NIST tackles online ID ecosystem with technology grant program

The US National Institute of Standards and Technology (NIST) has announced a new competition to support its quest to move online user credentials for digital commerce beyond the ID-and-password era. The contest winners will win grants worth between $1.25 million to $2 million per year, per project, for up to two years, to create pilot projects for innovative online secure identity systems.

The technology incubator program is part of an initiative to kick-start the vision of the National Strategy for Trusted Identities in Cyberspace (NSTIC) to create an ecosystem of interoperable, secure, privacy-enhancing trusted online credentials – where citizens would have a federated identity that they can use across sites and technologies. NSTIC has been tasked by the White House to work collaboratively with the private sector, advocacy groups, public-sector agencies and others to make this happen, ultimately improving the privacy, security, and convenience of online transactions.

"Our goal is to pilot solutions that can demonstrate material advances in identity and authentication and build a stronger foundation for the Identity Ecosystem," said Jeremy Grant, NIST's senior executive advisor for identity management, in a statement. "We will build on the momentum gained with the successful 2012 launch of our first five pilots and the establishment of the Identity Ecosystem Steering Group."

According to Grant, the 2012 pilot projects already are addressing known barriers to the development of an “Identity Ecosystem” – where individuals, businesses and other organizations can have greater trust and security as they conduct sensitive transactions online. The pilots are helping to spur development of a marketplace for trusted identity solutions online and represent various industries, including financial and government services, healthcare and online learning, he said.

Winning ideas will postulate identity solutions that follow a set of comprehensive guidelines. They will be privacy-enhancing and voluntary, secure and resilient, interoperable, cost-effective and easy-to-use. They should also demonstrate solutions, models and frameworks that are either new or not widely adopted in the marketplace today. The deadline for submission is March 5. 

The UK in October announced a similar approach to NIST’s vision, in the form of a pan-government model for identity assurance that engages the services of third-party ID verification providers and allows UK citizens to choose from a list of approved ID assurance providers.

The third-party approach will provide an element of user choice for citizens attempting to access public services online, as well as avoid the need for a centralized database of ID authentication credentials stored by the UK government.

What’s Hot on Infosecurity Magazine?