Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Pilots

This page is ARCHIVED. Please visit https://www.nist.gov/identity-access-management for current information on NIST’s Identity and Access Management work.

Learn about all of the pilots...

 

 ...or read about a specific pilot by selecting a logo below.

 

AAMVA logo

 

Criterion logo

 

Galois logo

 

Hydrant ID logo

 

Ohio DAS logo

 

 

 

Daon logo

 

Gemalto logo

 

ID.me logo

 

PRIVO logo

 

Internet2 logo

 

Pennsylvania lgoo

 

Exponent logo

 

GTRI logo

 

Idemia

 

Resilient Network Systems logo

 

Yubico logo

 

NSTIC pilot funding recipient Confyrm small logo

 

Florida logo

 

GSMA logo

 

Michigan DHHS logo

 

TSCP logo

 

American Association of Motor Vehicle Administrators (AAMVA)

Project status: graduated

Explored modular identity architectures by combining remote proofing capabilities with credentials

AAMVA leads the Cross Sector Digital Identity Initiative (CSDII), a consortium of private industry and government partners formed to leverage identity attribute verification done by state departments of motor vehicles (DMVs) to strengthen login credentials held by consumers (such as existing logins from social networking and email providers such as Google and Facebook). Throughout the pilot, AAMVA responded to market needs by leveraging other remote and in-person identity proofing events, such as in-person proofing through healthcare providers. In addition to AAMVA, the CSDII consortium includes the Commonwealth of Virginia Department of Motor Vehicles, CA Technologies, Microsoft, and Biometric Signature ID. The pilot focused on healthcare applications, which enabled providers to more easily and securely access health information with strong digital credentials.

Milestones*

  • Completed relying party (RP) testing with Inova Health.
  • Completed RP testing and identity provider (IdP) integration with Commonwealth of Virginia.
  • Developed a capability to bind an in-person proofing event at a Commonwealth of Virginia DMV to a credential.
  • Currently RP testing with Sentara Healthcare.

Outcomes

  • Developed solution to bind identity proofing to login credentials. For instance, AAMVA brokered process that enables individuals to link social logins to a set of DMV verified attributes, or via in-person proofing visit to Virginia Department of Motor Vehicles or healthcare providers. This solution is designed to restrict personal information accessible to all participant organizations to that required for a transaction.
  • With Commonwealth of Virginia, developed technology-agnostic capability for the DMV to in-person proof an individual and bind him or her to a credential.
  • With Sentara Healthcare, developed and are currently testing the identity solution for employee online transactions.

Additional information

Documents On the web
Electronic Identity | PDF

AAMVA on Secure ID News | more

Identification security page | more

Press release announcing pilot award | PDF

Last updated: 06/29/2016


Cedars-Sinai Medical Center

Project status: active

Cedars-Sinai Medical Center will implement a federated identity, single sign on, multi-factor authentication solution across distinct healthcare systems for patients and providers. The solution aims to simplify patient transition from Cedars-Sinai Medical Center, an acute-care setting, to post-acute care settings, such as California Rehabilitation Institute. Patients and providers will have a single credential on a portal with the purpose of giving them easier access to information to improve quality of care.

Last updated: 12/31/2017


Commonwealth of Pennsylvania

Project status: active

Enabling resident access to state and county services online by verifying identities remotely

The Commonwealth of Pennsylvania is deploying a state identity exchange that enables individuals to obtain a Keystone ID - through two identity proofing options - and use this credential to conduct online transactions across the Commonwealth. With this solution, citizens are able to register just once to access a variety of services, eliminating the need to create multiple accounts and to validate their identity multiple times. If successful, these accounts will allow more state applications to offer services online, increasing convenience to residents.

Milestones

  • Enabled Pennsylvania citizens to electronically submit claims to the PHRC.
  • Anticipated launch with the Business Partner Application at the Pennsylvania Department of General Services by the end of summer 2016.
  • Launched with Allegheny County, Pennsylvania, to enable residents to view applicable county services with the same trusted credential used at other state agencies, including the Department of Human Services.

Additional information

On the web

Pennsylvania in Secure ID News | more

Pennsylvania on re:ID episode 118 | more

Last updated: 06/29/2016


Confyrm, Inc.

Project status: active

Demonstrating how early notification of suspicious account activity can reduce online fraud

Confyrm will demonstrate ways to minimize loss when attackers takeover email accounts by preventing them from taking over additional accounts that rely on that email address. A key barrier to federated identity is the concern that accounts used in identity solutions may not be legitimate or in the control of their rightful owner. Many high assurance credentials rely on a password reset option via a lower assurance email account. By effectively communicating potential breaches of the email account to relying parties (RPs), fraud can be mitigated. Account compromises and the subsequent misuse of identity can result in the destruction of personal information, damage to individual reputations, and financial loss. Confyrm proposes to demonstrate how a shared signals model can mitigate the impact of account takeovers through early fraud detection and notification, with an emphasis on consumer privacy. Aligning with the guiding principles, this solution aims to enable individuals and organizations to experience improved trust and confidence in identities online.

Additional information

Documents Presentations On the web
The Shared Signals Model | PDF Shared Identity Signals | PDF

Confyrm: Prevent account takeovers by ‘sharing signals’ | more

Confyrm on re:ID episode 130 | more

Sygnal Manager | link

Last updated: 07/05/2016


Criterion Systems, Inc.

Project status: graduated

Enabled businesses to more easily identify customers and users through identity attribute verification

Criterion Systems, Inc., successfully deployed a user-centric Attribute Exchange Network (AXN) that enables individuals to enhance their existing credentials (e.g., email, social network providers) for use in secure transactions. The AXN brings together multiple identity providers (IdPs) and attribute providers (APs), allowing individuals to manage their attribute data via a user-managed console. The AXN creates a modular way for online service providers to help individuals “build” a strong credential for enhanced-trust applications by linking together multiple claims (e.g., name, street address, age) already known by APs in the marketplace.

Milestones

  • Launched with Broadridge Financial Services and DHS/NICS.
  • Completed RP testing with Census.
  • Completed testing with a Fortune 500 company.

Outcomes

Additional information

Presentations On the web
Identity enables a new relationship | PDF

Could Google IDs Help Emergency Crews Reach Disaster Areas Faster? | NextGov

Criterion: Implement attribute-exchange network | more

Criterion in Secure ID News | more

Last updated: 07/05/2016


Daon, Inc.

Project status: graduated

Enabled business to provide strong, user-friendly authentication methods at scale using biometrics

Daon adapted its IdentityX authentication technology to align with the guiding principles by updating the solution to a federated, interoperable, standards-based (Security Assertion Markup Language [SAML] and OpenID Connect [OIDC]) capability designed to offer strong authentication in a manner that improves both security and usability. Daon’s IdentityX solution provides multi-factor authentication (MFA) on the iOS and Android platforms with the ability to selectively combine a variety of traditional and non-traditional authentication methods of varying strength – voice and face biometrics, device authentication, password, PIN, one-time password, and location – depending on the risk level of the transaction and customer choice. Daon also worked with the Kantara Initiative and FICAM’s Trust Framework Solutions (TFS), the federated identity framework for the U.S. Federal Government.

Milestones

  • Launched with the AAAE, Purdue University, AARP.
  • Informed United Services Automobile Association (USAA) MFA implementation.

Outcomes

  • Developed capability for users to leverage mobile devices to use biometrics to securely access online information.
  • Impacted over 1.6 million USAA users via Daon’s facial/voice recognition technology and also provided lessons learned in using MFA for more secure and convenient mobile account access and online payments for MasterCard
  • With AAAE, developed plan to continue commercialization by enabling individuals to use MFA to access results of their FBI criminal history records check.
  • With AARP, piloted ability for members to access personal health information using an interoperable MFA credential.

Additional information

Documents On the web
Privacy Preserving Biometrics-Based and User Centric Authentication Protocol | more

Biometric Tipping Point: USAA Deploys Face, Voice Recognition | American Banker

Daon: Authenticate seniors via mobile biometrics | more

Daon in Secure ID News | more

Daon on re:ID episode 100 | more

Pilot with AAAE goes live | more

Press release: Daon led team to provide digital identity solution for United States cybersecurity initiative | more

Press release: Daon and AAAE go live | more

Press release: Daon to work with MasterCard on driving greater convenience, security through biometrics | more | more

Testimony: Office of the National Coordinator for Health Information Technology | PDF

Last updated: 07/05/2016


Exponent, Inc.

Project status: graduated

Focused on piloting identity solutions that leverage strong authentication instead of passwords

Exponent, Inc., focused on piloting two identity verification solutions: mobile devices that leverage derived credentials stored in the device’s SIM card and secure wearable devices. Exponent looked to build its solutions upon standards, ensuring the production of an interoperable system that could be adopted easily by a wide variety of organizations and companies.

Last updated: 03/31/2016


Florida Department of Revenue, Child Support Program

Project status: active

The Florida Department of Revenue aims to improve identity processes for online access to several Child Support Program applications. The new registration and authentication process will: increase the number of online services available to customers, provide convenience through a single login identity, and improve security by offering customers device registration options. The solution will allow the Child Support Program to increase the efficiency and effectiveness of our services while meeting customer expectations and the growing desire to conduct business more efficiently and effectively through online interactions with government agencies.

Partner

Last updated: 08/01/2017


Galois, Inc.

Project status: active

Providing individuals with the ability to store and share private information online secured by strong authentication

Galois will work with partners to develop just-in-time transit ticketing on smartphones and integrate the secure system into an internet of things-enabled smart home. To enable these use cases, Galois is building a tool that allows users to store and share private information online. The user-centric personal data storage system will be built securely from the ground up and leverage strong authentication techniques.

Partners

HiringThing

Moovel

 

IOTAS

Additional information

On the web

Atlanta Streetcar has Tozny Built-In | more

InnoVault website | more

NIST Pilot Helps to Launch Atlanta Streetcar App | more

Tozny launches end-to-end encryption toolkit for developers | more

Last updated: 08/01/2017


Gemalto, Inc.

Project status: active 

Gemalto is working with departments of motor vehicles and key stakeholders to issue digital driver’s licenses to the residents of Colorado, Idaho, Maryland, Wyoming and Washington D.C. Gemalto aims to improve the way people conveniently and securely present and prove their identities to business and government entities by offering a digital driver’s license, accessible via a mobile application. Pilot participants and government and commercial entities have field tested the technology in a variety of use cases, including verifications at airport security and law enforcement stops, during proof-of-age transactions, and through online asset sharing. The benefit for citizens and relying parties is being able to securely present and authenticate a trusted government-issued digital identity via mobile platforms to facilitate and automate the applications that rely on the physical presentation of identity documents today.

Additional information

On the web

Blog: Driving innovations in technology throughout U.S. history | more

Colorado will take part in digital driver's license program | more

Notes from the field | more

Press release: Gemalto Wins U.S. Government Grant for Digital Driver’s License Pilot in Four Jurisdictions | more

Press release: Maryland Paves the Way for Customer Convenience with New Highly Secure Digital Driver’s License Technology | more

Last updated: 05/15/2018


Georgia Tech Research Institute (GTRI)

Project status: graduated

Accelerated cross-federation interoperability by developing machine readable trustmark definitions that may streamline on-boarding processes

GTRI tackled a significant barrier to adoption within the Identity Ecosystem: the difficulty in enabling trust and interoperability across multiple communities of interest (COIs) and trust frameworks. In simple terms: how can identity providers (IdPs), relying parties (RPs), and end users trust each other in a way that’s scalable across the Identity Ecosystem? While different COIs often have their own specific rules to enable trust, there are also certain requirements that are consistent across communities. GTRI focused on identifying these common rules by componentizing the many parts of trust frameworks into individual trustmarks. For instance, GTRI can analyze requirements from two COIs and componentize them into discrete sets for trustmarks. The hypothesis is that many of these trustmarks will be common across the two COIs. By identifying the commonalities and differences between two COIs, it becomes simpler for a participant of one COI to identify what it needs to do to become a member of the other. Componentizing based on standards and clearly defining trustmarks for specific policies may also allow website owners, trust framework providers (TFPs), and individual internet users to more easily understand the technical, business, security, and privacy requirements and policies of the websites with which they interact.

Milestones

  • Published 643 unique trustmark definitions online.
  • Published 236 trust interoperability profiles that represent federal policies from NIST, Federal Bureau of Investigation (FBI), the Federal Identity, Credential, and Access Management (FICAM) program, and others.
  • Issued trustmarks and executed eleven legal agreements to National Identity Exchange Federation (NIEF) organizations.

Outcomes

  • Developed a trustmark framework to facilitate greater trust and interoperability across the Identity Ecosystem.
  • Encouraged interoperability by demonstrating that the elements that enable trust between organizations can be encapsulated in over 643 machine readable trustmark definitions, and trustmarks can be issued and asserted from those trustmark definitions to establish new trust relationships. This capability is live in NIEF and is being used for a recidivism pilot with the State of Alabama that launched in 2016.
  • Trustmark outputs have catalyzed additional work in using trustmarks for security policy assessments, including: NIST Special Publication (SP) 800-53, FBI Criminal Justice Information Services (CJIS) Security Policy and Federal Bridge Certificate Authority (CA)/Personal Identity Verification Interoperability (PIV-I). 
  • Catalyzed a series of follow-on projects to continue developing the trustmark framework, software tools, and other artifacts as part of an emerging Information Sharing and Safeguarding Core Interoperability Framework (ICIF) for the counterterrorism community based on the concept of an agile assertion-based federated architecture.
  • Led to the identification of five use case applications for the trustmark framework: Agile Cross-COI Identity Trust Frameworks; Policy-Based Information Sharing and Safeguarding; Assessment, Certification, and Accreditation Continuous Monitoring; Meta-Framework for High-Value Trusted Attributes; Security, Privacy, and Trust Negotiation for the Internet of Things (IoT).

Additional information

On the web Presentations

Establishing trust and interoperability in the information sharing environment | more

GTRI in Secure ID News | more

GTRI on re:ID episode 114 | more

GTRI trustmark pilot | more

Trustmark definitions list | more

Trust interoperability profiles | more

Scaling Interoperable Trust through a Trustmark Marketplace | PDF

Last updated: 11/02/2016


GSMA, Inc.

Project status: active

Convening mobile network operators to deploy an interoperable solution enabling strong mobile authentication

GSMA has partnered with four of America’s major mobile network operators – AT&T, Sprint, T-Mobile USA, and Verizon – to pilot a common approach to enable consumers and businesses to use mobile devices for secure, privacy-enhancing identity and access management. As the foundation for the pilot, GSMA’s global Mobile Connect Initiative will be augmented in the United States to align with the Strategy. By allowing relying parties (RPs) to more easily accept identity solutions from any of these major network operators, the solution is intended to reduce a significant barrier to online service providers accepting mobile-based credentials. GSMA also will tackle user interface, user experience, security, and privacy challenges, with a focus on creating an easy-to-use solution for consumers.

GSMA, NIST, and San Diego Health Connect are working together to enable more secure access to electronic health records to emergency first responders in the field. Most recently, at Mobile World Congress Americas, individuals had the opportunity to experience how, in an emergency situation, medical personnel attending to a patient in an ambulance (American Medical Response) can use Mobile Connect to authenticate into the San Diego Health Connect HIE, through the W.A.T.E.R application, to access the patient’s electronic medical record using a mobile device, phone number, and biometrics.

Milestones

  • Launched partnerships with relying parties across healthcare, finance, and eGovernment.
  • Developed and tested an interoperable identity platform across all four major mobile network operators.

Outcomes

  • GSMA signed contracts with all 4 Tier 1 Mobile Phone Operators (Verizon, AT&T, T-Mobile, and Sprint), Ericsson, and Gemalto to conduct identity pilots across healthcare, finance, and eGovernment.
  • Developed platform to conduct low-risk and high-risk transactions, interoperable with Verizon, AT&T, T-Mobile, and Sprint​.
  • Completed evaluation of multiple ways to enable multi-factor authentication (MFA) on customer mobile devices — including SMS, mobile app, and SIM applet — to determine the phase two pilot approach.

Additional information

On the web

San Francisco holds largest cellphone conference in the U.S. | more

MWCA: Digital Identity in the Innovation City | more

Last updated: 10/31/2017


HydrantID

Project status: active

HydrantID will create and deploy a centralized cloud based privacy enforced identity federation service. The identity federation service will ensure privacy through the use of ring digital signatures and transaction encryption. Its design utilizes payload encryption to blind the federation platform operator from transaction data and utilizes ring digital signatures to ensure endpoint blinding to prevent relying parties or credential service providers from knowing each other’s identity for a given user transaction. Transaction encryption restricts user data access to a “need to know” basis. The goal is to ensure user data privacy and the prevention of identity usage tracking while leveraging the advantages of federated identity.  The service will provide a single policy and participant configuration point for all members of a federation.

Partners

Last updated: 09/06/2017


ID.me, Inc.

Project status: active

Enabling individuals to assert their identities online through attribute verification to access online discounts, benefits, and government services

Through the Pilots Program, ID.me has enhanced its existing identity solutions to further align to the Strategy and accelerate the adoption of trusted digital credentials across commercial and government organizations. ID.me’s approach to identity attribute verification and credentialing enables registered users to voluntarily assert validated attributes about themselves while also accessing sensitive information and services online in a more privacy-enhancing, secure, and efficient manner. ID.me currently works with retail organizations, financial institutions, and government agencies. ID.me began as TroopID, enabling America's service members, veterans, and their families to verify their military affiliation online across a network of organizations that provide discounts and benefits in recognition of their service. They’ve expanded to now verify the affiliations of first responders, students, and teachers. As of March 31, 2015, close to one million consumers had used ID.me credentials to access discounts and benefits online.

ID.me will also work with the City of Austin, Texas, to develop a city level blueprint for increased trust between participants in the sharing economy. The goal of the pilot is to demonstrate a viable model for strong authentication that is acceptable to key stakeholders in the sharing economy and replicable in other municipalities. With the State of Maine, ID.me will implement a federated identity model for applications to increase citizen access to benefits and to demonstrate interoperable credentials at the federal and state level.

Milestones

  • In production with more than 450 commercial organizations (e.g., Sears, SeaWorld, Under Armour), government entities, and non-profit organizations (e.g., U.S. Chamber of Commerce).
  • Obtained FICAM TFS certification (via Kantara) as a credential service provider (CSP) at levels of assurance (LoA) 1, 2, and 3 to provide federated login for constituent-facing government services.

Outcomes

  • Multiplied its membership, enabling an additional one million service members, veterans, teachers, first responders, and students to access discounts and benefits online without having to share sensitive documents or personally identifiable information each time they want to prove eligibility. Since March of 2015, ID.me has increased the number of relying parties (RPs) using its services by 125%.
  • Demonstrated positive return on trusted identity solutions; for example, the Tampa Bay Rays sold over 50,000 tickets over a six-month period with their ID.me-enabled military program Rays Honor Pass.

Additional information

On the web

ID.me: Deploy privacy-enhancing authentication engine | more

Under Armour Honors Heroes and Sees Double-Digit Affiliate Revenue Growth | more

Last updated: 08/01/2017


Michigan Department of Health and Human Services (MDHHS)

Project status: graduated

Streamlined and secured citizen access to state services to reduce fraud

The Michigan Department of Health and Human Services piloted the use of online identity verification and authentication solutions with MiBridges, Michigan's integrated eligibility system that supports online enrollment and registration for over 2.3 million Michigan residents seeking public assistance. The pilot project, in partnership with LexisNexis, aimed to help eliminate barriers citizens face in accessing benefits and services by streamlining the identity proofing part of the applications process, while also reducing fraud and improper payments. The pilot project also evaluated how residents can more securely access their private information using multi-factor authentication (MFA) solutions.

Partner

LexisNexis

Milestone

 

  • Enabled over 830,000 Michigan citizens to use the pilot solution to prove their identity online to digitally access state benefits and services.

Additional information

 

Documents On the web
Pilot evaluation report by RTI International | PDF

Michigan on re:ID episode 116 | more

Michigan Pilots Online Identification Tool to Fight Fraud | more

State Identity Verification – Michigan Case Study | more

Last updated: 07/05/2016

 


Idemia Identity & Security USA, LLC

 

Project status: active

 

Securing access to state benefits and tax returns through biometric credentials

 

Idemia Identity & Security USA, LLC proposes to extend the trust placed in state-issued driver licenses as a primary proof-of-identity document into the online world, enabling more secure transactions and delivery of state services to citizens. The pilot leverages identity proofing done in the drivers licensing process to create a digital credential (“eID”). For applicants to Food and Nutrition Services (FNS) programs in the North Carolina Department of Health and Human Services (NC DHHS), the solution aims to eliminate the need for people to appear in person to apply for benefits, reducing costs to the state while providing applicants with faster, easier access to benefits. The pilot has also partnered with the States of North Carolina and Georgia to deliver a pilot program enabling state income tax filers (as North Carolina or Georgia driver license/ID holders) to opt into creating an eID. The pilot aims to empower the tax filers to secure and protect the filing of their tax returns and reduce the risk of fraud to taxpayers at both federal and state levels.

 

 

Milestones

 

  • Integrating with NC DOT.
  • Developing and testing mobile application for facial biometric capture.

Outcomes

 

  • With NC DOT, enable applicants to the NC DHHS to remotely proof themselves to apply for benefits – with a launch estimated for fall 2016.
  • Results of facial biometric capture testing inform the implementation of a more secure, more convenient proofing and authentication mechanism that leverages an in-person proofing event at the NC DOT.

Additional information

 

On the web

MorphoTrust USA launches electronic ID pilot to combat tax fraud in Alabama | more

MorphoTrust USA on re:ID episode 149 | more

 Last updated: 05/15/2018

 


Ohio Department of Administrative Services

 

Project status: active

 

The State of Ohio Department of Administrative Services will implement a range of identity-related capabilities including multi-factor authentication to stronger identity proofing, for three state services. These services include enterprise e-licensing, online filing and payments for businesses in the state, and tax-related transactions with the Ohio Department of Taxation.

 

 

 Last updated: 08/01/2017

 


Privacy Vaults Online, Inc. (PRIVO)

 

Project status: graduated

 

Enabling parents to more easily manage their kids’ interactions with websites and apps

 

PRIVO piloted a solution to improve the way parents and guardians establish and leverage their digital identities to authorize their children’s interaction with online services (e.g. apps, websites, games, connected toys, etc.), in order to comply with the Children's Online Privacy Protection Act (COPPA) and other online privacy laws. COPPA explains what an online operator must include in a privacy policy, when and how to seek verifiable consent from a parent, and what responsibilities an operator has to do in order to protect children’s privacy and safety online. PRIVO is a Federal Trade Commission (FTC) approved identity and permission management solution provider with COPPA Safe Harbor status. Organizations that partner with PRIVO to become COPPA compliant first undergo the procedures of the safe harbor program to receive its protections. With this pilot, PRIVO enhanced its safe harbor offering to expand on its policy and technology solution to make it interoperable and more robust, secure, privacy enhancing, and easy to use for parents, children, and online service providers.

 

 

Milestones

 

  • Launched with NASA, Glogster.edu, Rocket21, Houston Texans, A&E, Wonder Workshop, and others.
  • Completed a proof of concept with a large U.S. toy company with a goal of protecting over 10 million children’s online accounts.
  • Working with a children entertainment brand on new prototyping efforts for their personalized and adaptive learning platform, directly engaging kids and their families, needing parental consent and a convenient and secure way to sign-on. 

Outcomes

 

  • Designed to enable a parent-authorized, kid-friendly federated single sign-on (SSO) - OpenID Connect certified. The PRIVO iD enables parents to more easily provide or revoke permissions and manage their children’s access to approved relying parties (RPs) apps, sites and games compliant with regulations – e.g., COPPA. More than 300,000 accounts are under management by PRIVO.
  • Enabled identity provider (IdP) services with interoperable standardized authentication protocols SAML and OIDC, intending to enable a more seamless user experience across RPs.
  • Authored the Minors Trust Framework (MTF), an online identity trust model, that integrates the guiding principles with COPPA and is mapped to the Identity Ecosystem Framework (IDEF),  the Student Privacy Pledge, FICAM and soon the EU’s new General Data Protection Regulation (GDPR), the Family Education Rights and Privacy Act (FERPA) and unique needs of K-12 education regulations with the goal of establishing widespread adoption. The MTF is now published with the Open Identity Exchange (OIXnet.org) and is listed on the IDEF Registry.
  • Produced online privacy curriculum for elementary schools called POPS (Privacy on Patrol Squad) to educate both kids and adults. The curriculum is currently being distributed as a free resource via the Foundation for Technology and Privacy Outreach.
On the web

Minors Trust Framework | more

NIST grant | more

PRIVO: Secure kids’ identities online | more

PRIVO on re:ID episode 113 | more

Last updated: 10/25/2016

 


Resilient Network Systems, Inc.

 

Project status: graduated

 

Provided secure and privacy-enhancing ways to share information between healthcare organizations, the law enforcement community, and in education

 

Resilient Network Systems (RNS) deployed a decentralized authentication system – based on a network of identity providers (IdPs), attribute providers (APs), and relying parties (RPs) – that limits the distribution of personal information. This work enabled San Diego Beacon (a healthcare provider) and California public schools to operationalize identity solutions across their systems, with the goal of more securely accessing sensitive information.

 

 

National Laboratory of Education Transformation

California's Pajaro Valley Unified School District

National eHealth Collaborative

Kantara

 

Milestones

 

  • Entered third year of production with Northern California Regional Intelligence Center (NCRIC), resulting in increased information sharing within the law enforcement community.
  • Launched with San Diego and Gorge Health Connects and California’s Pajaro Valley Unified School District (PVSD).

Outcomes

 

  • Deployed solution exploring privacy preserving benefits of a distributed architecture to access health/education data.
  • With NCRIC, using RNS to facilitate access management of sensitive applications, increasing information sharing within the law enforcement community.  Solution being considered to tackle nationwide access control and information sharing challenges (e.g., via FirstNet).
  • With San Diego and Gorge Health Connects: piloted RNS, verifying doctor and staff identities to enable the sharing of patient health data between these health information exchanges.
  • With PVSD: further engaged parents and guardians by verifying their relationship to students and providing them more secure online access to their students’ records.​ Second year redeployment and Monterey County integration possible.

Additional information

 

On the web

Pilot update | more

Resilient on re:ID episode 99 | more

Resilient in Secure ID News | more

Last updated: 03/31/2016

 


Transglobal Secure Collaboration Program (TSCP)

 

Project status: graduated

 

Proved the capability for leveraging strong corporate credentials for personal use

 

The TSCP pilot was focused on broadening the reach of its core operating rules to incorporate credentials with all levels of assurance, for both public key infrastructure (PKI) and non-PKI environments, and across multiple sectors. Prior to this pilot, TSCP had established a set of core operating rules that enabled firms in the aerospace and defense sectors to trust each other’s high assurance credentials, as well as the credentials of federal agencies. The goals of the pilot project were to create a trust framework that allows employees of participating companies to use their existing credentials to more securely assert their identities and log into retirement accounts at a brokerage firm and other financial institutions, rather than maintaining separate credentials for these sites.

 

Partner

 

Fidelity

 

Milestones

 

  • Completed relying party (RP) testing with Fidelity.
  • Published Trust Framework Development Guide to help organizations develop trust frameworks.

Outcomes

 

  • With Fidelity (Net Benefits app), proved technical capability of using strong corporate credentials issued to an employee to access their personal 401k accounts by piloting corporate-provided PIV-I credentials.
  • Aligned TSCP core operating rules with FICAM levels of assurance (LoA) 1-4, and added guidance for comparability, facilitating identity federation across financial, aerospace, and defense industries.​
  • DHS recently awarded TSCP a grant to extend its Trust Framework into additional markets, enabling an interoperable standard for first responders during emergency events to securely share information between the public and private sectors.

Last updated: 03/31/2016

 


University Corporation for Advanced Internet Development (UCAID or Internet2)

 

Project status: active

 

Convening partners and developing open-source technology to simplify multi-factor authentication (MFA) enablement and increase adoption

 

Internet2 is developing tools and initiatives to advance privacy-enhancing technology for the Identity Ecosystem. Their work includes deploying smartphone-based multi-factor authentication (MFA) across three major university campuses, establishing a collaborative group to accelerate the adoption of MFA across universities, developing a user-centric privacy management tool, and assessing the current state of anonymous credential technologies.

 

 

Milestones

 

  • Deployed open source code on GitHub.
  • Launched production with MFA pilots at MIT and the UT.
  • Developed consent manager architecture to support informed and effective consent.

Outcomes

 

  • Deployed MFA at MIT and UT, and created a forum for over 50 university campuses and affiliates – representing more than a million users – to accelerate deployment of MFA technologies.
  • Developed open source, simplified MFA enablement of identity providers (IdPs), catalyzing adoption in the research and education community; over 140 universities have begun to deploy MFA technology.
  • Driven by Carnegie Mellon research into user preferences for managing personal information, developed open-source privacy manager called PrivacyLens, giving users more effective methods for transparent, granular, consent-based release of personal information or attributes associated with their credentials.

Additional information

 

Presentations On the web
Identity Management as the Security Perimeter: Creating Your Enterprise Strategy | PDF

Shibboleth Consortium | more

UCAID in Secure ID News | more

UCAID on re:ID episode 101 | more

Last updated: 08/01/2017

 


Yubico, Inc.

Project status: active

Yubico is currently focused on enabling secure online access to disaster preparedness resources for members of the New York Air National Guard. For that service, Yubico is deploying FIDO Alliance WebAuthn and FIDO2-based YubiKeys and relying on the remote identity proofing capabilities of ID.me with the goal of creating a strong binding between the 2nd factor authentication device (YubiKey) and the online identity for access to resources.

Previously, Yubico had successfully deployed FIDO Alliance Universal 2nd Factor-based YubiKeys to secure online access to an educational portal for the staff and a number of parents/guardians in the Palo Alto Unified School District in Palo Alto, California.

Last updated: 01/04/2021

 


More published results and lessons learned

 

Catalyzing the Identity Ecosystem (NISTIR 8054)

report on the status of many of the pilots
read

Evaluation Report on the Michigan Department of Health and Human Services Pilot

RTI International's report sharing the results of an assessment of the Michigan Department of Health and Human Services (MDHHS) pilot
read

Future releases

In early 2017, NIST issued a notice of funding opportunity seeking an assessment to evaluate how well five TIG 2016 state and local pilots have used digital identity technologies to improve and streamline the delivery of state and local government services. NIST has awarded Research Triangle Institute(link is external) (RTI)—an independent, nonprofit research institute—to conduct the evaluation and help shed light on how successfully public sector programs can adopt similar solutions. RTI will interact with each pilot team, including the Florida Department of RevenueYubicoOhio Department of Administrative ServicesGemalto, and ID.me, to establish baseline metrics and collect ongoing data during implementation, with different timelines for each pilot. NIST anticipates that RTI will release one report for each project (five in total) and a final report summarizing the lessons learned from the five pilots, which will be issued at the end of the project. Throughout the grant, RTI will be finding ways to disseminate these findings broadly to reach communities that can benefit from the great work of RTI and the projects’ partners. | more

 

More information about the pilots can be found on the I Think, Therefore IAM blog.

more

 

For an archive of trusted identities notices of funding opportunities, click here.

 


In the news

 

Fighting tax related ID fraud with your cell phone, one selfie at a time | Forbes | September 15, 2016

Companies are betting on a new way to protect your identity: the selfie. | Washington Post | May 6, 2016

Electronic ID pilot aims to bolster authentication, save governments millions during tax season | Government Technology | March 7, 2016

Making mobile phones the authentication hubs for smart homes | GCN | November 24, 2015

How 3 Oregon tech firms plan to make the internet of things smarter – and less creepy | Portland Business Journal | November 9, 2015

Georgia, North Carolina take aim at tax fraud with new app | State Scoop | October 6, 2015

Biometrics find support from an unlikely demographic: seniors | American Banker | May 14, 2015

Could Google IDs help emergency crews reach disaster areas faster? | Next Gov | May 13, 2015

Campuses deploy multi-factor via higher ed ‘cohortium' | Secure ID News | March 10, 2015

Biometric tipping point: USAA deploys face, voice recognition | American Banker | February 3, 2015

Michigan pilots online identification tool to fight fraud | Government Technology | January 9, 2015

US seniors group praises NSTIC biometric identity pilot | Planet Biometrics | December 4, 2014

 

 

 

Unless otherwise cited, all milestones and outcomes are self-reported by the pilots.

 

Created April 29, 2016, Updated October 3, 2023