While biometric devices do not always require cards, many organizations have chosen to use the two together. Card-based devices “tend to be faster and more accurate,” because the system only has to do a one-to-one match of the biometric on the card and the live biometric (such as a fingerprint) offered by the user at the time access is requested, says Beth Thomas, a Honeywell product manager. Card-based systems typically generate fewer privacy concerns, she adds, as employees carry their biometric data with them as opposed to it residing in a database.
Smart cards generally make contact with readers, but one recent smart card development is changing that. The technology is called near-field communications (NFC), and it involves loading a small applet on a contact chip, providing the latter with proximity card capability. It allows users to take advantage of smart card applications from a distance.
A handful of companies—mainly in Europe and Asia—are combining NFC technology with cell phones. Since last year, for example, Swiss ID card vendor LEGIC Identisystems has been involved in a joint NFC pilot project with two other Swiss firms, the telecommunications company Swisscom and the vending firm Selecta Management, to offer payments via mobile device. LEGIC plans to expand the use of NFC mobile phones, employing them for local public transportation ticketing, e-payments, as well as hotel room and other kinds of physical access.
Companies are also looking to pack smart cards with more features. One firm, Los Angeles-based Innovative Card Technologies (ICT), for example, is marketing the first card that also offers one-time password (OTP) functionality. The Smart DisplayCard is the size of a credit card; a small button can be pressed to generate a number of six to eight digits in a screen on the upper right-hand corner.
Along with a traditional user name and password, these numbers can be entered to gain Web site access. “It’s a lot more convenient than [OTP] tokens you carry on your key chain,” says Susan Roush, ICT spokesperson. The card contains a smart card chip, permitting the addition of a host of other applications. Marketed primarily to banks and brokerages, it’s already in use at a handful of global organizations.
So far, smart card technology has been more popular outside the United States. It is used far more often in other countries for transactions such as transportation ticketing. Many believe this is changing, however, and that the United States could be pulling ahead, mainly due to efforts by the U.S. Government.
The cards received a major boost with the Bush Administration’s 2004 Homeland Security Presidential Directive 12 (HSPD-12), which mandates that all federal executive departments and agencies issue “secure and reliable forms of identification” to their employees and contractors. A goal is to employ one card for multiple purposes.
The U.S. Department of Defense (DoD), has a separate ambitious program. Its Common Access Cards (CAC) are used for general identification as well as access to computers, networks, and other DoD facilities. Features include a biometric template and the ability to cryptographically sign e-mail.
Perhaps most impressive is how far it has come: About 3 million cards are currently active.
In response to HSPD-12, the National Institute of Standards and Technology issued FIPS-201, concerning security and interoperability standards. It encompasses not just the card but the broader technological solution needed to manage credentials, including enrollment, data capturing, card issuance, and management.
A number of private organizations have been looking to the standard for best practices guidance. They’re also paying more attention to the overall ID management process.
Card technology vendors have been partnering with vendors of financial, human resources, and legal database systems to facilitate having cards interact with these systems. But putting together cards and an assortment of other technologies isn’t always simple. “That’s one of the biggest challenges” in creating end-to-end solutions, says Thomas.
The following case studies illustrate how two companies have transitioned to multifunction card technology using smart cards.