Developed by Creative Information Technology, Inc (CITI), manageID is a highly customizable modular workflow centric identity solution. Just this week, the company announced that its manageID Cloud solution – based on the manageID Framework and an enabler of the bring your own credential movement – is being used in multiple US states for the creation of documents, IDs and credentials.
Many organizations are realizing that they must implement commercial, technology and vendor neutral, identity-centric frameworks like manageID to serve as an authoritative ecosystem for many applications across the enterprise. The level of security, speed of application deployments and changes, lower cost of configuration and customization, elimination of redundant and error-prone data, as well as system scalability and extensibility all deliver huge ROI over many years looking forward for the organization.
FindBiometrics president Peter O’Neill (FB), recently had a chance to interview Sunil Kolhekar, president and CEO of manageID (SK). The conversation starts off with an overview of the company and its solutions, going on to describe deployments around the world and what lies in store for manageID in the near future.
FB: Can you please provide our readers with a brief background on manageID?
SK: Absolutely. Our company has been involved in travel and security business since its existence and my personal experience in designing large-scale identity systems started in 1996, working as Project Manager of the US Non-Immigrant Visa System. Starting before 9/11, our team was instrumental in designing, delivering and continuously improving a massively replicated software suite for the US government for consulates worldwide. The solution is used at over 240 locations with centralized core engines and database to support the processing of 45,000 people a day by over 10,000 users to facilitate travel for over 5 million people a year. Over those years, we recognized that none of the vendors offered a pre-integrated identity-centric framework to create an enterprise identity ecosystem to build all sorts of applications with, and to quickly and affordably change and improve those applications over time. We had to do everything the hard way, as most identity programs continue to be implemented today, even though most of the core identity requirements and functions share commonality across applications.
R&D investment began for manageID in 2008 leveraging those experiences and lessons learned to deliver a commercial (COTS) ecosystem we appropriately call manageID Framework, and a suite of complementary identity-centric application modules to choose from or improve upon using our web services library. Since then manageID has been proven and deployed by state and federal governments in three continents.
FB: Can you talk about some of the applications that have been built using manageID Framework by these customers?
SK: Sure. We identified NATO early on as an organization that would benefit greatly from manageID Framework. NATO’s challenge was they were managing a variety of identity-centric or identity-sensitive applications used by, not only the 28 member nations of NATO, but also by many other allies supporting key initiatives like the war in Afghanistan. manageID is now a major identity and credentialing system used in Afghanistan to support airfield and base access for military personnel, contractors and visitors. And shortly it will be expanded to deliver support in one of the major NATO headquarters in Europe with a total sizing thus far of more than 200,000 identity records.
FB: Very impressive! I also heard you were doing a lot of work in Latin America. Can you talk about those applications?
SK: Many countries are increasingly adding biometric and other advanced identity capacity to multiple application areas based on experience and lessons learned by major programs in the US and Europe. Within a single organization, manageID Framework has shown to be an excellent model for capacity building where government organizations need to deliver harmonious identity, credentialing, access and other relevant services across the enterprise, keep costs low, configure and deploy rapidly, and responsibly share data within the country and externally with the likes of the US and Europe. For example, implementing integrated border management including supporting immigration and border crossing systems, self-service trusted traveler programs, and immigration enforcement and repatriation, all with critical crossovers or touchpoints in the business workflows and rules, would be very complex and expensive for our major Latin American customer without leveraging a single easy to configure and customize identity-centric framework like manageID.
Now imagine if multiple national agencies within the same country elect to use the same commercial framework and the economies of scale that brings with it. In this vein, manageID Framework is being used or deploying now for full lifecycle identity management for integrated border management, law enforcement and prosecution, and intelligence agencies all within the same Latin American country.
FB: Wow, many might consider that a paradigm shift for the identity and security industries. I can only imagine what savings could be realized if the framework approach was brought to the cloud. Are you doing anything to deliver manageID as a service offering?
SK: I’m glad you went there Peter, because so did we! manageID Cloud has been operational now since early 2012. We are not aware of any other shared identity cloud service built on a framework that has been certified to operate on classified military networks. In fact, we are now registering about 15,000 identity records a month, whether they be new or renewal records. Currently all of the registrations that are approved result in issuing a secure ID card, in this case for two US state government agencies. We see states increasingly moving to the cloud, mostly in a privately delivered approach, for such applications as gun licensure, voter registration and verification, birth and death certificates, etc. We remain confident that manageID Cloud has a bright future ahead as governments continue to streamline budgets and staffing while wanting to implement newer technologies and approaches.
FB: So going back to manageID Framework, are you suggesting that it delivers a reusable platform that can be used for all of the identity needs of a particular agency, instead of building multiple stovepipe systems and linking them together?
SK: Exactly Peter. By delivering a suite of engines that do most of the processing that may ever be required in an identity-centric system, and delivering an easy to integrate library of web services, our partners and customers can build out their own applications or choose from our prebuilt and pre-integrated suite of manageID application modules, and easily integrate with legacy applications and systems. Better yet, the engines in manageID Framework can be turned on or off based on particular needs or phased deployment timeframe without constantly reworking business workflows or rules executed by manageID. This, along with extensive software and hardware abstraction layers and library of web services and APIs, gives our partners and customers more control to more rapidly develop and deploy and easily modify things later while retaining an authoritative identity system of record.
To accomplish this, manageID incorporates some patent pending technology that enables rapid and dynamic configuration of screens, databases, workflows and rules that we call Identity Program Templates and Dynamic User Interface. Some or all configuration, status and operational data stays fully synchronized across clients and servers using our patent pending manageID Synchronization Engine. These unique technologies enable our partners and customers to implement solutions to the enterprise in a matter of weeks or months and more easily make changes in the future to reflect policy or enhancements.
FB: What kind of functionality is being delivered to your customers by manageID?
SK: manageID Framework and manageID user application modules are managing identity records consisting of a plethora of biographic data, document image data and multiple biometric modalities. At the start of the process, manageID PreEnroll+ is delivering pre-enrollment over the web or in a kiosk such as collecting biographic data and identity claims, lightweight photo capture for stronger chain-of-trust, a full payment gateway, scheduling integrated into downstream manageID modules, and user portal to manage future change requests. manageID Enroll collects additional information like sophisticated biometric data and interview information. manageID Framework also delivers key proofing and vetting functions like advanced fuzzy matching of biographic and biometric data, results combination and delivering results to analysts and adjudicators using mind-mapping visualization. manageID has a full Credential Management Engine, credential design and issuance for advanced credentials like ICAO passport cards. Simultaneously manageID supports Bring Your Own Credential (BYOC) by registering credentials issued by 3rd party systems like passports. manageID Framework also manages hundreds of booking stations, kiosks and self-service e-Gates all in a single implementation. In addition control lists and watch lists are being hosted and checked internally and checked externally, plus forensic data like latent fingerprints and palmprints and DNA identifiers are being managed, and mobile applications are being delivered by manageID.
FB: Can you reveal what is coming down the pipe with regards to manageID? What can we expect to see in the near future?
SK: Well I have to be careful here or my product managers will be upset. In the near term, we have determined that most of the existing US government systems that have been delivering PIV and PIV-I functionality leveraging standards like FIPS 201 are in desperate need of replacement. Most of these are first or second generation systems and are quite frankly just a mess, inflexible, not extensible and very difficult to maintain and manage. manageID Framework delivers several key discriminators which we previously discussed that will make it very attractive and more affordable than the competition. manageID will begin to compete for HSPD-12 business going forward as our GSA APL certifications are completed.
More excitingly, it is no secret that smartphones and wearables are already making significant waves in the identity sector. Our team at manageID have never been obsessed with issuing ID cards and are big believers in fitting the technology to the problem and budget on hand. Frankly, if a reasonably secure platform was available that we can register within manageID and manage its lifecycle with respect to the applications operating on top of manageID Framework, we are all for it. Bring your own credential or bring your own device, as long as the platform can be recognized or integrated securely with manageID we remain unbiased. We can always issue such things as derived, secure credentials, which come in many forms including certificate-based, to load to help make up for any gaps a smartphone or wearable may possess. We believe some of the commercial personal identity and wearable devices could easily cross over to government applications in time. Especially as BYOD cost savings are proven mainly through smartphones and tablets to start. Emerging standards such as FIDO and OpenID Connect may continue to grow in popularity and usefulness. We will be ready to support them.