Risk
9/19/2013
10:54 AM
50%
50%

NIST Awards Grants To Improve Online Security, Privacy

Five firms have been selected to pilot approaches for National Strategy for Trusted Identities in Cyberspace.

Iris Scans: Security Technology In Action
Iris Scans: Security Technology In Action
(click image for larger view)
The National Institute of Standards and Technology (NIST) has awarded more than $7 million in grants to five U.S. organizations to develop pilot online identity protection and verification systems.

The awards are part of federal efforts to work with private sector and advocacy groups to develop the National Strategy for Trusted Identities in Cyberspace (NSTIC). The NSTIC program is seeking ways for individuals and organizations to adopt secure, easy-to-use, and interoperable identity credentials to access online services.

"Collectively, these five pilots will drive innovation in online identity management, helping to foster a marketplace of more secure, convenient, privacy-enhancing identity solutions available to all Americans online," said NIST's Jeremy Grant, senior executive advisor for identity management. Grant is head of the NSTIC National Program Office at NIST.

The selected pilot proposals receiving grants include:

Exponent (Calif.): $1,589,400

The Exponent pilot will issue secure, easy-to-use privacy-enhancing credentials to users to help secure applications and networks at a leading social media company, a healthcare organization and the U.S. Department of Defense. The test program will deploy two types of identity verification: the use of mobile devices that leverage so-called "derived credentials" stored in the device's SIM card, and secure wearable devices such as rings and bracelets.

[ Is data-centric more effective than device-centric when it comes to security? Read Secure Data, Not Devices. ]

Georgia Tech Research Corporation (GTRC) (Ga.): $1,720,723

The GTRC pilot will develop and demonstrate a "trust mark framework" that seeks to improve trust, interoperability and privacy. Trust marks are a badge, image or logo displayed on a business' website to indicate that the business has been shown to be trustworthy by the issuing organization. Defining trust marks for specific sets of policies, using machine-readable methods, will allow website owners, trust framework providers and individual Internet users to more easily understand the technical, business, security and privacy requirements and policies of the websites with which they interact or do business.

Privacy Vaults Online (PRIVO) (Va.): $1,611,349

PRIVO will pilot a solution that provides families with secure, privacy-enhancing credentials that are compliant with the Children's Online Privacy Protection Act (COPPA). The credentials will enable parents and guardians to authorize their children to interact with online services in a more confidential and usable way. Project partners, including one of the country's largest online content providers and one of the world's largest toy companies, will benefit from a streamlined consent process while simplifying their legal obligations regarding the collection and storage of children's data.

ID.me (Va.): $1,204,957

ID.me's Troop ID will develop and pilot more secure (Level of Assurance 3) trusted identity solutions that will allow military families to access sensitive information online from government agencies, financial institutions and healthcare organizations in a more privacy-enhancing, secure and efficient manner. Troop ID lets qualified users verify their military affiliation online across a network of organizations that provides discounts and benefits in recognition of their service. The more secure Troop ID credential solution would permit users to interacting online with U.S. government agencies through the recently announced Federal Cloud Credential Exchange (FCCX).

Transglobal Secure Collaboration Participation (TSCP) (Va.): $1,264,074

The TSCP pilot will deploy trusted credentials to conduct secure business-to-business, government-to-business and retail transactions for small and medium-sized businesses and financial services companies, including Fidelity Investments and Chicago Mercantile Exchange. As part of this pilot, employees of participating businesses will be able to use their existing credentials to securely log into retirement accounts at brokerages, using an open source, technology-neutral Trust Framework Development Guidance document.

The NSTIC National Program Office will invite pilot project awardees to give presentations on their initiatives at a January 2014 meeting in Atlanta.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
WKash
50%
50%
WKash,
User Rank: Apprentice
9/20/2013 | 9:22:20 PM
re: NIST Awards Grants To Improve Online Security, Privacy
Let's hope the National Strategy for Trusted Identities in Cyberspace (NSTIC) is able to turn these pilots into tangible answers for crafting reliable authentication practices.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5427
Published: 2015-03-29
Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read pa...

CVE-2014-5428
Published: 2015-03-29
Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integratio...

CVE-2014-9205
Published: 2015-03-29
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data.

CVE-2015-0528
Published: 2015-03-29
The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files.

CVE-2015-0996
Published: 2015-03-29
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive info...

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.