NSTIC opens next round of grants for secure ID technology
- By William Jackson
- Feb 19, 2013
Proposals are being sought in a second round of funding for pilot programs to help create the digital identity ecosystem envisioned by the National Strategy for Trusted Identities in Cyberspace.
NSTIC is an initiative to address current challenges in authenticating identities online, with a National Program Office established within the National Institute of Standards and Technology. Acknowledging that government should not impose or bear the full cost of implementing secure authentication schemes, NSTIC would use public-private partnerships to enable more secure and user-friendly systems.
NIST expects to award several grants ranging from $1.25 million to $2 million a year each for up to two years. No cost sharing is required, and the program is open to private-sector companies as well as to agencies, universities, non-profits and coalitions of organizations. Initial proposals are due by March 5 and should be submitted through grants.gov.
Although technologies for strong authentication already are in use, the challenge from the growth of the Internet has been to make them scale for broad adoption. Today’s widely used user ID and password combination rapidly becomes burdensome both for users and administrators when strong passwords are required across multiple accounts. Tokens and digital certificates are expensive when used for one-off applications and complex to manage when used for multiple applications. NSTIC wants to develop a commercial environment capable of leveraging the advantages of multiple interoperable schemes, making them affordable and secure for agencies as well as for businesses.
In 2012 NIST funded five pilot projects in the initial round of NSTIC pilot grants. Objectives for the current round of grants include:
- Securely link multiple sectors, including multiple identity providers and relying parties through interoperable trust frameworks.
- Expand the acceptance of these trust frameworks and third-party credential providers by relying parties.
- Demonstrate solutions that can help public and private sector entities jumpstart adoption of trusted strong authentication technologies in lieu of passwords.
- Create user-centric solutions addressing the barriers that have inhibited consumer demand for strong authentication.
- Create a framework of policies, rules of behavior, and agreements for liability and privacy concerns that can be applied across multiple trust frameworks and providers.
- Demonstrate technologies that mitigate privacy and civil liberties risks, such as increased trackability and personal data aggregation engendered by the development of the Identity Ecosystem, without impairing performance.
- Demonstrate interoperability across multiple technologies such as smart cards, one-time passwords and others.
- Demonstrate frameworks, methodologies or solutions for enabling the exchange of specific attributes associated with identities while minimizing the sharing of non-essential information.
- Create interfaces to enhance end-user choice and usability.
- Demonstrate the role that government can play in helping individuals prove their identity with the private sector.
Applicants should send abbreviated proposals. Finalists will be selected by April 9 to submit full proposals.
William Jackson is freelance writer and the author of the CyberEye blog.