A federal initiative called the "National Strategy for Trusted Identities in Cyberspace" has been encouraging the high-tech industry to work with government to find alternatives to simple passwords in order to foster more secure online transactions. The NSTIC program has been promising to fund $10 million in government grants for pilot projects to showcase innovative approaches, and today the winners were finally announced.
According to the National Institute of Standards and Technology, where the NSTIC program has been housed since 2009, the grantees are:
The American Association of Motor Vehicle Administrators (AAMVA) (Va.): $1,621,803.
AAMVA will lead a consortium of industry and government partners to implement and pilot the Cross Sector Digital Identity Initiative (CSDII). The goal is to produce a secure online identity ecosystem that will lead to safer transactions by enhancing privacy and reducing the risk of fraud in online commerce. In addition to AAMVA, the CSDII pilot participants include the Virginia Department of Motor Vehicles, Biometric Signature ID, CA Technologies, Microsoft and AT&T.
Criterion Systems (Va.): $1,977,732.
The Criterion pilot will allow consumers to selectively share shopping and other preferences and information to both reduce fraud and enhance the user experience. It will enable convenient, secure and privacy-enhancing online transactions for consumers, including access to Web services from leading identity service providers; seller login to online auction services; access to financial services at Broadridge; improved supply chain management at General Electric; and first-response management at various government agencies and healthcare service providers. The Criterion team includes ID/DataWeb, AOL, LexisNexis, Risk Solutions, Experian, Ping Identity, CA Technologies, PacificEast, Wave Systems Corp., Internet2 Consortium/In-Common Federation and Fixmo.
Daon Inc. (Va.): $1,821,520.
The Daon pilot will demonstrate how senior citizens and all consumers can benefit from a digitally connected, consumer friendly Identity Ecosystem that enables consistent, trusted interactions with multiple parties online that will reduce fraud and enhance privacy. The pilot will employ user-friendly identity solutions that leverage smart mobile devices (smartphones/tablets) to maximize consumer choice and usability. Pilot team members include AARP, PayPal, Purdue University and the American Association of Airport Executives.
Resilient Network Systems Inc. (Calif.): $1,999,371.
The Resilient pilot seeks to demonstrate that sensitive health and education transactions on the Internet can earn patient and parent trust by using a Trust Network built around privacy-enhancing encryption technology to provide secure, multifactor, on-demand identity proofing and authentication across multiple sectors. Resilient will partner with the American Medical Association, Aetna, the American College of Cardiology, ActiveHealth Management, Medicity, LexisNexis, NaviNet, the San Diego Beacon eHealth Community, Gorge Health Connect, the Kantara Initiative and the National eHealth Collaborative.
In the education sector, Resilient will demonstrate secure Family Educational Rights and Privacy Act (FERPA)- and Children's Online Privacy Protection Act (COPPA)-compliant access to online learning for children. Resilient will partner with the National Laboratory for Education Transformation, LexisNexis, Neustar, Knowledge Factor, Authentify Inc., Riverside Unified School District, Santa Cruz County Office of Education and the Kantara Initiative to provide secure, but privacy-enhancing verification of children, parents, teachers and staff, as well as verification of parent-child relationships.
University Corporation for Advanced Internet Development (UCAID) (Mich.): $1,840,263.
UCAID, known publicly as Internet2, intends to build a consistent and robust privacy infrastructure through common attributes; user-effective privacy managers; anonymous credentials; and Internet2's InCommon Identity Federation service; and to encourage the use of multifactor authentication and other technologies. Internet2's partners include the Carnegie Mellon and Brown University computer science departments, University of Texas, the Massachusetts Institute of Technology and the University of Utah. The intent is for the research and education community to create tools to help individuals preserve privacy and a scalable privacy infrastructure that can serve a broader community, and add value to the nation's identity ecosystem.
James Sheire, senior adviser at NSTIC, appeared earlier this week at the Biometric Consortium Conference in Tampa, Fla., to talk about the NSTIC program, and he noted that announcement about the long-anticipated pilot project awards was imminent.
"The private sector will lead the effort," said Sheire. The idea is to be able to carry out with confidence many kinds of high-value and sensitive transaction, such as signing an auto loan or a mortgage online in the future using digital credentials, he said. He added today there are too many concerns about "liability issues."
Sheire acknowledged the NSTIC program has taken quite a while to gain momentum, but the goal is not to have the government dictate practices and to let industry take the lead.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: firstname.lastname@example.org.