Multifactor authentication and OpenID could get a boost when a pilot project begins testing a new validation system...
designed to verify a person's identity when conducting sensitive transactions.
Verizon and the entire Criterion-led team is looking to prove that strong authentication for consumers can be delivered in an easy to use, personalized, and effective manner resulting in reduced on-line fraud and enhanced privacy.
Tracy Hulver, chief identity strategist, Verizon
Verizon and Criterion Systems will conduct a pilot program to test the validation system for sensitive transactions such as online banking and accessing medical records. The two companies were recently awarded a federal grant to move forward with testing.
Project participants hope the tests could bolster the online identity ecosystem. The goal is to create a cost-effective and easy-to-use way to enable people to use one set of credentials to access any website, including banking and online retail transactions. Behind the new validation system is "trust elevation," which uses a username and password in combination with additional information to electronically validate the user’s online identity.
Verizon said it would integrate its Universal Identity Services platform into the Criterion testing program. Key to the testing is the further development and integration of an Attribute Exchange Network, which uses data from various sources to tie in a person's age, address or mobile phone number and other data for use when verifying a person's identity for a transaction.
Funding for the network is being provided by the National Strategy for Trusted Identities in Cyberspace (NSTIC). NIST has granted more than $9 million to support NSTIC. Criterion received approximately $1.9 million in funding. Other firms, including Resilient Network Systems, were given funds for projects supporting NSTIC.
"The current multifactor authentication methods will still be available via the Attribute Exchange Network (AXN), but the scope, security, privacy, and scale of implementation options will be significantly expanded and enhanced," said Tracy Hulver, Verizon’s chief identity strategist, in an email message. "Verizon and the entire Criterion-led team is looking to prove that strong authentication for consumers can be delivered in an easy to use, personalized, and effective manner resulting in reduced on-line fraud and enhanced privacy."
Under Criterion's plan, a user is issued an OpenID credential from a bank, webmail or social network and the credential is used at participating sites and services in lieu of creating a new username and password. OpenID is currently available and supported by various online firms globally, but the new system will use an individual's data attributes to bolster the verification process.
Criterion and Verizon will deploy the model using the AXN platform and ensure that the system maintains secure and accurate linking of users and their data attributes. It will also validate a way to monetize the model to incentivize banks, social networks, online retailers, governments and healthcare providers to support the system.
Some banks and other websites already prompt users with additional questions to verify their identity. The goal is to provide a network of sites that support the new validation process. Additional information can include a user’s fingerprint, recent financial transaction or mobile device.
The AXN framework was developed by Google and ID Dataweb. Testing has been ongoing and with a variety of companies. The system must use a variety of sources to verify and bind an individual’s physical and digital identity attributes. Ping Identity Corp., CA Technologies, Wave Systems and others are testing the system. Firms that collect data, such as Experian, LexisNexis and AOL are also taking part in pilot tests.