Use cases target children to seniors
The amorphous identity ecosystem is starting to take shape. After more than a year of discussion, funding for pilots to demonstrate what an identity ecosystem is all about has been awarded and projects are starting to coalesce.
Five pilot projects received a total of $9 million as a part of the National Strategy for Trusted Identities in Cyberspace (NSTIC). The pilots cross markets and user communities including health care, online media, retail, banking, higher education and state and local government.
“Our goal is to make something happen that otherwise would not happen,” says Jeremy Grant, senior executive advisor for identity management and head of the National Program Office for NSTIC.
The five winners–the American Association of Motor Vehicle Administrators, Daon, Criterion Systems, Resilient Networks and Internet2–were weaned from 186 original entries and 27 finalists. “All are different but they share a common theme of partnership,” Grant says. “It’s less about building something new than getting these credential technologies out there and setting up identity ecosystems in miniature.”
Re:ID spoke with representatives from the five pilot winners. Each detailed different aspects of the identity ecosystem their project would be testing.
With experience in both national ID and border control programs, Daon is no stranger to large-scale identity projects. The $1.8 million Daon pilot will demonstrate how consumers–specifically senior citizens–can benefit from a digitally connected, consumer friendly identity ecosystem. It is intended to show how trusted interactions with multiple parties online can reduce fraud and enhance privacy.
The pilot will employ identity solutions that leverage smart phones and other mobile devices to give consumer’s choice and usability. Pilot team members include the American Association of Retired Persons, PayPal, Purdue University and the American Association of Airport Executives.
There are four parts to Daon’s pilot, says Cathy Tilton, vice president of Standards and Technology at Daon and lead for the company’s NSTIC pilot.
The first part will see the deployment of IdentityX, an identity authentication platform that is already operational at the Amazon Web services data center. The IdentityX solution uses the end user’s mobile phone or tablet and different combinations of security options to provide varying levels of identity assurance. Identity can be verified using multiple authentication methods including proof of possession of the phone, geolocation, passwords, out of band one-time passwords, voice and facial recognition biometrics and digital certificates.
The selection of methods used will vary depending on the sensitivity and risk of the transaction. For example, a simple transaction with low risk such email login could require just phone possession plus the entry of a PIN. A transaction with higher risk, such as transferring money from a bank account, could require PIN, face and voice matching as well as geolocation via GPS to confirm the user’s location.
“That technology uses a smart phone as a multi-factor authentication platform into traditional applications, Web apps and mobile apps,” Tilton says. “It hosts up to eight different authentication methods and based on the risk level of the transaction, invokes some combination of methods to get to the assurance needed.”
The second portion is a research agenda with Purdue University. Researchers will look at the data collected during the operational pilots to evaluate usability and accessibility, privacy, security, performance and user acceptance.
The third area is the operational pilot. Daon teamed with relying parties including AARP, PayPal, the American Association of Airport Executives, Purdue University’s IT department and a major bank. Each will utilize IdentityX with a set of pilot subscribers to collect data and feedback, Tilton says.
The final part of the pilot is the trust framework integration. Thus far companies have only deployed IdentityX internally, Tilton explains. “We’re going to extend our capability to work within several existing federally-certified trust frameworks such as Open ID, Open ID Connect, Kantara and InCommon,” she says.