|Ken Gantt (l) and Dr. Stephanie Schuckers join AFCEA Answers host Max Cacas to discuss identity assurance.|
When it comes to cybersecurity, one of the biggest challenges is verifying the identity of the end user, whether it’s for an e-commerce site or a secure government database. The challenge is multiplied by the explosive growth in the use of mobile devices in both the public and private sector.
Given the opportunity to create a “wish list” for industry and researchers when it comes to identity assurance, Ken Gantt, acting deputy director of the Office of Biometric Identity Management at the Department of Homeland Security, believes that first, he would like any solutions to be able to address “privacy and constitutional protections up front.” Appearing on a recent episode of the AFCEA Answers radio program, Gantt went on to recommend that agencies outline clearly what they hope to achieve within such a solution. He adds, “And then industry turns around, and says, ‘We can bring that to you with the safeguards and regulatory aspects,’ which enhance that public knowledge when it comes to safeguarding that information, and biometric information, and also regulating ourselves when it comes to the use of that information.”
Also on the program, Dr. Stephanie Schuckers, a professor at Clarkson University in Potsdam, New York, talked about research on identity assurance now underway within the Center for Identification Technology Research (CITeR), a multi-institution biometric research consortium sponsored by the National Science Foundation. One possible solution delves into the amount of information one divulges in order to verify identity.
“We want to see what we can do, what kind of technologies and policies can we put in place, to decrease the amount of information you have to reveal. If we could do biometric matching in a secure space where that information is never unlocked, that’s a technology that is an enabler that is privacy enhancing,” explains Schuckers.
Schuckers also says biometric research is looking at ways to ensure “liveness,” the notion that the biometric data being received is indeed coming from an individual who is in fact alive.