Speakers from Microsoft, Government and Healthcare Point to Smart Cards as Solution to Digital Identity Security

Speakers from Microsoft, Government and Healthcare Point to Smart Cards as Solution to Digital Identity Security

SMART CARD ALLIANCE ANNUAL CONFERENCE, SAN DIEGO, October 6, 2006–The role of smart cards in proving and protecting identities in a digital economy and for e-government was the focus Wednesday and Thursday at the Smart Card Alliance annual conference in San Diego. Former CIA Director R. James Woolsey delivered a keynote address about the current global situation on terrorism, and provided his perspective on its implications for security.

Microsoft Vista to Support Smart Cards

Smart cards will get a boost from out-of-the-box support in Microsoft’s new Vista PC operating system, making it simple and seamless for people or any size organization to use smart cards for desktop and network security, Shivaram Mysore, senior program manager at Microsoft, told conference attendees. The reason is that the strong authentication and secure storage capabilities of smart cards address problems of desktop and network security, privacy and confirming people’s identities over networks. “We really want to make this a reality now because it can solve all of these problems,” said Mysore.

Vista will include smart card support for multiple certificates for logins and an unblock/PIN reset program based on challenge/response questions. Mysore also announced that the beta 2 version of Microsoft’s Certificate Lifecycle Manager program would be available in January or February 2007. The application provides a single administrative point for smart cards. The 100,000 employees at Microsoft use smart cards for internal IT security.

Government: WHTI, e-Passport, HSPD-12, FRAC, Brazil’s Public/Private ID

Frank Moss announced plans for the Western Hemisphere Travel Initiative (WHTI) PASS Card to use vicinity read RFID technology that is ISO/IEC 18000-6C compliant. The next step in the process will be a public comment period in the next two weeks. The Smart Card Alliance has consistently expressed concerns about risks to privacy and security presented by using RFID technology. The Alliance has recommended that a more privacy sensitive and secure solution would be to use the contactless smart card technology used in the new e-passports that provides additional security features. The WHTI program aims to improve security at the nation’s land borders, where U.S. citizens currently can re-enter the country with a driver’s license. Border agents see more than 200 fraudulent documents a day at the land borders, and the DHS and State Departments “want to minimize the variability of documents accepted there,” Moss said.

The Department of State received the 2006 Outstanding Smart Card Achievement (OSCA) award for an issuing organization for the e-passport program. “This year we issued a record 12.1 million passports to U.S. citizens, redesigned our books, started issuing chips and revised our adjudication process,” Moss said while accepting the award on behalf of the Department Wednesday. “By the end of February, if all goes well, all of the passports we issue will be chip.” The State Dept. currently produces about 250,000 passports per week and has produced 500,000 e-passports so far. By the end of this month e-passport readers will be rolled out to 30 airports that handle 80 percent of the Visa Waiver Program country volume.

The GSA Shared Services Program will start issuing HSPD-12 PIV cards no later than October 27, 2006, in time to meet the mandated deadline, and 28 agencies have signed up to use the service, David Temoshok, director, identity management division, GSA Office of Government-wide Policy told meeting attendees. He expects between 10 and 20 million FIPS 201 cards will be issued in total, with about half a million of those coming through the shared services agreement.

In addition, state and local government organizations can also buy the more than 90 approved FIPS 201 compliant products listed on GSA IT Schedule 70, Temoshok announced. “HSPD 12 is not a national ID, but it did create an ID standard that state and local governments could adopt if it made sense. And we encourage that,” he said.

One potential taker could be the Department of Homeland Security for a First Responder Card (FRAC) that would ideally be put in the hands of firefighters, police and other emergency workers at the state and local level. Tom Lockwood, director of the office of the national capital region coordination for DHS, told attendees he is a strong advocate of FIPS 201. He would like to see strong, interoperable systems defined and put in place in his region that would quickly validate the identities of pre-screened and qualified emergency workers to allow them into disaster sites. “Whether it’s floods or a building collapse, in an emergency there is confusion about who’s who and the distribution of human assets,” said Lockwood. “I want this capability to be with me day-to-day and on THE day.” He would also want the card to provide online security authentication and privileges controls.

Brazil is arguably one of the most advanced countries in the Americas in the use of a public/private identity system based on public key technology. Now in its fourth year of operation, Brazil has issued 500,000 identity certificates, including 100,000 on smart cards or tokens, according to Mauricio Cuehlo, director, public key infrastructure of Brazil’s Information Technology Institute. Brazilians pay $130 for the certificate and a reader, and must go to one of 1,000 Registration Authorities with appropriate documentation to prove their identity. The credentials are used for both public and private applications from voting to proving professional accreditations or licenses.

Healthcare: Mount Sinai Medical Center and Southeast Texas Health System

Mount Sinai Medical Center in New York City has a smart card pilot in progress. Paul Contino, vice president information technology at Mount Sinai Medical Center, cited three advantages to using smart cards in hospitals. First, it gives the capability to identify patients and register them quickly. Second, clinicians can get faster and more accurate access to clinical information. Third, it positively identifies patients and helps to reduce fraud.

Shannon Calhoun, executive director of the Southeast Texas Health System, presented a patient-centric program called miRHIO (Regional Health Information Organization) at the conference. “We’ll have 35,000 patients and 200 physicians using smart cards by year end,” Calhoun said. The program will give patients more control over their information, provide a baseline information exchange capability throughout the region, enable rapid registration and give a non-invasive way to get patient information into the hospital and provider IT systems. And it was “exceptionally inexpensive,” Calhoun said.

The Smart Card Alliance also announced the companies who were voted to be “best of showcase” in the Emerging Technology and Innovation Showcase held during the conference. CoreStreet and Giesecke and Devrient received the top votes from conference attendees.

About the Smart Card Alliance

The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology. Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.securetechalliance.org.