Identifying card printers and issuance equipment for FIPS 201 cards
22 September, 2006
category: Biometrics, Government, Library
The window is closing on HSPD-12/FIPS 201 compliant ID cards that federal agencies must begin issuing by October 27. Plenty has been written about the type of card, the biometrics that must be on the card, how big the chip should be … and there is an approved product list from the General Services Administration (GSA) for most aspects of the new federal ID card … but what’s not on the list yet is a printer to produce the cards. What about actual card production?
Several companies are in the process of seeking GSA certification. One company that’s looking for GSA approval is Fargo Electronics “so we can get on their approved product list,” said John Santisteban, Fargo’s director of government solutions.
To help with the evaluation process of various vendors, the National Institute of Standards and Technology (NIST) in June allowed vendors offering total solutions or individual components that would support FIPS 201 to show off their stuff. Vendors came in and had their solutions available for agencies to view. “Our printers were being used by six other partners and we really got a lot of face time with a lot of agencies,” said Mr. Santisteban.
“There are a number of different parts relevant to HSPD-12, from enrollment, to issuance,” said Mr. Santisteban. “Our part is in the issuance area, specifically the personalization of the card.”
That involves imprinting on the card “all the individual information that’s required, such as the individual’s picture and encoding the card, including providing visual security which FIPS 201 requires,” he added.
Protecting FIPS 201 cards with visual security techniques
Protecting the card against counterfeiting can be accomplished via holographic imaging technology, said Mr. Santisteban. “When you talk about visual security; there’s covert, which you can’t see, and overt, which you can.” You could have text images that are so minute they’re visible only with a magnifying glass or special reader. “It adds an additional level of security,” he added. “With FIPS coming to the forefront, you need a tamper-proof card. That’s why there’s a requirement for visual security.”
Some of the overt visual security elements available include morphing images in which two images blend to create a third that gives the illusion of animation; a fine line design, which incorporates complex patterns that appear to be moving when viewed at certain angles; pseudo color which shows metallic tones when the card is tilted one way and true colors when tilted another; a complex background image of flowing ribbons that interact with other images on the card; and flip images which feature left/right, top/bottom artwork that appears animated when the card is tilted.
Cards with covert security include images that can only be seen with a separate device to interpret and visualize the image or text. Such peripherals could include hand-held magnifying glasses or laser pens. Two of the most common covert elements are hidden text and micro text that’s placed within a line or artwork. And then there’s nano text, viewable only under high-powered magnification.
The holographic printing process involves using reverse transfer film. “You print to a film which is then affixed to a card. You then apply a lamination over the printed image, which provides longer shelf life for the card,” said Mr. Santisteban.
“The visual security element of those holograms can be applied to the transfer film and would actually be part of the lamination. The printer that we have not only prints, but (also) encodes the card, contact or contactless. Then we print and laminate, all in one process. You start with a plain card and printing and encoding in one pass really ensures accuracy” as compared to printing in one place and encoding in another.
In-house, decentralized, and shared service printing architectures
“There’s a lot of talk about how this (card production) is going to transpire,” he added. “A number of agencies want to control the process themselves, do their own printing or in some cases, actually use a mixed environment, using decentralized and batch printing. Another option is shared services where you find agencies or an agency that would sponsor a facility that would do the card printing. The great part about this is that we can fit into either one of these models.”
He said if an agency wants centralized printing, “We’ve developed the print farm solution where you tie a number of printers together. You might have different groups in different locations. You have to ensure you have the right operators and you’re in a secure environment. As jobs come in, they can be managed from one location and it’s also easy to expand your production capability with the print farm. There’s a lot of positive value to this type of solution.”
The GSA obviously thinks so. In mid-August it announced that it had awarded a $104.6 million contract to BearingPoint, McLean, Va., to implement a shared services model. This will allow agencies in the same geographic locations to share HSPD-12 implementation services and, says GSA, reduce costs to the federal government.
“We have been working closely with the BearingPoint Security and Identity Management Group to support their HSPD-12 client requirements,” Mr. Santisteban added. “I fully expect there to be a lot of requirements for individual printers at major HSPD locations.”
While shared services can help reduce the cost of HSPD-12 implementation with federal agencies utilizing common resources for enrollment and issuance of PIV cards, agencies may still need at least one printer capable of producing ID cards because, said Mr. Santisteban, “in the real world people lose cards.” There also would most likely be a need for temporary cards.
“Mass production of cards has significant merit,” said Mr. Santisteban, “but…VIP or other visitors (also) need access, temporary contractors need passes, or other situations arise which require the capability for immediate issuance of HSPD-12 compliant cards. Therefore even agencies who will be utilizing shared services will need to acquire PIV compliant ID card printing systems to support expected requirements for immediate issuance.”
Securing access to the printer and consumables
That could lead to another issue: securing the printer at each location. That’s “critical to preventing the unauthorized printing of cards,” said Mr. Santisteban. “The significant benefit of PIV is the utilization of electronic authentication and biometrics to confirm the identity of the card holder. The reality is that most cards in the early stages will be simply used as a visual ID. Therefore, it is important to control who has access to the materials to print cards, as well as, the access to the system to print the cards.”
He said Fargo has developed “software tools” to manage the print process. One tool is Fargo’s Print Security software that, he said, “offers controls that restrict who has access to the card printer and tracks who and when cards were printed. Moreover, when coupled with the Fargo SecureVault (an electronically-locked safe), all the materials used to create a PIV card including holographic security laminates can be tracked, and audited. Better yet, the film used for printing can contain an RFID tag which will prevent it from being used in any printer but the one to which it is assigned.”
Research and evaluate FIPS 201 Approved Products and get the latest info on compliant credentialing systems at FIPS201.com. Click to visit FIPS201.com.