“It is clear from all of the great sessions and discussions last week – including advancements for derived credentials, innovative uses of technologies like near field communications and alternative authentication technologies, and a call-to-action to accelerate the adoption of interoperable identity and access solutions – that there is a real sense of urgency to push identity and security forward in government,” said Randy Vanderhoof, executive director of the Secure Technology Alliance. “With the majority of attendees from federal agencies, this event has become a hub for government and security executives and industry leaders to come together to make real progress in this space.”

In a discussion on federal identity programs and standards, speakers gave an update on the status of derived PIV[1] credentials and expanding the use of PIV credentials to mobile devices. They highlighted that while the root of trust starts with PIV, the industry is considering how to utilize different types of identifiers and authenticators on mobile devices to allow authentication at different levels of assurance for different applications. Speakers noted that today, derived PIV credentials are being piloted in some one-off developments for specific use cases and there is no standard implementation being widely adopted – but there is potential for this in the future.

Innovations Improving Identity Security in Government

In a panel, moderated by Anil John, Department of Homeland Security, on the DHS’s Identity Management and Data Privacy Research and Development Program, three federal program leads outlined the efforts surrounding innovative technologies for improving security, identity and privacy in government:

- John Fessler, Exponent & Kantara Initiative, discussed an ongoing project that enables the use of derived credentials over a secure near field communications (NFC) channel using Opacity technology on a mobile device for physical access control
- Michael Queralt, Queralt, Inc., described the company’s research project on mapping PIV credentials onto FIDO-compliant devices to grant mobile users simpler access to applications and data while requiring a higher level of authentication
- Devu Manikantan Shila, United Technologies Research Corporation, outlined a project called Context Aware Security Technology for Responsive and Adaptive Protection (CASTRA) that leverages analytics on mobile sensor data to learn various human behavioral traits, such as gait, location, proximity and app usage, to enable an active authentication capability

Joseph Stuntz, Office of Management and Budget and James Sheire, GSA Office of Government-wide Policy shared updates on the impact of the new Executive Order strengthening the cybersecurity of federal networks and critical infrastructure, and GSA’s efforts for improving identity and security in government through their new website, www.IDManagement.gov. The website, which is now live, provides the federal government with more digestible digital assets that can be easily updated as policies and regulations change.

Another innovation making an impact on government is the NIST[2] Special Publication 800-63-3 on “Digital Identity Guidelines,” which outline the identity proofing and authentication requirements for Federal agencies implementing digital identity services. At the event, speaker Paul Grassi, NIST Trusted Identity Group, said the guidelines are slated to be published later this month. As a next step, Grassi said NIST plans to build on these requirements by providing actionable guidance for implementation.

A Call to Action for Open, Interoperable Authentication

The one-day showcase wrapped up with a call-to-action discussion on what the industry can do to further accelerate the adoption of interoperable solutions for federal identity management and access security. Moderator Randy Vanderhoof, Secure Technology Alliance, and federal government panelists Tim Baldridge, Department of Defense, LaChelle LeVan, GSA[3]/FICAM[4], and Michael Garcia, NIST Trusted Identity Group discussed that today’s methods of identification and authentication for access are too single-sourced, and don’t provide enough flexibility for new and emerging use cases, such as remote access. Panelists came to the conclusion that there is no one-size-fits-all authentication solution for government – instead, the industry needs more open, interoperable solutions that can be used for a variety of use cases.

For more information on the Secure Technology Alliance and government identity resources, visit the Government Identity/Credentialing Resources on the Secure Technology Alliance website.

About the Secure Technology Alliance

The Secure Technology Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption and widespread application of secure solutions, including smart cards, embedded chip technology, and related hardware and software across a variety of markets including authentication, commerce and Internet of Things (IoT).

The Secure Technology Alliance, formerly known as the Smart Card Alliance, invests heavily in education on the appropriate uses of secure technologies to enable privacy and data protection. The Secure Technology Alliance delivers on its mission through training, research, publications, industry outreach and open forums for end users and industry stakeholders in payments, mobile, healthcare, identity and access, transportation, and the IoT in the U.S. and Latin America.

For more information, please visit www.securetechalliance.org.

Contact
Megan Shamas
Montner Tech PR
203-226-9290
mshamas@montner.com

[1] Personal Identity Verification

[2] National Institute of Standards and Technology

[3] General Services Administration

[4] Federal Identity, Credential, and Access Management

In order to realize the benefits of the IoT, there are three critical components for the ecosystem to thrive: reliable connectivity, strong security and an agile monetization framework.

Visit booth #1714 to experience how Gemalto and attending partner, West, create the secure, connected and revenue driven technology needed for any IoT deployment.

Connect.
West’s Safety Services provide the critical link between the private and public safety sectors with connectivity to improve emergency response. Leveraging Gemalto’s IoT module services, West will demonstrate their Emergency Aware Services solution which blends intelligence from field deployed Gemalto M2M Modules into incident command context. For instance, when smart city elements such as fire detection sensors are activated, the public safety command can instantly geo-fence the area, asses the seriousness of the situation, and identify and notify first responders in the area.

Secure.
As LPWANs (Low-Power Wide Area Networks) are booming, Gemalto will demonstrate its new Trusted Key Manager (TKM) solution for the low-power LoRa™ networks. The TKM for LoRa ensures end-to-end security for IoT devices connecting over LoRaWAN™, while allowing flexibility to choose any LoRa network operator, manage massive fleets of devices, and ensure trust for IoT connected objects that thrive on cost-efficient, low-data rate connectivity.

Monetize.
Gemalto will also demonstrate Sentinel Fit, an embedded software solution for secure licensing with the ability to maximize monetization of software-based products, for even the smallest of IoT devices and intelligent machines. Sentinel Fit together with Sentinel EMS seamlessly integrates with back office systems and has a wide range of data collection and reporting capabilities. Licenses can be activated and updated throughout the entire product lifecycle, allowing full monetization and operational efficiency.

Watch the Connect.Secure.Monetize video

Upcoming Events
IoT Strategy and Innovation Workshop: Back by popular demand, Gemalto will host its second annual workshop to examine the best strategies for successful IoT deployments on May 15 from 9am – 6pm PST | Santa Clara, CA| Register here.

Hear Gemalto speak on defining a successful IoT deployment strategy
Wednesday, May 17th at 12:40 pm
Listen to industry leaders from Lina Group, Inc; PARC, a Xerox Company; Grey Heron; Zuora and Gemalto during the Executive Summit panel “Defining your IoT Strategy: Executives as IoT adoption influencers.”

About Gemalto
Gemalto (Euronext NL0000400653 GTO) is the global leader in digital security, with 2016 annual revenues of €3.1 billion and customers in over 180 countries. We bring trust to an increasingly connected world.

Our technologies and services enable businesses and governments to authenticate identities and protect data so they stay safe and enable services in personal devices, connected objects, the cloud and in between.

Gemalto’s solutions are at the heart of modern life, from payment to enterprise security and the internet of things. We authenticate people, transactions and objects, encrypt data and create value for software – enabling our clients to deliver secure digital services for billions of individuals and things.

Our 15,000+ employees operate out of 112 offices, 43 personalization and data centers, and 30 research and software development centers located in 48 countries.

For more information visit www.gemalto.com, or follow @gemalto on Twitter.

Gemalto media contacts
Philippe Benitez
Americas
+1 512 257 3869
philippe.benitez@gemalto.com