Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars  Apps     EBooks
   AFCEA logo
 

NIST

Authenticating Who You are Online

September 18, 2013
By Rita Boland

Cyberspace has security problems, and the U.S. government is trying to do something about it. The National Strategy for Trusted Identities in Cyberspace (NSTIC) is promoting a plan and taking actions to move citizens beyond usernames and passwords to more powerful methods of authentication. In recent years, massive data theft has occurred in the cyber realm. Even strong passwords are vulnerable to hackers.

Identities are difficult to verify online, forcing many government and civilian transactions to occur in person to satisfy security needs. Furthermore, the complexity of having multiple passwords for myriad accounts means that many people abandon using certain Web services instead of going through the process to recover passwords they forget. Trusted identification could provide the foundation for a solution, explained Dr. Michael Garcia, deputy director, NSTIC National Program Office, National Institute of Standards and Technology (NIST), at the Biometric Consortium Conference.

To illustrate his point, Garcia explained that the U.S. Defense Department’s intrusion rate dropped 46 percent after the organization banned passwords in favor of common access cards with public key infrastructure. Costs, policy and other barriers prevent certain groups from following this model, however. The NSTIC has within it the idea of an identity ecosystem that will improve online trust. Officials believe the marketplace exists for such technology. Industry will lead the way with government serving as a convener, facilitator and catalyst, Garcia said. The private sector must determine how to build an ecosystem in which it can swap out technologies for various reasons.

Plug-and-Play Biometrics

September 1, 2012
By Rita Boland
  A U.S. paratrooper uses a handheld identity detection device to scan an Afghan man's iris while on patrol in Afghanistan's Ghazni province.
  A U.S. paratrooper uses a handheld identity detection device to scan an Afghan man's iris while on patrol in Afghanistan's Ghazni province.

Government scientists have introduced a command and control protocol designed to bring interoperability to the world of biometrics. Manufacturers now can experiment with the open design in their products, offering more flexible, less expensive technologies for authenticating identities.

This National Institute of Standards and Technology (NIST) project enables the sharing of data among biometrics sensors over wired or wireless networks via Web services (WS). Called the WS-Biometric Devices, or WS-BD, the protocol allows developers to create connections among biometric capture devices and clients connected on a network or through the Internet. “We did a lot of work to make it modality-agnostic,” Kevin Mangold, a computer scientist at NIST, explains. “You can use the same interface for ... pretty much any biometric you can think of.”

Better 
Security Is in the Cards

September 1, 2012
By Max Cacas
Patrick Grother is a computer scientist with the NIST Information Technology Laboratory, in charge of the biometric portion of the FIPS 201 update.  
Patrick Grother is a computer scientist with the NIST Information Technology Laboratory, in charge of the biometric portion of the FIPS 201 update.  

The Personal Identity Verification cards used by every federal worker and contractor are being revised to address the technology advances that have occurred since the card standards were published in 2005. Changes are expected to reflect improvements in identity verification using biometrics and to address integration of mobile devices as well as to manage credentials in a more cost effective manner.

Each Personal Identity Verification (PIV) card carries an integrated circuit chip that stores encrypted electronic information about the cardholder, a unique personal identification number, a printed photograph and two electronically stored fingerprints. Along with being used to control access to facilities, some federal agencies use PIV cards with readers to control access to computers and networks. The Federal Information Processing Standards 201 (FIPS 201) ensures that the PIV card will be interoperable across the government.

The update to FIPS 201, which defines the operation of the PIV cards, is being managed by the Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST). NIST expects to publish the final draft of the standard, which will be called FIPS 201- in the spring of 2013. The standard is currently in the comment period.

NIST Reviews Security Guidelines

September 28, 2011
By Henry Kenyon

The National Institute of Standards and Technology (NIST) has released the initial public draft of the first revision of the Guide for Conducting Risk Assessments (Special Publication 800-30). This revision shifts the focus of the guidelines from management to assessment, and NIST Special Publication 800-39 now replaces Special Publication 800-30 as the authoritative source of comprehensive risk management guidance.

Subscribe to RSS - NIST