United States Patent and Trademark Office (USPTO)
Accelerating Adoption of Phishing-Resistant Multi-Factor Authentication
Validated Architecture
Applications Integrated
Secure YubiKey Deployment
Non-webAuthn systems with Okta IAM
Context
In response to the Office of Management and Budget memorandum M-22-09 for advancing Zero Trust Architecture, the USPTO initiated the Identity Credential and Access Management – IDentity as a Service (ICAM-IDaaS) project to enhance cybersecurity posture. USPTO was tasked with assessing phishing-resistant multi-factor authentication (MFA) options and replacing its RSA-based MFA solution to meet federal mandates.
Challenge
Validated architecture and provided a comprehensive roadmap in order to secure USPTO stakeholder approval for the proposed future-state phishing-resistant technology
Solution
greenthreads conducted a market analysis of Yubico’s YubiKey solution and evaluated multiple vendors supporting FIDO standards, and open-source products supporting RADIUS protocols for integration with YubiKey and Okta. The team designed and implemented the functionality of YubiKey Authenticator within the Okta IAM environment, working with the vendors to address technical constraints.
Result
- Delivered a proof of concept showcasing YubiKey-based hardware token integration with Okta IAM for phishing-resistant MFA.
- Provided USPTO with a validated architecture and comprehensive recommendation for migrating to YubiKey.
- Supported the government in securing approval for the proposed technology stack, enabling future migration efforts.
Validated Architecture
Secure YubiKey Deployment
Applications Integrated
Non-webAuthn systems with Okta IAM
Benefit
greenthreads’ work on the ICAM-IDaaS project accelerated USPTO’s adoption of Zero Trust Architecture by implementing a secure, phishing-resistant MFA solution. The initiative strengthens cybersecurity for privileged access, aligns with federal mandates, and positions USPTO for a robust and secure digital future.