Skip to main content.

We seek to help establish an internet identity infrastructure / ecosystem  that: (a) allows members of the general public ("consumers")  to authorize or deny high-value, online transactions that are attempted using their identities, and (b) allows service providers to authenticate the identity or authorization status claimed by someone engaging in high-value transactions.  

Examples of high-value transactions would include the establishment of a new credit account (such as a credit card or loan), access to existing financial accounts (including movement of money out of those accounts), ability to make payments from specific payment accounts (including credit card accounts), access to online health records of specific individuals, and access to "personal data stores" that contain sensitive personal information, or information that otherwise should be strongly protected against unauthorized access.

Such an identity infrastructure, if designed and implemented appropriately, could significantly reduce identity theft and identity fraud on the internet by reducing the ability of fraudsters to impersonate consumers as well as online businesses.    

We work with individual organizations and consortia to help evaluate and/or specify policies, trust frameworks, strong authentication technologies, and other criteria needed to implement and deploy an identity infrastructure in a way that allows consumers to opt-in to participate, and that protects consumer privacy, provides usable online credentials and strong authentication methods, and is economical to implement and deploy.


A number of industry initiatives are related to this goal, many of which we participate in:

Kantara Initiative's Consumer Identity Workgroup
The Kantara Initiative was formed in June 2009 with the goal of ensuring “secure, identity-based, online interactions while preventing misuse of personal information so that networks will become privacy protecting and more natively trustworthy environments.”  Kantara’s mission will be realized through various Work Groups and Discussion Groups. 

I'm Chair of the Consumer Identity Work Group, which was formed to help foster the
development of a consumer-friendly, privacy-protecting, high assurance ‘identity layer’ for the internet that enables consumers to fully exploit the potential of the internet without fear of identity theft.    An overview of the group's work can be found in the CIWG Interim Report.  
ANSI Identity Theft Prevention & Identity  Management Standards Panel (IDSP) The ANSI Identity Theft Prevention and Identity Management Standards Panel (IDSP) is a cross-sector coordinating body whose objective is to facilitate the timely development, promulgation and use of voluntary consensus standards and guidelines that will equip and assist the private sector, government and consumers in minimizing the scope and scale of identity theft and fraud.

We have contributed to several IDSP reports:
  • The ANSI-BBB IDSP Final Report, released January 31, 2008, helps to arm businesses, government agencies, and other organizations with the tools needed to protect themselves and their customers against the theft and misuse of personal and financial information.
  • Identity Verification, a workshop report from the Identity Theft Prevention and Identity Management Standards Panel (IDSP) calls for the development of an American National Standard on identity verification as a tool to help combat terrorism and identity theft. 
  • Measuring Identity Theft, a workshop report from the Identity Theft Prevention and Identity Management Standards Panel (IDSP) addresses how research companies measure identity crime.
  • The Financial Impact of Breached Protected Health Information report, released in March 2012, provides a method for estimating the costs associated with a breach of protected health information, and provides guidance on determining the level of investment needed to reduce the probability of a breach.
North American Security Products Organization (NASPO)
NASPO has formed a standards development committee supporting the creation of an American National Standard to define minimum standards for proof and verification of personal identity.  The work of this committee is available here.  
National Stratety for Trusted Identities in Cyberspace The National Strategy for Trusted Identities in Cyberspace (NSTIC) seeks to create an "identity infrastructure" that will enable idividuals and organizations to utilize secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.

NSTIC was signed by President Barack Obama and released on April 15, 2011.  It can be obtained here.  
Kantara Initiative's Healthcare Identity Assurance Workgroup The purpose of the Workgroup is to "design, implement and test reference applications for secure access to health information."  We are a participant in these activities.  
Open Identity Exchange (OIX)Open Identity Exchange is a non-profit organization dedicated to building trust in the exchange of online identity credentials across public and private sectors.



   How High Assurance Authentication Works


  Why High Assurance Authentication is Necessary to Fight Identity Fraud

  Examples of Identity Fraud Prevention Using High Assurance Authentication


 How Can Adoption of the National Strategy for Trusted Identities in Cyberspace (NSTIC) Help      
      Prevent Identity Fraud?