Government Cites Policies and Standards Behind Broader Use of Smart Cards

Government Cites Policies and Standards Behind Broader Use of Smart Cards

Princeton Junction, NJ, July 21, 2003–The United States government is today making broad use of smart card technology and is headed toward a single smart card identity credential for all federal employees. To ensure these smart IDs work across all of the government, the Office of Management and Budget (OMB) established a new committee, the Federal Identity and Credential Committee (FICC), one of the many policy and standards topics discussed at the Smart Card Alliance Government Conference and Expo held last week in Arlington, VA.

Policy makers see smart cards as a key element in a more secure and more efficient government. The departments of Defense, Interior, State and Treasury have issued approximately 3.5 million smart ID cards to date to strengthen security and add new capabilities including identity verification, network access and computer security.

Speakers at the Alliance conference reinforced the need for interoperability and were enthusiastic about the role of the new FICC organization. “We need to eliminate the need to carry around multiple cards,” said Mary Dixon, director of the Access Card Office of the Department of Defense.

The consensus view was that new policies and maturing standards would broaden the use of smart cards in government. The goal is to ensure interagency interoperability of ID credentials, then to tie the credentials to an identity authentication system that eventually works across the entire federal government. That is where FICC comes in.

“The OMB defines policy, and there is now a clear path to establish workable interoperability,” said Lolie Kull, senior security specialist for the U.S. Department of State and chair of the Interagency Interoperability Task Force. “They are going to pull all of us together, and that is happening now. FICC is the new kid on the block, but it is the kid with the most power.”

FICC will build on the existing implementations as well as the newly released version 2.1 of the Government Smart Card Interoperability Specification developed by the National Institute of Standards and Technology (NIST). “In the future we hope to have a full implementation of an interoperable smart card for all employees of the federal government,” said Kull.

The Smart Card Alliance Government Conference and Expo, held from July 15th to 17th in Arlington, focused on the rapidly growing use of smart cards as the security technology of choice for identity credentials and other applications throughout the federal government. News from the conference is presented below.

E-Authentication

At the Alliance conference Jeanette Thornton, portfolio manager for the E-Authentication E-Government initiative in the OMB announced that her organization had processed its first transactions through a new E-Authentication gateway in the past two weeks. The OMB E-Authentication initiative is working on identification policies for anyone interacting with the federal government over the Web.

“We need a common way of signing and authenticating documents, and that’s where E-Authentication comes in,” said Thornton. “Agencies have made the business case for investing in smart cards, PKI and E-Authentication. I’m trying to make sure we do that as one government in the smartest way possible.”

The goal is a smarter, more efficient government. “We want to take more business to the Web,” said Robert Donelson, senior property manager of the Bureau of Land Management at the Department of Interior and chair of the Interagency Advisory Board. “The federal government is going to the one enterprise model. The E-Authentication initiative will provide the trusted gateway to the 24 government-wide E-Government initiatives, eliminating the need for each initiative to develop a redundant solution for the verification of identity and electronic signatures,” said Donelson.

Smarter Passports

Frank Moss, deputy assistant secretary for Passport Services, presented his organization’s plans to evolve to a new, more secure “intelligent document” from today’s paper-based passports. “Our goal is to begin production by October 26, 2004,” Moss announced at the Alliance conference. The United States produces about seven million passports per year.

Current plans call for the new passport books to include a contactless smart chip based on the 14443 standard, with a minimum of 32 Kbytes of EEPROM storage. The chip will contain a compressed full-face image for use as a biometric.

Both the image and the passport information stored on the contactless chip will be digitally signed to ensure the integrity of both the data and the passport itself. With this approach “you can read a chip and confirm its validity, but you cannot create one. That is the beauty of public key technology,” said Moss.

For the program to move forward successfully other countries must also agree to common specifications, so the department is working closely with the International Civil Aviation Organization (ICAO). “Our goal is one of global interoperability,” said Moss. “In principle we have adopted ICAO specifications.”

TWIC Begins Issuing Cards

Paul Hunter, deputy director for the Transportation Workers Identity Credential (TWIC) Project, announced that TWIC card production started on the east coast last week and on the west coast the week before. The program is in the technology evaluation phase, with plans to move to the prototyping phase in September.

The TWIC program is making rapid progress in part because it is building on work that was already done. “We’re not re-inventing the wheel; we’re taking the work that was done previously and re-using it,” said Hunter. “The TWIC program is committed to the Government Smart Card Interoperability Specification. Version 2.1 will help us immensely,” said Hunter.

The TWIC program covers individuals who need unescorted access to the nations’ 300 ports and 464 airports, as well as rail stations and other transportation related facilities. “We’re talking about 12 to 15 million people when it comes to full implementation,” said Hunter.

70 Million Americans Now Using Smart Cards

“The fact is that 70 million Americans are now using smart cards every day. Although they may not even be aware they have one, many Americans have smart cards in their credit cards, their TV set top decoders, their cell phones and at their workplaces,” said Paul Beverly, president, Smart Cards and e-Transactions, Schlumberger and Smart Card Alliance chairman. In his opening address to the conference attendees, Beverly estimated that smart cards are now used in 30 million mobile phones, 20 million TV decoders, 15 million bankcards, 3.5 million government identity credentials and one million corporate IDs, among many other uses in the United States and Canada.

About the Smart Card Alliance

The Smart Card Alliance is a not-for-profit, multi-industry association working to accelerate the acceptance of smart card technology. Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. For more information please visit http://www.securetechalliance.org.