The National Institute of Standards and Technology (NIST) Thursday committed $9 million to five pilot programs that mark the first efforts to turn into reality the goals of the 17-month-old National Strategy for Trusted Identities in Cyberspace (NSTIC) initiative.
NSTIC, introduced in April 2011, outlines the parameters for an “identity ecosystem” to be built and managed by the private sector.
The pilot program money was given to five organizations that began the application process in March with dozens of other hopefuls pitching their ideas. The pilots that were ultimately chosen address issues such as secure transactions, privacy, ecommerce and federation.
The five pilot organizations are The American Association of Motor Vehicle Administrators (with an award of $1,621,803), Criterion Systems ($1,977,732), Daon, Inc. ($1,821,520), Resilient Network Systems, Inc. ($1,999,371), and University Corporation for Advanced Internet Development (UCAID) ($1,840,263), which is more widely known as Internet2.
Within each pilot program are a number of companies and organizations helping to execute the goals of each pilot, including Microsoft, PayPal, Experian, AOL, At&T, Lexis Nexis. Others involved include schools and universities, the National eHealth Collaborative, and the American Association of Airport Executives. Each pilot program will be funded for up to two years.
“By clearly aligning with core NSTIC guiding principles and directly addressing known barriers to the adoption of the Identity Ecosystem, the pilot projects will both promote innovation in online identity management and inform the important work of the Identity Ecosystem Steering Group,” Jeremy Grant, said in a statement. Grant is the senior executive advisor for identity management and head of NIST’s NSTIC National Program Office.
Here is a brief look at each program and its goals.
The American Association of Motor Vehicle Administrators (AAMVA) (Va.):
AAMVA will lead a consortium of private industry and government partners to implement and pilot the Cross Sector Digital Identity Initiative (CSDII). The goal of this initiative is to produce a secure online identity ecosystem that will lead to safer transactions by enhancing privacy and reducing the risk of fraud in online commerce. In addition to AAMVA, the CSDII pilot participants include the Commonwealth of Virginia Department of Motor Vehicles, Biometric Signature ID, CA Technologies, Microsoft and AT&T.
Criterion Systems (Va.):
The Criterion pilot will allow consumers to selectively share shopping and other preferences and information to both reduce fraud and enhance the user experience. It will enable convenient, secure and privacy-enhancing online transactions for consumers, including access to Web services from leading identity service providers; seller login to online auction services; access to financial services at Broadridge; improved supply chain management at General Electric; and first-response management at various government agencies and health care service providers. The Criterion team includes ID/DataWeb, AOL Corp., LexisNexis, Risk Solutions, Experian, Ping Identity Corp., CA Technologies, PacificEast, Wave Systems Corp., Internet2 Consortium/In-Common Federation, and Fixmo Inc.
Daon, Inc. (Va.):
The Daon pilot will demonstrate how senior citizens and all consumers can benefit from a digitally connected, consumer friendly Identity Ecosystem that enables consistent, trusted interactions with multiple parties online that will reduce fraud and enhance privacy. The pilot will employ user-friendly identity solutions that leverage smart mobile devices (smartphones/tablets) to maximize consumer choice and usability. Pilot team members include AARP, PayPal, Purdue University, and the American Association of Airport Executives.
Resilient Network Systems, Inc. (Calif.):
The Resilient pilot seeks to demonstrate that sensitive health and education transactions on the Internet can earn patient and parent trust by using a Trust Network built around privacy-enhancing encryption technology to provide secure, multifactor, on-demand identity proofing and authentication across multiple sectors. Resilient will partner with the American Medical Association, Aetna, the American College of Cardiology, ActiveHealth Management, Medicity, LexisNexis, NaviNet, the San Diego Beacon eHealth Community, Gorge Health Connect, the Kantara Initiative, and the National eHealth Collaborative.
In the education sector, Resilient will demonstrate secure Family Educational Rights and Privacy Act (FERPA) and Children’s Online Privacy Protection Act (COPPA)-compliant access to online learning for children. Resilient will partner with the National Laboratory for Education Transformation, LexisNexis, Neustar, Knowledge Factor, Authentify Inc., Riverside Unified School District, Santa Cruz County Office of Education, and the Kantara Initiative to provide secure, but privacy-enhancing verification of children, parents, teachers and staff, as well as verification of parent-child relationships.
University Corporation for Advanced Internet Development (UCAID) (Mich.):
UCAID, known publicly as Internet2, intends to build a consistent and robust privacy infrastructure through common attributes; user-effective privacy managers; anonymous credentials; and Internet2's InCommon Identity Federation service; and to encourage the use of multifactor authentication and other technologies. Internet2's partners include the Carnegie Mellon and Brown University computer science departments, University of Texas, the Massachusetts Institute of Technology, and the University of Utah. The intent is for the research and education community to create tools to help individuals preserve privacy and a scalable privacy infrastructure that can serve a broader community, and add value to the nation's identity ecosystem.