Smart Cards Are a Strong Link in the Chain of Trust for ID Systems, According to New Smart Card Alliance Report
Princeton Junction, NJ, March 9, 2004–Today, nearly everybody carries multiple identification cards (IDs). Whether used for renting a car, boarding an airplane, or entering a network, building or country, the primary purpose of an ID is to identify the holder as having particular rights, privileges and responsibilities.
Yet many of today’s identification systems sitting behind these IDs are vulnerable to fraud or theft. They often use tamper-prone credentials or easily compromised passwords that are insufficient to stand up against the sophistication of modern identity thieves.
A new Alliance white paper, “Secure Identification Systems: Building a Chain of Trust,” introduces the challenges faced by ID systems and discusses the elements that are key to implementing a secure ID system.
“A chain of trust is essential to a secure ID system,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “That chain includes the system’s processes, people, architecture and technologies. Smart cards are a very strong link in the chain, but only if the entire chain can be trusted is a system secure.”
When properly implemented, an ID system’s chain of trust can guarantee the authenticity of the people, issuing organizations, devices, equipment, networks, and other components of a secure ID system. The chain of trust must also ensure that information within the system is verified, authenticated, protected and used appropriately.
Problems abound today, however, which is why identity theft, employee crimes and fraud are making daily headlines. One problem right from the start can be the initial difficulty in validating an individual’s identity. Generally, identity is not sufficiently verified in most ID systems today. Identity credentials can be difficult to issue and manage for large member populations, and different systems require their own identity documents, causing members to need multiple IDs and compounding the risks for falsification of credentials.
The Alliance report broadly covers the requirements for building a chain of trust in an ID system. It outlines enrollment, issuance and identity verification processes and issues. It describes how many of today’s ID systems fail to provide adequate security and privacy and provides an overview of design elements and components that make an ID system more secure. The report describes the role smart cards play in the chain of trust for a secure ID system, discusses smart card implementation considerations, and summarizes how smart cards can help to address the key vulnerabilities of current ID systems.
The use of smart ID devices, especially in the form of smart cards, offers advantages for both physical and logical security. Smart cards are a vital link in a chain of trust. They can deliver secure and accurate identity verification and, when combined with other ID system technologies (such as biometrics and digital certificates), they can enhance the security of the system, protect the privacy of system information, and improve convenience for both users and issuing organizations. The report also includes brief profiles of a number of organizations who are either implementing new secure ID systems or who are developing the trust models and policies that other organization can use to improve ID systems. Profiles include: American Association of Motor Vehicle Administrator’s (AAMVA) Driver License/ID Security Framework; U.S. Department of Defense Common Access Card; Federated Identity and Cross-credentialing System (FiXs)/Defense Cross-credentialing Identification System (DCIS); Transportation Security Administration Transportation Workers Identification Credential (TWIC); U.S. Department of State, new passport project; and Rabobank.
The Smart Card Alliance has a very active Secure ID Task Force, and individuals from 23 member organizations were involved in the development of the white paper. Lead contributors included representatives from ActivCard, Atmel Corporation, Axalto, BearingPoint, Datakey, Datatrac Information Services, Inc., eID Security, IBM, Identix, Lockheed Martin, MartSoft Corporation, Northrop Grumman Information Technology, SCM Microsystems and Smart Commerce, Inc.
The report, written for executives and managers, is available from the Smart Card Alliance online store at http://www.securetechalliance.org. All Smart Card Alliance reports are available to members and government employees at no charge.
About the Smart Card Alliance
The Smart Card Alliance is a not-for-profit, multi-industry association working to accelerate the acceptance of smart card technology. Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. For more information please visit http://www.securetechalliance.org.