Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

9/17/2014
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

NSTIC Awards Three Pilot Project Grants to Improve Online Security and Privacy

The U.S. Department of Commerce's National Institute of Standards and Technology (NIST) today announced nearly $3 million in grants that will support projects for online identity protection to improve privacy, security and convenience. The three recipients of the National Strategy for Trusted Identities in Cyberspace (NSTIC) grants will pilot solutions that make it easier to use mobile devices instead of passwords for online authentication, minimize loss from fraud and improve access to state services.

This is the third round of grants awarded through NSTIC, which was launched by the Obama administration in 2011 and is managed by NIST. The initiative supports collaboration between the private sector, advocacy groups and public-sector agencies to encourage the adoption of secure, efficient, easy-to-use, and interoperable identity credentials to access online services in a way that promotes confidence, privacy, choice and innovation.

“The Commerce Department is committed to protecting a free and open Internet, while also working with the private sector to ensure consumers’ security and privacy,” said U.S. Deputy Secretary of Commerce Bruce Andrews. “The grants announced will help spur development of new initiatives that aim to protect people and businesses from online identity theft and fraud.”

The NSTIC pilots have made progress both in advancing the strategy and fostering collaborations that would not otherwise have happened. One consortium of firms that are normally rivals wrote in its proposal, “Even if individual vendors in the identity space could develop a framework, it would be very difficult to get buy-in from other vendors who are competitors. With the recognition and funding from NSTIC, the pilot activities gain the vendor neutrality, visibility and credibility needed to get the various identity vendors to work together to develop a common framework that they can adopt.” 

“The pilots take the vision and principles embodied in NSTIC and translate them into real solutions,” said NIST's Jeremy Grant, senior executive advisor for identity management and head of the NSTIC National Program Office. “At a time when concerns about data breaches and identity theft are growing, these new NSTIC pilots can play an important role in fostering a marketplace of online identity solutions.”

The pilots will also inform the work of the Identity Ecosystem Steering Group (IDESG), a private sector-led organization created to help coordinate development of standards that enable more secure, user-friendly ways to give individuals and organizations confidence in their online interactions.

The grantees announced today are:

GSMA
GSMA has partnered with America’s four major mobile network operators to pilot a common approach—interoperable across all four operators—that will enable consumers and businesses to use mobile devices for secure, privacy-enhancing identity and access management. GSMA’s global Mobile Connect Initiative is the foundation for the pilot; the initiative will be augmented in the United States to align with NSTIC. By allowing any organization to easily accept identity solutions from any of the four operators, the solution would reduce a significant barrier to online service providers accepting mobile-based credentials. GSMA also will tackle user interface, user experience, security and privacy challenges, with a focus on creating an easy-to-use solution for consumers. 

Confyrm
The Confyrm pilot will demonstrate ways to minimize loss when criminals create fake accounts or take over online accounts. A key barrier to federated identity (in which the identity provider of your choice “vouches” for you at other sites) is the concern that accounts used in identity solutions may not be legitimate, or in the control of their rightful owner. Account compromises and the subsequent misuse of identity result in destruction of personal information, damage to individual reputations, and financial loss. Confyrm will demonstrate how a “shared signals” model can mitigate the impact of account takeovers and fake accounts through early fraud detection and notification, with special emphasis on consumer privacy. Aligning with the NSTIC guiding principles, this solution enables individuals and organizations to experience improved trust and confidence in identities online. Pilot partners include a major Internet email provider, a major mobile operator and multiple e-commerce sites.

MorphoTrust USA
MorphoTrust, in partnership with the North Carolina Departments of Transportation (DOT) and Health and Human Services (DHHS), will demonstrate how existing state-issued credentials such as driver’s licenses can be extended into the online world to enable new types of online citizen services. The pilot will leverage North Carolina’s state driver’s license solution to create a digital credential for those applying for the North Carolina (DHHS) Food and Nutrition Services (FNS) Program online. This solution will eliminate the need for people to appear in person to apply for FNS benefits, reducing costs to the state while providing applicants with faster, easier access to benefits.

As a non-regulatory agency of the U.S. Department of Commerce, NIST promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life. To learn more about NIST, visit www.nist.gov.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29378
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...
CVE-2020-29379
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access.
CVE-2020-29380
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-...
CVE-2020-29381
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the CLI via a crafted filename...
CVE-2020-29382
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images.