By Calvin Biesecker
The Obama Administration on Friday released its National Strategy for Trusted Identities in Cyberspace (NSTIC), outlining a framework for public and private sector cooperation to develop technologies, standards and policies as part of an “Identity Ecosystem” that will enable trust, security and privacy in online services and transactions.
The creation of an Identity Ecosystem will entail the development of interoperable, secure and reliable credentials that consumers and even groups and organizations can obtain voluntarily to more safely conduct business online. A credential could be a smart card, a software application on a smart phone and even a token for a one-time digital password, allowing a person to present a trusted identity, the White House said. The credential can be used repeatedly to logon to a web site to conduct banking, purchasing, chat and other functions. For example, a fact sheet accompanying the strategy notes that in a public safety scenario a doctor may use a credential on his thumb drive that has been issued by his employer to log into a federal web site that provides medical needs related to an ongoing incident.
For the government, the White House said the Identity Ecosystem will enable government to expand online services to better service constituents, boost innovation in the marketplace, which in turn will create new business opportunities, reduce cyber crime and improve consumer safety.
The vision is for credentials to be available from an array of sources in the market.
“By making online transactions more trustworthy and better protecting privacy, we will prevent costly crime, we will give businesses and consumers new confidence, and we will foster growth and untold innovation,” President Barack Obama said in a statement. “That’s why this initiative is so important for our economy.”
For the federal government, the NSTIC effort will be led by the National Institute of Standards and Technology, which is part of the Commerce Department.
Several companies on Friday announced a proof-of-concept for demonstrating key NSTIC concepts and to identify challenges with implementing the strategy across technical, political, social and economic domains. The Cross-Sector Digital Identity Initiative includes Northrop Grumman [NOC], Microsoft [MSFT], CA Technologies [CA] and CertiPath.
The companies said their initiative will prove their concept of a proposed “trusted architecture framework” using various real-life scenarios. On Friday, the initiative demonstrated how mobile devices enabled with cloud-based, trusted identity credentials can be used to authenticate online transactions in a way that improves security and privacy.