NSTIC commits $3.7 million to new round of identity pilot programs

Emphasis is on privacy-enhancing technology with focus on taxes, medical information, data storage

Updated, Sept. 21, 2015 -- 10:11 pm GMT (3:11 pm PDT)

Separate pilot programs focused on cutting tax refund theft, improving security around medical information and securing online data storage today received grants totaling nearly $4 million from a U.S. government-facilitated plan to build out an identity layer for the Internet.

The National Strategy for Trusted Identities in Cyberspace (NSTIC) announced the pilot program awards at the completion of its latest round of grants. It was the fourth round of grants issued by the group, which was formed in 2011 as part of an Obama Administration mandate. This round of pilot programs for the first time focused on a single topic: privacy-enhancing technologies.

MorphoTrust, which is based in Billerica, Mass., received $1,005,168; HealthIDx, based in Alexandria, Va., received $813,922, and Galois, Inc., in Portland, Ore., received $1,856,778.

NSTIC has now handed out more than $34 million to 15 pilots in a plan to facilitate the creation of an identity layer for the Internet that is run by the private-sector. Nearly 130 organizations across 10 major industry sectors are involved in the effort. The pilots have incorporated approximately 2.3 million individuals.

The NSTIC effort is overseen by the National Institute of Standards and Technology (NIST) working within the Department of Commerce.

In a interview in June with ZDNet, Mike Garcia, deputy director of NSTIC, called the pilot program one of NSTIC's biggest milestones. Garcia, who took over in April from Jeremy Grant, said he was moving NSTIC into its "operational phase."

Garcia is already actively reaching into the identity marketplace, recently announcing NIST membership in the FIDO Alliance, which is developing strong authentication standards. He is also watching for intersections with the Open Identity Exchange around discovery services and trust frameworks, and identity assurance efforts within the Federal Identity Credential and Access Management (FICAM) initiative.

"The solutions announced today will support the NSTIC Guiding Principles, and will do so through industry authentication standards and specifications, such as OpenID Connect, FIDO, and others," Garcia said Monday. "We expect our funded solutions will impact the market well after "graduating" from the NSTIC pilots program. To that end, we consider compatibility and integration with leading industry efforts critical to our selection process."

NSTIC today published these bios on the companies that received grants:

MorphoTrust USA (Billerica, Mass., $1,005,168)

MorphoTrust's second NSTIC pilot grant will focus on preventing the theft of personal state tax refunds. Through MorphoTrust's partnerships with multiple states, the project will show how to efficiently leverage trust created during the online driver licensing process, which includes enrollment, verification through biometric identification, authentication and validation, and issuance, in a scalable way to create trustworthy electronic IDs that individuals control.

HealthIDx (Alexandria, Va., $813,922)

HealthIDx is developing an innovative, privacy-enhancing technology that protects patients' identity and information. This project will pilot a "triple blind" technology in which medical service providers have no knowledge of which credential service provider an end-user chooses, credential service providers have no knowledge of which medical service provider the end-user is visiting, and the identity broker has no knowledge (nor retains any information) about the transaction's parties or contents.

Galois, Inc. (Portland, Ore., $ 1,856,778)

Galois will build a tool that allows users to store and share private information online. The user-centric personal data storage system relies on biometric-based authentication and will be built securely from the ground up. As part of the pilot, Galois will work with partners to develop just-in-time transit ticketing on smart phones and to integrate the secure system into an Internet of Things-enabled smart home.