Category Archives for "NSTIC"

Tozny at HCSS

Tozny’s CEO, Isaac Potoczny-Jones, will be presenting at the High Confidence Software and Systems Conference (HCSS) on May 9, 2017.  Come learn about NIST’s Risk Management Framework and how you can apply it to your work.  And if you happen to be out in Annapolis, meet up with Isaac at the conference! @SyntaxPolice

Applying NIST’s New Privacy Risk Management Framework (Abstract)

NIST’s influential cybersecurity frameworks have been a cornerstone of the certification process. …

Visit Tozny at the RSA Conference

We are now in an age where security can breached with just a simple push of a button. With today’s technological breakthroughs come an increasing demand for a more well-rounded and tightened cybersecurity. The tools required to protect each individual from cyber-attacks and threats has also proven that more technical expertise is now more than just a necessity, but of great significance as well.

RSA Conference will be held at Moscone Center in in San Francisco,  …

NIST Global City Teams Challenge Super Action Cluster Summit

Tozny recently participated in the Global City Teams Challenge Super Action Cluster Summit with a focus on the security and privacy of connected vehicles.

Feb 01, 2017 to Feb 02, 2017

12:30 pm — C123/124
Lunch Keynote: Data Protection, Privacy and Security, and Smart Cities
This panel will discuss transportation cybersecurity issues within a Smart Cities framework with an emphasis on privacy, trust, and identity, and EV charging, storage, …

What’s next after SMS one-time passwords?

NIST has gotten a lot of attention lately because they pointed out that SMS is less secure than many people think, and if you’re trying to shore up passwords with a second login method, you should probably consider using something that’s more secure. This type of “shoring up” of passwords is called two factor authentication, or 2FA for short.

People use 2FA for lots of stuff, from protecting classified information to protecting your Tweets. …

The Identity of Things at GIS

by Paul Madsen and Isaac Potoczny-Jones

The Internet of Things (IoT) is exciting, but it’s having its own “identity crisis”. The security and privacy issues in IoT are some of the biggest roadblocks to widespread adoption, and the identity management community is in a position to address a number of those roadblocks.

This year, the Global Identity Summit will tackle this with a track about the “Identity of Things.” …

GCN Article: Making mobile phones the authentication hubs for smart homes

Our NSTIC privacy project was highlighted in an article at GCN by Derek Major.

Tozny serves as the technical lead for the pilot programs and will build the data storage and sharing platform by tackling one of the weakest links in cybersecurity today: the password. Tozny’s solution replaces the username and password with something people use for almost everything: the smartphone, or wearable device.

Tozny is working with IOTAS, …

Article: NIST Testing out passwordless smart home

Mohana Ravindranath over at NextGov wrote a nice piece about our NIST privacy pilots.

Tozny, a subsidiary of tech company Galois, aims to test one system that encrypts user data generated by the “smart home,” and another that would let transit riders use their mobile phones as tickets, Galois principal investigator Isaac Potoczny-Jones said in a blog post outlining more details about the project.

The NIST pilot, …

FedScoop: NIST IoT project explores how to ditch passwords, maintain privacy

Head on over to FedScoop to read the latest about Tozny.

A project that lets consumers use their mobile-phone bus passes to control smart home systems may set the table for a forthcoming framework from the National Institute for Standards and Technology dedicated to protecting user privacy…

 

“The idea is to build privacy-preserving personal data stores to allow new ways for user information to be shared across organizational boundaries in a way that the user is in control over how the data shared, …

Portland Business Journal covers Tozny’s NSTIC project

The Portland Business Journal discusses Tozny’s new NSTIC project in an article by Malia Spencer.

“Computer science research and development firm Galois, mobile ticketing firm GlobeSherpa and smart home startup IOTAS are teaming up on a project funded by the federal National Institutes of Standards and Technology.

The effort could lay the groundwork for Internet of Things applications that will be secure and protect privacy. …

How the Federal government is attempting to protect the Internet of Things

Here’s a great article over at NextGov about various efforts the Federal government is involved with to secure the Internet of Things. Tozny CEO Isaac Potoczny-Jones mentioned NIST’s new privacy frameworks in the context of IoT.

Galois is working with NIST on a pilot in which consumers’ information, culled from smart-home services, could be integrated into a “privacy preserving data store,” Potoczny-Jones said.

Read More.

IoT security & privacy requires overcoming a legacy of insecurity

Head over to Network Computing to read Isaac’s article about Internet of Things security and privacy work we’re engaged in.

Vendors must adapt a different approach for IoT than was done with the Internet, which was “you are the product, not the customer.” Sticking with this old approach would treat IoT user privacy as second fiddle. Getting privacy right is even more important with IoT than it is with computers because IoT extends beyond a smartphone or laptop screen to end user applications such as Internet-connected baby monitor video cameras, …

News: Tozny to be part of NSTIC Pilot!

Galois won an NSTIC pilot!

The National Institute of Standards and Technology (NIST) just announced that Galois (Tozny’s parent company) received a grant from the National Strategy for Trusted Identities in Cyberspace (NSTIC)!

Tozny CEO, Isaac Potoczny-Jones, will be leading the project and Tonzy will be a part of the pilot.

Read the full press release here.

Galois, Inc. (Portland, Ore.: $ 1,856,778) Galois will build a tool to allow users to store and share personal information online. …