NIST Awards Grants To Improve Online Security And Privacy
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) today announced more than $7 million in grants to support the National Strategy for Trusted Identities in Cyberspace (NSTIC). The funding will enable five U.S. organizations to develop pilot identity protection and verification systems that offer consumers more privacy, security and convenience online. These new pilots build on the successful launch of five NSTIC pilots awarded in 2012.
Launched by the Obama administration in 2011 and housed at NIST, NSTIC is an initiative that aims to support collaboration between the private sector, advocacy groups and public-sector agencies. The selected pilot proposals advance the NSTIC vision that individuals and organizations adopt secure, efficient, easy-to-use, and interoperable identity credentials to access online services in a way that promotes confidence, privacy, choice and innovation.
“The Obama administration is committed to supporting public-private partnerships that both enhance consumer privacy and ensure the Internet remains a driver of innovation and economic growth,” said U.S. Secretary of Commerce Penny Pritzker. “The grants announced today will support privacy-enhancing technologies that help make Internet transactions more secure, including better protection from fraud and identity theft, and are an important step toward giving American companies and consumers greater confidence in doing business online.”
“These new NSTIC pilots span multiple sectors, benefitting children, parents and veterans, as well as online shoppers and social media users of all ages,” said NIST’s Jeremy Grant, senior executive advisor for identity management. “Collectively, these five pilots will drive innovation in online identity management, helping to foster a marketplace of more secure, convenient, privacy-enhancing identity solutions available to all Americans online.” Grant is head of the NSTIC National Program Office at NIST.
The grantees announced today include the following:
Exponent (Calif.): $1,589,400
The Exponent pilot will issue secure, easy-to-use and privacy-enhancing credentials to users to help secure applications and networks at a leading social media company, a health care organization and the U.S. Department of Defense. Exponent and partners Gemalto and HID Global will deploy two types of identity verification: the use of mobile devices that leverage so-called “derived credentials” stored in the device’s SIM card and secure wearable devices, such as rings and bracelets. Solutions will be built upon standards, ensuring an interoperable system that can be easily adopted by a wide variety of organizations and companies.
Georgia Tech Research Corporation (GTRC) (Ga.): $1,720,723
The GTRC pilot will develop and demonstrate a “Trustmark Framework” that seeks to improve trust, interoperability and privacy within the Identity Ecosystem. Trustmarks are a badge, image or logo displayed on a website to indicate that the website business has been shown to be trustworthy by the issuing organization. Defining trustmarks for specific sets of policies will allow website owners, trust framework providers and individual Internet users to more easily understand the technical, business, security and privacy requirements and policies of the websites with which they interact or do business.
Supporting consistent, machine-readable ways to express policy can enhance and simplify the user experience, raise the level of trust in online transactions and improve interoperability between service providers and trust frameworks. Building on experience developing the National Identity Exchange Federation (NIEF), GTRC plans to partner with the National Association of State Chief Information Officers (NASCIO) and one or more current NIEF member agencies, such as Los Angeles County and the Regional Information Sharing Systems (RISS).
Privacy Vaults Online, Inc. (PRIVO) (Va.): $1,611,349
Children represent a unique challenge when it comes to online identity. Parents need better tools to ensure safe family use of the Internet, while online service providers need to comply with the requirements of the Children’s Online Privacy Protection Act (COPPA) when they deal with minors under the age of 13. PRIVO will pilot a solution that provides families with COPPA-compliant, secure, privacy-enhancing credentials that will enable parents and guardians to authorize their children to interact with online services in a more privacy-enhancing and usable way. Project partners, including one of the country’s largest online content providers and one of the world’s largest toy companies, will benefit from a streamlined consent process while simplifying their legal obligations regarding the collection and storage of children’s data.
ID.me, Inc. (Va.): $1,204,957
ID.me, Inc.’s Troop ID will develop and pilot trusted identity solutions that will allow military families to access sensitive information online from government agencies, financial institutions and health care organizations in a more privacy-enhancing, secure and efficient manner. Troop ID lets America’s service members, veterans, and their families verify their military affiliation online across a network of organizations that provides discounts and benefits in recognition of their service. Today, more than 200,000 veterans and service members use Troop ID to access benefits online. As part of its pilot, Troop ID will enhance its current identity solution to obtain certification at Level of Assurance 3 from the U.S. General Services Administration’s Trust Framework Providers program, enabling Troop ID credential holders to use their solution not only at private-sector sites, but also when interacting online with U.S. government agencies through the recently announced Federal Cloud Credential Exchange (FCCX). Key project partners include federal government agencies and a leading financial institution serving the nation’s military community and its families.
Transglobal Secure Collaboration Participation, Inc. (TSCP) (Va.): $1,264,074
The TSCP pilot will deploy trusted credentials to conduct secure business-to-business, government-to-business and retail transactions for small and medium-sized businesses and financial services companies, including Fidelity Investments and Chicago Mercantile Exchange. As part of this pilot, employees of participating businesses will be able to use their existing credentials to securely log into retirement accounts at brokerages, rather than having to obtain a new credential. Key to enabling these cross-sector transactions will be TSCP’s development of an open source, technology-neutral Trust Framework Development Guidance document that can provide a foundation for future cross-sector interoperability of online credentials.
The NSTIC National Program Office will invite pilot project awardees to give presentations on their initiatives at the planned January 2014 plenary meeting of the independently led Identity Ecosystem Steering Group (IDESG), which will be held in Atlanta. The next IDESG plenary meeting will be held Oct. 16-18, 2013, at NIST headquarters in Gaithersburg, Md. For further information about these meetings and NSTIC, visit www.nist.gov/nstic.
As a non-regulatory agency of the U.S. Department of Commerce, NIST promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life. To learn more about NIST, visit www.nist.gov.