Singapore will invest S$20 million to develop a National Authentication Framework (NAF) which will create a trusted and conducive platform for accessing next generation services on the Internet.

Speaking at a media conference during imbX 2008, RADM(NS) Ronnie Tay, Chief Executive Officer of the Infocomm Development Authority of Singapore (IDA), said as more mainstream services are offered online, user-IDs and passwords alone will be insufficient to address online identity risks. There is thus a need for a more rigorous process of verifying online identities.

"The NAF would provide another layer of security that would give consumers a convenient and consistently strong authentication experience," he said. "Under this nationwide platform, consumers will have the choice of different authentication methods or devices, any one of which can be used to access multiple online services offered by both the private and public sectors. This will give consumers both assurance and convenience."

RADM(NS) Tay: The NAF will give consumers a convenient and consistently strong authentication experience.

One way of implementing the NAF is through the use of two-factor authentication. A popular second-factor authentication method that many banks are offering to their online consumers today is the One-Time Password or OTP. When a user accesses an online service, in addition to user-ID and password, the user will be required to enter an additional "second factor password" which is generated on demand. This "second factor password" may be delivered through a hardware or software token or via SMS. Other types of authentication methods include certificates and biometrics.

With the nationwide deployment of two-factor authentication, online service providers such as government agencies and financial institutions will be able to outsource their second-factor authentication infrastructure to trusted third parties known as the Authentication Operators (AOs).

The AOs will be able to offer multiple authentication devices and methods, depending on market needs, and consumers can hold more than one authentication device such as a security token or an SMS OTP. However, a single device should be able to provide the consumer with access to multiple online e-services that require strong authentication. Consumers can thus benefit from the enhanced security of strong authentication without the inconvenience of having to carry multiple devices.

IDA plans to issue a Call for Collaboration for the NAF in the second half of this year, to seek industry partners who will operate as AOs. According to IDA, initial demand for the NAF is likely to come from government initiatives such as SingPass and the Standard ICT Operating Environment (SOEasy).

Currently, about 40 Government agencies use SingPass to authenticate users for some 370 e-services. Since its launch, the total volume of SingPass authentication transactions have increased from 4.5 million in 2003 to 18.9 million in 2006, representing a more than three-fold increase in usage over four years. The second initiative, SOEasy, involves the rollout of a robust, connected and agile infocomm environment to more than 60,000 public officers. Both could leverage NAF for the delivery of services with stronger authentication needs.