Creating Trust: The $9 Million PilotsTrying Out Tools for the Online Identity Ecosystem
"If you could increase trust online, there are some real significant reasons from an economic perspective that an identity ecosystem will be important to fueling the next generation of online businesses," Grant says in an interview with Information Security Media Group.
The government, through NIST, which oversees the NSTIC initiative, is distributing $9 million grants to five American organizations that will pilot identity solutions to increase confidence in online transactions, prevent identity theft and provide individuals with more control over how they share their personal information.
"Essentially what we're really looking to demonstrate with all five of these pilots are what I dub identity ecosystems in miniature, where you can start to take technologies and solutions that were envisioned in the strategy and translate them into directly deployable solutions that can penetrate different parts of the marketplace," says Grant, who also serves as executive adviser for identity management at the Commerce Department's National Institute of Standards and Technology [see Limited Government: Path to NSTIC].
The offspring of the pilot projects should give thousands, if not more, Americans the tools they need to better protect themselves online as well as give businesses operating online a way to offer more secure, streamlined transactions to their customers that should be an economic driver, Grant says.
In the interview, Grant addresses the goals of NSTIC and the identity ecosystem the strategy envisions, the criteria the government used to select the pilot organizations and the timetable for the pilots to produce what he hopes will be workable identity solutions.
Here are the five organizations selected to conduct the pilots and the amounts of their grants, according to NIST:
Resilient Network Systems, $1,999,371: This pilot seeks to demonstrate that sensitive healthcare and education transactions on the Internet can earn patient and parent trust by using a trust network built around privacy-enhancing encryption technology to provide secure, multifactor, on-demand identity proofing and authentication across multiple sectors. Resilient will partner with the American Medical Association, Aetna, American College of Cardiology, ActiveHealth Management, Medicity, LexisNexis, NaviNet, San Diego Beacon eHealth Community, Gorge Health Connect, Kantara Initiative, and National eHealth Collaborative.
Criterion Systems, $1,977,732: This pilot will allow consumers to selectively share shopping and other preferences and information to reduce fraud and enhance the user experience. It will enable convenient, secure and privacy-enhancing online transactions for consumers, including access to Web services from leading identity service providers; seller login to online auction services; access to financial services at Broadridge, a provider of investor communications; improved supply chain management at General Electric; and first-response management at various government agencies and healthcare service providers. The Criterion team includes ID/DataWeb, AOL., LexisNexis, Risk Solutions, Experian, Ping Identity, CA Technologies, PacificEast, Wave Systems, Internet2 Consortium/In-Common Federation and Fixmo.American Association of Motor Vehicle Administrators, $1,621,803: AAMVA will lead a consortium of private industry and government partners to implement and pilot the Cross Sector Digital Identity Initiative. The goal of this initiative is to produce a secure online identity ecosystem that will lead to safer transactions by enhancing privacy and reducing the risk of fraud in online commerce. In addition to AAMVA, pilot participants include the Virginia Department of Motor Vehicles, Bimetric Signature ID, CA Technologies, Microsoft and AT&T.
Daon, $1,821,520: Daon will lead a group of organizations to demonstrate how the elderly and all consumers can benefit from a digitally connected, consumer-friendly identity ecosystem that enables consistent, trusted interactions with multiple parties online that will reduce fraud and enhance privacy. The pilot will employ user-friendly identity solutions that leverage mobile devices, such as smartphones and tablets, to maximize consumer choice and usability. Pilot team members include AARP, PayPal, Purdue University and the American Association of Airport Executives.
In the education sector, Resilient will demonstrate secure Family Educational Rights and Privacy Act and Children's Online Privacy Protection Act -compliant access to online learning for children. Resilient will partner with the National Laboratory for Education Transformation, LexisNexis, Neustar, Knowledge Factor, Authentify, Riverside Unified School District, Santa Cruz County Office of Education and Kantara Initiative to provide secure, but privacy-enhancing verification of children, parents, teachers and staff as well as verification of parent-child relationships.
University Corporation for Advanced Internet Development, $1,840,263: UCAID, known publicly as Internet2, intends to build a consistent and robust privacy infrastructure through common attributes; user-effective privacy managers; anonymous credentials; and Internet2's InCommon Identity Federation service; and to encourage the use of multifactor authentication and other technologies. Internet2's partners include the Carnegie Mellon and Brown University computer science departments, University of Texas, Massachusetts Institute of Technology and University of Utah. The intent is for the research and education community to create tools to help individuals preserve privacy and a scalable privacy infrastructure that can serve a broader community, and add value to the nation's identity ecosystem.
For more information on NSTIC, visit its website at www.nist.gov/nstic.
Grant began his career as a Senate aide, where he helped draft the legislation that laid the groundwork for the Department of Defense and General Services Administration smart card and PKI efforts. Afterward, Grant worked at the government services firm Maximus as head of its security and identity management practice and Washington Research Group as an identity and cybersecurity market analyst. Before joining NIST, Grant served as chief development officer for the consultancy ASI Government.
A graduate in biology and political science from the University of Michigan, Grant is a former co-chair of the identity management committee at TechAmerica, an IT industry lobbying and trade group.