Envision It! Trusted ID-entity Citizens and Non-ID-Restistry UnTrusted Citizens

with 11 comments

Envision It! Trusted ID-entity Citizens and UnTrusted Non-ID-Registery Citizens

Envision It! Those that can blog anonymously and those that cannot, those that can bank, sell, gamble, shop and those that cannot.

Envision It! You must Register to do things that you can already do now.

Obama NSTIC Creates Second Class UnTrusted Citizen vs First Class ID Trusted Entity Citizen

Obama Unleashes N-STIC for Trusted e-Citizen Registry 

Individual Citizen Registration for Personal Trusted ID entity Card.

 National Strategy for Trusted Identities in Cyberspace (NSTIC)

Obama is planning to Grant the U.S. Commerce Department Authority over cybersecurity efforts to create an Internet ID for Americans Official Presidential Branch Press Release Info

The White House Blog

The National Strategy for Trusted Identities in Cyberspace

Posted by Howard A. Schmidt on June 25, 2010 at 02:00 PM EST

Cyberspace has become an indispensible component of everyday life for all Americans.  We have all witnessed how the application and use of this technology has increased exponentially over the years. Cyberspace includes the networks in our homes, businesses, schools, and our Nation’s critical infrastructure.  It is where we exchange information, buy and sell products and services, and enable many other types of transactions across a wide range of sectors. But not all components of this technology have kept up with the pace of growth.  Privacy and security require greater emphasis moving forward; and because of this, the technology that has brought many benefits to our society and has empowered us to do so much — has also empowered those who are driven to cause harm.  

Today, I am pleased to announce the latest step in moving our Nation forward in securing our cyberspace with the release of the draft National Strategy for Trusted Identities in Cyberspace (NSTIC).  This first draft of NSTIC was developed in collaboration with key government agencies, business leaders and privacy advocates. What has emerged is a blueprint to reduce cybersecurity vulnerabilities and improve online privacy protections through the use of trusted digital identities. 

The NSTIC, which is in response to one of the near term action items in the President’s Cyberspace Policy Review, calls for the creation of an online environment, or an Identity Ecosystem as we refer to it in the strategy, where individuals and organizations can complete online transactions with confidence, trusting the identities of each other and the identities of the infrastructure that the transaction runs on. For example, no longer should individuals have to remember an ever-expanding and potentially insecure list of usernames and passwords to login into various online services. Through the strategy we seek to enable a future where individuals can voluntarily choose to obtain a secure, interoperable, and privacy-enhancing credential (e.g., a smart identity card, a digital certificate on their cell phone, etc) from a variety of service providers – both public and private – to authenticate themselves online for different types of transactions (e.g., online banking, accessing electronic health records, sending email, etc.). Another key concept in the strategy is that the Identity Ecosystem is user-centric – that means you, as a user, will be able to have more control of the private information you use to authenticate yourself on-line, and generally will not have to reveal more than is necessary to do so.

The Department of Homeland Security (DHS), a key partner in the development of the strategy, has posted the draft NSTIC at www.nstic.ideascale.com. Over the next three weeks (through July 19^th), DHS will be collecting comments from any interested members of the general public on the strategy. I encourage you to go to this website, submit an idea for the strategy, comment on someone else’s idea, or vote on an idea. Your input is valuable to the ultimate success of this document. The NSTIC will be finalized later this fall.

Thank you for your input!

Howard A. Schmidt is the Cybersecurity Coordinator and Special Assistant to the President

The Strategy’s vision is:

Individuals and organizations utilize secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.

More specifically, the Strategy defines and promotes an Identity Ecosystem that supports trusted online environments. The Identity Ecosystem is an online environment where individuals, organizations, services, and devices can trust each other because authoritative sources establish and authenticate their digital identities. The Identity Ecosystem enables:

Security by making it more difficult for adversaries to compromise online transactions

Efficiency based on convenience for individuals who may choose to manage fewer passwords or accounts than they do today, and for the private sector, which stands to benefit from a reduction in paper-based and account management processes

Ease-of-use by automating identity solutions whenever possible and basing them on technology that is easy to operate with minimal training

Confidence that digital identities are adequately protected, thereby increasing the use of the Internet for various types of online transactions

Increased privacy for individuals, who rely on their data being handled responsibly and who are routinely informed about those who are collecting their data and the purposes for which it is being used

Greater choice, as identity credentials and devices are offered by providers using interoperable platforms

Innovation Opportunities as service providers develop or expand the services offered online, particularly those services that are inherently higher in risk

With the vision of the Identity Ecosystem in mind, the National Strategy for Trusted Identities in Cyberspace (NSTIC) identifies the following goals:

Goal 1: Develop a comprehensive Identity Ecosystem Framework

Goal 2: Build and implement an interoperable identity infrastructure aligned with the

Identity Ecosystem Framework

Goal 3: Enhance confidence and willingness to participate in the Identity Ecosystem

Goal 4: Ensure the long-term success of the Identity Ecosystem

Nine high-priority actions align to these goals and the vision. These actions provide the foundation for the Identity Ecosystem implementation. The actions are:

Action 1: Designate a Federal Agency to Lead the Public/Private Sector Efforts Associated with Achieving the Goals of the Strategy

Action 2: Develop a Shared, Comprehensive Public/Private Sector Implementation Plan

Action 3: Accelerate the Expansion of Federal Services, Pilots, and Policies that Align with the Identity Ecosystem

Action 4: Work Among the Public/Private Sectors to Implement Enhanced Privacy

Protections

Action 5: Coordinate the Development and Refinement of Risk Models and Interoperability Standards

Action 6: Address the Liability Concerns of Service Providers and Individuals

Action 7: Perform Outreach and Awareness Across all Stakeholders

Action 8: Continue Collaborating in International Efforts

Action 9: Identify Other Means to Drive Adoption of the Identity Ecosystem across the

Nation

(Under ‘Envision it’ these are actions that can and are already done. It certainly makes tax collection Smart-Phone Easy.)

Envision It!

An individual voluntarily requests a smart identity card from her home state. The individual chooses to use the card to authenticate herself for a variety of online services, including:

• · Credit card purchases,
• · Online banking,
• · Accessing electronic health care records,
• · Securely accessing her personal laptop computer,
• · Anonymously posting blog entries, and
• · Logging onto Internet email services using a pseudonym.

 

Envision It!

A power utility remotely manages Smart Grid software deployed on an electricity meter. Trusted hardware modules and secure authentication between the power company and the meter prevent deploying fraudulent meters as a way to steal electricity; ensure that the hardware and software configurations are correct; and restrict meter software to only run on authorized meters.

Likewise, the meter trusts that instructions and periodic software upgrades come from the power company.

These trusted interactions reduce the threat of fraudulent activity and deployment of malware within the Smart Grid.

Envision It!

An online auction website sets a policy that it will accept trustmark-approved credentials. The auction incentivizes private sector organizations and individuals to participate by offering a one-time discount on the service charge associated with an auction purchase and by accommodating a large variety of credentials and identity media.

Envision It!

An individual authenticates himself to an online pharmacy using a credential bound to his personal computer. The individual makes an online request for the pharmacy to fill his prescription. Through privacy-enhancing technology, the individual’s attribute provider provides authoritative proof that he is over 18 and that his prescription is valid. The technology ensures that no unnecessary information is exchanged in this transaction (e.g., his birth date, reason for the prescription). The technology also filters information so that the attribute providers –the authoritative sources of the age and prescription information – do not know which pharmacy the individual is using.

Envision It!

An individual uses a strong credential issued by a third party and bound to his existing cell phone to access government tax services online. He views tax history, changes demographic information, monitors refund status, and files his taxes electronically. Both the online service provider and the individual are able to leverage existing infrastructure (e.g., cell phone and online services) in support of the transaction

Envision It!

An individual learns of a new and more secure way to access online services using a strong credential provided by a trustworthy service provider. He learns that his cell phone carrier, bank, and local governments will all be offering credentials that will work with his personal computer. Upon further research, he also discovers that his email provider, social networking site, health care provider, and local utility companies accept the strong credential. He reflects upon his choices and selects the credential provider that provides him with the most personal convenience.

Envision It!

An energy company partners with a new and innovative identity provider to extend its energy management services. Both companies are trustmark-approved. Using a smart card issued by the identity provider (and also used to access other online services at the discretion of the individual), an individual accesses the energy company’s website to view the status of his home’s energy consumption. The website allows individuals to view the energy intake of high-consuming devices such as refrigerators, microwaves, and stoves. The individual notices that the power attributed to a particular device is higher than normal, indicating that the device may need to be fixed or replaced.

Envision It!

A large national emergency erupts on the coastline and a call for support results in a flood of first responders at the emergency site. A federal agency is able to share information with and provide direction to state and local officials, utility providers, and emergency first responders from all over the country about the local event. Each participant in the information exchange uses a credential issued by his employer to log into the information-sharing portal to see the status of events in each respective area.

Resources are deployed more quickly and with greater focus based on the information shared.

-sovereignthink

Written by sovereignthink

2011/01/13 at 5:19 am

Posted in What if…

Tagged with cyber ID, Cyber NSTIC, Cybersecurity Coordinator, Cybersecurity ID, Cybersecurity identification, Cybersecurity NSTIC, Gary Locke, government internet id, Howard Schmidt, Identity Ecosystem, internet ID, National Strategy for Trusted Identities in Cyberspace, NSTIC, obama Cybersecurity, Obama NSTIC, Obama Unleashes, Obama Unleashes Cyber NSTIC, Trusted ID-entities, Trusted identity, U.S. Commerce Secretary, unique internet ID, Untrusted identity