August 2014 Alliance Member Bulletin
Executive Director’s Corner
Recognizing A Secure Initiative
Dear Members of the Smart Card Alliance,
The recently concluded summertime special government industry event – the Smart Card Alliance Government Special Event – Celebrating the 10th Anniversary of HSPD-12 – became one of my personal career highlights. The event, a one-day gathering in Washington, DC, attracted some of the most inspiring government identity and security leaders of the past decade. They gathered to recollect the challenges and the obstacles they had to overcome to get HSPD-12 implemented. This monumental effort was not just to create a new ID badge and access control standard, but to fundamentally shift the focus of security to identity, and managing those identities in hundreds of different use cases across dozens of agencies – all with no dedicated funding.
The signing of the presidential directive on August 4, 2004, and the decade of industry collaboration that followed involved the collective efforts of NIST, the Office of E-Government and Information Technology (E-Gov), the Interagency Advisory Board (IAB), GSA Office of Government-wide Policy, and the Office of Management and Budget (OMB). Other federal agencies played a part by creating specifications, issuing policies, creating testing criteria, and issuing more than 5 million new tamper-resistant credentials that are highly secure, standards-based and rapidly authenticated electronically.
Seeing the faces of those government HSPD-12 leaders, and hearing them recount the stories of how hard they fought for every inch of change that was required to get HSPD-12 implemented were inspiring. Some of the speakers, like Mary Snavely-Dixon, DOD; Curt Barker, NIST; Michael Butler, DOD; Deborah Gallagher, GSA; and Hildy Ferraiolo, NIST, continued on in increasingly higher level government positions. Others who spoke retired from government service and now work in private industry – Van Hitch, former CIO at DOJ and Chair of the Federal CIO Council (Deloitte); Lolie Kull, formerly at the State Department, DHS and TSA (HP Enterprise Solutions); Dave Wennergren, former Assistant Deputy Chief Management Officer at DOD (Professional Services Council); and Judith Spencer, former head of the GSA Federal PKI Bridge (CertiPath). Their commitment to seeing HSPD-12 implemented has not waned over the last 10 years and many spoke about this 10 year anniversary with the same grit and determination to succeed that they had when they spoke at the Smart Card Alliance Government Conferences on the topic in previous years.
The biggest thrill for me personally was the one-on-one conversation I had with Howard Schmidt. Howard has had a distinguished 40 year career, most notably as the Special Assistant to the President and the Cybersecurity Coordinator for the United States, under both Presidents George W. Bush and Barack Obama. After 9-11, he organized the government-wide effort to protect our nation’s critical infrastructure from threats by unknown foreign jihadists and cybercriminals. Our conversation uncovered how HSPD-12 and other programs driven by the White House – such as TWIC and NSTIC – have dramatically improved the security of our nation. I got the impression that a sense of urgency to avoid another attack on our homeland is what drove these decisions to act quickly, despite tremendous obstacles to be overcome. Howard spoke with calm determination, never doubting that the government and industry would figure out a way to make it work out – which it mostly has, but even he acknowledged that our enemies will not rest, so neither can we.
Howard Schmidt and all of the government HSPD-12 pioneers deserve our sincere gratitude for their service to this country and their example to private industry about staying committed to the cause until the very end. The Smart Card Alliance owes them all our utmost gratitude and respect.
In The Spotlight
Ultra Electronics ID
Please describe your company’s business profile and its offerings
Ultra Electronics ID (Ultra ID) manufactures identity solutions for government and corporate identity security applications. We are a part of the Ultra Electronics Holdings group (LON:ULE), an internationally successful defense, security, transport and energy company. Ultra ID products include Magicard card printers, UltraSecure technology cards and TrustID badging software.
The Magicard range of secure ID card printers are trusted by governments and companies around the world to issue millions of secure identification badges every year. All Magicard printers are manufactured at our secure facility in the United Kingdom support enhanced card security features – including Ultra’s patented HoloKote® watermark for reliable visual security.
UltraSecure smart cards are high-quality technology credentials designed for industry-standard contactless and contact-chip access systems. Available with PVC or PET composite construction, UltraSecure Proximity, MiFare and ICC credential cards are designed to print with vivid colors and without errors such as chip deflection. For proximity cards, the UltraSecureOnSite system is revolutionizing the proximity credential supply chain by allowing certified dealers to program and deliver custom proximity cards directly to customers.
What role does smart card technology play in your business?
Smart cards are a key part of our business. Every Magicard printer is designed with an internal USB hub and includes and an open API to allow the integration of most smart card encoding units. In addition, we have developed integrations for several major encoding units including encoders that allow production of FIPS-201 compliant credentials. With the release of UltraSecure, we are developing integrated solutions that supply compatible smart cards alongside card printers and encoders so customers can easily launch or maintain their smart card issuance programs.
What trends do you see developing in your market?
We see the prices of smart card and access control components dropping while the understanding of these technologies and how to implement them is growing. Some practical repercussions of this include companies moving away from using printed barcodes and magnetic stripes to more robust and secure technologies, usually contactless smart cards. The monopolization around certain types of contactless technologies (such as Proximity) is effectively finished. This is allowing for more technological innovations and market penetration for these technologies that has been possible before.
For companies that already have smart card systems in place, many technologies are much cheaper, more reliable and more technically accessible than ever before. We see these companies moving along a migration path – upgrading their smart cards and related systems to realize convergence between physical and logical security applications. A good example of this is the movement of commercial organizations to replace traditional proximity cards with proximity-compatible memory cards that allow the card to mutually authenticate with the reader at the point of access. The structure and format of the data being passed from the reader through to the access system remains the same, but using a memory card allows for a much higher degree of security and flexibility (such as adding the ability for logical access control and payments) without the cost of completely replacing the backend access control systems or software.
We do not yet see concepts such as mobile credentialing being practically implemented in the market. Trends that are actually being adopted by customers are still card-centric and always practical in terms of issuance cost, maintenance and control by the issuing authority – three major barriers that stand in the way of widespread adoption of mobile credentials for use with proprietary smart card systems.
What things must you overcome to leverage those trends?
To leverage these trends we need to scale. Before launching UltraSecure in late 2013, we had years of experience providing customers with card printers and simple badging software, but not with manufacturing other components of a smart card system. We spent several years developing our technology cards before coming to market so that the current product was industry leading in terms of reliability and for integration with any new or existing smart card system.
Our strategic focus is to provide customers with a set of interoperable products that all easily integrate into new or existing systems to allow the development of more comprehensive and cost-effective smart card applications. A desperate play for maintaining control over technology means there is a clear lack of full interoperability between many popular systems. To meet growing demand, we will be releasing more products that allow customers to easily put together smart card systems that are fully interoperable with less technical hurdles, development time and cost. We will also be scaling our issuance of smart cards to a global customer base and continuing to develop software tools (such as our new Linux and Macintosh compatible printer drivers) to allow the easy integration of our products into custom smart card systems.
Visit Ultra ID at http://ultraid.com/
Welcome New Members
- Capgemini USA Inc., Leadership Council (previously General Member)
- ESQ, Latin America Associate
New CSEIP Recipients
- Tachung Chang, Integrated Security Technologies, Inc.
- Jason Goodloe, XTec, Incorporated
- David Helbock, XTec, Incorporated
- Jorge A. Lozano, Condortech Services, Inc.
- Michael Margolis, Integrated Security Technologies, Inc.
- John Placious, Integrated Security Technologies, Inc.
- Blake Smith, Gallagher Group Limited
- Lars Suneborn, Smart Card Alliance
- Shawn Zartman, Integrated Security Technologies, Inc.
2014 Member Survey
A little less than half the Smart Card Alliance membership (45.8%) participated in the annual Member Survey this year, which showed improved satisfaction over 2013 in almost all areas. Some highlights:
- Members continue to value Alliance events, communications, deliverables and council activities
- The 87 rating (vs. last year’s 85 rating) in “how would you rate us” is the highest since 2007
- Satisfaction and value were up across the board, with members placing increased value in increased in communications; resources/deliverables and events/meetings
- Top Member Benefits:
- Industry education and information
- Staying abreast of industry news, status, trends
- Leadership/visibility in industry
A full piece on the 2014 Member Survey will appear in the November issue of Smart Card Talk Quarterly.
The Mobile and NFC Council published the new white paper, “Host Card Emulation (HCE) 101.” The white paper provides an educational resource on HCE, including:
- Describing HCE and NFC technology in today’s mobile ecosystem
- Exploring considerations and outlining example uses cases for HCE in mobile payments,mobile commerce and non-payments implementations
- Discussing the security considerations that accompany HCE implementations and the various methods that can add layers of security to transactions
- Providing a comparison of key considerations for HCE and secure element-enabled NFC implementations
Members involved in the development of this white paper included:ABnote Group; Advanced Card Systems Ltd.; BetterBuyDesign; Capgemini USA Inc.; CH2M Hill; Clear2Pay; CorFire; Cubic Transportation Systems; Discover Financial Services; Eid Passport Inc.; First Data Corporation; Fiserv, Inc.; Gemalto; Giesecke &Devrient; HID Global; HP Enterprise Services; Identiv; Ingenico; Initiative for Open Authentication (OATH); INSIDE Secure; Intercede; IQ Devices; Isis; MasterCard; Morpho; NXP Semiconductors; Oberthur Technologies; OTI America; Thales e-Security; Underwriters Laboratories (UL); Valid USA; VeriFone.
Council participation is open to all Smart Card Alliance members; to participate, contact Cathy Medich.
2014 Government Conference
Registration is open for the 13th Annual Government Conference, which will be held October 29-30 at the Walter E. Washington Convention Center in Washington, D.C.
CSCIP Training and Exam
The next CSCIP and CSCIP/G training and Exam Preparation Course will be held October 28 and October 29 at the 2014 Government Conference. If you are planning to take the training and/or exam, make sure to save the date and set up a reminder in your calendar to register. Visit the CSCIP portion of the website for more information
The first group of CSEIP recipients (formally known as Certified System Engineer ICAM PACS) are now listed on our website in the CSEIP registry.