With a focus on security and privacy, the U.S. National Institute of Standards and Technology (NIST) Tuesday handed out more than $7 million in grants for projects to support creation of an identity layer for the Internet.
NIST, which oversees the National Strategy for Trusted Identities in Cyberspace (NSTIC), selected five U.S. organizations to join the previous five pilots launched in Sept. 2012.
In all, NSTIC has so far dedicated $16 million to pilot programs being run by private sector organizations with help from various partners.
NSTIC, introduced in April 2011, outlines the parameters for an “identity ecosystem” to be built and managed by the private sector.
The organizations receiving money in this pilot round were Exponent ($1,589,4000), Georgia Tech Research Corporation ($1,720,723), Privacy Vaults Online, Inc. ($1,611,3490, ID.me, Inc. ($1,204,9570), and Transglobal Secure Collaboration Participation, Inc. ($1,264,074).
The pilots focus on identity verification, validated trust, privacy controls to protect children, identity tools to aid military families seeking help online, and trusted credentials for financial and other transactions.
U.S. Secretary of Commerce Penny Pritzker said in a statement, "The grants announced today will support privacy-enhancing technologies that help make Internet transactions more secure, including better protection from fraud and identity theft, and are an important step toward giving American companies and consumers greater confidence in doing business online."
Pilot awardees will be invited to present their initiatives at the planned January 2014 plenary meeting in Atlanta hosted by the independently led Identity Ecosystem Steering Group (IDESG), which was created under NSTIC's original guidelines. More information on the meeting is available from the NIST website.
NSTIC provide information on each pilot.
The Exponent pilot will issue secure, easy-to-use and privacy-enhancing credentials to users to help secure applications and networks at a leading social media company, a health care organization and the U.S. Department of Defense. Exponent and partners Gemalto and HID Global will deploy two types of identity verification: the use of mobile devices that leverage so-called "derived credentials" stored in the device's SIM card and secure wearable devices, such as rings and bracelets. Solutions will be built upon standards, ensuring an interoperable system that can be easily adopted by a wide variety of organizations and companies.
Georgia Tech Research Corporation (GTRC) (Ga.):
The GTRC pilot will develop and demonstrate a "Trustmark Framework" that seeks to improve trust, interoperability and privacy within the Identity Ecosystem. Trustmarks are a badge, image or logo displayed on a website to indicate that the website business has been shown to be trustworthy by the issuing organization. Defining trustmarks for specific sets of policies will allow website owners, trust framework providers and individual Internet users to more easily understand the technical, business, security and privacy requirements and policies of the websites with which they interact or do business. GTRC plans to partner with the National Association of State Chief Information Officers (NASCIO) and one or more current NIEF member agencies, such as Los Angeles County and the Regional Information Sharing Systems (RISS).
Privacy Vaults Online, Inc. (PRIVO) (Va.)
Children represent a unique challenge when it comes to online identity. Parents need better tools to ensure safe family use of the Internet, while online service providers need to comply with the requirements of the Children's Online Privacy Protection Act (COPPA) when they deal with minors under the age of 13. PRIVO will pilot a solution that provides families with COPPA-compliant, secure, privacy-enhancing credentials that will enable parents and guardians to authorize their children to interact with online services in a more privacy-enhancing and usable way. Project partners, including one of the country's largest online content providers and one of the world's largest toy companies, will benefit from a streamlined consent process while simplifying their legal obligations regarding the collection and storage of a child's data.
ID.me, Inc. (Va.):
ID.me, Inc.'s Troop ID will develop and pilot trusted identity solutions that will allow military families to access sensitive information online from government agencies, financial institutions and health care organizations in a more privacy-enhancing, secure and efficient manner. Troop ID lets America's service members, veterans, and their families verify their military affiliation online across a network of organizations that provides discounts and benefits in recognition of their service. Today, more than 200,000 veterans and service members use Troop ID to access benefits online. As part of its pilot, Troop ID will enhance its current identity solution to obtain certification at Level of Assurance 3 from the U.S. General Services Administration's Trust Framework Providers program, enabling Troop ID credential holders to use their solution not only at private-sector sites, but also when interacting online with U.S. government agencies through the recently announced Federal Cloud Credential Exchange (FCCX). Key project partners include federal government agencies and a leading financial institution serving the nation's military community and its families.
Transglobal Secure Collaboration Participation, Inc. (TSCP) (Va.):
The TSCP pilot will deploy trusted credentials to conduct secure business-to-business, government-to-business and retail transactions for small and medium-sized businesses and financial services companies, including Fidelity Investments and Chicago Mercantile Exchange. As part of this pilot, employees of participating businesses will be able to use their existing credentials to securely log into retirement accounts at brokerages, rather than having to obtain a new credential. Key to enabling these cross-sector transactions will be TSCP's development of an open source, technology-neutral Trust Framework Development Guidance document that can provide a foundation for future cross-sector interoperability of online credentials.