Kantara Initiative announced today that Exponent, Inc., (Nasdaq: EXPO) completed Phase Two of its smartphone project for Mobile Credentialing, Authentication and Attributes for First Responders using the NIST OPACITY standard extended to Bluetooth Low Energy (BLE) for secure authentication.
The OPACITY-over BLE open-source protocol developed by Exponent for this project provides authorized personnel and first responders the ability to perform mobile-to-mobile authentication and gain access to temporary locations in the field, such as a secure perimeter around an emergency location, using their smartphone equipped with the BLE protocol. Expanding OPACITY based security to Bluetooth Low Energy ensures that mobile-to-mobile communications can also be conveniently and securely conducted over BLE and be operational in situations where there is no Internet connection.
The project was developed by Exponent under Kantara’s Identity and Privacy Incubator Program (KIPI). The open source code resulting from the project is available royalty-free at https://github.com/pivOPACITY.
According to Dr. John Fessler, Principal Engineer at Exponent, “We at Exponent are excited about this Phase 2 work because, by incorporating OPACITY over BLE, we can enable BYOD capability as well as the ability to quickly provide rapid mutual authentication between two mobile devices both securely and at a distance. We believe this has potential applications far beyond the first responder use case to any situation where there is a need for authentication of an identity credential on a phone by personnel in the field. We look forward to others leveraging the code, which is freely available on GitHub, to bring these applications to reality.”
About The First Responder Mobile Authentication Project
In Phase One of The First Responder Mobile Authentication Project, Exponent used the next generation NIST OPACITY secure messaging channel as defined in NIST SP 800-73-4 to enable a derived credential on an NFC-enabled smartphone for physical access control.
Phase Two extends this capability (and the OPACITY standard) to BLE to establish secure, encrypted communications between two Bluetooth devices so that sensitive communications can be conveniently and securely conducted over BLE. First Responders can now use an NFC-enabled or BLE-enabled device such as a smartphone in the same way as a physical PIV Card to access secure locations improving convenience as well as options for difficult use cases such as a lost/stolen card or temporary credentials for non-PIV Card holders.
Exponent’s solution using OPACITY can establish communications and authenticate a holder of a derived credential in a few seconds with full cryptographic authentication, or under a half a second for lower-security applications such as transit. Exponent also extended the authentication process for full-secrecy, privacy enhanced mobile-to-mobile identity authentication over NFC or BLE.
“Exponent’s Mobile Authentication for First Responders Project is breaking new ground in the areas of verification, mobile authentication and physical access control. The industry’s next wave of innovation and standards in identity will come from companies like Exponent that push the boundaries of the possible," said Colin Wallis, executive director, Kantara Initiative. "This project along with others currently under incubation with Kantara’s KIPI Program all involve using mobile devices for improved digital identity solutions. The trend is clear. The progress made today will be the identity and access solutions of tomorrow.”
About Kantara Initiative
Kantara Initiative provides real-world innovation and development of specifications, applied R&D and conformity assessment programs for the digital identity and personal data ecosystems. Beyond its flagship eID-assisting Identity Assurance Trust Framework, developing initiatives including Identity Relationship Management, User Managed Access (EIC Award Winner for Innovation in Information Security 2014), Identities of Things, and the Consent Receipt, Kantara Initiative connects a global, open, and transparent leadership community, including CA Technologies, Digi.me, Experian, ForgeRock, Internet Society and SecureKey Technologies. More information is available at https://kantarainitiative.org/.
Follow Kantara Initiative on Twitter -- @KantaraNews
Exponent (www.exponent.com) is an engineering and scientific consulting firm providing solutions to complex problems. Exponent's interdisciplinary organization of scientists, physicians, engineers, and business consultants draws from more than 90 technical disciplines to solve the most pressing and complicated challenges facing stakeholders today. The firm leverages over 50 years of experience in evaluating products, assessing systems, and analyzing failures to advise clients as they innovate their technologically complex products and processes, ensure the safety and health of their users, and address the challenges of sustainability, performance, interoperability, and security.