Smart Cards Continue to Draw Influential Adopters for Access Control and IT Security
CardTech/SecurTech, Washington, D.C., April 27th, 2004–Smart cards continue to draw influential adopters in the U.S. for IT security, access control and identity credentials, the Smart Card Alliance reports as CardTech/SecurTech, the industry’s largest conference and exhibition, kicks off today in Washington, D.C.
“One notable example is Microsoft, who has standardized on smart cards for network logon security for its own systems and is using the same card for physical access control,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “Another example is the U.S. federal government, which is making excellent progress implementing its vision of a single access control and identity credential for all its employees. The fact that organizations of this stature and technical sophistication are standardizing on smart card technology for security is a good indicator of where the market is headed.”
For its part, Microsoft selected smart card technology for securing access to its intranets and delivering digital certificates to its 55,000 employees used for remote authentication, digital signatures and encrypting emails. “The use of smart cards has significantly increased the security of our corporate network by improving our ability to authenticate each employee and business partner as they remotely connect to Microsoft,” said Greg Wood, general manager of Microsoft Corporate Security. “IT chose to deploy smart cards over other technologies because of the reliability, cost, features and mobility. The smart card platform is also extensible as a platform to other applications, whereas the other technologies are typically singular in their application.”
Microsoft joins a growing roster of blue-chip technology companies that are using smart cards internally for logical and physical access control. “When organizations get serious about eliminating passwords for IT security, increasingly they are turning to smart cards because of their security, multi-application capability, standardization and portability. Industry watchers are now predicting that the rapid growth in the use of smart cards for strong authentication in the public sector will ultimately lead to widespread adoption in the enterprise market,” said Vanderhoof.
With millions of cards already issued, the U.S. federal government is sold on smart cards for strong authentication and as highly secure identity credentials, and is marching toward the goal of a common identity credential that is used for both physical and logical access control across all of its branches. Programs are already planned or underway to issue new smart ID cards in numerous federal agencies, including: GSA, Defense, State, Treasury, Homeland Security,Veterans Affairs and NASA.
In a newly released draft document, the Federal Identity Credentialing Committee is strongly recommending that federal agencies follow a framework, or roadmap, that it defines for strong authentication for physical and logical access, moving toward governmentwide standardization of credentialing.
Another important milestone in the government’s use of smart cards is the recently published Government Smart Card Handbook developed under the joint sponsorship of the General Services Administration Office of Governmentwide Policy and the Smart Card Interagency Advisory Board (IAB). The purpose of the handbook is to share lessons learned and to provide guidance to federal agencies contemplating the development and deployment of smart card-based identity and credentialing systems. The handbook is based on contributions from experts in government, industry and academia, and includes input and review by members of the Smart Card Alliance Leadership Council. The handbook is available on the Alliance’s web site and at GSA’s public web site.
The Transportation Security Administration Transportation Worker Identification Credential (TWIC) passed a significant milestone earlier this year by completing the technology evaluation phase of the pilot. Chip technology was selected over all other technologies tested, including optical stripe, 2D barcode and magnetic stripe. The prototype phase for this program is imminent in this extensive identity credential program that will eventually lead to a smart ID in the hands of more than 12 million transportation workers in the United States.
Another very high profile government project involves contactless smart chips and U.S. passports. This project, recently delayed due to bidding issues, is expected to resume shortly with its plan to incorporate contactless chips into the more than 7 million passports issued each year in the United States. Currently under U.S. law countries participating in the Visa Waiver Program must put a program in place to issue tamper-resistant, biometrically-enabled passports by October 2004; however, it is widely expected that this date will be extended in order to give countries more time to comply. The U.S. Passport office is aggressively working to meet deadlines for U.S. issued passports.
There are several factors common to both U.S. enterprises and the federal government causing this convergence on smart cards. Both want more security at physical access points and for computer networks. Both want ID credentials with greater security against counterfeiting or use by someone other than the person to whom the credential was issued. Finally, both sectors increasingly see the risks associated with relying on password protection for securing information systems and databases.
“The ease with which passwords can be stolen and distributed puts the integrity of virtually all of our nation’s information systems at risk,” said Vanderhoof. “Any system where access is protected only by passwords is rich with fraud possibilities. Including a smart card in a properly designed security system is the best solution to that problem, because it adds something you must have, the smart card, to something you know, your password. Then even if some trusted but disgruntled employee decides to steal or distribute a file of passwords, no one can use them without also having the smart card.”
A new Alliance white paper published in March 2004, “Secure Identification Systems: Building a Chain of Trust,” introduces the challenges faced by ID systems and discusses the elements that are key to implementing a secure ID system. The report, written for executives and managers, is available from the Smart Card Alliance online store at http://www.securetechalliance.org. All Smart Card Alliance reports are available to members and government employees at no charge.
About the Smart Card Alliance
The Smart Card Alliance is a not-for-profit, multi-industry association working to accelerate the acceptance of smart card technology.
Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. For more information please visit http://www.securetechalliance.org.