Moving Closer to Trusted Identities on the Internet

Last updated: 19 March 2014

The move towards a trusted Internet identity ecosystem is getting closer: The National Institute of Standards and Technology (NIST) has awarded $9 million to five pilot programs for the National Strategy for Trusted Identities in Cyberspace (NSTIC) initiative.  According to NIST, the pilots will include new solutions, models, and/or frameworks for healthcare, online media, retail, banking, higher education, and state and local governments.

When announcing the awards, Patrick Gallagher, the undersecretary of Commerce for Standards and Technology and NIST Director, talked about how NSTIC, and the NSTIC pilot awards, will benefit the US economy: “Increasing confidence in online transactions fosters innovation and economic growth.  These investments in the development of identity solutions will help protect our citizens from identity theft and other types of fraud, while helping our businesses, especially small businesses, reduce their costs.”

Here’s a little more information on the five NSTIC pilot programs:

The American Association of Motor Vehicle Administrators (AAMVA).  AAMA aims to implement and pilot an initiative called the Cross Sector Digital Identity Initiative (CSDII). AAMA will work with fellow participants to produce a secure online identity ecosystem that will lead to safer transactions by enhancing privacy and reducing the risk of fraud in online commerce.

Criterion Systems.  The Criterion team’s pilot will enable convenient, secure and privacy-enhancing online transactions for consumers, including access to Web services from leading identity service providers; seller login to online auction services; access to financial services at Broadridge; improved supply chain management at General Electric; and first-response management at various government agencies and healthcare service providers.

Daon, Inc. The Daon pilot will demonstrate how senior citizens and all consumers can benefit from a digitally connected, consumer friendly Identity Ecosystem that enables consistent, trusted interactions with multiple parties online that will reduce fraud and enhance privacy. The pilot will employ user-friendly identity solutions that leverage smart mobile devices (smartphones/tablets) to maximize consumer choice and usability.

Resilient Network Systems, Inc. The Resilient pilot seeks to demonstrate that sensitive health and education transactions on the Internet can earn patient and parent trust by using a Trust Network built around privacy-enhancing encryption technology to provide secure, multifactor, on-demand identity proofing and authentication across multiple sectors. In the education sector, Resilient will demonstrate secure Family Educational Rights and Privacy Act (FERPA) and Children’s Online Privacy Protection Act (COPPA)-compliant access to online learning for children.

University Corporation for Advanced Internet Development (UCAID). UCAID, known publicly as Internet2, intends to build a consistent and robust privacy infrastructure through common attributes; user-effective privacy managers; anonymous credentials; and Internet2’s InCommon Identity Federation service; and to encourage the use of multifactor authentication and other technologies. The intent is for the research and education community to create tools to help individuals preserve privacy and a scalable privacy infrastructure that can serve a broader community, and add value to the nation’s identity ecosystem.

After only 17 months, the NSTIC has made incredible progress.  The head of NSTIC, Jeremy Grant, said the chosen pilots will align “core NSTIC guiding principles” and directly address “known barriers to the adoption of the Identity Ecosystem.”  I agree – the pilots mark the start to achieving the goals of the NSTIC, and address critical subjects like secure transactions, privacy, ecommerce and federation within the realm of our online lives. What else do you think can be done to improve our digital lives?