Acquisition is part of ongoing effort to become a one-stop shop for identity needs
By Jennifer Slattery
Contributing Editor
The acquisition of Toronto-based Bioscrypt Inc. is the latest purchase for the Stamford, Conn.-based company, L-1 Identity Solutions. Over the years the company also acquired Viisage, Identix, Integrated Biometric Technology, SecuriMetrics, Iridian, SpecTal, ComnetiX, McClendon and Advanced Concepts Inc. “L-1 is the first true consolidator to emerge in the biometrics and identity space,” says Jeremy Grant, senior vice president and identity solutions analyst at the Stanford Group Company.
By Zack Martin, Editor
President Bush is asking for $390.3 million to fund the US VISIT program for the 2009 fiscal year. Other biometric and identification programs, including Real ID and the Western Hemisphere Travel Initiative, were also highlighted in the U.S. Department of Homeland Security’s budget-in-brief.
But the overall budget is a mixed bag for security and identification projects, according to Jeremy Grant, senior vice president and identity solutions analyst at the Stanford Group Company.
But this must change
By Zack Martin, Editor
When trying to get into a bar or club there is typically someone at the door checking IDs. But on social networking sites there is no bouncer, which means there’s no way to tell whether you’re corresponding with a 15-year-old girl or a 32-year-old man.
New Passport Card introduces new technology, new set of issues
By Zack Martin, Editor
Another type of travel document has joined the fray: the Passport Card. The ID card is being touted as an alternative to the traditional passport book, but is an additional technology that customs and border officials will have to be prepared to read.
Contactless company to benefit from new board member’s deep industry ties
In the spring of 2007, one of the most influential names in security shocked the industry when he announced that he was leaving the company that he had helped build. As the year came to a close, he resurfaced announcing that he would join the board of directors of a small, entrepreneurial competitor to his former employer.
Company takes pride in its 155-year history, as well as its bright future
By Andy Williams Contributing Editor
G&D prides itself on being the world’s number two producer of smart cards. But G&D is about more than just smart cards. For one, its genealogy dates back to 1852 when two men first created the company. For another, it prints banknotes, a lot of them for a lot of countries throughout the world. And for many, like the Federal Reserve in the U.S., it delivers the systems used to count and sort those banknotes and to weed out counterfeits.
Despite Real ID opposition, as symbolized by web sites like realnightmare.org, an ACLU site, unrealid.com and blogs like stoprealidnow, the 2005 law isn’t going away. The federal government even tried to soften the monetary blow when it issued its final compliance regulations earlier this year. But in the end, it’s as U.S. Department of Homeland Security Secretary Michael Chertoff said when the regulations were first rolled out: “The rule is the rule. It was passed by Congress, it was enacted into the law of the land, and I’m obliged to enforce it.”
The technology show, scheduled for May 12-15 in Orlando, Fla., is rebranding from CardTech/SecurTech to CTST, and it has a new partner.The Smart Card Alliance has joined forces with SourceMedia, CTST’s producer, to manage the show’s content.
It’s as if the Alliance is returning to its roots, since the CTST conference was originally a joint venture between smart card pioneer Ben Miller, the conference founder and former chairman, and the Smart Card Industry Association, a vendor group that merged with the Smart Card Forum to create the Smart Card Alliance. CTST was founded in 1991 and purchased in 1998 by Faulkner & Gray, now SourceMedia.
Transportation Security Administration creates Qualified Products List to approve products
By Jennifer Slattery, Contributing Editor
The Transportation Security Administration (TSA) was directed by the Intelligence Reform and Terrorism Prevention Act of 2004 to develop standards for use of biometric technology in airport access control systems. The goal of this effort is to establish procedures for implementing biometric systems to ensure that individuals do not use an assumed identity to enroll in a biometric system and to resolve failures to enroll, false matches, and false non-matches.
Vendor consolidation heats up competition as key airport contracts hang in balance
By Chris Corum, Executive Editor
When Denver International Airport issued its RFP to select a vendor to supply its Registered Traveler (RT) initiative in June 2006, three companies were actively vying for the business. Fast forward about 18 months … Denver still has not made its decision and only one of those three companies is still offering services under its original name. (Editor's note: Following publication of this article, Denver did award to Verified Identity Pass.)
Daniel Butler, Contributing Editor
Whether you like it or not, spam may be here for good. The world is at war with it, and spam may be winning. You may recognize some of the terms of warfare: spam, ham, junk, not junk, UCE, UBE, Make Money Fast, Viagra, Cialis, stock scams, viruses, trojans, worms, exploits, phishing, malware, 419 fraud, mail headers, Bayesian filters, filter poisoning, spam scores, white lists, black lists, block lists, port 25 blocking, list washing, spam houses, bounce counts, address harvesting, dictionary attacks, CAN-SPAM, honeypots, botnets, zombies, opt-in, opt-out, false negatives and false positives.
If you don't need a full-blown, FIPS 201-compliant PIV card like those being tested in Summer Breeze-like trials, the recently established Tiers of Trust Consortium may have an alternative solution. It was created to provide a lower cost smart ID card without all the bells and whistles that FIPS 201 requires.
"While this regulation (FIPS 201) serves a number of worthwhile goals, the implementations to date have created difficulties with the budgets within first responder groups, making compliance a lengthy and costly process," said Howard A. Schmidt, former U.S. cybersecurity advisor who now heads up the consortium. "Our goal is to enable first responders to meet the federal requirements at a fraction of the cost..."
Vein patterns prove highly accurate and popular for pioneer vascular developer Identica
By Jennifer Slattery, Contributing Editor
Do you know what the back of your hand says about you? Or your finger or palm for that matter? Quite a bit ... if you are looking beyond the surface to track the pattern of veins that can uniquely identify an individual.
Vascular biometrics uses infrared technology to identify an individual’s unique vascular pattern from below the surface of the skin. The process is fairly simple to use and considered one of the most accurate forms of biometrics because variations in skin (e.g. cuts, burns) and environment do not affect the reading. Once an image is captured, it can be encrypted as a template and stored for verification. Like other biometrics, vascular templates can be used in conjunction with other tokens such as smart cards, PINs or passwords and can be used in a variety of functions such as time and attendance, border control, physical access control, and banking applications.
New data matrix codes present exciting new options in mobile marketing and communication
By Ryan Kline, Contributing Editor
Who would have thought that the lowly barcode, the stodgy grandfather of the identification technology world, would reemerge as a marketer’s dream? Well, it is happening. A new generation of barcodes is adding an interactive aspect to advertising, product promotion, and more.
Imagine a concert promo poster with a printed code that when photographed by a standard camera phone displays a menu of options: listen to this band, purchase tickets for their next show, or take me to their website. Select the option you want and presto, your mobile phone does the rest. Pretty powerful stuff from a marketer’s perspective … but can all this be done with a barcode?
By Ryan Kline, Contributing Editor
If a matrix barcode is not your thing, maybe a Mobot is more to your liking. From the end user perspective, QR Codes and Mobots work similarly – the user snaps a photo of the Mobot using a camera phone and the captured image is sent via the web to retrieve some special offer, product info, or initiate some type of transaction. But the Mobot isn’t a barcode but a realistic image with visual meaning for the user.
When shopping for an ID card printer, you're liable at the outset to be hit with two choices: direct-to-card or reverse image transfer? Making an informed choice depends on what kind and how many cards you're trying to print.
For enterprise and government markets, networking companies are opting to converge and fine-tune access control applications
By Marisa Torrieri, Contributing Editor
Depending on your frame of reference, the term “access” conjures thoughts of very different applications. Traditional building security or access control professionals think of physical access. The IT community thinks of logical access to computers, networks, and systems. But it’s actually the convergence of logical and physical access that presents the biggest opportunities and challenges to both enterprises and industry.
Convergence has been ‘the’ buzzword in security for several years now but it is rapidly moving from the chalkboard to the implementation list for cross-sector organizations. According to Forrester Research, spending on merging physical and logical access control in both the public and private sectors will increase to more than $7 billion in 2008.
By Russ Ryan, Vice President, National Biometric Security Project
Numerous national and civilian security applications will see improvement in functionality because of newly published biometric standards. Biometrically enabled passports will be made more robust because of new standards that define a general specification for physical characteristics, layout and security. A new FBI Electronic Fingerprint Transmission Specification standard helps ensure the reliability and quality of fingerprints submitted to the FBI. A new biometrics standard for financial services defines the security framework for using biometrics for authentication of individuals in financial services transactions. Additionally, a new testing methodology standard provides specific details on methods and techniques for conducting scenario or technology tests.
A guide for both product developers and compliant card issuers
By Chris Corum, Executive Editor
If you are confused about what products you can and cannot buy for a FIPS 201 implementation, you are not alone. Both buyers and sellers of identity products are often found scratching their heads due to seemingly missing categories of products and sometimes confusing category names.
But in reality, it is an organized and defined process that has moved almost 300 products and services through a complex certification in just more than one year … not an easy task.
Now that the euro is firmly entrenched, the next big step for euro-using countries is SEPA, an initiative designed to make electronic payments easier from country to country.
When Europeans began migrating to the euro in 1999, the goal was a single payment vehicle usable in all euro-accepting countries. That meant the same currency in Germany was also acceptable in France. Forgotten–at least initially–was what to do with non-cash payments, those made with credit/debit cards.
By Marisa Torrieri, Contributing Editor
Less than four months since EDS stole some of competitor BearingPoint’s thunder by winning the General Services Agency’s bid for a shared service provider to execute HSPD-12’s ID-card program, BearingPoint is making waves with a major agency contract.
BearingPoint announced Aug. 1 a new contract with the U.S. Department of Health and Human Services (HHS) to perform an Identity and Access Management pilot and implement 112,000 Personal Identity Verification (PIV) cards that are complaint with the FIPS 201 technological specification. The cards are a requirement for all federal employees and contractors under the Homeland Security Presidential Directive 12 (HSPD-12).
Identification, NFC, contactless and Japan will all be major focal points during the 22nd edition of CARTES, coming your way Nov. 15-17 in Paris at the Paris-Nord Villepinte Exhibition Centre near Roissy Charles de Gaulle international airport.
One of the major changes this year, according to CARTES Communication Director Hélène Tsounguy, is the coming of age of CARTES' IDentification, which has been somewhat of a CARTES stepchild since its introduction in 2005. Then, it was an area dedicated to secure technologies. This year, it "takes its independence as a true exhibition near CARTES," she said.
By David Benini, Aware, Inc.
Following the publication of the FIPS 201 standard in 2005, a series of specifications evolved defining the functionality and interaction of the components that together make up a comprehensive biometrics-enabled credentialing system. The requirements set forth in FIPS 201 were divided among twenty product categories and three services that form the GSA’s Approved Product List (APL). There are six categories that cover specific biometric technologies. Because PIV cards utilize fingerprint and facial biometrics, the categories are split between the two technologies.
Eikon from UPEK available from Amazon.com and more
By Ryan Kline, Contributing Editor
The new Eikon biometric fingerprint reader from UPEK has a sleek look to it and is within reach of individual as well as corporate users. At just $39.99 at Amazon.com, it seems a cost effective option to secure a computer with this simple USB add-on device. I gave it a try to see if it really was easy to install and convenient to use ...
By Andy Williams, Contributing Editor
Innovative Card Technologies (ICT) calls its InCard product "a smarter card." It can do everything a payment, access or ID card can do, while providing the authentication and one-time password functionality usually reserved for tokens. But it didn't start out that way. Originally, the company was making credit cards with an on-board magnifying lens.
Examining the popular solution for security, mobility and compliance
By Ryan Kline, Contributing Editor
Many of the more than 180,000 organizations using Citrix have to deal with new concerns about security, and they all share the same goal: to keep their system, and their Citrix implementation, as user friendly as possible. Smart cards, one time password (OTP) devices, and biometrics are all being used to authenticate the user in Citrix-controlled environments. The company is doing its part to keep up with these increasing security demands by implementing a new partnering process to certify third party security products as “Citrix ready.”
By Ryan Kline, Contributing Editor
On May 24, 1844, the message, “What hath God wrought!” was sent by telegraph from Baltimore, Maryland, to our nation’s Capitol in Washington, DC. A new era in long-distance communications had begun. By the 1860s, the telegraph revolution was in full swing, and telegraph operators had become a valuable resource. Each operator developed his own unique signature and could be identified simply by his tapping rhythm.
By Nigel Reavley, Director, Banking Unit, XIRING
Consumer confidence in online banking has grown rapidly in recent years. Once limited to their local branches, customers are now embracing new technologies for their banking needs. A recent study by Lloyds TSB showed that over two-thirds of Britons conduct the majority of their banking over the Internet, which is a three-fold increase on 2005 figures.
By Andy Williams, Contributing Editor
While some of the more costly elements that could have been forced on states to comply with the Real ID Act haven’t materialized – at least in the proposed rules that have come out of Washington. Still, there is anxiety over the act itself, its cost, and whether states can meet the compliance deadline that’s now less than one year away. One person who helped draft the recommendations for establishment of the Real ID Act believes states should stop worrying about complying and work at developing a partnership with the federal government that would make Real ID execution simpler.
Highly sought contract will result in issuance of 400,000 IDs at 40+ agencies
By Marisa Torrieri, Contributing Editor
Vendors who make FIPS 201-compliant products have spent the first quarter of 2007 aggressively courting federal agencies while waiting to see who will get a piece of the anticipated $100 million contract as part of the General Services Agency’s Shared Services Provider program.
For months, stakeholders in all corners eagerly anticipated the GSA’s announcement of the award for its SSP program. As we prepared to go to press with this issue of re:ID, the award was finally announced. The consortium of companies led by EDS was selected for the five-year. $66 million deal.
By Marisa Torrieri, Contributing Editor
Now that federal agencies are invested in the planned government-wide issuance of highly secure, interoperable smart card IDs, actually implementing the new system remains the biggest practical and technological hurdle.
"The card is only the first stage," says Randy Vanderhoof, executive director of the Smart Card Alliance. "There’s a whole other phase – accessing the physical access control systems and integrating the smart card into the logical security and PKI infrastructure that many of the agencies operate."
The 40-page proposal’s recommendations fall short of endorsing highly secure contactless ID chips
By Marisa Torrieri, Contributing Editor
State governments may be fuming over the Real ID Act’s tight implementation deadlines and a lack of federal funding, but smart card developers are taking issue with its security requirements – or lack thereof.
On March 1, the Department of Homeland Security filed a notice of proposed rulemaking for the “Real Act of 2005,” which sets forth minimum document requirements for driver license and identification card issuance for United States citizens. This most recent revision pushes the deadlines back for states to start issuing these driver licenses.
Near field communication is still, technically, in its infancy, but it’s gaining a good head of steam as illustrated by this year’s edition of CardTech / SecurTech event. The show is being held May 15-17 at the Moscone Center in San Francisco. Bill Rutledge, CTST program director, projects a 15% increase in attendance over 2006 figures for the SourceMedia Conferences and Exhibitions event.
Why go? "There's a lot going on in security and on the payment side," said Mr. Rutledge. "For people in the payments industry, there's a lot to be aware of. On the security side, the big effort now is on protecting data and managing identity."
Solutions like that from Parcxmart can save municipalities money and increase customer convenience
By Ryan Kline, Contributing Editor
Since the conception of the on-street single-space parking meter in Oklahoma City, Oklahoma by Carl C. Magee in 1935, people have been reaching deeper into their pockets to feed the meter. But in a world where non-cash payments have become the norm, many believe the time has come for parking meters to dispense with the coins. There are nearly 500 million in the United States alone, so the challenge is great but so too is the opportunity. If every parking meter in the U.S. collected just $2 per day, the gross revenues for a single day would reach a staggering $1 billion.
Andy Williams, Contributing Editor
With Canada and Mexico rapidly moving towards EMV deployment, witness the world’s largest player in the credit card market, the United States, left out in the cold. Some say it’s not a matter of if, but when, the U.S. will implement EMV. One reason: once its northern and southern neighbors are EMV-complaint, crooks may find much easier pickings in the U.S.
Central and distributed issuance options, facial recognition, and secure ID management has led 32 states to solutions from Digimarc
Andy Williams, Contributing Editor
With Real ID Act regulations lurking somewhere around the corner, secure ID management provider, Digimarc, is well-positioned to help states comply with the new requirements. The fact that the Oregon-based company is already in more than two-thirds of U.S. state driver license offices certainly gives it a leg up as well.
In its eleventh year, the Sesames Awards has become a key part of the industry’s leading event, the annual CARTES smart card and identification conference. Sesames honors innovations and application achievements within the chip card industry. As 2006 was coming to a close, an international panel of judges active in the industry selected the individual recipients from 203 companies that applied for the ten Awards.
GSA seeks new vendor for managed services
By Chris Corum, Executive Editor
The Government Services Administration (GSA) was instrumental in the federal agencies’ successful compliance with last year’s October 27 deadline for PIV card issuance. That is because the GSA’s HSPD-12 Managed Services Office (MSO) actually issued the cards for 39 contracted agencies. It is outsourcing at the federal level–agencies heads not wishing to handle their card issuance and HSPD-12 compliance internally can hire an outside entity to do it for them. And that is precisely what the MSO is there for.
In 2004, a significant challenge faced the physical security industry. An important government directive was signed by President George W. Bush requiring all government agencies to comply with a strict identification standard. That mandate, HSPD-12, required the use of smart card technologies that were still under development.
By Jose Diaz and Nesic Dragoljub, Thales e-Security
The current needs and demands for authentication and identity management show huge variations around the world. One thing that is common across all regions, however, is the ever-increasing requirement to prove that you are who you say you are in the face of rising security threats, such as fraud and phishing. According to CIFAS, the UK's Fraud Prevention Service, the number of victims of identity theft was up by 19.91% (at 67,406) compared to 2005. To combat this crime and secure against wider identity theft threats, there are several technologies that strengthen authentication security, some of which have already been deployed and are showing signs of success in the fight against fraud.
By Chris Corum, Editor
Security at the Pentagon is in the capable hands of the Pentagon Force Protection Agency (PFPA) but now there is something else in their capable hands … Corestreet’s PIVMAN. The PFPA officers will use the handheld identity verification units to authenticate individuals via their FIPS 201 compliant ID cards.
“The first order was for 90,000 privileges under management and 100 (handheld) units,” said Chris Broderick, Corestreet CEO. “This represents the largest transaction to date and the first flagship installation.”
By Chris Corum, Editor
The Government Services Administration (GSA) was instrumental in the federal agencies’ successful compliance with last year’s October 27 deadline for PIV card issuance. That is because the GSA’s HSPD-12 Managed Services Office (MSO) actually issued the cards for 39 contracted agencies. It is outsourcing at the federal level–agencies heads not wishing to handle their card issuance and HSPD-12 compliance internally can hire an outside entity to do it for them. And that is precisely what the MSO is there for.
By Chris Corum, Editor
Transportation workers will soon be carrying the first TWIC cards and they will not be delayed getting into transport facilities by a contact chip and PIN number. That is because TSA officials have decided that contactless is the only way to go for everyday TWIC use. But the readers have not yet been defined … so while a new working group does its thing, use of the new cards will be limited.
Contactless was the original plan since the project was announced after 9-11 and the initial prototype phase contract was awarded to BearingPoint back in August 2004. But contactless temporarily got bumped in the spring of 2006 when TWIC officials determined that they needed to more closely follow HSPD-12 and its decision to require a PIN to unlock the biometric.
Keeping track of the bad cards–those that were printed but never issued–is just as important as tracking the good cards when managing your ID card system.
For John Ekers, Fargo Electronics' director of product marketing for software and services, it has become something of an evangelization issue.
By Andy Williams, Contributing Editor
Even though the Hong Kong ‘territory-wide’ Smart Identity Card project went live three years ago and even though it is issuing some 8,000 cards a day, it's still going to take until April next year for every eligible citizen to receive the upgraded smart cards.
About five million smart cards have been issued so far to citizens 11 and above, out of a population of nearly seven million, according to Pieter Hoogendoorn, business manager for ACI (Applied Communications, Inc.) Worldwide, a UK company that provides card management solutions the program.
By Andy Williams, Contributing Editor
A new generation of the Department of Defense’s (DoD) Common Access Card (CAC), the most prevalent identity smart card in the U.S., is about to hit the market. Just how many CACs have been issued since its inception in 2001? To put it in perspective, enough to provide one to each of the State of Michigan's 10.1 million residents.
With the Oct. 27 deadline for federal agencies to have their IDs comply with a presidential mandate to issue secure and interoperable federal credentials (HSPD-12/FIPS 201), the DoD is set to roll out its most ambitious card yet.
State Department rolls out citizen issuance though controversy still surrounds the project
By Marisa Torrieri, Contributing Editor
In spite of a summer of criticism that included a prominent researcher’s much-talked-about EU e-passport cloning demo, the U.S. State Department issued the first e-Passports and e-Passport readers.
Production began in late August at the Colorado Passport Agency and will expand to 17 other passport-issuing facilities throughout the United States in coming months.
By Andy Williams, Contributing Editor
Meet PIVMAN, a handheld ID-verification device that doesn't need a network connection in order to work. CoreStreet, calls its new product, "the first visible end user application to take advantage of smart cards" that have been issued to verify personal identity. It's also assuming super hero status thanks to a Spider Man-like comic book produced by CoreStreet to tout PIVMAN's many strengths.
Planning for change and growth via the chip management system
By Cath Rawcliffe, head of eID at ACI Worldwide
When the United Kingdom first announced plans for a national, mandatory ID card scheme, little could they have suspected they were opening a political Pandora's box. A debate has raged both in the British Parliament and press on the relative rights and wrongs of compulsory ID cards.
Now that the dust is beginning to settle, it is apparent that e-ID is fast becoming a reality in the UK. It is now time to concentrate on delivering a robust and cost-effective solution that will ensure that the taxpayer's money will be put to best use. For a successful rollout of such a large scheme, it is vital for UK's Government to start considering the challenges and pitfalls involved in living with the ID card.
Banks, service providers confused by organization’s attempt to clear up confusion
By Marisa Torrieri, Contributing Editor
Should a small, mom-and-pop bank start issuing one-time-password tokens? What are the penalties if it doesn’t? And will the bank’s beefed-up security system get the thumbs up when the bank auditor rolls around in January for a regular inspection? These are the types of questions many hoped to find answered in the newly released “Frequently Asked Questions (FAQ) on FFIEC Guidance on Authentication in an Internet Banking Environment” document issued by the Federal Financial Institutions Examination Council (FFIEC). For most, however, the document left more unanswered than answered questions.
Smart card and identification technologies on display for the world to see at the industry’s biggest and best event
What's in a card? Well, apparently plenty, judging from what's ahead at this year's CARTES scheduled for Nov. 7-9 in Paris at the Paris-Nord Villepinte Exhibition Centre.
"An 'Innovative Card Design' Exposition will disclose the latest card shapes, design, colors. You will discover how different a card can be," said CARTES General Commissioner Sophie Lubet.
A massive effort but one that could bring equally massive returns
By Chris Corum, Executive Editor
The nation saw first-hand the need to identify critical personnel in disaster situations in the days and weeks following 9-11 and Hurricane Katrina. “After Katrina we had 6000 doctors driving boats while people went without care simply because we couldn’t validate their credentials,” says Tony Cieri, Senior Advisor the Department of Homeland Security. And following 9-11 the challenge of getting the right people inside the perimeter while keeping others out was well publicized.
By Andy Williams, Contributing Editor
Lots of questions … too many places to go to seek answers. Wanting to lend assistance in solving that problem is a key purpose behind a new consortium established to help integrators and federal agencies deal with the many nuances of HSPD-12 compliance. Called, predictability enough, the HSPD-12 Interoperability Consortium, it was founded by smart card, authentication and encryption solutions provider SafeNet and now includes eight other companies, some of them SafeNet competitors.
By Andy Williams, Contributing Editor
Tired of the misinformation being pushed by the media, privacy groups and others regarding smart card technology–in many cases getting it confused with RFID–five organizations have decided to pool their resources in an attempt to set the record straight.
The simple mission of the Secure ID Coalition, which includes some of the largest chip and smart card producers--Texas Instruments, NXP (formerly Philips Semiconductors), Infineon, Gemalto and Oberthur--is to "promote the understanding and use of smart card technology" for physical and logical access "while maintaining user privacy," according to the coalition's new website.
The window is closing on HSPD-12/FIPS 201 compliant ID cards that federal agencies must begin issuing by October 27. Plenty has been written about the type of card, the biometrics that must be on the card, how big the chip should be … and there is an approved product list from the General Services Administration (GSA) for most aspects of the new federal ID card … but what's not on the list yet is a printer to produce the cards. What about actual card production?
Are displays for smart cards finally more than just talk?
Marisa Torrieri, Contributing Editor
It’s your credit card … spiked with something extra … a thin, flexible display with a readout similar to that of a calculator. But you don’t just make transactions with this card. With this baby you make them two-factor style, fusing something you know (your card number), with something you definitely have in your possession (your card).
For more than 20 years, Assistance League® of Las Vegas has promoted volunteerism, dedicated to meeting the needs of its community. Part of the National Assistance League®, the organization’s 292 volunteer members logged over 32,000 volunteer hours last year in support of philanthropic projects.
13.56 MHz contactless cards improve flexibility and security for access control
By Chris Corum, Executive Editor
Contactless technology facilitates multiple applications and services from a single card, but Erik Larsen, Product Manager of Identity Solutions for Lenel Systems International, stresses that another advantage is equally crucial for card issuers. “Contactless lets you take control of - and secure - the data on your cards,” he says, “something proximity technology just doesn’t do.”
By Marisa Torrieri, Contributing Editor
Sure, One-Time-Password (OTP) devices are cumbersome. But hackers are relentless and pervasive. What’s a U.S. bank with fussy consumers to do? One answer: in lieu of a dedicated OTP apparatus, issue credit cards with ultra thin batteries, specially designed for insertion into cards, and capable of driving powerful transactions … such as generating numeric passwords ala OTP.
Variety of cards and technologies facilitate current border crossings but will they will be accepted if and when the PASS Card arrives?
By Andy Williams, Contributing Editor
The jury is still out on whether the other border crossing cards currently in use will serve as a substitute for the proposed PASS Card. The launch is currently mandated for Jan. 1, 2008, though pending legislation could delay this start. The Department of State is reportedly examining existing border credentials to see if they would meet the requirements of the Western Hemisphere Travel Initiative.
By Andy Williams, Contributing Editor
Even while two U.S. departments–State and Homeland Security–ponder PASS Card issuance, two U.S. senators have entered the fray, successfully pushing amendments that, if passed, would delay implementation of the controversial border crossing card for 17 months.
PASS, which stands for People Access Security Service, is a proposed card designed to meet the Western Hemisphere Travel Initiative (WHTI) requirements, which mandates that by Jan. 1, 2008, anyone entering the United States, including U.S. citizens, have travel documents that prove their identity and citizenship. It was first unveiled in mid-January by Secretary of State Condoleezza Rice and Department of Homeland Security Secretary Michel Chertoff.
Federal bodies approving contractors' wares, with little time to spare
By Marisa Torrieri, Contributing Editor
Where FIPS 201-compliant smart cards are concerned, summer’s hot and anything but lazy. The U.S. government is taking action on several fronts to help federal agencies get Personal Identity Verification (PIV) card systems in place. From giving the thumbs up to smart card parts contractors to testing contractors’ wares, all of the pieces are coming together, with Oct. 27 looming. That’s the deadline set for federal agencies to issue new, interoperable smart cards based on the FIPS 201 specification to all federal employees.
NIST outlines requirements for today and tomorrow
By Marisa Torrieri, Contributing Editor
Cryptography requirements will create new challenges for federal agencies and vendors working on FIPS 201-compliant personal identity cards. Whether you’re starting out today, or looking toward future implementation, the National Institutes of Standards and Technology (NIST) staff member Donna Dodson emphasizes that stakeholders need to plan four to five years out.
SP 800-76 gives agencies some flexibility, but requirements still daunting to many
By Marisa Torrieri, Contributing Editor
It wasn’t too long ago that biometrics seemed like an expensive proposition that would only work in sci-fi movie plots. But today, the technology that measures human physical and behavioral characteristics for authentication has come a long way. And in the United States, millions of federal government employees and contractors will be in touch with the technology soon. That is because federal agencies are required to include fingerprint-based biometric data on the new IDs mandated by HSPD-12.
SAFE BioPharma's secure signatures to be adopted by more docs in coming year
By Marisa Torrieri, Contributing Editor
Expect to see an influx of doctors using digital signatures in lieu of cumbersome paper-pen-fax combinations to authorize medical care, services and prescriptions. Using public key infrastructure (PKI) with certificates held on a smart card, USB fob, or other hardware token, a new identity standard for the medical community is taking hold.
By Marisa Torrieri, Contributing Editor
While some countries continue to debate national ID cards, citizen smart card initiatives in some European countries are well underway. Technology players are working to secure contracts to provide services to card-holding citizens, many with an eye on what’s happening in Belgium – the European nation that is seen as the model for smart-card deployment.
By Marisa Torrieri, Contributing Editor
The Oct. 27 deadline is right around the corner, and federal agencies are scrambling to implement smart cards to comply with Homeland Security Presidential Directive (HSPD) 12. But for Shared Services Providers who provide the Public Key Infrastructure (or digital certificates) for Personal Identity Verification (PIV) cards, the game has only just begun.
Broader tests involves new round of first responders and security technologies
By Marisa Torrieri, Contributing editor
The Office of the National Capital Region and the Department of Homeland Security will host at least three additional interoperability tests over the next five months, now that the first major test of smart-card interoperability for the nation’s first responder community panned out successfully.
By Andy Williams, Contributing Editor
Operating under a "hurry up and wait" scenario, states have been scrambling since last year to determine how they're going to comply with the Real ID Act passed in May 2005. The act is broad enough that states aren't really sure what will be required of them to make their driver licenses and ID cards Real ID Act-compliant. But if their residents don't have such licenses, they could be denied entry to federal facilities and commercial aircraft.
HSPD-12 mandated ID cards will be ready for new federal employees by October
By Marisa Torrieri, Contributing Editor, AVISIAN Publishing
Come mid-Autumn all new federal employees can expect to be issued a state-of-the-art smart card capable of granting secure access to designated buildings and services.
However, it may be several years before every single existing federal employee gets new powerful plastic with standardized high-security specs, say the agencies in charge of developing the card in accordance with the Homeland Security Presidential Directive 12 (HSPD-12).
By Sara Pralle, Contributing Editor, AVISIAN Publications
Increased airport security since 9/11 has led to a frustrating flying experience for many travelers. While few deny the need for safeguards, frequent flyers desperately want a means to avoid the lines and the hassle these security measures have created. Enter the Registered Traveler program, initiated by the Transportation Security Administration (TSA), but now operated by the private sector. From the initial launch in Orlando, a handful of other airports have signed on and creative ways to expand the issuance opportunities are coming to fruition.
By Marisa Torrieri, Contributing Editor, AVISIAN Publications
At least this year, many U.S. consumers aren’t ready for one-time-password (OTP) generators or smart cards. So like the medicine maker that tricks kids into getting better by concocting fruit-flavored, cartoon character remedies, a number of digital security vendors are tucking authentication into the devices Americans know and love – Blackberries and mobile phones.
By Erik Peterson, Contributing Editor, AVISIAN Publishing
The United States government plans to begin issuing e-passports – a new version of the passport containing a contactless chip and biometric security -- to the American public at the end of 2006. This announcement accompanies the commencement of a mid-January 2006 pilot program in which diplomats were issued the new passports.
For a couple of years, it looked as if SecurTech was going to overtake the CardTech portion of the annual conference in terms of numbers of participants, but with last year's rollout of contactless payments by the big three card issuers, the pendulum is swinging the other way.
"It used to be we were split 50-50, now we're 70% financial, 30% security," said Bill Rutledge, program manager for SourceMedia which is producing the 16th annual CardTech/SecurTech Conference May 2-4 at the Moscone Center, San Francisco, Calif.
Physical security workhorse begins giving way to contactless as price cuts and multi-technology readers eliminate hurdles
By Chris Corum, Executive Editor, AVISIAN Publishing
You can do more – and you can do it more securely – with contactless than you can with proximity. Few would argue with this statement, yet each year proximity technology continues to outsell contactless in the North American security markets. But new products, attractive pricing, and better market education are turning this tide, making contactless the technology of choice for many professionals charged with securing their physical and logical enterprise.
By Andy Williams, Contributing Editor, AVISIAN Publishing
Bankcard issuers wanting to set themselves apart from others may opt for a different form factor than the same old, standard credit card. Axalto's new SmartFob is a surefire differentiator … and that is certainly one of the reasons it grabbed last year's Sesames Award from CARTES for best new hardware.
Both groups look to open algorithms to make online authentication easier and more secure
By Marisa Torrieri, Contributing Editor, AVISIAN Publications
The good thing about strong authentication is that the technology measures up to the hype. The problem is most organizations don’t want to invest in anything but the minimum needed to beef up security, say manufacturers of multi-factor authentication and the advisors helping them market their goods.
Tests include newly-issued documents from New Zealand and Australia
By Andy Williams, Contributing Editor, AVISIAN Publications
Global electronic passport usage moved ahead as trials got underway in San Francisco in January, following similar tests at Los Angeles International Airport last year. This latest multi-country test -- involving New Zealand, Australia, Singapore and the U.S. --revolves around a contactless chip-enabled passport that is expected to increase security for those entering the U.S. while speeding up entry procedures. Participants include citizens of Australia and New Zealand who have already been issued the new e-Passports, as well as Singapore Airlines crewmembers and U.S. diplomatic e-Passport holders.
Government-issued IDs flourish as private-sector security token
By Marisa Torrieri, Contributing Editor, AVISIAN Publications
In some parts of the world, the acceptance of token-based authentication is slow and requires prodding from service providers, but in Hong Kong the use of smart cards and tokens is flourishing as consumers use the technologies for digital banking and other services.
By David Wyld, Contributing Editor, AVISIAN Publications
When visitors step up to the gates of the four Disney World theme parks, the Magic Kingdom, Epcot, Animal Kingdom, or the MGM Studios, they will encounter something unexpected and largely foreign to them. Disney has embarked on a program to use an established biometric technology – finger geometry – to secure its valuable passes. Ostensibly, this new security is for the benefit of the pass owner. However, it is also being implemented to secure Disney’s pricing structure and marketing strategy. It has not come without controversy – and at least a bit of confusion.
Higher cost and lower market demand slows the adoption of PVC’s biodegradable rival ... for now
By Marisa Torrieri, Contributing Editor
It sounds corny to some, but the latest card en route to consumers’ wallets promises the same durability of traditional petroleum-based (PVC) cards without using up one of Earth’s most valuable and dwindling resources ... oil.
Holding company, StepNexus, readies the OS for broader application
By Erik Peterson, Contributing Editor
At the close of 2005, Keycorp Ltd. united with Hitachi Ltd, MasterCard International and Oak Hill Venture Partners in a joint venture to develop the MULTOS smart card operating system (OS). Keycorp’s 18 percent stake in the new company amounts to $2.41 million. Hitachi will also take an 18 percent stake, MasterCard is set for 20 percent and Oak Hill will provide the remaining 44 percent.
By Andy Williams, Contributing Editor
With the land border crossing deadline rapidly approaching, there is still no clear consensus on what identity documents will be acceptable for those frequent travelers between Canada, Mexico and the U.S. Now, added to the mix is the recently announced PASS card that is already under fire.
Until recently, it appeared that it would take a passport to get into the U.S. – even for citizens of Canada and Mexico … and even for returning U.S. citizens. While this may not seem like a major issue to some, consider this: residents in border towns in New York, Michigan, Washington, Texas, etc. frequently cross international borders to shop and socialize and less than a quarter of the U.S. population currently has a passport.
From simple to complex, financial institutions have a bounty of choices
By Marisa Torrieri, Contributing Editor
What kind of value will a financial institution get for its investment in strong authentication? For FIs, it’s become a burning question, thanks to federal guidance that recommends they boost the strength and security of their online banking systems by the end of 2006. In response, a growing number of tech vendors are rolling out highly sophisticated products.
By Sara Pralle, Contributing Editor
ActivCard®, a leader in digital identity assurance, recently changed its name to ActivIdentity™ in an effort to reflect the migration from its initial focus on card-based solutions to its current focus on a wide range of identity solutions. “The timing couldn’t be better,” Julian Lovelock, the company’s director for the Financial Services Group, told SecureIDNews. “The market as a whole is understanding the identity management concept now.”
By Andy Williams, Contributing Editor
Opposition is building against the Real ID Act requirement that, among other things, forces states to standardize driver licenses. Many at the state level fear that the under-funded, aggressive mandate will be overly burdensome and difficult to meet. At least one coalition of privacy-concerned groups fear the new rules, in development now, could force states to include RFID chips on their driver licenses.
In 2006 a great new feature section will appear in each and every issue of SecureIDNews. Our new Physical Security Corner will explore key issues related to the changing security landscape. Physical security is no longer a standalone “silo” within an organization … it is a vibrant, essential component with enterprise-wide implications.
Key themes running through this recurring feature article will be identity and convergence. That is because these are among the most significant defining features of the modern security landscape. Thus it seems fitting that we explore these two concepts for this inaugural installment of our Physical Security Corner.
Speed, convenience and quicker reimbursement all add up to a successful launch of the WIC smart card program in Texas. WIC, a federal program begun in 1974, stands for Women, Infants and Children and provides participants with nutritious foods, counseling, and referrals to health and other social services at no charge. The program serves low-income pregnant, postpartum and breast-feeding women, and infants and children up to age 5 who are at nutrition risk.
By Ken Warren, Smart Card Business Manager Europe, Cryptography Research
The primary reason for smart card technologies growing success in the marketplace is simple – security. Smart cards are self-contained security units that can provide unparalleled barriers to fraud and piracy. But what if they were actually discovered to be insecure? Even worse, what if attackers could unobtrusively defeat a smart card’s security using inexpensive equipment? Would governments, businesses, and consumers continue to rely on them for critical transactions?
Financial houses strengthen authentication with challenge questions, phone authentication and other means of outsmarting hacker sleuths
By Marisa Torrieri, Contributing Editor
Bank of America’s answer to the new federal guidelines isn’t a biometrics apparatus that detects a legit banker’s paw print or a hardware token that generates passwords on the fly. For now, it’s much simpler.
Forget fingerprints. A Toronto, Ontario company wants the whole hand involved. And it's not talking palm prints. It wants to identify the blood vessels in your hand.
Identica Corp. has linked its Universal Controller with a hand vascular scanner manufactured by a Korean company. The result is a biometric access control mechanism solution that it claims is accurate, fast, and non-intrusive for users.
Andy Williams, Contributing Editor
Some 100,0000 smart cards with optical stripes have been delivered to the States of New Delhi and Gujarat in India as part of the first phase of the country’s vehicle registration program. According to the supplying company, Luxembourg-based Gemplus, this will likely be the largest drivers license/vehicle registration project of its kind. With 100 million cards anticipated during the next five years, it’s going to be hard to top.
The pinstriped lines of barcodes past are going the way of the vinyl LP – at least for many applications. Instead of the staid black-and-white bars, you are likely to find a chaotic looking area of scrambled dots. Thanks to the advances in tracking technology, barcodes have come a long way since their introduction in the early 1950s.
By Marisa Torrieri, Contributing Editor
Today, most corporate banks in the U.S., Europe and Latin America use two-factor authentication techniques to minimize security risks. But soon, your average, ATM-carrying Joe will join them, as a new breed of products offering amplified security hit the mass market.
Federal guidelines not mandatory, but highly recommended for financial houses that want to stay in their examiners’ good graces
By Marisa Torrieri, Contributing Editor
Expect to see more U.S.-based financial institutions shelling out big bucks to revamp static security systems. New guidelines put out last month by the Federal Financial Institutions Examination Council (FFIEC) call for banks to incorporate new, secondary secure-ID technology by the end of 2006. The reason, says an FFIEC spokesman, is to better ensure the security of customers’ financial data.
By Marisa Torrieri
Contributing Editor, AVISIAN Publications
Those waiting for the ‘California Gold Rush’ to RFID and contactless-enabled ID cards will have to cross their fingers and sit tight. Come January 1, a new bill barring wireless identification technology in government-issued IDs, authored by California Senator Joe Simitian (D-Palo Alto) will hit the state’s legislative floor. Should the bill pass, it would place a three-year moratorium on the use of RFID (and related technologies such as contactless smart cards) in driver licenses, K-12 ID cards, library cards, and health cards. Additionally, it would require costly and according to some, less-than-necessary, security additions to all cards.
Smart Card Alliance and Security Industry Association both working to educate and impact federal government smart card efforts
With about a year remaining before federal agencies have to comply with the FIPS 201 standards, the Smart Card Alliance has come forth with a 43-page white paper describing some of the issues involved and the work that remains to be done. It’s called: FIPS 201 and Physical Access Control: An Overview of the Impact of FIPS 201 on Federal Physical Access Control Systems and is available at the SCA web site.
By Dee Ann Kuhn
Contributing Editor, AVISIAN Publications
There’s nothing more appealing to frequent fliers than a line that stretches less than a corridor’s length for security check-in. Add to the mix an opportunity to avoid a secondary security sweep and, chances are, your day just got a whole lot better. This utopia became a reality for a select group of travelers – 10,000 to be exact – when in 2004, the Transportation Security Administration, under a directive from its parent, the Department of Homeland Security, launched its Registered Traveler pilot program.
When Omaha, Nebraska-based West Corporation needed to update and standardize a mix of security systems at 31 locations without ripping everything out and starting anew, the company turned to AMAG Technology, Torrence, Calif.
By Marisa Torrieri, Contributing Editor
You’re on the eleventh floor of your hotel and the fire alarm sounds. Everybody freaks out. Is the fire as real as the alarm is loud? How on earth will you find the nearest exit? Why aren’t there little lights to guide you? There is chaos and confusion – not just among the guests but among building managers dealing with multiple systems.
Such a scenario is typical with most commercial facilities, where numerous different electrical and wireless systems, from smoke detectors to lighting systems, don’t work in sync. Enter ZigBee.
By Dee Ann Kuhn, Contributing Editor
Drivers in Las Vegas no longer need to scrounge around for change to load parking meters thanks to a new system that enables drivers to pay their parking fees and avoid parking tickets using their mobile phones. Irvine, Calif.- based Reino Enforcement Technologies has deployed 15 multi-space parking meters, covering 150 on-street parking spaces in downtown LasVegas equipped with micropayments technology. The mPARK service enables motorists to register their credit card information and mobile phone number via a toll-free phone service or over their website. That information is then used to deduct meter fees and notify users 10 minutes prior to their meter expiring via a mobile phone text message. Registered users then have the option of reloading money onto their accounts via their mobile phones.
By Andy Williams, Contributing Editor
Terrorist threats, disintegrating national borders, globalization … A myriad of causes have prompted governments around the world to take a closer look at the need for a national identification card. Indeed, some countries are moving forward but citizen’s privacy concerns have prevented most large countries from progressing on national ID systems. Recent bombings in London, however, may be a significant catalyst to push a national system through in the United Kingdom.
It is quite possible that the first biometric reader that you will “own” will include a sensor from a company called UPEK. That is because the Berkeley, CA-based company is having exceptional success convincing consumer electronics manufacturers to integrate silicon biometric sensors into their laptops, PDAs, and mobile handsets.
Nearly everyone knows that fingerprints are unique but fewer know that fingerprint biometric readers are very different as well. Most people are familiar with the more common optical biometric readers from Hollywood’s portrayal of biometrics in film and television. But fewer know of the rapidly growing use of silicon-based fingerprint sensors. The significantly smaller size requirements of these newer sensors are bringing biometric security to laptops, PDAs, mobile phones, and even ID cards.
By Andy Williams, Contributing Editor
With a process as easy as sending a text message via your mobile phone, digital signing has taken a huge leap forward in Finland, thanks to backing from the Finnish government and Elisa, the country's second largest mobile network operator.