Interview with Mark DiFraia, MorphoTrust Senior Director of Solutions Strategy
MorphoTrust is working hard to help eliminate the password, according to Mark DiFraia, the firm’s Senior Director of Solutions Strategy.
“We recognize that the user walking around today knows that the username and password is not sufficient protection for resources or transactions,” said the MorphoTrust technology executive.
Last year, the company was awarded a pilot grant by the National Institute of Standards and Technology (NIST) to create an electronic ID that would allow consumers to access online services with the same security, privacy protection and ability to authenticate identity as today’s face-to-face transactions.
Biometrics Research Group, the publisher of BiometricUpdate.com, has defined an electronic ID, or eID, as a government-issued credential used for both online and offline identification.
Through the pilot program, MorphoTrust will receive US$1.47 million over the next two years to test the security, viability and interoperability of an electronic credential that encourages confidence, privacy, selection and innovation to meet the key principles of the White House’s National Strategy for Trusted Identities in Cyberspace.
The White House’s strategy calls for the creation of a vibrant “identity ecosystem” not unlike driver license verification, where identity solutions will be secure, resilient, interoperable, cost-effective, easy-to-use, privacy-enhancing and voluntary. A key aim of the White House’s strategy to facilitate the creation of authentication processes by private industry that allow organizations to efficiently conduct business online by trusting the identities and credentials provided by other entities. Another key aim is to eliminate redundant processes associated with managing, authenticating, authorizing, and validating identity data, along with reducing loss due to fraud or data theft, and to offer additional services previously deemed too risky to conduct online.
But the ultimate goal of the strategy is to work towards eliminating the use of the password for online transactions. As we reported last year, Michael Daniel, the White House’s cybersecurity coordinator, spoke out against passwords as a security measure, and reportedly favors more sophisticated identification technology such as biometrics.
According to DiFraia, the main issue that challenges the security of financial transactions online is that: “There is too much ID risk on the Internet today because of the variable restriction on ID assurance which precludes higher value transitions taking place online.” The idea driving the pilot is therefore to define a framework through which governments and commercial entities can trust an eID.
He notes that in the real world, a retailer or government authority can use an endorsed credential, like a drivers license to authenticate a client.
“There is a level of comfort that we all have when we do business in person using our driver licenses,” he said in an exclusive interview with BiometricUpdate.com. “We can perform nearly any transaction we want to in the U.S. with our driver licenses as our proof of identity.”
Consequently, MorphoTrust is participating in the NIST pilot through a public-private partnership that is designed to establish an online equivalent to a physical driver license.
“The pilot looks to bring that same level of comfort to the online setting,” said DiFraia. “When we think about just how many Americans carry a driver license or state ID, the outlook is exciting because we can see a path to a safer Internet in which people have far more control than they have today.”
MorphoTrust is noted as the number one provider of driver license credentials throughout the United States, and has contracts with 42 of the 50 states.
During the pilot period, MorphoTrust will aim to provide comparable levels of security and service of a physical ID, through an affordable, readily available and highly reliable eID which assures that people are exactly who they say they are in an online environment.
The firm will work in conjunction with the state of North Carolina to develop the new eID system. The pilot program’s goals are to prove that an eID can be generated that maintains the trust of a secure credential and can be used to eliminate in-person identity proofing requirements, along with demonstrating an “elevation of trust” using biometric multi-factor authentication.
A subsequent goal of the trial is to define a framework through which states and commercial entities can trust each eID. To achieve all of this, MorphoTrust will use a range of credentials including the North Carolina driver license, state ID documents and system of record to generate an eID for those applying for the North Carolina Department of Health and Human Services Food and Nutrition Services Program online.
DiFraia notes the new credential will eliminate the need for food stamp applicants to appear in person at state facilities, thereby lowering state costs, while providing applicants with faster and easier access to the benefits they need.
In addition to its partnerships with the North Carolina Department of Transportation and DHHS, MorphoTrust will also team up with The University of Texas at Austin Center for Identity, Gluu, Toopher, miiCard and Privacy Engineer Debra Diener for this pilot in order to enhance the interoperability of authentication solutions. The idea, according to DiFraia, is to help develop a trustworthy, open ID protocol standard.