FYI: Homeland Security Awards Contracts to Six Startups to Identify, Develop, and Implement Privacy-Enhancing Digital Wallets Technologies & Verifiers

FYI. It took a while for the press release to go out on this but wanted to share this with the community.

In addition to the work that is noted in the press release, these companies are also working on multiple open-source SDKs (details below) that will be of use to the community.

Best Regards,

Anil

Anil John
Technical Director, Silicon Valley Innovation Program
Science and Technology Directorate
US Department of Homeland Security
Washington, DC, USA

Schedule a meeting with me (30 minutes; non-DHS people only)<https://outlook.office.com/bookwithme/user/6250c4b6cae94d549b6db87b72b0b6d5@hq.dhs.gov?anonymous&ep=plink>
Time Zone: UTC-05:00 (US Eastern Time)

Email Response Time – 24 Hours or more; I sometimes send emails outside of business days/times because it works for me; please do not feel any obligation to reply to them outside of your normal working patterns.

[A picture containing graphical user interface  Description automatically generated]<https://www.dhs.gov/science-and-technology>[/Users/holly.johnson/Library/Containers/com.microsoft.Outlook/Data/Library/Caches/Signatures/signature_1972159395]

This document contains pre-decisional and/or deliberative process information exempt from mandatory disclosure under the Freedom of Information Act, 5 U.S.C. 552(b)(5). Do not release without prior approval of the Department of Homeland Security.





[S&T Header banner]

________________________________

News Release: Homeland Security Awards Contracts to Six Startups to Identify, Develop, and Implement Privacy-Enhancing Digital Wallets Technologies<https://urldefense.us/v3/__https:/lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDAsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHBzOi8vd3d3LmRocy5nb3Yvc2NpZW5jZS1hbmQtdGVjaG5vbG9neS9uZXdzLzIwMjQvMDcvMDgvaG9tZWxhbmQtc2VjdXJpdHktYXdhcmRzLWNvbnRyYWN0cy1zaXgtc3RhcnR1cHMtaWRlbnRpZnktZGV2ZWxvcC1hbmQtaW1wbGVtZW50LXByaXZhY3ktZW5oYW5jaW5nLWRpZ2l0YWwtd2FsbGV0cyIsImJ1bGxldGluX2lkIjoiMjAyNDA3MDguOTcyODAyNDEifQ.wcN2hm1olbNmgpZra-92osGpANioVbX3_6nZukwcjzE/s/597095821/br/245349212879-l__;!!BClRuOV5cvtbuNI!Eg5C7AMMld3zpBjwr6PNH_3SNdUWAbyU8oLspGlvdKJbB3WcEkWiK9Tcfzwz5Cg8Dn0yCLU1fyRBcgYvDg$>

Awardees will partner with DHS to meet Homeland Security mission needs.

WASHINGTON - The Department of Homeland Security (DHS) Science and Technology Directorate<https://urldefense.us/v3/__https:/lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDEsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHBzOi8vd3d3LmRocy5nb3Yvc2NpZW5jZS1hbmQtdGVjaG5vbG9neSIsImJ1bGxldGluX2lkIjoiMjAyNDA3MDguOTcyODAyNDEifQ.u3dYSQF2h4TRpYw6xLPswZzHC0IFjDdcOI7wqWHheF0/s/597095821/br/245349212879-l__;!!BClRuOV5cvtbuNI!Eg5C7AMMld3zpBjwr6PNH_3SNdUWAbyU8oLspGlvdKJbB3WcEkWiK9Tcfzwz5Cg8Dn0yCLU1fySRkD61TQ$> (S&T) announced that Credence ID, Hushmesh, Netis d.o.o., Procivis, SpruceID, and Ubiqu have each won a government contract to develop technologies that protect the privacy of individuals using digital versions of credentials issued for immigration and travel. These digital credential users, including immigrants and travelers, could eventually store their information in privacy-enhanced digital wallets. Since DHS interacts more frequently on a daily basis with the American public than any other federal agency or department, maintaining secure, confidential digital interactions will have a tremendous impact on the privacy, security and safety of residents across the country.

“DHS is the authoritative source of some of the most highly valued credentials issued by the U.S. Federal Government for cross-border travel, demonstrating employment eligibility, residency status and citizenship,” said Anil John, Technical Director of S&T’s Silicon Valley Innovation program (SVIP). “The capabilities developed under this solicitation will ensure that those credentials can be stored securely and verified properly while preserving the privacy of individuals using openly developed standards that are globally acceptable, highly secure, and accessible to all.”

“U.S. Citizenship and Immigration Services is the United States’ authoritative issuer of highly valued credentials related to citizenship and immigration. Supporting standards-based digital credentials and secure digital wallets for storing them enables us to meet our customer expectations of ease, convenience, privacy and security in an increasingly digital world,” said Jared X. Goodwin, Acting Chief Program Management and Data Division, Service Center Operations, U.S. Citizenship and Immigration Services (USCIS).

DHS provided the awards through its Privacy Preserving Digital Credential Wallets & Verifiers solicitation<https://urldefense.us/v3/__https:/lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDIsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHBzOi8vc2FtLmdvdi9vcHAvMzNiM2IyNDc3NzdjNDkxMmIwOGMyM2JhOTdkYzhhZjQvdmlldyIsImJ1bGxldGluX2lkIjoiMjAyNDA3MDguOTcyODAyNDEifQ.t5Jh4gSxSbdinQMqeBMesgCeks02F_RSBuQ7XyjHsik/s/597095821/br/245349212879-l__;!!BClRuOV5cvtbuNI!Eg5C7AMMld3zpBjwr6PNH_3SNdUWAbyU8oLspGlvdKJbB3WcEkWiK9Tcfzwz5Cg8Dn0yCLU1fyRVOdvx3w$>, which reflects the Department’s continued commitment to improving the delivery of its services in a way that both protects privacy and increases ease-of-use. The requirements included ensuring that DHS digital credential wallets and verifiers incorporated open, global standards that are not proprietary. These standards were established by the World Wide Web Consortium (W3C), a global standards development organization that manages the development of open standards ensuring interoperability, accessibility, internationalization, privacy and security. DHS participates as a W3C member to ensure DHS-relevant security and privacy criteria are incorporated into the standards development process.

S&T’s Silicon Valley Innovation Program<https://urldefense.us/v3/__https:/lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDMsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHBzOi8vd3d3LmRocy5nb3Yvc2NpZW5jZS1hbmQtdGVjaG5vbG9neS9zdmlwIiwiYnVsbGV0aW5faWQiOiIyMDI0MDcwOC45NzI4MDI0MSJ9.JJ2Ub7Xp-fn_YzqxTeJxH7Z55x-_H0Dq3VEh5nUHg00/s/597095821/br/245349212879-l__;!!BClRuOV5cvtbuNI!Eg5C7AMMld3zpBjwr6PNH_3SNdUWAbyU8oLspGlvdKJbB3WcEkWiK9Tcfzwz5Cg8Dn0yCLU1fyRnXmBD2g$> issued the solicitation<https://urldefense.us/v3/__https:/lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDQsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHBzOi8vd3d3LmRocy5nb3Yvc2NpZW5jZS1hbmQtdGVjaG5vbG9neS9uZXdzLzIwMjMvMDYvMjIvc3Qtc2Vla3Mtc29sdXRpb25zLXByaXZhY3ktcHJlc2VydmluZy1kaWdpdGFsLWNyZWRlbnRpYWwtd2FsbGV0cy12ZXJpZmllcnMiLCJidWxsZXRpbl9pZCI6IjIwMjQwNzA4Ljk3MjgwMjQxIn0.RmkyNgAUlvHJHfaPIbrp1PQckwyJfv74LSbdjB55hlI/s/597095821/br/245349212879-l__;!!BClRuOV5cvtbuNI!Eg5C7AMMld3zpBjwr6PNH_3SNdUWAbyU8oLspGlvdKJbB3WcEkWiK9Tcfzwz5Cg8Dn0yCLU1fyTkzCTQSw$> in partnership with U.S. Citizenship and Immigration Services, U.S. Customs and Border Protection, and the DHS Privacy Office. It builds on the success and global adoption of the open, standards-based digital credentialing solutions developed under its previous Preventing Forgery & Counterfeiting of Certificates and Licenses topic call, which aimed to address paper-based credentialing susceptible to loss, destruction, and counterfeiting.

Selected through a highly competitive process, each awardee is eligible for up to $1.7 million across four SVIP phases<https://urldefense.us/v3/__https:/lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDUsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHBzOi8vd3d3LmRocy5nb3Yvc2NpZW5jZS1hbmQtdGVjaG5vbG9neS9zdmlwIiwiYnVsbGV0aW5faWQiOiIyMDI0MDcwOC45NzI4MDI0MSJ9.NP_0nXhDeHLG4MNXtaQsQD5DLVJPk528Q-LcHkVcGCk/s/597095821/br/245349212879-l__;!!BClRuOV5cvtbuNI!Eg5C7AMMld3zpBjwr6PNH_3SNdUWAbyU8oLspGlvdKJbB3WcEkWiK9Tcfzwz5Cg8Dn0yCLU1fyQXws2FlA$>. The awardees of this first phase presented innovative solutions that have the potential to provide immediate impact to DHS:

  *   DHS S&T awarded $199,140 to Credence ID, an Oakland, California-based U.S. company, which specializes in standards-based identity verification and authentication solutions for in-person and online use. The company plans to adapt their existing hardware and software credential verifier implementations to support W3C VCDM and W3C DID standards, requiring a simple software update to existing hardware readers.

  *   DHS S&T awarded $199,430 to Hushmesh, a Falls Church, Virginia-based U.S. company, to adapt their technology, the Mesh, incorporating built-in cryptographic security and universal zero trust. This adaptation aims to implement distributed, scalable, and privacy-preserving key management for digital wallets and verifiers supporting W3C VCDM and W3C DID standards. Their solution will provide assurance of provenance, authenticity, confidentiality, and privacy for all data.

  *   DHS S&T awarded $198,849 to Netis d.o.o., a Ljubljana, Slovenia-based company, to enhance its existing MIDVA platform to support W3C VCDM and W3C DID standards. MIDVA includes a Fleet Management Platform for organizational onboarding, alongside a Mobile Verifier App. It utilizes technology such as Policy-as-a-Code foundation and integrates seamlessly with trust frameworks. The Fleet Management Platform facilitates easy onboarding, authorization, and management of verifier apps across various environments, enabling configuration of supported credentials and integration of recognized trust frameworks. This enables authorized personnel to verify users' credentials using the Verifier App.

  *   DHS S&T awarded $187,285 to Procivis, a Zurich, Switzerland-based company, to enhance its existing Procivis One platform to better support W3C VCDM and W3C DID standards in digital wallets and verifiers. The platform provides flexible, privacy-respecting technology capable of accommodating various credentials, including E-IDs, mobile driver’s licenses, certificates, diplomas, and licenses.

  *   DHS S&T awarded $199,960 to SpruceID, a New York, New York-based U.S. company, to enhance its digital wallet and verifier capabilities to better support W3C VCDM and W3C DID standards for enterprise and public sector environments. Their software creates verifiable digital credentials prioritizing user privacy and security, ensuring safe usage across various digital wallets and interoperability across sectors like finance, healthcare, anti-fraud, and cross-border applications.

  *   DHS S&T awarded $197,961 to Ubiqu, a Rotterdam, Netherlands-based company, to integrate its Remote Secure Element (RSE) technology with digital wallets supporting W3C VCDM and W3C DID standards. This allows users to maintain sole control over their credentials, ensuring transparency and consent, while providing comprehensive recovery solutions. This approach facilitates a highly secure and convenient user experience for digital credential services.

About SVIP

On behalf of DHS components, SVIP invests in startup companies from across the nation and around the world, with viable technologies suitable for rapid prototyping projects to adapt, develop and harness cutting-edge capabilities that are commercially sustainable, while simultaneously meeting the needs of DHS components and programs. For more information on current and future SVIP solicitations, visit https://www.dhs.gov/science-and-technology/svip<https://urldefense.us/v3/__https:/lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDYsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHBzOi8vd3d3LmRocy5nb3Yvc2NpZW5jZS1hbmQtdGVjaG5vbG9neS9zdmlwIiwiYnVsbGV0aW5faWQiOiIyMDI0MDcwOC45NzI4MDI0MSJ9.GLrWqUyizZTs2_frSU4iFm7V9nKmWTeF_jj9tqtMWwY/s/597095821/br/245349212879-l__;!!BClRuOV5cvtbuNI!Eg5C7AMMld3zpBjwr6PNH_3SNdUWAbyU8oLspGlvdKJbB3WcEkWiK9Tcfzwz5Cg8Dn0yCLU1fyR88NcdYw$>

About DHS S&T

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) mission is to enable effective, efficient, and secure operations across all homeland security missions by applying scientific, engineering, analytic, and innovative approaches to deliver timely solutions and support departmental acquisitions. Created by Congress in 2003, S&T conducts basic and applied research, development, demonstration, testing and evaluation activities relevant to support Homeland Security and first responder operations and protect critical infrastructure. For more information about S&T, visit scitech.dhs.gov<https://urldefense.us/v3/__https:/lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDcsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHBzOi8vd3d3LmRocy5nb3Yvc2NpZW5jZS1hbmQtdGVjaG5vbG9neSIsImJ1bGxldGluX2lkIjoiMjAyNDA3MDguOTcyODAyNDEifQ.09JzR_rFJQ_JnyZyA2byQkrHMQOuUrMmDcdF5M0C9kU/s/597095821/br/245349212879-l__;!!BClRuOV5cvtbuNI!Eg5C7AMMld3zpBjwr6PNH_3SNdUWAbyU8oLspGlvdKJbB3WcEkWiK9Tcfzwz5Cg8Dn0yCLU1fyTiDT-l8w$>.

# # #

In addition, the companies will also be working on, and integrating into their products, one or more of the following open-source libraries (OSLs) that will be released for use by the community:


  *   Cryptographic Tools SDK

     *   This SDK, when implemented by an issuer, a digital wallet or a verifier makes available to it a suite of cryptographic tools to enable hashing, signing, bulk encryption, streaming encryption, random number generation and more, that can support FIPS compliant cryptography, selective disclosure capabilities, and other privacy preserving cryptographic schemes.
     *   It is expected that this module will be developed in a manner that will enable assessment by the Cryptographic Module Validation Program (CMVP), which is a joint effort between the National Institute of Standards and Technology under the U.S. Department of Commerce and the Canadian Centre for Cyber Security, a branch of the Government of Canada’s Communications Security Establishment. The goal of the CMVP is to promote the use of validated cryptographic modules and provide Federal agencies with a security metric to use in procuring equipment containing validated cryptographic modules.

  *   Sealed Storage SDK

     *   This SDK, when implemented by an issuer, a digital wallet or a verifier makes available to it storage capabilities where data can be locked until specific software and/or hardware conditions are met. This capability supports the secure and protected storage of data such as cryptographic keys and other sensitive information.

  *   Metadata Management SDK

     *   This SDK, when implemented by an issuer, a digital wallet or a verifier makes available to it capabilities that allow it to retrieve metadata associated with credential issuance and verification and cache it locally as allowed by configurable policy. The metadata will include, at a minimum, the following:

        *   Retrieval and validation of DID documents using W3C DID resolution APIs
        *   Credential status information provided via W3C Bitstring Status List

  *   Confidentiality and Integrity Protected Computing SDK

     *   This SDK, when implemented by an issuer, a digital wallet or a verifier makes available to it capabilities that allow it to utilize confidential computing capabilities that protect data in use by performing computations in a hardware-based, attested Trusted Execution Environment and to generate and consume attestations that are necessary to evaluate its operations.