September 27, 2012 -
Daon, a leading provider of biometric identity management and authentication solutions worldwide, has been selected to lead a team to develop an “identity ecosystem” project that is part of the United States National Strategy for Trusted Identities in Cyberspace (NSTIC) initiative.
NSTIC, a White House initiative, provides guidance for an Internet identity system to be designed and built by the private sector.
NSTIC brings together the private sector, advocacy groups, public sector agencies, and other organizations with the goal of creating an identity ecosystem where individuals, organizations, and underlying infrastructure can be authoritatively identified as authentic. The system will protect individuals, businesses, and public agencies from the high costs of cyber crimes like identity theft and fraud, while simultaneously helping to ensure that the Internet continues to support innovation and a thriving marketplace of products and ideas.
The identity ecosystem will allow individuals to validate their identities securely when they’re doing sensitive transactions, like banking or viewing health records, and let them stay anonymous when they’re not, like blogging or surfing the Web.
The plan comes nearly two years after the White House first released its Cyberspace Policy Review, which set forth a national plan for Internet identities.
In 2010, the White House released the draft NSTIC statement, and accepted public comments via an online forum. In the draft statement, the White House emphasized that NSTIC should be privacy enhancing, voluntary, interoperable, and cost-effective.
Under a cooperative agreement with the National Institute of Standards and Technology (NIST), a Daon-helmed team will implement multiple NSTIC pilot projects enabling subscribers to securely conduct online transactions.
In parallel with the NSTIC Identity Ecosystem pilots, Purdue University will conduct research into privacy, security, performance, usability, accessibility, and user acceptance aspects of Daon’s real-world implementation of the system, including the use of privacy-enhancing technologies to better manage users’ disclosure of information while still providing identity assurance. The Daon team will share results with the NSTIC Program Office and the NSTIC Steering Group to help inform the evolving Identity Ecosystem based on actual usage of this unique cyber security solution.
“With digital transactions now a regular part of our daily lives, it is essential to be able to trust that all parties involved in an online transaction are authentic,” commented Thomas A. Grissen, CEO of Daon. “Cyber security is a national challenge and we are proud to bring the knowledge, experience and innovative technologies that Daon has developed on large-scale identity management programs worldwide to bear on it. Conducting pilots for NSTIC gives Daon and its team the opportunity to make a significant and lasting impact on the effort to create trust in the digital world.”
The Daon Team pilots will utilize IdentityX, an identity authentication platform that leverages Daon technology. The IdentityX solution uses the end user’s mobile phone or tablet and different combinations of security options to provide unprecedented levels of identity assurance.
Identity can be verified using multiple authentication methods including proof of possession of the phone, digital certificate, PIN/Password, out of band one-time passwords, geo-location, and biometrics, including voice and facial recognition.
The selection of methods used can vary depending on the sensitivity and risk of the transaction. For example, a simple transaction with low risk such as transferring a small sum between bank accounts could require just phone possession plus the entry of a PIN; whereas a transaction with higher risk, such as transferring a large sum, could require PIN and face and voice matching along with GPS to confirm the user’s location.
Other partners have commented that: “The NSTIC effort is a major step in the right direction to address the challenges of privacy, security and convenience, and AARP is very glad to be a part of this initiative. Whether it is the dangers of identity theft, phishing and scams, and the lack of easy ways to protect against these realities of online life, they are serious obstacles to people over 50 and everyone from making even greater use of technology,” said Jody Holtzman, senior vice president, AARP Thought Leadership.
“PayPal supports the NSTIC vision that trustworthy online identity is a key component of a healthy Internet ecosystem,” said Damon Hougland, Head of Identity, PayPal. “We are pleased to be working with Daon to explore various options to pilot their technology and leverage the mobile device as an authentication platform.”
The Purdue team combines expertise from four areas: the Biometric Standards, Performance and Assurance Laboratory (BSPA), the Cyber Center in the university’s Discovery Park, the Center for Education and Research in Information Assurance and Security (CERIAS), and Information Technology at Purdue (ITaP).
“We’re pleased to contribute to the Daon NSTIC team by looking at a real-world identity system from a research perspective,” said Dr. Stephen Elliott, director of the BSPA and associate director of CERIAS, who is leading the Purdue team, working with Dr. Elisa Bertino, director of the Cyber Center and research director of CERIAS. “We combine expertise in biometric testing, cyber security, privacy and practical real-world information technology.”