NIST Awards Grants To Improve Online Security, PrivacyFive firms have been selected to pilot approaches for National Strategy for Trusted Identities in Cyberspace.
Iris Scans: Security Technology In Action(click image for larger view)
The National Institute of Standards and Technology (NIST) has awarded more than $7 million in grants to five U.S. organizations to develop pilot online identity protection and verification systems.
The awards are part of federal efforts to work with private sector and advocacy groups to develop the National Strategy for Trusted Identities in Cyberspace (NSTIC). The NSTIC program is seeking ways for individuals and organizations to adopt secure, easy-to-use, and interoperable identity credentials to access online services.
"Collectively, these five pilots will drive innovation in online identity management, helping to foster a marketplace of more secure, convenient, privacy-enhancing identity solutions available to all Americans online," said NIST's Jeremy Grant, senior executive advisor for identity management. Grant is head of the NSTIC National Program Office at NIST.
The selected pilot proposals receiving grants include:
Exponent (Calif.): $1,589,400
The Exponent pilot will issue secure, easy-to-use privacy-enhancing credentials to users to help secure applications and networks at a leading social media company, a healthcare organization and the U.S. Department of Defense. The test program will deploy two types of identity verification: the use of mobile devices that leverage so-called "derived credentials" stored in the device's SIM card, and secure wearable devices such as rings and bracelets.
[ Is data-centric more effective than device-centric when it comes to security? Read Secure Data, Not Devices. ]
Georgia Tech Research Corporation (GTRC) (Ga.): $1,720,723
The GTRC pilot will develop and demonstrate a "trust mark framework" that seeks to improve trust, interoperability and privacy. Trust marks are a badge, image or logo displayed on a business' website to indicate that the business has been shown to be trustworthy by the issuing organization. Defining trust marks for specific sets of policies, using machine-readable methods, will allow website owners, trust framework providers and individual Internet users to more easily understand the technical, business, security and privacy requirements and policies of the websites with which they interact or do business.
Privacy Vaults Online (PRIVO) (Va.): $1,611,349
PRIVO will pilot a solution that provides families with secure, privacy-enhancing credentials that are compliant with the Children's Online Privacy Protection Act (COPPA). The credentials will enable parents and guardians to authorize their children to interact with online services in a more confidential and usable way. Project partners, including one of the country's largest online content providers and one of the world's largest toy companies, will benefit from a streamlined consent process while simplifying their legal obligations regarding the collection and storage of children's data.
ID.me (Va.): $1,204,957
ID.me's Troop ID will develop and pilot more secure (Level of Assurance 3) trusted identity solutions that will allow military families to access sensitive information online from government agencies, financial institutions and healthcare organizations in a more privacy-enhancing, secure and efficient manner. Troop ID lets qualified users verify their military affiliation online across a network of organizations that provides discounts and benefits in recognition of their service. The more secure Troop ID credential solution would permit users to interacting online with U.S. government agencies through the recently announced Federal Cloud Credential Exchange (FCCX).
Transglobal Secure Collaboration Participation (TSCP) (Va.): $1,264,074
The TSCP pilot will deploy trusted credentials to conduct secure business-to-business, government-to-business and retail transactions for small and medium-sized businesses and financial services companies, including Fidelity Investments and Chicago Mercantile Exchange. As part of this pilot, employees of participating businesses will be able to use their existing credentials to securely log into retirement accounts at brokerages, using an open source, technology-neutral Trust Framework Development Guidance document.
The NSTIC National Program Office will invite pilot project awardees to give presentations on their initiatives at a January 2014 meeting in Atlanta.