via Gov Info Security
The National Strategy for Trusted Identities in Cyberspace (NSTIC), a government-private sector initiative, could enhance efficiency, security and privacy in all the transactions done online every day, says NIST’s Jeremy Grant, senior executive adviser of identity management.
Before joining NIST, Grant helped draft the legislation that laid the groundwork for the Department of Defense and General Services Administration smart card and PKI efforts.
Unveiled by White House Cybersecurity Coordinator Howard Schmidt, NSTIC aims to create a trusted, online ecosystem that would let users obtain a single credential as a one-time digital password – in the form of software on a mobile device, a smart card or token, for instance – to transact business safely over the Internet.
The proposed system would solve authentication issues, such as anonymity, privacy, and user authentication, including passwords, which Grant says “aren’t quite what they used to be.”
An important role for government is to be an early adopter of NSTIC authentication credentials. Grant says the first credentials to be offered through NSTIC likely won’t be available till at least mid-decade.
With NSTIC, there would be different credential providers who would supply users with technology that would be more secure than the usernames and passwords used today. The initiative is also designed so that customers could obtain multiple credentials and use them for different purposes, depending on the kind of transaction.
With the issue of privacy, the trend for a few years was for the user to provide a great deal of information. “You don’t have a whole lot of control over what you actually have to provide … or how it’s being collected, used, or shared,” Grant says.
“We’re trying to put more choice and control back in the hands of the consumer,” he says.