Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Informational Only

This challenge is no longer accepting new submissions.

Expanding the SIM Card Use for Public Safety Challenge

NIST challenges solvers to store credentials on a SIM card that can be accessed by a mobile app to provide simple, secure authentication for emergency responders

Department of Commerce - National Institute of Standards and Technology

Total Cash Prizes Offered: $100,000
Type of Challenge: Software and apps
Partner Agencies | Federal: First Responder Network Authority
Partner Agencies | Non-federal: Nok Nok Labs, IBM Security
Submission Start: 04/03/2019 12:00 AM ET
Submission End: 10/19/2019 ET

Description

challenge timeline

The National Institute of Standards and Technology (NIST) Public Safety Communications Research (PSCR) Division and its co-sponsors are requesting solvers’ assistance to explore the possibilities and show that the Universal Integrated Circuit Card (UICC), commonly known as the SIM card, can be used as a secure storage container for public safety application credentials.  Solvers are encouraged to participate in the Expanding the SIM Card Use for Public Safety Challenge (the “Challenge”) for a total prize purse of up to $100,000.

Challenge Background & Goals:

Public Safety personnel utilize their mobile devices to access sensitive information during every day job requirements and emergency situations. For improved mobile communications, public safety needs a secure mechanism for storing sensitive information; current external secure storage solutions can be bulky and cumbersome to use in emergency situations. They can also be expensive for public safety organizations to acquire and manage with their limited budgets.  Current best practices recommend standards-based two-factor authentication, which often requires extra hardware, such as a token or a smart card, further inflating costs and increasing time in an emergency.

Since 2002, PSCR has collaborated with first responders, stakeholders, and innovators to ensure the development of reliable, intuitive, and mission-focused technologies for the public safety community. PSCR recognizes how cybersecurity affects every aspect of public safety communication. PSCR serves to develop and enhance security solutions to current and future public safety communications. This current Challenge complements public safety-specific Federated Identity Credential and Access Management (ICAM) research conducted by PSCR with other NIST laboratories, such as NIST’s Information Technology Laboratory and their National Cybersecurity Center of Excellence.

This Challenge will convene first responders, mobile device providers, network providers, authentication providers, researchers, and solvers in order to collaborate and advance the state of mobile device security for public safety. PSCR and their co-sponsors are requesting solvers’ assistance to explore the possibilities for using the Universal Integrated Circuit Card (UICC), commonly known as the SIM card, as a secure storage container for application credentials. By leveraging solvers’ outside-of-the-box thinking to create innovative two-factor authentication solutions while educating public safety stakeholders on the benefit of authentication standards.

The SIM card, already used in most mobile devices, has characteristics that make it a robust storage device for critical mobile network subscriber data. The SIM card is a tamper-resistant hardware storage container and, if utilized as an application credential storage container, would enable applications to use the authentication credentials provisioned to it seamlessly. The SIM card offers several usability benefits for public safety, as it would be more user friendly; allow networks to provision credentials over-the-air via a secure channel; and potentially enable device sharing by keeping sensitive information on the removable SIM card. Additionally, as the SIM card is currently used in every mobile device, it could offer cost savings for public safety units as extra hardware would not be necessary.

This Challenge includes three phases and requires contestants to: securely store a fire on a SIM card; create a mobile application that accesses a user’s credentials stored on a SIM card; and authenticates to a FIDO 2 service provider. Each contestant will be evaluated individually against the listed evaluation criteria, and successful contestants will be invited to move to the next phase. Invited contestants will be awarded cash prizes at the end of Phase 1 ($1,000) and Phase 2 ($2,000) to assist with developing a prototype for Phase 3. The scores from the final phase will be the basis for the final prize challenge awards PSCR will award up to $100,000 to the winners of the Challenge.

In addition to cash prize awards, contestants will be given the opportunity to obtain feedback from industry, such as the co-sponsoring entities, through planned webinars and other sessions, in an effort to advance both their prototypes and their connections in the public safety and communications technology communities. After the completion of this Challenge, PSCR will keep the submitted prototypes for future public safety demonstrations.

Should a contestant prove successful, their solution could provide significant time and cost savings for public safety units; for example, the solution would provide:

  • Increased security of public safety data on mobile/portable devices;
  • Additional credential storage container without an external, bulky device;
  • Sharing of mobile devices by multiple users by exchanging SIMs;
  • Spur ideas for other potential hardware authentication solutions on mobile devices;
  • Increased versatility by adding the ability to provision credentials to the SIM card remotely; and
  • Potential cost savings as public safety units would not need to purchase separate hardware authentication tokens.

View the complete summary of contest phases and key dates.

Prizes

Overview

The total prize purse is up to $100,000. For details of prizes, see the "Prizes" section in the Description tab.

Phase 1 – Concept Paper Prize Winners:

Congratulations to the Phase 1 winners:

  • B.EST Solutions ($1,000)
  • ENGR Dynamics ($1,000)
  • Fractal Authentication ($1,000)
  • Fortifyedge ($1,000)
  • Rivetz ($1,000)
  • Solokeys ($1,000)

Phase 2 – File Stored on SIM Card Prize Winners:

Congratulations to the Phase 2 winners:

  • B.EST Solutions ($2,000)
  • ENGR Dynamics ($2,000)
  • Fortifyedge ($2,000)
  • Rivetz ($2,000)
  • Solokeys ($2,000)

Phase 3 – Mobile Application and Authentication Prize Winners:

Congratulations to the Phase 3 winners:

  • Solokeys ($37,500)
  • B.EST Solutions ($15,000)
  • Fortifyedge ($7,500)

Rules

Official Rules of Phase 1: Concept Paper

Introduction:

The Concept Paper invites all eligible contestants to submit concept papers; the Judging panel will evaluate their proposed approach to ensure they demonstrate a clear understanding of the problem and the objective to securely store and then utilize authentication credentials on the SIM card for first responders. Contestants should include a materials list and/or describe how they will utilize the $1,000 for Phase 2 should they advance to Phase 2: Proof of File Stored on SIM Card. Contestants should also note that the Judging panel will ensure that their plan makes use of existing SIM card standards and FIDO authentication standards. The Judging panel will select up to 20 contestants, invite them to participate in Phase 2 and award $1,000 per contestant for use in developing their prototypes for participation in that phase.

Important Dates:

Concept Paper: Launch on April 3, 2019 with concept papers due May 22, 2019 at 11:59pmET; Contestants will be notified by June 3, 2019 if they were awarded an invitation to Phase 2.

Concept Paper Content Requirements

The concept paper must conform to the following content requirements:

SECTION

(Start each section on a new page)

PAGE LIMIT

DESCRIPTION

Cover Page and Abstract

(required)

1 page maximum

Include:

  • Contestant’s Name (Team, Organization or Company Name) and list of individual team member(s),
  • Contestant’s Location (City, State/Region and Country).
  • Contestant’s Logo
  • Official Representative and their preferred contact information.

Describe succinctly (500-word MAXIMUM):

  • The unique aspects of the contestants’ approach and the potential impact that the proposed approach could have in achieving the goals of the Challenge.
  • Note: Do not include proprietary or sensitive information in this summary.

 

Project Description

(required)

4 pages maximum

Addressing the scoring criteria should be your primary objective, therefore, create your concept paper to address the criteria. Below are a few options to consider:

  • The contestant’s knowledge, skills, and capabilities as they relate to the goals of the Challenge.
  • The contestant’s proposed solution for meeting the objectives of the Challenge.
  • The competitive advantage offered by the contestant’s approach or solution.

 

Informational Schematic/Concept

(required)

3 pages maximum

A concept sketch (1-3 pages) in a PDF format.

Proposed Materials List

(required)

1 page maximum

A comprehensive materials list and brief description of their proposed use in PDF format that describes contestant’s planned use of the $1,000 awarded in Phase 2.

Resume/Capability Information for Key Team Members (required)

3 pages maximum

Description of the key team members and why they are well-suited to accomplish the project, with supporting resume and/or capability information to support their qualifications and skills.

 

View the official rules for all contest phases.

For questions about the Official Rules, contact: psprizes@nist.gov

Judging Criteria

Phase 1: Concept Paper Evaluation Criteria

NIST makes an independent assessment of each concept paper based on the evaluation criteria. NIST will not review or consider incomplete concept papers. During the review, each SME and member of the Judging panel will review entire concept papers to which they are assigned. The review is not done in sections with different reviewers responsible for different assigned sections, therefore, it is not necessary to repeat information in every part of the concept paper. Contestants must use non-confidential terms in their concept papers.  Do not include in the concept paper or otherwise submit information deemed to be proprietary, private, trade secret, or in any way confidential

Concept Paper Evaluation Criteria

Criterion 1: Strategic Alignment & Technical Outcome (70%)    

This criterion involves consideration of the following factors:

  • Strategic Alignment: The extent to which the proposed approach meets the objectives listed in the goals of the Challenge (to assess the potential of the SIM Card as a secure storage container for public safety application credentials; to develop a mobile application that utilizes a credential, provisioned to the SIM card; authenticate to a third-party service provider); the understanding of requirements for interacting with the SIM card to provision information; the discussion of standards-based interfaces for writing to and reading from the SIM card.
  • Technical Outcome: The extent to which the proposed approach provides a plan for the contestant to successfully complete both Phases 2 and 3 of the Challenge, producing a proof of concept implementation that can drive Public Safety Broadband Network innovation.

Criterion 2: Feasibility & Team (30%)

This criterion involves consideration of the following factors:

  • Team: The extent to which the capability of the contestant can address all aspects of the proposed project with a high chance of success, including, but not limited to, qualifications, relevant expertise, and time commitment of the contestants. Reviewers will evaluate: (a) The relevance of the qualifications and experience of the key staff, leadership, and technical experts. (b) The extent of the contestant’s prior experience and the quality of the results achieved in leading programs similar in nature to the purpose, scope, etc.
  • Approach: Contestant’s plan to manage the limited schedule, required materials and resources, project risks and other issues, and produce high quality project outcomes, in pursuit of the Challenge goals (to collaborate and advance the state of mobile device security for public safety).

Concept papers will be evaluated based on the criteria above. Each concept paper will be reviewed by at least two SMEs and the Judging panel members and will be assigned a score for each criterion, 0-10 for each criterion. Scores will not be provided to the contestants. In the case of a tie, the Judging panel will decide on the winners invited to compete in Phase 2.

Scoring for Concept Papers

10: Contestant has strong potential to aid in the achievement of the goals of the challenge

1-9: Varying degrees of certainty the contestant may have the potential to aid in the achievement of the goals of the challenge

0: Contestant does not have the potential to aid in the achievement of the goals of the challenge

View the official rules for judging criteria for all other contest phases.

How To Enter

Visit Challenge.gov, review the series of contests in the Expanding the SIM Card Use for Public Safety Challenge.

  • Complete the submission requirements for the Concept Paper Contest; submit the required concept paper as your entry and register as a contestant via Challenge.gov by the required date.
  • Submit only one concept paper that reflects your most promising solution.
  • Use the “Description” text box on the submission page to tell us how you heard about this challenge (i.e., the PSCR website, Challenge.gov website, from a Challenge Partner, advertisement on a website, social media, email notification, etc.)
  • Group your entire proposal and contents for the concept paper contest in one PDF document. The size of the attached PDF document must be less than 100MB.