability: Enjoy uninterrupted operations with our geographically dispersed facilities.

Elevate your organization’s security infrastructure with XTec’s Credential Management System. Experience the efficiency and reliability of a best-in-class CMS, ensuring smooth and secure management of your MFA tokens on a large scale.

Elevate Security with XTec’s FIDO2 Authentication Server

Multi-Factor Authentication (MFA) with FIDO requires both FIDO credentials and a robust FIDO2 Authentication Server. This server is essential, responding to authentication requests from websites and apps, ensuring secure access for relying parties.

Why Choose XTec’s FIDO2 Authentication Server?

Our FIDO2 Authentication Server is a critical component of our comprehensive MFA solution. No FIDO implementation can function without it. While many options are available, XTec includes this server as part of our total MFA offering. Our FIDO2 Authentication Server is scheduled for deployment to our FedRAMP Authorized Cloud Service Offering (CSO) in 2024. This will provide you with a complete end-to-end, cloud-based FIDO2 MFA solution authorized at FedRAMP High.

Key Features:

• Seamless Integration: Responds to authentication requests from websites and apps.
• FedRAMP High Authorized: Scheduled for deployment in 2024, ensuring the highest security standards.
• Comprehensive Solution: Included as part of our total MFA solution.

FIDO-Enabling Your Websites and Apps

In addition to providing a FIDO2 Authentication Server, we offer expert services to FIDO-enable your websites and apps. Our qualified software engineers ensure that your platforms are ready to leverage the full benefits of FIDO authentication.

Benefits of XTec’s Solution:

• Complete MFA Solution: From credentials to authentication servers, we cover all aspects.
• High Security Standards: Our solution is designed to meet FedRAMP High requirements.
• Expert Support: Our engineers help integrate FIDO authentication into your existing systems.

Upgrade your security infrastructure with XTec’s FIDO2 Authentication Server. Ensure your organization benefits from a seamless, secure, comprehensive FIDO2 MFA solution.