Government agencies moving to smart cards
By Dave Adams
According to the Treasury Board of Canada Secretariat, the country envisions a federation of organizations that trust each others’ assurances of identity, so that government can operate in an environment that supports the use of client-chosen credentials provided by multiple providers across multiple jurisdictions, through multiple service delivery channels, irrespective of the technology used.
By Dave Adams
The best way to assure identity in this way is through the use of high-frequency contactless smart cards that support strong authentication methods. Now, Canadian government and commercial entities alike can deploy smart card programs with the aforementioned levels of flexibility and choice thanks to the hundreds of millions of dollars that have been invested in the U.S. government’s Federal Information Processing Standards Publication 201 (FIPS 201) program.
The U.S. Federal Government accelerated its move to smart cards during the mid-2000s, and now other countries are taking note. Following the U.S. issuance of Homeland Security Presidential Directive 12 (HSPD-12), the country’s National Institute of Standards and Technology released Federal Information Processing Standards Publication 201 (FIPS 201), which defined the identity vetting, enrollment and issuance requirements for a common, highly secure identity credential. As U.S. federal agencies began deploying solutions, these efforts attracted international attention and FIPS 201 is now under consideration for government, public safety and critical infrastructure personnel in other countries, as well.
FIPS 201 standards are also spreading beyond Federal agencies into the government contractor and commercial spaces. Two additional credentials have been defined – the Personal Identity Verification-Interoperable (PIV-I) card for government contractors, and the Commercial Identity Verification (CIV) card for commercial users – with the goal of taking advantage of the infrastructure created by the Federal government’s PIV program. The CIV credential delivers cost savings for commercial entities and the flexibility to choose from a long list of compatible and interoperable products. It is the commercial equivalent of PIV-I, bringing a proven method for strong authentication using PKI at the door.
An existing physical access control system (PACS) must be modified to support the use of these credentials. Migrating to these credentials needn’t require a wholesale rip-and-replace system upgrade, though. Any upgrade should maximize reuse, support multiple PACS and ensure that both PIV-I and CIV credentials can be used.
Such an upgrade to meet these goals can be achieved with just two changes: replace existing card readers with PIV-enabled readers, and insert an authentication module between the reader and door controller. These modifications accomplish the task, and a validation server provides centralized control of assurance level settings and the distribution of validation data. This is the model HID has developed for its customers. There is no modification or replacement of any non-reader component in an existing PACS.
Issuance of PIV cards is virtually complete in the U.S. and agencies are now turning their attention to identifying and implementing PACS changes to utilize these credentials for access control. Meanwhile, the technology is also available to other countries, which are now evaluating it as a robust solution for their own government, public safety and critical infrastructure personnel, and to commercial users, who similarly now have a cost-effective upgrade approach for augmenting existing panels and door controller functionality to provide strong PKI based validation at the time-of-access.
Dave Adams is the senior director of product marketing with HID Global.