Smart Card Use as ID Credentials and Transit Fare Cards Growing; Users Cite Reasons Why
CardTech/SecurTech, Orlando, May 14, 2003–Secure identification credentials and public transportation are the newest sectors contributing to the rapidly growing smart card market in the United States, according to leaders in those markets and members of the Smart Card Alliance.
“Telecom, financial/retail and pay television security were the first three sectors in the United States to cross over the ten million cards issued milestone, and they continue to be robust markets,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “We want to call attention to two additional sectors that are now growing strongly–secure identification credentials and public transportation fare cards. Overall, these markets are delivering exciting levels of growth for our industry, and this momentum will continue expanding the use of smart cards in all of these application areas.”
Presented below is a perspective on smart card trends from some of the individuals in these emerging sectors who are leading their organizations and their industries in this change.
Secure Identification Credentials
In both government and the private sector, there is an increased need for greater physical security, authentication of individuals accessing online networks and electronically signing and encrypting documents. In government agencies, there is also a real sense of urgency to strengthen the security credentials and establish mutual acceptance criteria of identity credentials issued by different agencies.
Leading government agencies and companies are converging on the smart card as the best solution to these requirements, in many cases using new government smart card interoperability standards (GSC-IS) for issuing a new employee badge or ID and combining physical access, online access and in some cases biometrics on the same smart card-based credential.
“It is essential to computer security to store any keys or certificates outside of the PC or workstation, and to require the presentation of a physical card as well as a password. Otherwise, it is too easy for someone else to pretend to be you. For this reason, smart cards are becoming the de facto solution of choice, with security conscious government agencies and the computer industry as the vanguard,” said Vanderhoof.
Sun Microsystems’ Java™Badge
Sun Microsystems, Inc. created a new smart card solution for network security and physical access control called JavaBadge, and has nearly re-badged every Sun employee in the United States and plans to issue cards to all 35,000 employees worldwide in 100+ countries by July 2003. Sun is using Java cards manufactured by Schlumberger, middleware software provided by ActivCard and readers from SCM Microsystems, as well as its own embedded ones. The cards also have a magnetic stripe for access control today and MIFARE™ Type B proximity for use for access control in the future.
“Under our iWork program, we have flexible offices for 25,000 employees meaning you do not always work at the same office; the smart card is the key to the system, because it lets people bring up their own sessions and user environment,” said Christopher Saleh, marketing manager and program manager for JavaBadge, Sun Microsystems. “We’re entering a new phase and we will have three applications secured by PKI–authentication/single sign-on, digital signature and encryption for secure email transmissions. It is technically safer to store PIN and key information on smart card hardware tokens rather than on a computer hard drive in some server room. It eliminates the inefficient use and inherently weak security of passwords.”
Saleh added, “To move commerce to the Internet we needed a robust system that offers non-repudiation, and Europe dictates smart cards and PKI to achieve this. Finally, the smart cards enabled us to consolidate four or five credentials into one card. We are a big proponent of smart cards and JavaCard was the way for us to go.”
Department of Defense Common Access Card
One of the most advanced programs is the Department of Defense Common Access Card, a smart card that serves as the standard identification and physical access credential. It is also used for secure authentication and network access. The card is issued to active duty military, selected reservists and National Guard, DoD civilian employees and selected DoD contractors. Mary Dixon, director of the Department of Defense Access Card Office commented on the status of the program, and what she sees as the next steps in the expansion of the card’s use.
“As of the end of April, we have issued 2.4 million smart cards on the way to four million, a goal we expect to achieve by the end of this calendar year. We are issuing approximately 10,000 a day. By the end of May we will have deployed an issuance infrastructure in 900 plus sites in more than 15 countries around the world, and we are rolling out more than one million card readers and the associated middleware,” said Dixon.
“The next steps for us are to use the CAC cards for signing and encrypting of email, and to expand the number of portals capable of doing Web-based e-biz using PKI authentication tools. We also want to add a biometric to the cards sometime next year. Once we have an on-card biometric we will have the capability to use a three-factor authentication–what you have, what you know and who you are,” Dixon added.
“Another axis of development for us is expanding use of the cards for physical access. We are moving to add a contactless chip to the CAC card for building access. Pilots are underway and we will begin rollout in early ‘04, using ISO/IEC 14443 Parts 1-4 with a FIPS-approved algorithm.
“With the number of portals being developed at DoD, we will be able to blossom and get into the ‘Age of the Internet,’ and it is the strong authentication and security smart cards provide that makes this possible. Other opportunities are out there waiting to happen too. There are more people looking at smart cards as the infrastructure is put out there. For example, we are looking seriously at how to cross-credential among federal agencies and between our agency and industry partners,” concluded Dixon.
In addition to the DoD program, there are more than 20 active smart card initiatives in transportation, defense, justice and other federal agencies.
“Today public transportation is in a nationwide investment rush to deploy smart card-based ticketing systems,” stated Greg Garback, executive officer, department of finance, Washington Metropolitan Area Transit Authority, WMATA.
“We led the move to contactless smart cards when we launched our SmartTrip™ fare cards in May of 1999. Today we have 330,000 cards in circulation, which represents about half of our riders. Now Boston, Seattle, Chicago, Los Angeles, San Francisco, Atlanta and others are joining Washington DC and investing hundreds of millions of dollars in these programs. Five years from now every major metropolitan system in the United States will have smart cards,” he continued.
Garback explained that rider convenience is driving this trend. “This is all about putting a tool in place to make riding public transit easier and more convenient. If you are managing a transit system in a large metropolitan region, and you want to link several separate systems together for seamless fare payment, the smart card is the tool of choice,” said Garback.
As for the future, Garback commented, “Our core competency is moving people on bus and rail systems, and we see ourselves as retailers of services more than card issuers. Ultimately, we expect that transit smart cards will evolve into more widely used financial instruments. We would like to be one application of many on a multi-application smart card issued by someone else whose core competency is financial payment cards. Of course contactless technology is a requirement for transit fare systems, so for our industry the contactless pilot being done by MasterCard and its issuers in Florida is a step in the right direction.”
About the Smart Card Alliance
The Smart Card Alliance is a not-for-profit, multi-industry association working to accelerate the acceptance of smart card technology. Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. For more information, please visit http://www.securetechalliance.org.
Sun, Sun Microsystems, the Sun logo and Java are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. All other trademarks are property of their respective owners.