Promoting the security and reliability of smart cards, the Smart Card Alliance is urging states to consider using this technology when it comes time to issue new driver’s licenses to comply with the Real ID Act. To back up this premise, the alliance has issued a white paper, available as a free download, titled “Why Real ID Cards Should Be Based on Smart Card Identification Technology,”
PRINCETON JUNCTION, NJ – State governments should strongly consider using smart card technology to comply with the requirements of the federal REAL ID Act, the Smart Card Alliance Identity Council states in a new position paper. The reason: smart cards are highly secure, privacy-sensitive and reliable, advantages that have been proven in numerous existing ID programs worldwide.
“Considering all of the requirements of the REAL ID Act, and the importance of protecting our country from terrorist acts, smart cards represent the most realistic, proven and reliable technology for verifying the identity of individuals while also protecting their vital personal information,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “We created this position paper to set down in one place all of the advantages smart card technology would bring to the states issuing driver’s licenses to comply with the REAL ID Act.”
The paper, entitled “Why Real ID Cards Should Be Based on Smart Card Identification Technology,” explains the advantages of using smart cards as the underlying technology for driver’s licenses issued to comply with the REAL ID Act, advantages that are already accepted by the federal government in numerous programs currently underway. These include the Personal Identity Verification (PIV) card for federal employees and contractors, the U.S. ePassport and the Department of Homeland Security’s Registered Traveler and Transportation Workers Identification Credential (TWIC) programs.
The REAL ID Act of 2005 stipulates that federal agencies cannot accept a driver’s license or any other state-issued card for identification purposes after May 11, 2008, unless the state meets the requirements of the Act. These include verification of supporting documentation for ID issuance, use of a common machine-readable technology in the IDs and use of physical security features designed to prevent tampering, counterfeiting or duplication for fraudulent purposes. To meet these goals, smart cards have a number of advantages over other ID and authentication technologies, such as magnetic stripe, printed bar code, optical, or radio frequency identification, including:
– Strong authentication of identity. In order to authenticate the cardholder to the identity document, smart card technology provides support for both personal identification numbers and biometrics, as well as other features for visual identity verification.
– Strong ID credential security. Sensitive data can be encrypted both on the smart card and during communications with the external reader. Digital signatures can be used to ensure data integrity and to authenticate the card and the credentials it contains, with multiple signatures required if different authorities create the data.
– Strong ID card security. When used with other technologies such as public key cryptography and biometrics, smart cards are almost impossible to duplicate or forge. Data stored in the chip can’t be modified without proper authorization (a password, biometric authentication or cryptographic access key).
– Strong support for privacy. The card’s unique ability to verify the authority of the information requestor and its strong card and data security make it an excellent guardian of the cardholder’s personal information. Information embedded on the chip can be protected so that it cannot be surreptitiously scanned, skimmed, or obtained without the knowledge of the user.
Another important advantage is that smart cards can be used for offline identity verification, when no access to a system or remote database is possible, by using the computer built into the card itself. This is an essential capability to improve the security of using driver’s licenses as Real IDs, since there are so many situations where law enforcement officials must verify an identity and authenticate a card. The flexibility built into smart cards creates additional application possibilities, including their ability to secure Internet-based services. This means that Real IDs could be used for identity verification, e-authentication and digital signatures in a variety of government applications, improving the efficiency of government agencies while better protecting privacy.
Membership in the Smart Card Alliance includes a wide range of identity technology providers and end users from all industry segments. Organizations contributing to this position paper include: Gemalto, Identification Technology Partners, Integrated Engineering, nCryptone, Philips Semiconductors, Saflink, Texas Instruments, Viisage, Unisys and Visa Canada.
The paper is available free of charge and may be accessed from the Smart Card Alliance web site: www.smartcardalliance.org.