Accelerating Adoption of Phishing-Resistant Multi-Factor Authentication

United States Patent and Trademark Office (USPTO)

Accelerating Adoption of Phishing-Resistant Multi-Factor Authentication

Validated Architecture

Applications Integrated

Secure YubiKey Deployment

Non-webAuthn systems with Okta IAM

Context

In response to the Office of Management and Budget memorandum M-22-09 for advancing Zero Trust Architecture, the USPTO initiated the Identity Credential and Access Management – IDentity as a Service (ICAM-IDaaS) project to enhance cybersecurity posture. USPTO was tasked with assessing phishing-resistant multi-factor authentication (MFA) options and replacing its RSA-based MFA solution to meet federal mandates.

Challenge

USPTO needed a comprehensive implementation of phishing-resistant MFA options to support secure, hardware token-based authentication to replace RSA tokens and address privileged access compliance. The solution had to integrate seamlessly with the existing Okta Identity and Access Management (IAM) platform, supporting integration with existing infrastructure devices and components and align with the Zero Trust strategy.
 

Validated architecture and provided a comprehensive roadmap in order to secure USPTO stakeholder approval for the proposed future-state phishing-resistant technology

Solution

greenthreads conducted a market analysis of Yubico’s YubiKey solution and evaluated multiple vendors supporting FIDO standards, and open-source products supporting RADIUS protocols for integration with YubiKey and Okta. The team designed and implemented the functionality of YubiKey Authenticator within the Okta IAM environment, working with the vendors to address technical constraints.

 
The team provided USPTO with the supporting architecture, detailing the technology stack for the full deployment of YubiKey. Based on the successful implementation, USPTO expanded the scope of the project for migration.

Result

  • Delivered a proof of concept showcasing YubiKey-based hardware token integration with Okta IAM for phishing-resistant MFA.
  • Provided USPTO with a validated architecture and comprehensive recommendation for migrating to YubiKey.
  • Supported the government in securing approval for the proposed technology stack, enabling future migration efforts.

Validated Architecture

Secure YubiKey Deployment

 

Applications Integrated

Non-webAuthn systems with Okta IAM

Benefit

greenthreads’ work on the ICAM-IDaaS project accelerated USPTO’s adoption of Zero Trust Architecture by implementing a secure, phishing-resistant MFA solution. The initiative strengthens cybersecurity for privileged access, aligns with federal mandates, and positions USPTO for a robust and secure digital future.