The U.S. Department of Commerce's National Institute of Standards and Technology (NIST) today announced nearly $3 million in grants that will support projects for online identity protection to improve privacy, security and convenience. The three recipients of the National Strategy for Trusted Identities in Cyberspace (NSTIC) grants will pilot solutions that make it easier to use mobile devices instead of passwords for online authentication, minimize loss from fraud and improve access to state services.
This is the third round of grants awarded through NSTIC, which was launched by the Obama administration in 2011 and is managed by NIST. The initiative supports collaboration between the private sector, advocacy groups and public-sector agencies to encourage the adoption of secure, efficient, easy-to-use, and interoperable identity credentials to access online services in a way that promotes confidence, privacy, choice and innovation.
“The Commerce Department is committed to protecting a free and open Internet, while also working with the private sector to ensure consumers’ security and privacy,” said U.S. Deputy Secretary of Commerce Bruce Andrews. “The grants announced will help spur development of new initiatives that aim to protect people and businesses from online identity theft and fraud.”
The NSTIC pilots have made progress both in advancing the strategy and fostering collaborations that would not otherwise have happened. One consortium of firms that are normally rivals wrote in its proposal, “Even if individual vendors in the identity space could develop a framework, it would be very difficult to get buy-in from other vendors who are competitors. With the recognition and funding from NSTIC, the pilot activities gain the vendor neutrality, visibility and credibility needed to get the various identity vendors to work together to develop a common framework that they can adopt.”
“The pilots take the vision and principles embodied in NSTIC and translate them into real solutions,” said NIST's Jeremy Grant, senior executive advisor for identity management and head of the NSTIC National Program Office. “At a time when concerns about data breaches and identity theft are growing, these new NSTIC pilots can play an important role in fostering a marketplace of online identity solutions.”
The pilots will also inform the work of the Identity Ecosystem Steering Group (IDESG), a private sector-led organization created to help coordinate development of standards that enable more secure, user-friendly ways to give individuals and organizations confidence in their online interactions.
The grantees announced today are:
GSMA has partnered with America’s four major mobile network operators to pilot a common approach—interoperable across all four operators—that will enable consumers and businesses to use mobile devices for secure, privacy-enhancing identity and access management. GSMA’s global Mobile Connect Initiative is the foundation for the pilot; the initiative will be augmented in the United States to align with NSTIC. By allowing any organization to easily accept identity solutions from any of the four operators, the solution would reduce a significant barrier to online service providers accepting mobile-based credentials. GSMA also will tackle user interface, user experience, security and privacy challenges, with a focus on creating an easy-to-use solution for consumers.
The Confyrm pilot will demonstrate ways to minimize loss when criminals create fake accounts or take over online accounts. A key barrier to federated identity (in which the identity provider of your choice “vouches” for you at other sites) is the concern that accounts used in identity solutions may not be legitimate, or in the control of their rightful owner. Account compromises and the subsequent misuse of identity result in destruction of personal information, damage to individual reputations, and financial loss. Confyrm will demonstrate how a “shared signals” model can mitigate the impact of account takeovers and fake accounts through early fraud detection and notification, with special emphasis on consumer privacy. Aligning with the NSTIC guiding principles, this solution enables individuals and organizations to experience improved trust and confidence in identities online. Pilot partners include a major Internet email provider, a major mobile operator and multiple e-commerce sites.
MorphoTrust, in partnership with the North Carolina Departments of Transportation (DOT) and Health and Human Services (DHHS), will demonstrate how existing state-issued credentials such as driver’s licenses can be extended into the online world to enable new types of online citizen services. The pilot will leverage North Carolina’s state driver’s license solution to create a digital credential for those applying for the North Carolina (DHHS) Food and Nutrition Services (FNS) Program online. This solution will eliminate the need for people to appear in person to apply for FNS benefits, reducing costs to the state while providing applicants with faster, easier access to benefits.
As a non-regulatory agency of the U.S. Department of Commerce, NIST promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life. To learn more about NIST, visit www.nist.gov.