Using the SIM and wearable devices for secure online ID
“Advancing a national strategy for assuring one’s identity in cyberspace isn’t really a particularly easy proposition,” says Brad McGoran, a principal engineer at Exponent. The company has provided independent testing of various identity technologies for years and is one of the largest engineering and scientific consulting firms in the U.S.
Exponent emerged in the 1960’s specializing in scientific research and analysis as well as rapid response evaluation. “We often do component and system level evaluations in the areas of interoperability, security, reliability and performance,” he says.
The company was a finalist in the first pilot competition last year but did not make the final cut. At that point, McGoran says team members hunkered down to learn everything they could about the initial group of projects, and they put their focus on eliminating passwords using strong authentication techniques.
“The team that we formed includes HID and Gemalto, Stanford University’s computer science department and Experian,” McGoran says. “We also have three relying parties that include a social media provider, a medical facility and the Department of Defense’s Defense Manpower Data Center.”
The grant is worth $1.6 million for the first year of the pilot, with another $1.9 million available in the second year if milestones are met.
“One of the differentiators I think for our solution is that we do have a significant hardware component, namely the secure element,” McGoran said. “We will demonstrate two form factors. One will leverage the UICC in a phone and the other leverages a secure element that’s embedded in a wearable device, which we call a PAD – or Personal Authentication Device.”
The Exponent team will demonstrate:
- A derivation process to add credentials to a mobile device
- A secure and easy method for doctors to access medical records
- A user friendly means to secure social media
“We have a very strong emphasis on open standards and a responsibility to give the national program office a system that will be interoperable and non-proprietary,” he adds.
McGoran says the company is particularly excited about the opportunity to leverage some of the emerging NIST special publications.
“Our solution is focusing on compatibility with existing federal programs and infrastructure – such as FICAM, the DOD common access card and the federal PIV infrastructure,” he says. This coupled with the use of the UICC and the ubiquity of the mobile phone promises to make this a closely watched project.