Details of many new governmental smart-card programmes were announced at the Smart Card Alliance’s 3rd annual “Smart Cards in Government” conference, as the growing focus on smart cards in the federal government more than doubled attendance at this year’s event.
Government agencies that announced new programme details in ID credentials and physical access control included the National Aeronautics and Space Administration (NASA), the Department of Veterans Affairs (VA) and the Transportation Security Administration (TSA). Representatives from the American Public Transportation Association (APTA), the Federal Identity Credentialing Committee (FICC) and the National Institute of Standards and Technology (NIST) presented new standards efforts that will form an essential part of the success of smart card technology in government.
NASA’s Tim Baldridge presented new details about the One NASA smart card system to be used by all NASA employees and contractors across the USA. In February 2004, NASA awarded the development contract to Maximus. The plans call for dual contact and contactless chips in a high-reliability card body, similar to the 4.5 million Common Access Cards (CAC) issued by the Department of Defense (DoD), Baldridge said. The contact portion is a 64K Java-based chip, and the contactless component is a 4K ISO 14443 Type A chip.
Special features include on-card secure key generation and a PKI certificate profile consistent with the FICC cross-credentialing guidelines, and following the DoD’s CAC card model. Following a successful ‘operation readiness review’ from July to September 2004, NASA will begin issuing 20,000 cards in October and plans another issue of 70,000 cards between November 2004 and September 2005.
NASA’s application priorities lie in using the card for an ID credential, physical access control, and logical access control. One interesting aspect of the programme is the decision not to put any distinguishing graphics or logos on the card. “On the advice of our security office, we will not identify the badge in any way that indicates it is a NASA badge or a US government badge,” said Baldridge.
The Department of Veterans Affairs
Fred Catoe, the project manager for the smart card initiative in the Office of Cyber and Information Security for the Department of Veterans Affairs, presented new information about the VA’s smart card programme. There are three main parts to the system: a smart card ID credential and physical access control card, a PKI certificate (meeting the federal PKI standards), and an identity and access management system. The VA is in discussions with the DoD to consider how to leverage the DoD infrastructure and back-end systems.
Interestingly, the programme supports a thin-client system logon in VA hospitals. A doctor logs on from one room using the smart card, and removes the card when he or she leaves the room. The doctor then inserts it in a computer in another room, and the session comes right back to where it was. “As doctors move from room to room during the course of a day, they are constantly logging in and out of our systems. With our thin client system, the doctor will logon once with a smart card. This will save doctors about 45 minutes a day, according to our surveys,” said Catoe.
If the testing and pilot phases go well in the coming months, VA plans to deploy the system starting in July 2004, with the issue of 15,000 cards from July through to September 2004. Starting in September 2004, the VA plans to issue 12,000 cards per month for the next three years, eventually issuing smart card credentials to 500,000 VA employees, doctors, and designated support contractors.
The VA administers health and benefit programmes for 25 million living veterans, and has the largest civilian workforce of any US government agency.
The TSA’s Programme
The TSA Transportation Worker Identification Credential (TWIC) is moving forward with a smart card-based programme, too. “We’ve completed the technology evaluation phase and the prototype phase is imminent,” explained Jack Cassidy of BearingPoint, speaking for the Transportation Security Administration.
One of the important steps forward in the programme was to add the 14 deepwater ports in the State of Florida to the ports in Philadelphia-Camden- Wilmington and Long Beach that participated in the first round of tests. “Florida statutes mandate a uniform access identity credential modelled on the US TWIC programme. That got Florida working closely with TWIC,” said Billie Dixon, leader of the integrated Florida TWIC team.
Florida has decided to do enrolment with port personnel working in conjunction with TSA, and will use the TSA centralised card issuance model for security reasons. “Based on years of experience in looking at security for distributed driver’s license issuance for the Department of Motor Vehicles, we trusted the centralised issuance model,” said Dixon. “That takes care of security problems that are enormous otherwise.”
Universal transit farecard standards
Greg Garback, executive officer for the department of finance at Washington Metropolitan Area Transit Authority, told attendees about a new standards initiative – the Universal Transit Farecard Standards (UTFS). Established at the request of transit agency executives throughout the USA, UTFS is an activity of the American Public Transportation Association under the auspices of the US Department of Transportation (USDOT). “The goal of UTFS is to develop a standard that achieves vendor neutrality and is technology agnostic,” said Garback. “We are striving for a plug and play environment for application hardware and software, using off-the-shelf products.”
The primary work of the new organisation will be in the form of standards and guideline specifications. The group plans to finalise a smart farecard specification by September 2004, building on work done in the Port Authority of New York and New Jersey Regional Interface Specification and the Vendor Equipment Interface from the San Francisco-based Bay Area Rapid Transit (BART) programme. APTA will also work on a Security Planning guideline, which is expected to be completed in 2005.
Policy contributes to success
“The federal government is doing things the right way, and that is why smart card programmes are succeeding,” said Randy Vanderhoof, executive director for the Smart Card Alliance. “They didn’t just throw smart card technology out there and expect it to fly. The real focus is right where it should be – a balance of policy, business rules and technology standards.”
The Smart Card Alliance plans to make the proceedings from “Smart Cards In Government 2004” available from its web site. All Smart Card Alliance reports and proceedings are available to members at no charge.
More Info: http://www.smartcardalliance.org
Source: The Smart Card Alliance
Reprinted with permission from Using RFID (http://www.usingrfid.com/news)
UsingRFID provides free daily news reports and informative articles about Radio Frequency Identification (RFID) technology, and its applications, users, developers, trials, and implications – for executives, technologists, researchers, developers, vendors, and prospective and current RFID users.