More than $7 million in grants ended up awarded to support the National Strategy for Trusted Identities in Cyberspace (NSTIC), said officials at the National Institute of Standards and Technology (NIST).
The funding will enable five U.S. organizations to develop pilot identity protection and verification systems that offer consumers more privacy, security and convenience online. These new pilots build on the launch of five NSTIC pilots awarded in 2012.
Launched by the Obama administration in 2011 and housed at NIST, NSTIC is an initiative that aims to support collaboration between the private sector, advocacy groups and public-sector agencies.
The selected pilot proposals advance the NSTIC vision that individuals and organizations adopt secure, efficient, easy-to-use, and interoperable identity credentials to access online services in a way that promotes confidence, privacy, choice and innovation.
“The grants announced today will support privacy-enhancing technologies that help make Internet transactions more secure, including better protection from fraud and identity theft, and are an important step toward giving American companies and consumers greater confidence in doing business online,” said U.S. Secretary of Commerce Penny Pritzker.
“These new NSTIC pilots span multiple sectors, benefitting children, parents and veterans, as well as online shoppers and social media users of all ages,” said NIST’s Jeremy Grant, senior executive advisor for identity management. Grant is head of the NSTIC National Program Office at NIST.
The grant winners include:
• Exponent (CA): $1,589,400. The Exponent pilot will issue secure, easy-to-use and privacy-enhancing credentials to users to help secure applications and networks at a leading social media company, a health care organization and the U.S. Department of Defense. Exponent and partners Gemalto and HID Global will deploy two types of identity verification: The use of mobile devices that leverage “derived credentials” stored in the device’s SIM card and secure wearable devices, such as rings and bracelets. Solutions will build upon standards, ensuring an interoperable system that a wide variety of organizations and companies can easily adopt.
• Georgia Tech Research Corporation (GTRC) (GA): $1,720,723. The GTRC pilot will develop and demonstrate a “Trustmark Framework” that seeks to improve trust, interoperability and privacy within the Identity Ecosystem. Trustmarks are a badge, image or logo displayed on a website to indicate the issuing organizations considers the website business as trustworthy. Defining trustmarks for specific sets of policies will allow website owners, trust framework providers and individual Internet users to more easily understand the technical, business, security and privacy requirements and policies of the websites with which they interact or do business.
• Privacy Vaults Online, Inc. (PRIVO) (VA): $1,611,349. Children represent a unique challenge when it comes to online identity. Parents need better tools to ensure safe family use of the Internet, while online service providers need to comply with the requirements of the Children’s Online Privacy Protection Act (COPPA) when they deal with minors under the age of 13. PRIVO will pilot a solution that provides families with COPPA-compliant, secure, privacy-enhancing credentials that will enable parents and guardians to authorize their children to interact with online services in a more privacy-enhancing and usable way.
• ID.me, Inc. (VA): $1,204,957. ID.me, Inc.’s Troop ID will develop and pilot trusted identity solutions that will allow military families to access sensitive information online from government agencies, financial institutions and health care organizations in a more privacy-enhancing, secure and efficient manner. Troop ID lets America’s service members, veterans, and their families verify their military affiliation online across a network of organizations that provides discounts and benefits in recognition of their service.
• Transglobal Secure Collaboration Participation, Inc. (TSCP) (VA): $1,264,074. The TSCP pilot will deploy trusted credentials to conduct secure business-to-business, government-to-business and retail transactions for small and medium-sized businesses and financial services companies, including Fidelity Investments and Chicago Mercantile Exchange. As part of this pilot, employees of participating businesses will be able to use their existing credentials to securely log into retirement accounts at brokerages, rather than having to obtain a new credential. Key to enabling these cross-sector transactions will be TSCP’s development of an open source, technology-neutral Trust Framework Development Guidance document that can provide a foundation for future cross-sector interoperability of online credentials.
The NSTIC National Program Office will invite pilot project awardees to give presentations on their initiatives at the planned January 2014 plenary meeting of the independently led Identity Ecosystem Steering Group (IDESG), which will be in Atlanta. The next IDESG plenary meeting will be Oct. 16-18, 2013, at NIST headquarters in Gaithersburg, MD.