Who Are You? Establishing Trust in Digital Identities
Highlights From the Smart Card Alliance Annual Meeting
Princeton Junction, NJ, May 25, 2010–The need for trust in identity is at the foundation of our society and economy. How to establish that trust, protect it, and tie it uniquely to an individual, particularly in online transactions, were the topics that dominated the many identity sessions at the Smart Card Alliance Annual Conference, held last week in Scottsdale, Arizona.
The first problem is how to prove an identity. “We have a big hole in the middle of this information identity highway; it is called foundational credentials,” said Mike O’Neil, executive director of the North American Security Products Organization (NASPO). O’Neil points out that the commonly used base breeder documents–birth certificates, driver’s licenses, and Social Security cards–were never designed to be identity documents and are easily falsified. Under the recommendations of ANSI, NASPO is developing a new identity verification standard and process that could be used to establish more trusted identities for individuals.
The next set of problems, using that identity, tying it uniquely to its owner and protecting it from theft or abuse, has become a critical issue in many sectors. The need for cybersecurity makes this more acute as more transactions move online, driven by the underlying economics of the Web. “The Web is unparalleled at driving down costs, which is why everything is going to the Web and everything on the Web is going to the cloud. The problem is as you go to the cloud you increase risk,” said Mike Ozburn, principal, Booz Allen Hamilton, and keynote speaker at the Alliance event. “Security has to be as implicit, as built-in, and as architectural” as the cost dynamics that are driving everything to the Web and the cloud, Ozburn argues.
The Obama administration is taking the lead in this area with the National Strategy for Secure Online Transactions initiative, which is expected to facilitate the establishment of a broad identity ecosystem that can provide an online trust framework. “Last November we published the ICAM Segment Architecture, which was the first attempt at a governmentwide process for identity management,” said Judy Spencer of the GSA Office of Governmentwide Policy. That document primarily focuses on the federal government as both a provider of identity and a consumer of identity. According to Spencer, the new initiative takes the principles of identity authentication and management in that work and moves it to the next level, where the federal government may not even be a party to the transaction at all.
Another initiative coming from the private sector is attempting to address the issues surrounding healthcare identity by establishing a Voluntary Universal Healthcare Identifier. In this grass-roots approach, Barry Hieb, from Global Patient Identifiers, Inc., explained how individuals could obtain their own “medical ID for life” and eventually use it to uniquely identify their own electronic health records.
“Looking across the government, commercial and healthcare implementations at our conference, it is clear that resolving how to protect and use identities is a top priority, and the role smart cards will play is at the forefront of those discussions,” said Randy Vanderhoof, executive director of the Smart Card Alliance.
About the Smart Card Alliance
The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology.
Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.securetechalliance.org.