5 pilots to take trusted online ID plan to the next stage
- By William Jackson
- Sep 19, 2013
Three projects developing online identity verification schemes in partnership with government programs are among the five recipients of more than $7 million in grants in the second round of funding for the National Strategy for Trusted Identities in Cyberspace (NSTIC).
The projects will leverage credentials derived from the Defense Department’s Common Access Card for mobile devices, expand a standard for machine-readable identity policies with state CIOs, and will work with the Federal Cloud Credential Exchange to expand use of electronic credentials for military families.
NSTIC is a presidential initiative to create an online identity ecosystem with a set of practical, user-friendly credentials developed by the private sector with government support. Although the broadest use of the credentials would be for private-sector transactions, the acceptance of them by government programs is expected to spur their use, helping to encourage and secure a burgeoning online economy. A National Program Office within the National Institute of Standards and Technology expects to award several grants ranging from $1.25 million to $2 million a year each for up to two years. A first round of grants totaling more than $9 million was awarded to five programs in 2012.
Although technologies for strong authentication already are in use, the challenge with the growth of the Internet has been to make them scale for broad adoption. The user ID and password combination widely used today rapidly becomes burdensome both for users and administrators when strong passwords are required for multiple accounts. Tokens and digital certificates are expensive when used for single applications and can be complex to manage when used for multiple applications. NSTIC seeks to develop a commercial environment to leverage the multiple interoperable schemes, making them affordable, easy to use and secure for agencies, businesses and consumers.
The goal of the grants program is not to develop new technologies but to expand the application and use of existing programs to achieve broader deployment, focusing on policies and governance as well as technology.
The five recipients of the current round of funding are:
Exponent will partner with Gemalto and HID Global to deploy credentials derived from the DOD Common Access smart ID card issued to more than 4 million civilian and active duty military personnel on smartphones and wearable devices such as rings and bracelets. These will be used for online access to DOD resources as well as a social media site and a health care organization.
Gemalto is a provider of Common Access Cards and Exponent tests the cards for performance and specification compliance. Solutions in the pilot will be standards-based to enable an interoperable system that can be adopted by a variety of organizations and companies.
Georgia Tech Research Corporation (GTRC): $1,720,723
A GTRC pilot will partner with the National Association of State Chief Information Officers to develop and demonstrate a "Trustmark Framework" to improve trust, interoperability and privacy.
A trustmark is a logo displayed as a seal of approval on a website indicating that it has been found to be trustworthy by an independent organization. Trustmarks must be based on sets of policies that allow website owners, framework providers and consumers to understand the technical, business, and security requirements as well as the policies of the sites with which they interact.
The framework will build on work in developing the National Identity Exchange Federation, a collection of federal, state and local agencies that share sensitive law enforcement information. GTRC will work with NASCIO and one or more current NIEF member agencies, such as Los Angeles County and the Regional Information Sharing Systems, to develop a consistent, machine-readable way to express security and privacy policies, enhancing the level of consumer trust.
ID.me Inc.: $1,204,957
ID.me will enhance its Troop ID credentials to obtain certification at Assurance Level 3 from the General Services Administration's Trust Framework Providers program. This would enable credential holders to use them not only at private-sector sites, but also with U.S. government agencies through the Federal Cloud Credential Exchange being piloted by the U.S. Postal Service.
Troop ID credentials are issued by ID.me to let members of the military community, including family as well as active duty personnel and veterans, access programs intended for members of the military community. More than 200,000 veterans and service members use Troop ID, and the enhanced security certification would enable broader acceptance of the credentials by government agencies. Project partners will include federal agencies and a financial institution serving the military community and its families.
Privacy Vaults Online Inc. (PRIVO): $1,611,349
The PRIVO pilot would provide families with credentials compliant with the Children's Online Privacy Protection Act to enable parents and guardians to authorize their children to safely interact with online services. Project partners include a large online content provider and a large toy company. The credentials would enable a streamlined consent process and simplify legal obligations regarding the collection and storage of children's data.
Transglobal Secure Collaboration Participation Inc. (TSCP): $1,264,074
TSCP is working with Fidelity Investments and Chicago Mercantile Exchange to deploy trusted credentials for secure business-to-business, government-to-business and retail transactions for small and medium-sized businesses. Employees of participating businesses will be able to use existing credentials to securely log into retirement accounts at brokerages without obtaining a new credential. Key to these cross-sector transactions will be development of an open-source, technology-neutral Trust Framework Development Guidance document that can provide a foundation for future cross-sector interoperability of online credentials.