White House wants online authentication standards
President Obama has created a group called the National Strategy for Secure Online Transactions. The charge of the organization is to produce a framework that may eventually lead to U.S. citizens using strong authentication when conducting business on the Internet.
The vision of the group is: “To improve the trustworthiness and security of online transactions by facilitating the establishment of interoperable trust frameworks and implementation of improved authentication technology and processes for all online transaction participants, across federal, civil and private sectors.”
The rise of identity theft and growing concerns around cybersecurity are the reasons behind the groups activities. The group will work with government officials, industry and citizens to create a framework for online authentication. “Securing these transactions and creating a trusted online environment became a critical national priority with the release of the President’s Cyberspace Policy Review, resulting in a short-term action that recommends this strategy,” states a document in the stakeholder package for the group.
The benefits of the strategy propose to be:
- Protection of personal privacy and identity information when collected.
- Reduced financial losses and improved recovery from identity fraud.
- Ubiquitous availability of recognizable, credible, and interoperable identity media to the general public.
- Increased consumer confidence in online transactions.
- Availability of e-Government services for citizens and industry at the Federal and State level.
- Overall increased efficiency and improved user experience – fewer passwords, more online services, reduced dependency on paper transactions.
- Increased innovation to account for new business opportunities, markets, and connectivity and availability of services as industry sectors advance their cyber presence.
- Further development of interoperable standards for authentication of people, devices, software, and data.
- Increased public and industry awareness.
- Reduced identity theft even as dependence on online transaction increases.
Documents state that end results will be a partnership between public and private sector. One idea that’s been floated is creating businesses where citizens can go and bet vetted and then receive some type of authentication token, be it a smart card, one-time password or digital certificate on a computer. Whether this will be the end result is not yet know.
The identity services will also be tailored to a market, for example health care, tax, online banking, energy utilities, etc. There will also be several layers of assurance, similar to FIPS 201, that will equal with the level of risk associated with the transaction.
When it’s all said and done, the National Strategy for Secure Online Transactions aims to:
- Foster the creation and adoption of federated identity frameworks that use a variety of authentication methods
- Encourage the use of authentication methods with well-understood security, privacy, usability and cost characteristics
- Encourage the use of authentication methods resistant to known and projected threats
- Provide a general trust model for making trust-based authentication decisions between two or more parties
The strategy will apply to government-to-citizen, consumer-to-business, business-to-business and other transactions.