Topic Information Award/Contract Number Proposal Information Company Performance

Highly Scalable Identity Management Tools

N10PC20106 0914001
(FY09.1 Phase II)
Location-based service for Federal Identity, Credential & Access Management

Queralt LLC
250 State Street
Unit G-1
North Haven, CT 06473-2182


Queralt LLC is developing a location-based service that increases security and scalability of access control for logical systems, by providing geospatial coordinates as attributes of policy decision requests using RFID & GPS sensor data. Government agencies temporarily share access to their logical systems, often during critical times (e.g. emergency events) but must do so in a way that protects both against system misuse and privacy concerns. Queralt`s service is based on open ratified standards that facilitate scalable interoperability between agencies. This service protects against system misuse by increasing the security options of policy creators, to include location-based attributes. During Phase II, Queralt will deliver an end-to-end Identification Management (IdM) prototype which gathers location of the person requesting access to the logical system, and formulates a request from the enforcement point to the decision point, with appended user location coordinates. Queralt will develop and test market a Policy Enforcement Point, and location-based service which can be deployed and seamlessly co-exist with current solutions in a Federated Identity Management system. Anticipated Benefits: The ability to use location in IdM will enable DHS, and customer agencies, to implement more rapid and secure information sharing protocol. The use of policies that reason with geographical boundaries of events and user locations drastically reduce the time required to setup secure sharing of sensitive information across agencies during critical events, something that will increase the effectiveness of rapid response operations. It will do so through an automated decision making process that requires less human resources, hence less costs, while enforcing more secure policies that check both user credentials and physical presence in the area of a rapid response operation before granting access to sensitive logical resources, hence less risk of system misuse.