Alliance Activities : Publications : Secure ID Systems

Secure Identification Systems: Building a Chain of Trust

Publication Date: March 2004
Pages: 35

Executive Summary

Today, nearly everyone carries multiple identification cards (IDs), issued by multiple public and private organizations. Such IDs include driver’s licenses, membership cards, credit cards, and corporate identification badges.

The primary purpose of an ID is to identify the holder as having particular rights, privileges, and responsibilities. IDs verify a person’s identity, both to the system that issued the ID (for example, a driver’s license verifies the license-holder’s right to operate a motor vehicle) and to other systems that do not issue their own IDs (for example, a driver’s license verifies the identity of someone trying to board an aircraft).

Identification systems are needed by both public and private organizations. ID systems may operate completely within a single organization (an employee ID), span multiple organizations (across government bodies, between businesses and their customers), or extend out to the general population. Given the complexity of the identity verification problem, the number of involved parties, and the number of choices in ID system designs, it isn’t surprising that many of today’s ID systems are vulnerable.

To address these vulnerabilities and implement a secure ID system, organizations must define a chain of trust that encompasses all of the secure ID system processes and components. This chain of trust includes:

Smart cards are a vital link in the chain of trust for secure ID systems. They serve as the issuer’s agent of trust and deliver unique capabilities to securely and accurately verify the identity of the cardholder, authenticate the ID credential, and serve the credential to the ID system. Widely acknowledged as one of the most secure and reliable forms of electronic identification, smart cards can provide secure and accurate identity verification and, when combined with other ID system technologies (such as biometrics and digital certificates), they can enhance the security of the system and protect the privacy of system information.

Smart card-based ID systems offer significant benefits for individuals, businesses, and governments. Individuals using smart ID cards enjoy greater satisfaction through faster, more convenient and more secure access to information and services. The efficiency, consolidation of programs, and security features provided through the use of smart ID cards enable governments and businesses to enhance security while also improving services and reducing operating costs. Smart cards provide an optimal technology platform for a secure ID system that can meet government and business requirements for secure and accurate identification verification.

About This Report

This report was developed by the Smart Card Alliance to discuss the issues with current identification systems, describe the chain of trust in a secure ID system, and define the role that smart cards play in the chain of trust. This report provides answers to commonly asked questions about secure ID systems, such as

The report also includes brief profiles of a number of organizations who are either implementing new secure ID systems or who are developing the trust models and policies that other organization can use to improve ID systems. Profiles include: American Association of Motor Vehicle Administrator’s (AAMVA) Driver License/ID Security Framework; U.S. Department of Defense Common Access Card; Federated Identity and Cross-credentialing System (FiXs)/Defense Cross-credentialing Identification System (DCIS); Transportation Security Administration Transportation Workers Identification Credential (TWIC); U.S. Department of State, new passport project; and Rabobank.

If you would like to join the task force, please contact