The Kantara Initiative, a nonprofit consortium focused on strategies for simplifying our digital lives, has launched three pilot projects exploring the use of smartphone solutions for digital ID and authentication. Kantara is collaborating with the Command, Control and Interoperability Center for Advanced Data Analysis (CCICADA), a research center at Rutgers University.
Each project will get up to $800,000 in grant funding from the Department of Homeland (DHS) Security Science & Technology Directorate.
Lockstep Technologies, Gluu, and Exponent are the developers pushing these projects through three phases: viability, proof of concept and execution.
DHS wanted to see how different technical approaches could address the same use case – authenticating first responders – so they funded two unique pilots to tackle the issue
The anticipated timeframe from start to completion is two and a half years. One project has already completed the initial phase. It’s a first responder use case called Mobile Device and Attribute Validation (MDAV) from Lockstep Technologies of Australia.
“This is a case where there’ll be a disaster in one state, and they’re bringing out of state firefighters,” says Colin Wallis, executive director of the Kantara Initiative. “These first responders will preregister onto a system, and when they show up at the disaster, the area commander who’s also attached to the Federation can simply – with their phones between them – request that the individual presents his digital certificates to say who he is and what attributes he has.”
Texas-based Gluu, Inc. is offering smartphone solutions for digital ID similar to MDAV. Emergency Responder Authentication System for Mobile UserS (ERASMUS) solves the same use case but with a different combination of technologies. Wallis says DHS wanted to see how different solutions could answer the same use case.
“Gluu and Kantara have been working on the Federation for OpenID Connect folks in a work group called OTTO – the Open Trust Taxonomy for Federation Operators,” Wallis says. The group has been crafting tools and guidelines for setting up key management to make this federation work. “It’s using a very lightweight protocol, the JSON protocol, to replicate a little bit of what MDAV is doing with digital certificates. Then it’s using the Open Badges specification as the trust.”
The third pilot, from Exponent, considers federal agencies that use PIV cards to access buildings. Derived Credentials and NFC for Physical Access Control introduces a protocol developed by NIST to get the equivalent of the PIV card onto a mobile phone.
Wallis ultimately hopes to have solutions to take to the commercial market. “It’s all about enabling these guys to get their ideas in the lab. You’ve got to get the right environment,” Wallis says. “Yes, funding is important. But there’s a journey along the way.
Listen in on the conversation via this podcast to hear details of each project.