Introduction: From checking your CPF statements to logging into NS portal to book an IPPT session, every citizen or resident of this country is likely to have experienced Singpass authentication at least once. In fact, most probably use it on a regular basis.

From a simple platform that provided basic authentication in its early days, Singpass has bloomed into a service rich in features (such as two-factor verification and QR code scanning on the Singpass app). It has also become increasingly intuitive to use. In its current state, login can be as simple as clicking a login shortcut and verifying your identity with biometrics within the Singpass app.

How Netrust fits into the picture?

The complexities of authentication and keeping it secure are unseen by the common man. The Singpass Authentication Module (SAM) was developed by Netrust as a turnkey solution that handles these complexities for digital services integrating with Singpass.

SAM allows for digital services to integrate with its REST APIs while handling the implementation of all backend communication in accordance with Singpass’s specification. SAM deals with the management and operation of keys for signing and encryption while ensuring it complies with the authentication and authorization protocols used by Singpass.

The Evolution of SAM

  • Netrust Authentication Module (NAM)

Since the inception of Singpass in 2003, Netrust has been supporting integration with Singpass under the name Netrust Authentication Module (NAM). NAM was used by both Singpass and government entities as a library that services could invoke to provide authenticity and integrity of the data being transmitted with the use of digital signatures.

  • SAM SAML

In 2015, Singpass introduced SAML-based Federated Authentication (federated systems offer a single access point to several applications across various enterprises) and two-factor authentication. NAM reinvented itself as Singpass Authentication Module (SAM) and offered SAML integration to Singpass.

SAM allowed for government digital services to retrieve authentication and authorization attributes from both Singpass and Corppass without having to concern themselves with SAML concepts like profiles, assertions, and metadata. The data being received from Singpass/Corppass would be encrypted to provide confidentiality. SAM would decrypt the contents and verify the signature within the response (The X509 certificates being used by Singpass and government agencies for signing and encryption were issued from Netrust CA).

  • SAM OIDC

With the advent of NDI, OpenID Connect (OIDC) has become the preferred protocol and has superseded SAML. SAM redesigned itself to include the following functionalities to provide OIDC integration to Singpass.

    • Construction of token endpoint request
    • Validation of token endpoint response
    • The decryption of id and access token
    • Verification of digital signature on id and access token
    • Parsing of result set from id and access token
    • Host JSON Web Key Sets (JWKS) endpoint
    • Retrieve JWKS from Singpass JWKS endpoint

NDI has also introduced Singpass mobile and expanded Singpass into a suite of services that are now available to both government entities and private businesses. From this suite, SAM has the ability to support Myinfo, Myinfo business, and Verify in addition to login with Singpass/CorpPass (Netrust also supports sign with Singpass, check that out here!).

Conclusion 

With technology and protocols ever-evolving, it is definite that Singpass will continue to evolve with the technology and security requirements of its time and you can rest assured that SAM will be right there with it every step of the way.

Should you have any further queries regarding Singpass Authentication Module (SAM), please email our sales team at sales@netrust.net.