Government ID, Smart Cards, Identification and Authentication

New PLAID draft available

Friday, May 7, 2010

Standards Australia is seeking comments on the latest version of its Protocol for Lightweight Authentication of Identity (PLAID) logical smart card application.

PLAID defines a standardized authentication protocol resolving some of the issues with poor cryptography, privacy, speed and other issues with contactless smart cards. The standard is capable of transitioning older Weigand-based solutions to modern solutions without relying on re-cabling, PKI, or anything other than commercial off-the-shelf smart cards, readers and public domain cryptographic libraries.

The intellectual property for PLAID is freely available to any manufacturer, government or other party under an irrevocable license from the Australian Commonwealth. The full specifications, licence reference, source code and testing tools are available here. Steps are underway to standardize PLAID for Australian and International standards at which point the intellectual property will be assigned to those bodies.

PLAID was developed within an Australian Government smart card project operated by Centrelink, an agency responsible for the broad provision of social services in Australia. Centrelink has a very large footprint with more than 300 offices and 30,000 desktops needing secure, private, smart card based authentication for both logical and physical access using contactless protocols.

Centrelink implemented a centralized, role-based ID management system some nine-years ago and is transitioning this system to support contactless smart cards which gave rise to the PLAID project.

The draft and incoming comments can be viewed here.

Additional information on the specification is available here[end] 

Related Articles
DigitalPersona announces new enterprise version release

DigitalPersona announced the release of a new version of its Pro Enterprise software solution, version 5.2.

Among the aspects of the new version DigitalPersona is touting are the extensive number of factors a company utilizing the solution can use to authenticate for access to sensitive information or secured computer stations. These factors include what a user knows, such as PINs or passwords, things you have, such as smart cards, contactless identity cards or Bluetooth devices, and things you are, such as fingerprints.

read more »
University of Maryland student information stored on publicly accessible computer

A state audit found that personal and financial information for students considering attending the University of Maryland were stored on publicly accessible servers that could make students easy prey to ID thieves.

read more »
ARX receives certification for network hardware security module

ARX received FIPS 201 approval from the U.S. Government’s General Services Administration on the Approved Products List for compliance for its PrivateServer network-attached hardware security module.

read more »
NIST tackling PIV, mobile ID

Numerous challenges to porting ID to handsets

Zack Martin, Editor, Avisian Publications

U.S. government smart card officials want some way to either use the PIV on mobile devices or have the mobile itself be used as the credential. If there was one item missing from the first draft of FIPS 201-2 it was that, officials have bemoaned.

read more »
ABA Task Force releases draft

The first draft of the American Bar Association Task Force Report tentatively titled “Solving the Legal Challenges of Online Identity Management” has been posted on the Task Force Web site for review and comment.

read more »
Colt licenses Cryptocard's cloud-based authentication

Information delivery company Colt has licensed Cryptocard’s BlackShield authentication-as-a-service platform to enhance its virtual desktop infrastructure with secure remote access for up to 5,000 employees.

read more »

Copyright © 2012, AVISIAN, Inc. All rights reserved.