Smart Card Technology and the National Strategy for Trusted Identities in Cyberspace (NSTIC)
Publication Date: June 2013
Internet use is evidently the most indispensable activity of our generation. We use it for almost everything–to connect with friends, shop, bank, blog thoughts, and seek medical attention, among other things. But as use of the Internet has increased, so has cyber crime. Cyber crime has resulted in losses to individuals and businesses amounting to billions of dollars annually.
According to the Federal Bureau of Investigation, identity theft is currently the leading and most persistent financial crime. Approximately 12 million Americans have been affected by identity theft of some kind in the past 2 years. To use their online accounts, people must remember an unmanageable number of passwords. For this reason, most people reuse the same passwords for years, making it easy for identity thieves and hackers to do their worst. To use the Internet safely and effectively, a better way must be developed for individuals to prove online that they are who they say they are.
The National Strategy for Trusted Identities in Cyberspace (NSTIC) is a White House initiative to improve on the credentials currently used to access the Internet and authenticate identity online. This initiative proposes a marketplace that allows people to choose among multiple identity providers, both private and public, who can issue trusted credentials. NSTIC has already involved itself in defining the essential fundamental elements that aid in strengthening identity, privacy, and security in the administration of Social Security benefits, immigration, healthcare, and other programs in the physical world. The NSTIC framework recognizes grave inadequacies in the current management of identity, privacy, and security in online transactions.
The Smart Card Alliance is promoting the adoption of the NSTIC framework. The Alliance strongly agrees with the use of federal, state, and local government initiatives to accelerate the development of an identity ecosystem. At the same time, the Alliance advocates for leveraging existing procedures, standards, and technology. Technologies such as those described in FIPS 201, Personal Identity Verification (PIV) of Federal Employees and Contractors and in the Federal Identity, Credentialing and Access Management Roadmap are vital to achieving interoperable, high assurance identity verification.
Smart card technology provides maximum security through strong authentication mechanisms and protects user privacy. The technology is designed to resist malware, forgery, and other efforts to extract information fraudulently from an identity token. Smart card technology provides a tamper-proof container for digital identity credentials and biographic and biometric identifiers. The availability of multiple form factors make smart card technology-based tokens portable and easy to distribute.
This white paper reviews the NSTIC initiatives, provides an overview of levels of assurance, and discusses how smart card technology can provide the advanced credentialing capabilities needed to enable high assurance in the NSTIC identity ecosystem.
The flexibility of smart card technology makes it a valuable component of the NSTIC landscape, supporting multiple prerequisites:
- Management of a participant’s multiple online identities
- Participant control of presentation
- Preservation of anonymity
- Robust security
- Interoperability among participants
Smart card technology can meet the challenges presented by a heterogeneous identity framework while providing assurance that transactions are secure. While the details of the NSTIC identity ecosystem are still being defined, smart card technology provides a secure flexible solution and is the best choice for higher assurance levels.
About this White Paper
This white paper was developed by the Smart Card Alliance Identity Council to describe the benefits of combining smart card technology and strong credentials within the National Strategy for Trusted Identities in Cyberspace (NSTIC).
Council members involved in the development of this white paper included: Bell Identification B.V.; Booz Allen Hamilton; CH2M HILL; Deloitte & Touche LLP; Gemalto; General Services Administration (GSA); HID Global; Identification Technology Partners; IDmachines; Intercede Ltd; IQ Devices; NXP Semiconductors; Oberthur Technologies; SafeNet, Inc.; SAIC; SecureKey Technologies; XTec, Incorporated.
About the Identity Council
The Smart Card Alliance Identity Council is focused on promoting best policies and practices concerning person and machine identity, including strong authentication and the appropriate authorization across different use cases. Through its activities the Council encourages the use of digital identities that provide strong authentication across assurance environments through smart credentials–e.g., smart ID cards, mobile devices, enhanced driver’s licenses, and other tokens.
The Council addresses the challenges of securing identity and develops guidance for organizations so that they can realize the benefits that secure identity delivers. The Council engages a broad set of participants and takes an industry perspective, bringing careful thought, joint planning, and multiple organization resources to bear on addressing the challenges of securing identity information for proper use.