Regarding ID Magazine – a survey of identification technology • SecureIDNews • ContactlessNews • CR80News • RFIDNews
AROUND THE WORLD ...
AROUND THE CORNER ...
Contactless payments taking London by storm Tracking GSM and 3G around the globe Beijing Olympics showcases record-setting security pricetag
Can digital identity save us from spam? How to secure your card issuance process today Addressing privacy concerns that plague biometrics
Winter 2007 6 | OPINION | New Year, new publications, new opportunities ... 8 | TRAVEL | The future of Registered Traveler is up for grabs
26 | STATE & LOCAL | Tiers of Trust consortium promotes lower cost solution based on FIPS 201 to the first responders
48 | BIOMETRICS | Biometric products must pass new test for airport use 52 | PRIVACY | Biometrics and the “mark of the beast”
28 | FIPS 201 | Approved Products List 12 | PAYMENTS | SEPA strives to ease electronic payments across European Union 12 | BUSINESS | SEPA to shrink number of payment processors and resulting revenues
30 | IDENTITY | Extending FIPS 201 beyond government 34 | DIGITAL ID | Can digital identity curb the spam assault on your inbox?
16 | TELECOM | Tracking the SIM Card: Where in the world is GSM?
38 | PAYMENTS | Contactless payment makes biggest debut yet with London Launch
22 | SECURITY | First responder cards pass another major test during Summer Breeze demonstration
44 | SECURITY | Beijing Olympics to showcase world class security with a record-setting price tag
38 | PAYMENTS | Contactless payment makes biggest debut yet with London Launch
54 | INNOVATION | Vascular biometrics are more than skin deep 56 | TECHNOLOGY | Back to basics: Understanding magnetic stripe cards 61 | ISSUANCE | Focus on the printer, the card, and the process to secure your ID issuance 62 | RFID | Investigating active and passive tags
Index of Advertisers INDEX OF ADVERTISERS Datastrip www.datastrip.com Legic www.legic.com Datacard www.datacard.com/ID CoreStreet www.corestreet.com/PIVMAN Lenel Systems International www.lenel.com Evolis www.evolis.com Digimarc www.digimarc.com/ID Muhlbauer www.muehlbauer.com Digital Identification Solutions www.edisecure.com FIPS 201 www.fips201.com Tyco Access Control & Video Systems www.swhouse.com HID www.hidcorp.com CPI Card Group www.cpicardgroup.com/contactless XceedID www.xceedid.com Smart Card Alliance www.smartcardalliance.org CARTES & IDentification Congress www.identification-show.com ASSA ABLOY ITG www.aaitg.com Fargo www.fargo.com/hdp
16 | TELECOM | Tracking the SIM Card: Where in the world is GSM? 2 3 7 9 15 19 23 27 31 33 35 39 45
62 | RFID | Investigating active and passive tags
47 49 57 67 52 | PRIVACY | Biometrics and the “mark of the beast”
34 | DIGITAL ID | Can digital identity curb the spam assault on your inbox?
Perspective New Year, new publications, new opportunities ... Chris Corum Executive Editor, AVISIAN Publications In this column I usually write about some trend occurring in the identity industry and then point you to some of the great articles our editorial team has put together for the issue. This month, however, I break with tradition. The trend I write about here involves the way we will deliver our industry-leading news to you in the future … and the great articles I highlight are written and distributed each and every day at our suite of eight vertically-focused online identity publications. AVISIAN has three new online publications – ThirdFactor.com, NFCNews.com and DigitalIDNews.com. Each has ‘soft launched’ and is available now as we prepare for the official launch at the start of the New Year. And earlier this year, we released FIPS201.com, a resource for information on the PIV card standard and a robust directory of approved products. This site has already become the go-to resource for government and private sector issuers exploring FIPS 201 product options. Our suite of online ID technology resource sites now consists of: CR80News.com – Campus card and identity systems ContactlessNews.com – Contactless technology for human ID applications DigitalIDNews.com – Online identity technologies and issues FIPS201.com – U.S. government ID card standard and approved product catalog NFCNews.com – Near Field Communication technology and applications RFIDNews.org – RF technology for non-human tracking applications SecureIDNews.com – Government and enterprise-level identity and credentialing ThirdFactor.com – Biometric identification and authentication news A staggering 400,000 unique visitor sessions are being logged at our publication sites each month. How will we continue to improve the way we deliver news to this rapidly growing global audience? We are increasing our audio and video resources online, but in a way that differs from what you may have experienced with other publications. I don’t believe in rich media for the sake of rich media. I believe it cannot replace print coverage, but can complement subjects already under investigation by our editors. To this end, we have added expertise and invested in equipment and facilities to produce top-quality rich media content. We have also expanded our editorial team to focus on specific segments of the industry that had, in the past, been handled by our pool of editors. In summary, we have come a long way since we published our first newsletter back in 2001. I truly appreciate your support and ask that you check out our new publications online. Oh yeah, I almost forgot ... there is a lot of great stuff in this issue. Enjoy, and I hope to see you in Paris at the CARTES event.
EXECUTIVE EDITOR & PUBLISHER Chris Corum, [email protected]
CONTRIBUTING EDITORS Nate Ahearn, Daniel Butler, Ryan Kline, Jennifer Slattery, Marisa Torrieri, Andy Williams, David Wyld ART DIRECTION TEAM Darius Barnes, Ryan Kline ADVERTISING SALES Angela Tweedie, [email protected]
Chris Corum, [email protected]
SUBSCRIPTIONS Regarding ID is free to qualified professionals in the US. For those who do not qualify for a free subscription, or those living outside the US, the annual rate is US$45. Visit www. regardingID.com for subscription information. No subscription agency is authorized to solicit or take orders for subscriptions. Postmaster: Send address changes to AVISIAN Inc., 315 E. Georgia Street, Tallahassee, Florida 32301. ABOUT REGARDING ID MAGAZINE Regarding ID is published four times per year by AVISIAN Inc., 315 E. Georgia Street, Tallahassee, Florida 32301. Chris Corum, President and CEO. Circulation records are maintained at AVISIAN Inc., 315 E. Georgia Street, Tallahassee, Florida 32301. Copyright 2007 by AVISIAN Inc. All material contained herein is protected by copyright laws and owned by AVISIAN Inc. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording or any information storage and retrieval system, without written permission from the publisher. The inclusion or exclusion of any does not mean that the publisher advocates or rejects its use. While considerable care is taken in the production of this and all issues, no responsibility can be accepted for any errors or omissions, unsolicited manuscripts, photographs, artwork, etc. AVISIAN Inc. is not liable for the content or representations in submitted advertisements or for transcription or reproduction errors. EDITORIAL ADVISORY BOARD Submissions for positions on our editorial advisory board will be accepted by email only. Please send your qualifications to [email protected]
with the message subject line “Editorial Advisory Board Submission.”
S T R E N G T H E N S E C U R I T Y, P R O T E C T B U D G E T S
INTEGRATED ID SOLUTIONS DISCOVER WHY SECURITY PROFESSIONALS
PHOTO ID SYSTEMS
TURN TO DATACARD FOR A TOTAL SOLUTION With ID card solutions from Datacard Group, you can enhance your security program without sacrificing your budget. That is why corporations, governments and other organizations make Datacard® the world’s best-selling brand of photo ID solutions. We offer everything you need to issue ID cards quickly and efficiently.
We integrate and test every component for seamless compatibility. So, you can expect outstanding power, performance and value. To learn more, call +1 800 356 3595, ext. 6623. Or visit us at www.datacard.com/ID.
ID SOFTWARE AND CAPTURE SOLUTIONS
©2005-2006 DataCard Corporation. All rights reserved.
The future of Registered Traveler is up for grabs
Vendor consolidation heats up competition as key airport contracts hang in balance Chris Corum Executive Editor, AVISIAN Publications When Denver International Airport issued its RFP to select a vendor to
Unisys was the first to offer RT services in the field through a series of
supply its Registered Traveler (RT) initiative in June 2006, three compa-
pilot projects sponsored by the Transportation Security Administration
nies were actively vying for the business. Fast forward about 18 months
(TSA) in 2004. The reported success of the pilots led TSA to move for-
… Denver still has not made its decision and only one of those three
ward with RT, but the process also convinced the agency to privatize
companies is still offering services under its original name.
the effort thereby opening the door for companies to offer services to airports directly.
The battle begins ...
The experience gained by Unisys during these initial pilots set them up as an obvious provider in the new privatized RT. Unisys named their
The early days of Registered Traveler saw Verified Identity Pass, Saflink,
offering rtGO™ but it would be more than two years before it would
and Unisys slugging it out over the sparse pool of pioneering airports
rollout its next airport at Reno-Tahoe International in June 2007.
seeking RT programs.
Is he legit? Are you sure? Your job: securing the perimeter. Individuals are streaming in to provide critical support, but you’ve never seen them before. They look right, but are they legitimate? Are they trained? Should they be there? CoreStreet’s PIVMAN™ System allows you to check any government-issued FIPS 201 credential, confirm the bearer’s identity, role, associated privileges or attributes, and log all activity. Anytime. Anywhere. No network connections. No pre-enrollment. Just grab a handheld and go! For more information, including use case overviews and datasheets, visit www.corestreet.com/PIVMAN or send a request to [email protected]
2007 CoreStreet, Ltd. All rights reserved. CoreStreet and the CoreStreet logo are registered trademarks of CoreStreet, Ltd. The PIVMAN System and the CoreStreet Enabled logo are trademarks of CoreStreet, Ltd. All other trademarks are property of their respective owners. 174_0207
Handheld device by DAP Technologies www.daptech.com
The PIVMAN System is covered under the following DHS grant programs: TSGP PSGP IBSGP BZPP SHSP UASI LETPP MMRS CCP EMPG
SecureIDNews Another pilot installation occurred at Orlando International Airport
FLO and Unisys began jointly bidding on projects together around the
providing the testing ground for Verified Identity Pass. The company
time of the Saflink spinoff. As Joe Newcomer, rtGO™ project manager
honed its CLEAR Card offering during the trial and was allowed to
for Unisys, explained, “Unisys provided the technology side and FLO
maintain the project beyond the pilot creating the nation’s first ongo-
is the marketing side.” He continued, “FLO also has a staffing arm that
ing RT installation. In fairly short order, CLEAR debuted in a series of
they use to staff (RT) sites.”
other airports including San Jose, Indianapolis, and Cincinnati. In early October 2007, FLO Corporation announced that it would acSaflink founded a consortium called the Fast Lane Option Alliance
quire the rtGO™ business of Unisys. The released terms of the sale state,
(FLO) to bring key suppliers together to better serve customers and
“FLO will make ongoing royalty payments to Unisys through 2015. The
respond to the onslaught of projected business. Partners in the FLO
transaction also includes an information technology services relation-
Alliance included Microsoft, JPMorgan Chase, Johnson Controls, Inc., ID
ship between the parties whereby Unisys will serve as a subcontractor
Technology Partners and The Paradies Shops. In March 2007, the FLO
Alliance received its first contract to install an RT solution at Huntsville International Airport in Alabama.
Two other companies – New York’s Verant Identification Systems and Florida’s Vigilant Solutions – are approved by the TSA to provide RT ser-
In April 2007, Saflink was undergoing restructuring in the face of sig-
vices but they have not been much of a factor to date. Vigilant does,
nificant financial troubles. As part of this effort, a wholly-owned subsid-
however, have one client under its belt at the Jacksonville International
iary called FLO Corporation was formed to pursue the RT efforts. Glenn
Airport in Florida.
Argenbright, then CEO of Saflink, transitioned to become president of FLO. Describing the change, he commented, “Today’s announcements
Despite these other entities, the field appears to be set for competition
describe the logical next steps in the restructuring activities that we
between Verified Identity Pass and FLO with each airport as a separate
began last October. We’ve talked about the need to raise capital to fund
our efforts around RT and our core technology portfolio and this is the first step in that process.” But a battle over what? Saflink was out of the RT business and FLO was in – leaving three players still doing battle. But that too would change.
To date, few would argue that RT has been much more than the proverbial money pit. Companies pursuing the space are doing so in anticipa-
Airports using Registered Traveler Provider: CLEAR – Verified Identity Pass
tion of a future payoff when a critical mass of airports and cardholders begin to bring revenues to offset the massive expenditures. Verified Identity Pass, the most successful of the field in terms of locations and members, reports just 68,000 members nationwide as of October 2007. With an annual membership fee of $99 ($28 of that fee goes to the TSA) that ac-
Albany International Airport (ALB) Cincinnati/Northern Kentucky International Airport (CVG) Indianapolis International Airport (IND) Little Rock National Airport (LIT) Newark Liberty International Airport (EWR) New York JFK International Airport (JFK) Orlando International Airport (MCO) San Francisco International Airport (SFO) San Jose International Airport (SJC) Westchester County Airport (HPN) New York LaGuardia International Airport (LGA) (Pending)
counts for less than $7 million since the company’s first card was issued almost two and one-half years ago. Consider corporate overhead and the fact that providers rent space from the airports to deploy their RT programs
Provider: FLO/Unisys Reno/Tahoe International Airport (RNO) Hunstville International Airport (HSV) (Pending)
and you see that the current model requires serious growth.
But with U.S. passenger totals topping 660
Jacksonville International Airport (JAX)
million this year, there is certainly room for growth and profit. The coming months will
The following airporst are soliciting service providers:
be key for RT’s future with as many as ten important airports expected to make decisions. If most decide to move forward with the RT program, major steps will have been made toward creating true value for the business traveler member. If delays, indecision, or declines take over the program’s future may remain questionable.
Atlanta (Hartsfield-Jackson) International Airport (ATL) Chicago O’Hare International Airport (ORD) Denver International Airport (DIA) Los Angeles International Airport (LAX) Miami International Airport (MIA) Washington National (Ronald Reagan) Airport (DCA) Washington Dulles International Airport (IAD)
SEPA strives to ease electronic payments across European Union Andy Williams Contributing Editor, AVISIAN Publications Now that the Euro is firmly entrenched, the next big step for euro-using countries is SEPA, an initiative designed to make electronic payments easier from country to country. When Europeans began migrating to the Euro in 1999, the goal was a single payment vehicle usable in all Euro-accepting countries. That meant the same currency in Germany was also acceptable in France. Forgotten – at least initially – was what to do with non-cash payments, those made with credit/debit cards. Such payments between two countries can be expensive and complicated. Attempting to fix this, the European Union in December 2001 began requiring banks to charge the same fees for cross-border and national payments. But the costs for processing cross-border payments were high, and the new rule meant banks could not pass these costs on to their customers. That led to the creation in 2002 of the European
Payments Council (EPC), an organization tasked with building a single Euro payment area. SEPA was born. EPC’s purpose is to create of SEPA “a single harmonized, open and interoperable European domestic payments market … through industry self-regulation.” The organization now consists of 65 European banks, including three European credit sector associations and the Euro Banking Association. SEPA’s charter reads: “We, the European banks and European Credit Sector Associations: • share the common vision that Euroland payments are domestic payments, • join forces to implement this vision for the benefit of European customers, industry and banks and accordingly, • launch our Single Payments Area.”
SEPA to shrink number of payment processors and resulting revenues The emerging Single Euro Payments Area is forcing changes from banks and payments processors. Visa Europe, an association owned and operated by its 4,500 European member banks, has pledged its support committing to implement SEPA principles in its own processing business.
The end result, said Mr. Philipe Menier, deputy chief executive, Visa Europe, is that “by processing more transactions, we believe Visa Europe can ensure greater interoperability and reliability for payments across Europe. This will ultimately help in our aim to replace cash with cards.”
“The consolidation of the European processing sector has been predicted for many years,” states Visa Europe in the white paper entitled Processing: where business and technology meet. With a steady stream of mergers and acquisitions it is now happening – and it’s happening far faster than many people had imagined possible.”
The paper highlights key input from experts who participated in Visa Europe’s “Insights 07 Payments Forum Europe” event held earlier this year.
been processed, nor on the implications for banks, but on the cost of services to consumers or merchants. Consequently, there is a real risk that payments income will converge towards the lowest level. This will have a severe impact on the bottom line, and many banks can expect to lose up to 50 percent of payment revenues.”
Declining payment revenues a likely result
He said larger pan-European banks would be able to bring down their costs by investing in a new SEPA payment infrastructure. However, that’s expensive … and for the smaller banks, there is little flexibility.
Chris de Smet, head of the Unysis European Payments Practice, predicts that the new environment for processing will lead to major shifts for the inter-bank and acquirer processing sectors.
In demonstrating the large changes coming, Mr. de Smet pointed out the “sheer frenzy of merger and acquisition activity over the past months” and predicted this trend will continue.
He noted that the SEPA initiative, plus the threat of further regulations, could very well lead to a decline in payments income. “In instigating the (SEPA) change the politicians focused not on the way payments have always
He said banks “are actively considering their options. They are evaluating outsourcing and off-shoring. And they are looking specifically at their payments processing operational environment.”
Once SEPA is fully realized, citizens and industry will “be able to make payments as easily and inexpensively as in their hometown.” National boundaries won’t matter.
Euro areas), the European clearing and settlement industry, and Euro area companies. Critical to SEPA are the infrastructure providers, such as the card processors and the European Automated Clearing House Association (EACHA), which is developing a set of procedures to secure interoperability. It has also led to the creation of the first pan-European automated clearing house, nicknamed PEACH, for clearing both cross-border and domestic retail Euro payments.
Benefits reach consumers, merchants, and companies The best description of SEPA – its plans and goals – is included in a 32-page document released last year by the European Central Bank entitled The Single Euro Payments Area (SEPA): An Integrated Retail Payments Market. According to that document, SEPA, when operational, will consist of a single set of Euro payment instruments (credit transfers, direct debits and card payments), an efficient processing infrastructure for Euro payments, common technical standards, common business practices, a “harmonized” legal framework and development of new customeroriented services. To succeed, it must include interactions between the European banking industry (responsible for restructuring the payment systems in the
But card payments are only one facet of the retail banking payments business. In the future there will be a need to pool volumes of all electronic payments (direct debits and credit transfers as well as cards) in order to deliver more flexibility at an efficient cost, he added. Consolidation in the processor space Consolidation in card processing should be the first step in the overall convergence of payment processing, suggests Mr. de Smet. This will have particular implications for the domestic processors (who will find it difficult to achieve enough scale to compete effectively). It will also have implications for the third party processors who will need a broader role to succeed in the new European environment. Kelley Knutson is managing director of TSYS Europe, one of the world’s leading processors He predicts a continuing decline in number of payment processors. “Two years ago there were 80 processors operating across Europe. Now it is down to around 65. And, over the next five years we see that consolidating to somewhere between 20 to 25.”
Once SEPA is fully established by 2010, consumers will only need one bank account. From this account, they will be able to make Euro credit transfers and direct debit payments anywhere in the Euro area. For merchants, SEPA offers several advantages. For example, acquirers will be able to process all SEPA-compliant card payments, even across borders. In the SEPA environment, merchants will be able to choose any acquirer in the Euro area to process their card payments. This will increase competition and supposedly drive down costs. With the standardization of POS terminals, merchants will also have a wider choice of terminal providers and they’ll be able to accept a wider range of cards from a single terminal.
Of those remaining, he said four or five would be large scale, high volume players. “A further six-to-eight would succeed in finding a midrange processing segment. Then, a whole range of players that have capabilities in a specific niche would successfully secure high volumes within that niche. This is not a winner takes all market,” he added. “The belief that a single processor can give you everything you need is not going to happen soon and it might not ever happen. You need to look across the landscape and look at different processors providing different services.” As the Visa paper notes:“The processing sector has already changed. More changes are coming. And this is giving banks more choices – and more strategic choices – about how they manage their payment processing operations. This is one of the big SEPA benefits. The payments value chain is being unbundled. Banks are free to choose between more providers, and more commercially-minded providers, across every link of the value chain.”
What is Visa Europe’s role? “First, Visa Europe is fully committed to the SEPA,” the white paper says. “The organization moved quickly to implement the SEPA principles in its own processing business. For members, there are no mandated processing solutions, no bundled pricing and a clear separation between Visa Europe’s card solutions and its processing solutions. Domestic or cross-border, members choose when they use Visa’s processing services and how they use them.” Finally, “Visa Europe is also committed to processing more transactions. This means Visa Europe can ensure interoperability and reliability, better monitor service quality, support new payment services like cash back, balance enquiry, recurring payments or card not present and ultimately accelerate cash replacement … Visa Europe sees a clear linkage between the two sides of its business: the card solutions and the processing solutions. Each reinforces the other.”
Why SEPA? Currently, the Euro area economy is unable to fully exploit the benefits of a monetary union. Customers face difficulties when making Euro retail payments in other Euro area countries, as these payments often turn out to be more time-consuming. As long as this is the case, the Euro cannot be viewed as a fully implemented single currency. As one EPC release put it: SEPA is meant to “turn the fragmented national markets for Euro payments into a single domestic one.”
For companies, SEPA will simplify payment management. They’ll be able to perform all of their Euro-denominated financial transactions centrally from one bank account, using SEPA payment instruments. All incoming and outgoing payments will use the same format. By consolidating their payment and liquidity management in one location, Euro-accepting companies will save time and money. Utilizing e-invoicing and e-reconciliation, companies can further optimize their handling of payments. Today, these services are often only offered nationally, as different payment formats make cross-border use difficult. By providing new payment instruments and Euro area-wide infrastructures, SEPA will help banks expand their business by competing on a Euro area level. In other words, any bank will be able to offer its services to any individual in the Euro area. Further, European integration and market efficiency will ensue because there will be a single set of rules, equal and open access, reachability, transparency and interoperability.
New payment schemes to replace national processes The EPC has defined two new payment schemes – the SEPA credit transfer and SEPA direct debit schemes – that will gradually replace current national instruments. The SEPA credit transfer (SCT) is an interbank payment scheme that defines a common set of rules and processes for Euro-based credit transfers. It defines a common service level and a time frame under which participating financial institutions must conduct SCTs. The SEPA direct debit (SDD) is an interbank payment scheme that defines a common set of rules and processes for direct Euro-based debits. It defines a common service level and a time frame for participating financial institutions. SEPA card payments will take place according to principles which issuers, acquirers and operators will have to adapt to.
initiative ever undertaken within Europe. Governments, public authorities, merchants, corporations, trade and consumer bodies and the payments supplier sector all have roles to play in making the project as successful as the implementation of the Euro.” A number of concerns were expressed in July when the European Central Bank, representing Euro-using countries (Eurosystem) issued its fifth SEPA progress report, “Single Euro Payments Area, From Concept to Reality,” in July. The report notes that SEPA has “entered into a critical phase” with the official launch in January, 2008 just months away. It sees “gaps” representing either short-term problems “that could hamper the timely start of SEPA” or longer-term problems “that could have a negative impact on the continued success of SEPA.” The areas that need the “most attention” are related to “card schemes and card payments, direct debits, as well as the awareness and preparedness of all stakeholders.” The report lists 12 concerns that need to be addressed. For example, there is still some confusion over what SEPA is expected to accomplish, particularly in regard to direct debits.“The EPC needs urgently to clarify the exact features of all elements that will be offered in addition to the core SEPA direct debits by December 2007. In this respect, it is of paramount importance that the SEPA direct debits are both simple and safe to use and do not present a deterioration in comparison with current service levels, so that customers will choose to use them.” A second concern regards “card standardization. Defining card standards “is crucial in order to achieve full interoperability between all parties involved in the processing of card payments (including merchants and processors), as well as to create more competition and to facilitate the emergence of additional European debit card schemes,” the report adds. Third, the Eurosystem would like to see “at least one additional European debit card scheme … which could be used mainly in the Euro area countries. Such a scheme would stimulate competition and would ensure the close involvement of European banks.”
Challenges still exist The EPC probably summed SEPA up best when it referred to it as “the largest payments 14
Another concern is what the Eurosystem calls “reachability. It is crucial for the successful launch of SEPA that those banks whose
payment volumes represent the critical mass of payments are able to send and to receive SEPA credit transfers” beginning next January. Smaller banks should initially “be capable” of receiving SEPA credit transfers when SEPA begins its early launch phase in January and “be capable of sending them in the course of 2008.” Some of the other concerns/suggestions mentioned in the progress report include: More involvement of non-bank stakeholders is needed. “The Eurosystem encourages the EPC, in cooperation with national migration bodies, to strengthen the involvement of, in particular, public administrations, corporate enterprises and merchants so as to ensure their readiness for SEPA by January 2008.” Eventually, SEPA needs to be broadened to include “payment innovation, such as e-payments for internet retailers, e-mandates for direct debits and new payment schemes, such as a priority credit transfer scheme.” The security of SEPA payment instruments needs “to receive more attention. The Eurosystem would like to reiterate the urgent need for work on the security of payments, especially in the field of Internet banking, card payments via the internet and e-payments. The EPC has taken primarily inter-bank security into account, but has not specified end-to-end security issues … The EPC is therefore requested to undertake a threat assessment encompassing the complete end-to-end process, to develop a set of best practices and to promote the use of these practices by the banks.” “Implementation and migration plans should be publicly available.” It notes that these plans, which “provide guidance to all stakeholders” must be published by the end of this year. Along the same lines, more communication about SEPA is needed. Those who will be participating in SEPA should be made aware of the initiative’s “long-term goals, challenges and benefits.” The key target groups, it notes, are corporations and public bodies “in their function as large users of payment services” on one side and small and medium-sized companies and consumers, on the other. “In particular, banks should present their actual service offerings, so that their customers know what to expect from SEPA.”
Tracking the SIM Card
Where in the world is GSM? Definitions
There are a lot of terms that will be it may be he used throug lpful to cut hout this arti this section cle, so while readin out and keep g ahead. it as a refere nce CDMA: Cod e Division M ultiple Acces nel access m s is a comm ethod that unication ch uses a spre ana unique co ad-spectrum ding schem te chnology an e in which ea code. There d ch phone is are approxim assigned its ately 356 m ow ers in the w n illion CDMA orld accoun cellular subsc ting for 11.9 ribmarket. 6% of the to tal world wire less TDMA: Time Division Mul tiple Access access metho is a commun d for shared ication chan medium, us nel allows multi ually using ra ple users to d io networks sh are the sam . It dividing the e frequency signal unto or channel different tim by ers to share es lots. This allo the same tran ws multiple smission med usthe bandwid ium while on th required. ly using part of iDEN: Integr ated Dispatch Enhanced N munications etwork is a m technology obile teleco developed mthe main Uni by Motorola. ted States p Sp rint Nextel ro vider of iDEN features iDEN is services. One provides is th of the main e push to ta lk technology . EDGE: Enha nced Data ra te s for GSM Evol telecommun ution is a d ications tech igital mobile nology that mission rate allows for a as well as in higher data cr ea transses data tran was introduc smission relia ed in North bility. EDGE America in 20 networks w 03 and is now us orldwide. ed on GSM UMTS: Unive rsal Mobile Telecommun the third ge ications Syst neration (3G em is one ) m obile phone of CDMA, which technologies is based on that use Wth e CDMA techno bandwidth and is not co logy, but ha s a higher mpatible wit h CDMA. HSPA: HighSpeed Packet Access is a p proves the p rotocol that erformance extends and of existing U imMTS protoco ls. 3G: The Third Generation of mobile p ogy, after 2G hone standar . It is based ds and tech on the Internat nolUnion (ITU) ional Teleco family. 3G te m m ch un no ic lo at gies enable ion fer users a w network oper ider range of ators to ofmore advanc greater netw ed services whi ork capacity le achieving through imp vices includ roved spectr e wide-area al efficiency. w ire le Serss wireless dat voice telepho a, all in a mob ny and broad ile environm b an d ent. 16
Ryan Kline Contributing Editor, AVISIAN Publications
Ever wondered how that expensive little handset connects to the phone network that undoubtedly seems to be taking more and more of your money? Well, the handset is pretty smart, at least in most of the world, relying on a smart card known as a Subscriber Identity Module (SIM). According to 3G Americas, most phones in the world use GSM or UMTS networks that rely on the SIM for security, identification and other funftionality. The GSM Association estimates that 2.54 billion subscribers use GSM/UMTS, accounting for more than 85% of the total world wireless market. In 1982, Groupe Spécial Mobile (GSM) was formed by the Confederation of European Posts and Telecommunications (CEPT) to design a pan-European mobile technology. The name GSM was later redefined to mean Global System for Mobile communication as the first GSM phone call was made in 1991. GSM has grown significantly since these humble beginnings.
GSM dominates globally but still lags in US Chris Pearson, President of 3G Americas, LLC, explains the major differences between GSM and other cellular network types and highlights a few of the advantages of using a GSM network: “There are four digital technologies currently available in the US—GSM, CDMA, TDMA and iDEN. GSM offers many advantages and that explains a reason for its predominance on the global market with more than 2.54 billion subscribers (as of Q2 2007).
2007 OWN THE ENTIRE COLLECTION 900+ pages of ID technology insight just $250
• Educate new employees • Refresh your industry knowledge • Research for presentations • Review best-practices • Learn from the experience of other implementations • Gain a competitive edge
For the first time, AVISIAN is offering all back issues of their industryleading re:ID magazine in a packaged set. You receive three year’s worth of top-notch news and insight – 12 issues of re:ID and 3 issues of CR80News magazine. Plus you get password-protected access to our online library with more than 1000 feature articles. Limited quantities are available so act fast. To order, fill out the form on the back of this page or visit http://subscribe.AVISIAN.com.
SUBSCRIPTION OPTIONS The following questions must be answered to complete your free subscription request. (US residents only)
Subscribe for FREE to Regarding ID magazine and keep up-to-date with the latest news and insight from the world of identity management, biometric, and advanced ID technology. (Free subscriptions available to approved US addresses only. *International subscribers pay US$200 per year to cover postage and handling costs.)
My job title is: o CEO/President o EVP/VP o Director o Manager o Other ________________________
FAX this form to 850-222-4477 or subscribe ONLINE at http://subscribe.AVISIAN.com
My primary job function is: o Management o Sales/marketing o Operations/development o Administration
o o o o
My relationship to ID technology is: o End user o Manufacturer o Reseller o Consultant o Solution Provider/Integrator o Other _______________________
My primary market focus is: o Government o Corporate o Financial o Transportation o Education o Retail o Other ________________________
I live in the US and would like to receive Regarding ID magazine FREE. My address has changed. Please send Regarding ID to this address instead. I live outside of the US and would like to receive Regarding ID magazine for US$200 I live on planet Earth and would like to receive an email notifying me when the electronic version of Regarding ID magazine is ready to be downloaded I would like to order all back issues of Regarding ID magazine and CR80News for US$250. Please send my hard copies to the listed address and send my username and password for the online library access to the email address provided
Job title _________________________________________________________________ Company _________________________________________________________________ Address __________________________________________________________________
My primary application focus is: o Physical security oComputer security o Payments o Transit o ID issuance o Logistics o Other _______________________
Number of employees in company: o Under 25 o 25 to 99 o 100 to 499 o 500 to 999 o 1000 to 4999 o 5000 to 9999 o More than 10,000
Annual sales volume: o Under $1 million o $1-10 million o $1 -25 million o $25-100 million o More than $100 million In the next 24 months, I expect to be involved in a decision to purchase: o Physical security products o Logical/computer security products o Biometric products o ID issuance hardware and/or software o Smart cards (contact or contactless) o RFID systems/components
State/Province ______________________________ Zip/Postal Code _______________ Country: o U.S. (FREE)
o *Other (US$200) ____________________________________
Signature _________________________________________ Date
* Non-US subscribers: Fax this form and we will send you an invoice for US$200 to the Email address you provide. Your subscription will begin when payment is received. To begin immediately, visit http://subscribe.AVISIAN.com. I would also like to receive a FREE subscription to the following AVISIAN online publications sent to my email address (check all that apply): o SecureIDNews
FAX this form to 850-222-4477 or subscribe ONLINE at http://subscribe.AVISIAN.com
Have a colleague that would like to receive Regarding ID for free as well? Send them a link to RegardingID.com/subscribe
“TDMA networks are on the decline in the United States and throughout the Americas as the technology does not have a commercial 3G migration path available. Although it is still strongly represented in the US, CDMA is limited in its scale and scope internationally and many operators are deploying GSM networks in place of or in parallel to their CDMA networks. In fact, the CDMA market share continues to decline in Latin America and the Caribbean.” David Pringle, a spokesperson for the GSM Association (GSMA), backed Mr. Pearson’s statement noting,“85% of the world’s mobile phone users have a GSM phone, whereas less than 15% use CDMA. Compared to GSM, CDMA is a niche technology.” It appears that although the western hemisphere is behind in the use of GSM, there has been a fair amount of progress made in forming a universal technology that works everywhere. Mr. Pearson continues: “Two of the four largest national providers in the United States utilize GSM technology, AT&T, the largest service11:58 providerPage in the1US, and TReID-corpo-sept07 13/09/07
Mobile USA, the number 4 provider. In fact, AT&T Wireless and Cingular Wireless (now AT&T) were both major US operators who already migrated their TDMA networks to GSM. GSM operators in the US are showing outstanding customer gains and low churn.” “GSM is well established in the United States as well as the rest of the Americas. In fact, GSM is the only technology available in every country throughout the Western Hemisphere (Americas) and is the number one technology in the Americas regions with a 60% share of market.” “Most GSM devices sold in North America will work wherever you roam internationally. Frequency planning is a unique issue within geographic regions and individual governments. The United States spectrum allocations (frequencies) are similar to most countries in North, Central and South America. Additionally, some countries in Asia and the Middle East have some similar frequencies.” “Governments often have to consider very specific issues when choosing a spectrum, such as incumbent private, commercial and military spectrum usage. In the United States this is primarily the 850/1900 MHz band as in Canada and throughout much of Latin America. More recently T-Mobile acquired 1700/2100 MHz bands in addition to their 850/1900 MHz bands.” According to Mr. Pringle and the GSMA,“US GSM operators use a different frequency because the 900MHz and 1800MHz bands used in Eu-
Because We All Need Recognition
Get identified with Evolis
Monochrome & color single-sided
w w w . e v o l i s . c o m
e v o l i s i n c @ e v o l i s . c o m Winter 2007
The GSM family of technologies (GSM, EDGE, UMTS/HSPA) has multiple diverse device choices, national and international roaming coverage (700 operators in more than 200 countries) as well as outstanding high speed wireless data capabilities with UMTS/HSPA. GSM is the number one technology in the Americas region overall with a 60% share of market.”
rope weren’t available in the US. Many of the latest GSM handsets are quad band, meaning they will operate on the 850, 900, 1800 and 1900 bands and can be used worldwide.”
The power of the SIM The use of contact smart card SIMs with GSM adds a much more robust security solution and means to authenticate users. “The SIM card is a tamper-resistant IC card that is built to resist all kinds of logical, chemical, optical, and physical attacks to protect its data,” stated Mr. Pearson. “This tamper-resistance is the result of years of development with military, government, banking, and telecom industries that are using smart cards to secure distributed client applications. SIM manufacturers base their products on these ICs, build OSes that are certified for a high level of security and have data processing centers that are also qualified for security (GSM Association SAS certification, VISA/MC certification, etc.).” Mr. Pringle agreed, stating the GSM network adds a level of security that others do not provide: “GSM has an anonymity mechanism, so it is hard to tell who is actually making the call, and it also uses strong authentication. GSM networks provide for privacy across the radio part of the link … (using) an encryption algorithm to scramble the signal.” “Finally, SIM cards carry the authentication algorithms and keys of the home network (i.e., the SIM issuer). The home network authenticates
the SIM because they share the same algorithm and keys, and they can do so regardless of the visited network that might be using another authentication algorithm altogether. In systems where the authentication and keys are in the phone, service is required from the visited network and authentication is often turned off to enable the service. So as you can see, a CDMA phone without a SIM card does not have the same security enabled in a GSM phone with a SIM.” “When connecting to a GSM network, the servicing network retrieves the International Mobile Subscriber Identity (IMSI) of the phone and turns to the home network to get a few pairs of authentication ‘challenges and responses.’ The servicing network then sends one authentication challenge to the SIM and gets a response. Service is provided if the response matches the one provided by the home network.”
3G makes GSM more secure with mutual authentication GSM coverage is immense, with more than 2.677 billion users worldwide. But today, just 5-10% of the GSM market is using the most common 3G technologies (UMTS/HSPA). All indications are, however, that worldwide growth in 3G will occur rapidly. 3G Americas states that there are currently 181 commercial deployments of UMTS technology in 77 countries, with 254 operators committed to deploying UMTS with most deploying HSPA. In 2G GSM networks, there has been some concern with the ability to pirate an IMSI since in 2G GSM only the phone is identified … but the network is not identified back to the phone. 3G Americas explains that such an attack would be extremely hard to do especially for such a
“There was a risk that a rogue GSM network could be established just to tap into that phone if that network sends a challenge and permits service without checking the authentication response. This network could then collect IMSIs and responses for certain authentication challenges. This would be a costly attack since a real radio network has to be established but nonetheless this attack could be implemented.” “In UMTS, the UICC (3G SIM) can also authenticate the network as both the UICC and UMTS networks support mutual authentication. However, UMTS (as w-CDMA) are backward compatible with SIMs, and in that case, the SIM does not support mutual authentication.” Most agree, however, that while this attack is possible in 2G GSM, it is unlikely as it would be extremely costly. Still 3G eliminates the potential via mutual authentication.
GSM ushers in the NFC-enabled future The added benefits of having a SIM card in a handset is also proving to be useful in the deployment of Near Field Communications (NFC) technology. “NFC enables three types of contactless modes: peer-to-peer mode, reader mode, and card-emulation mode,” according to Mr. Pearson. In
card-emulation modes, the NFC phone emulates a contactless card. For instance, the POS terminal sees the handset as a payment card and not a cell phone. NFC phones will therefore take advantage of existing contactless infrastructures such as the contactless payment readers and (transit) turnstiles. The 3G SIM (aka UICC) supports multi-applications, and has been used to host subway tickets and contactless payment applications.” Withstanding the added security, there still has been a push to develop a CDMA-compatible NFC handset. The reality of that happening will essentially depend on the key decision makers that will have to determine whether having a phone with less security is capable of carrying around credit card information.
A GSM handset in every hand? The transition from large car phones that plugged into cigarette lighters to cell phones that are now as sophisticated as a computer and only need to be charged every other day has also brought around new security features. The SIM card has been key to many of these features, and the new UICC promises to usher in a whole new era of advanced security and functionality with 3G networks. Worldwide GSM is the dominant technology, and it has gained a leadership position in the Americas as well. While the US remains a step behind the rest of the globe in GSM penetration, US telecommunication companies have made great strides to standardize with the rest of the world.
small gain, and also describes what newer roll-outs of the GSM network have done to eliminate this problem:
First responder cards pass another major test during Summer Breeze demonstration
Latest trial evaluates real world interoperability of FIPS 201 cards and readers Andy Williams Contributing Editor, AVISIAN Publications Since 9/11, the US government has worked actively to prevent future occurrences, but another major push has been to improve the ability to react in the aftermath of a disaster, be it natural or manmade. Controlling a disaster site – from tracking first responders to determining who should be allowed in to render aid – is the focus of an ongoing series of exercises conducted by an inter-agency group of federal and state leaders. The latest trial, called Summer Breeze, tested key features of the First Responder Authentication Credential (FRAC).
The Office of National Capital Region Coordination (NCRC), an arm of DHS, oversees and coordinates federal programs with state, local, and regional authorities in the District of Columbia and eleven surrounding jurisdictions in Maryland and Virginia.
For the last two years, the Office of National Capital Region Coordination has been testing new technology designed to help first responders in the event of a disaster like Hurricane Katrina, or an attack like 9/11 and to make sure those first responders are in the right place.
Summer Breeze (named for the season in which it was held) was conducted on two Thursdays in July and involved multiple jurisdictions from around the national capital region. At the first simulated disaster, credentials from various federal agencies needed to be validated in order to participate in the reconstitution of government activities. This event included federal law enforcement officials only.
As Gordon Woodrow, Region III director of the US Department of Health and Human Services, commented: “We had many doctors volunteering in New Orleans after Katrina and there was no way of knowing whether their credentials were accurate or not.”
“Our approach has been crawl, walk, jog, run so that we don’t jump right into it,” Mr. Wall said of the eight exercises. “We’re just finishing up the crawl part.”
Summer Breeze and the seven trials that have preceded it are expected to help solve that.
The second demonstration was held one week later at Constitution Hall in Washington, DC. This event simulated a disaster where credentials issued from various federal, state and local governments as well as the private sector were validated using federal, state and local handhelds and law enforcement officials.
Since February 2006, NCRC has conducted “demonstrations and exercises” to test the FRAC and public-private coordination in emergency planning, said NCRC Deputy Director Ken Wall. The first responder credential is part of a multi-jurisdictional identity trust model enabling electronic authentication for identity and attribute management of first responders or critical government support personnel.
To address the interoperability of the technology component for this nationwide push for standards and credentialing, the demonstration successfully validated FRACs issued by federal, state and local jurisdictions. It also demonstrated routine and emergency usage capabilities from FIPS 201 fixed and mobile production systems that can read a FIPS 201 credential to include a FRAC or DoD Common Access Card (CAC).
27 countries 60 million citizen IDs per year 50 years of service 1 universal feeling: Trust Governments around the world trust Digimarc to provide them with the secure ID solutions they need to deter counterfeiting, enhance traffic safety and national security, protect their citizens from identity theft and fraud, and facilitate the effectiveness of voter ID programs. Custom solutions. Proven, tested products. Standard technology platforms. From expert project management to the hardware, software, system integration, installation and ongoing support you need to ensure reliable ID issuance systems, Digimarc is the internationally trusted solution. Real Solutions for Secure ID. Learn more. Request your copy of the Secure ID Lifecycle whitepaper by visiting: www.digimarc.com/ID
Two of the eight other demonstrations also had seasonal names. The first, Winter Fox, was hosted by the Pentagon to test the validation of federal, state and local FRAC and CAC IDs as well as multi-jurisdictional interoperability. The other was called Winter Storm. It was held in February by DoD and DHS to test the validation of federal, state, local and private sector IDs involved with fire, medical and Urban Search and Rescue. “Winter Storm focused on validating credentials while Summer Breeze validated the ability to use those credentials in a production environment,” explained Mr. Wall.
injured – he should be controlling crowds that might be attracted to the disaster. Summer Breeze was also valuable in that it showed that “you could reconstruct after the incident who was there, should you have any need for worker safety. You may have been exposed to something.” He said the project tested favorably. “We had responders from Pennsylvania, within the National Capital Region, federal responders from DHS, all using cards issued independently, not from a central authority. It demonstrated the ability to use that common credential. The key was they all were using credentials” produced by technology from the GSAapproved FIPS 201 product list, said Mr. Wall.
Key lessons are learned in latest trial “Summer Breeze,” he continues, “was a demonstration of interoperability between federal, state and local responders who have put in place FIPS 201-compliant credentials for their employees to show that if you have a FIPS 201 card we could identify who you are and who you’re aligned to … whether you have communications established or not. We took groups with existing cards and brought them together.” As Mr. Wall explained, “This process involves three things: accountability, traceability and liability.” He said traceability “is the ability to have an electronic roster of who was on scene. I can now trace back who was there, (providing) full event reconstruction documented in real time.” Such a process would have been useful post 9/11. The firefighters who said they responded to 9/11, “how do we know they were there?” asked Mr. Wall. Each ID can be traced back to the issuing agency. “That’s the beauty of this process. (We’ll know) who actually have those people assigned to those agencies.” Finally, he added, the process “gives you the ability to validate skill sets.” That involves getting the right people on scene. For example, you likely don’t need a police officer trying to help the
2/23/06 Winter Fox: Hosted by the Pentagon, the demonstration validated federal, state and local FRAC and CAC as well as multi- jurisdictional interoperability.
5/18/06 Eligible Bridge: Hosted by George Washington University, Eligible Bridge validated Public/Private Interoperability and focused on Public & Private Sectors engaged in emergency management.
The whole purpose of these trials is to show how this all would work in an actual disaster. “We try to do something every six to eight months, depending on where the partners are with moving forward in the production process,” Mr. Wall said. A broader, overarching purpose of the exercises, particularly in terms of a regional or even national disaster, is to make sure critical government operations can continue. This involves emergency workers, public works, police and repairmen. Mr. Wall calls this a “critical infrastructure” that would enable both government and business continuity. Each department needs to carry out its own functions “while being able to interface with state and local governments” should those governments have to relocate. “We looked at HSPD-12 and what its requirements were because you’re looking at 17 million federal employees and contractors who will be getting these cards,” said Mr. Wall. While the NCRC exercises were done in just the areas covered by the agency, the model is usable elsewhere. “Pennsylvania and Illinois are following this model, so others could use this too,” he said.
6/8/06: AT&T hosted the Private Sector ID eAuthentication validation that focused on communications and FRAC eAuthentication.
6/21/06 Forward Challenge: DHS hosted the eAuthentication demonstration that focused on validation: of FRAC and logistics visibility and manifest tracking for emergency support resources.
FIRST RESPONDER AUTHENTICATION CREDENTIALS:
REVIEWING THE TRIALS 24
Mr. Woodrow, whose HHS region includes Pennsylvania, said his agency didn’t actively participate in Summer Breeze. “I was basically there as an observer, watching the rollout and looking at the capabilities of this secure trust model for responders that could potentially include health care providers,” he said. His Region III also includes Delaware, Maryland, Virginia, West Virginia and Washington, DC, many of the areas covered by these trials. “The whole concept of this trust model for issuance of a credential is interesting because it’s a credential that will be issued across the entire federal enterprise. I have been talking with a number of health care providers in our regions and a number of state entities over the years and many are seeing it as a viable solution to locking in identity authentication that removes uncertainty.” He said HHS Secretary Michael Leavitt “has put a tremendous amount of emphasis on health information technology … to create secure interoperative electronic records for patients and doctors. This credentialing methodology appears to hold a lot of opportunities.” HHS did participate in an earlier exercise, Winter Storm, which was centered in western Pennsylvania at the University of Pittsburgh Medical Center. It also involved emergency response workers in the area. “They found it
7/20/06 Maritime Interoperability Demonstration: Hosted by US DOT, this demonstration involved public-private ports and validation of the multi-port access visibility and tracking.
CoreStreet participates in Summer Breeze and each of the other trials as well
Medical community also feels the Summer Breeze
One company that has participated in all eight trials is CoreStreet with its PIVMAN System software solution that runs on handhelds to help verify first responders. “PIVMAN reads a whole host of cards from CAC (DoD’s common access card) to FRAC cards,” said CoreStreet product manager, David Belchick, “(and) it has the ability to be operational on a number of handhelds.” One of the biggest things he saw during the Summer Breeze trial was that “you had people who had never seen each other and some were skeptical, but they were all able to be validated … we were able to demonstrate that successfully,” he added. “One of the challenges in the emergency response market is that people show up who want to help and it used to take a long time to confirm that they were a doctor, for instance. Now, they insert their card in a device, are validated and they are allowed to do the work they were sent there to do.” Since its launch in September 2006, the PIVMAN System has been deployed by numerous federal, state and local governments for CAC and FIPS-201-compliant credential validation.
to be an excellent exercise,” said Mr. Woodrow. “I attended Winter Fox, the first one they did, and what they’re looking to do in the future is include a lot more healthcare providers, so this is a cumulative sort of an effort.” “(I see a) number of good things that can potentially come out of it (Summer Breeze),” he concludes. “First is an accurate understanding
12/5/06 Capitol Shield: DC National Guard hosted Capitol Shield to validate the HSPD-12/ CAC required access into a DoD-controlled facility.
about who is gaining access to a site and the attributes of those people gaining access (e.g. doctor, nurse, paramedic).” The success of the Summer Breeze trial shows that this can be a real outcome of an interoperable secure credentialing architecture. And it gives another passing grade to the FIPS 201 program.
2/15/07 Winter Storm: DoD and DHS hosted Winter Storm for federal, state, local and private sector validation of fire, medical, Urban Search and Rescue and multijurisdictional FRAC/CAC.
7/19/07 Summer Breeze: Federal, state, local and private sectors were hosted by DoD and DHS to validate the multijurisdictional FRAC/CAC usage Trust Model.
The Office of National Capital Region Coordination has conducted eight demonstrations and exercises since February 2006 to test the first responder and public and private coordination and to push the First Responder Authentication Credential initiative to the forefront of emergency planning. Winter 2007
Tiers of Trust consortium promotes lower cost solution based on FIPS 201 to the first responders If you don’t need a full-blown, FIPS 201-compliant PIV card like those being tested in Summer Breeze-like trials, the recently established Tiers of Trust Consortium may have an alternative solution. It was created to provide a lower cost smart ID card without all the bells and whistles that FIPS 201 requires. “While this regulation (FIPS 201) serves a number of worthwhile goals, the implementations to date have created difficulties with the budgets within first responder groups, making compliance a lengthy and costly process,” said Howard A. Schmidt, former US cybersecurity advisor who now heads up the consortium.“Our goal is to enable first responders to meet the federal requirements at a fraction of the cost.” Betty Pierce, president of Colorado-based Secure Network Systems (SNS), a consortium member, cited these examples:“A plane goes down or a dam bursts. Local people are the first responders. If it starts to look bigger (than initially thought) they call in other counties or authorities. The idea is these (scaled back) systems should work within these areas. Most of these local responders will never be called to a federal emergency, so they don’t need the more expensive PIV cards, but they will need secure and reliable forms of identification, just less costly.” The Tiers of Trust Consortium, created earlier this year, can offer equipment “to legitimate first responder agencies, fire, hazmat, police, but also the private sectors, such as people who run telecommunications,” she said.
“The whole idea behind the consortium is to help these groups … to open this up at the base level and make it as affordable as possible,” said Ms. Pierce. Other members include security organizations HID Global, PGP, OMNI KEY, Catcher, TX Systems and Clear Government Solutions. While there are no strict membership requirements, “we prefer members (with products) on the FIPS 201 approved products list,” said Ms. Pierce. The first responder organizations can register through the Tiers of Trust web site (www.tiersoftrust.com).“We ask for the highest ranking official to sign off,” said Ms. Pierce. “We want management commitment from the very top, then they become eligible to order the different products.” Applications are due by December 31, 2007, with priority to the first 500 organizations. “Right now, it is cheaper to rebuild everybody’s house rather than to give all first responders a PIV card,” commented Jon Callas, CTO and CSO of PGP Corporation, another consortium member, when the consortium was first announced. Agencies can buy a reader/writer for under $75. “Both are on the FIPS 201 Approved Product List,” said Ms. Pierce. For SNS’s part, it provides the software that programs the smart card. In fact, its Write-IMPACT software program, which electronically personalizes the contactless chip with mandatory FIPS 201 information, is available free to registered first responders.
The Colorado Demonstration SNS is no stranger to the trials being conducted in Washington, DC, having participated in multiple GSA certifications and the NIST interoperability demonstration sessions. While the National Capital Region first responder trials are tied to DC and surrounding counties in Virginia and Maryland, other piggybacked trials have taken place in different parts of the country. One was in Colorado, SNS’s home base, and was conducted at the same time as the Summer Breeze trial.
While not an official part of the Colorado exercise, Ms. Pierce explained that SNS was able to leverage HID iCLASS readers “to read dual interface cards from other vendors. We could limit privileges (for the card holder), and the card would either function correctly or not depending on the level and privilege,” she added. SNS also wanted to test the capability of credentials being read by the company’s NIMS-IMPACT mobile emergency management system utilizing HID Global components. The purpose was to illustrate that interoperability encompasses a broad suite of FIPS 201-compliant technologies, including logical and physical access control systems and contactless smart cards. Based on Summer Breeze-style exercises, SNS feels that a full-blown personal identity verification card, based on the federal FIPS 201 standards, may not be needed in many cases, particularly in state and local areas, said Ms. Pierce. That means the cheaper cards could be just as effective at regulating who has access to a non-federal disaster site.
Even though Summer Breeze was looking at more handheld readers and such,“SNS also wanted to test its mobile emergency access control system built around HID Global technology,” said Ms. Pierce.
���������������������������� ���������������������������� �������������������������������� �����������������
���������������������� ����������������� ��������������������������� ����������������������� ���������������������
�������������������������������������������������������������������������������������������������������������� ������������������������������������������������������������������������������������������������������������ ������������������������������������������������������������������������������������������������������������ ���������������������������������������������������������������������������������������������������������� ������������������������������������������������������������������������������������������������������������������
�������� ����������������������������������������������� �
�������������� ��������������������������� ��������������������������� ��� ������� ��������������� ����� ��������������� ������ ������������������ ��������� �����������������
“We’ve been getting tremendous feedback. There has been some confusion because some people think we’re offering a full FIPS 201 card cheaper. That’s not the point. These are qualified approved products but we’re probably not the best choice for someone who might need a full FIPS 201 card for their entire population of first responders. Our value proposition is to these other jurisdictions who don’t need a full PIV card, maybe a blend. From what we’ve seen from these different municipalities, certain jurisdictions would need federal cards but the remaining 80 or 90 percent don’t need it. So why pay for it?”
visit FIPS201.com to research and compare approved products
FIPS 201 products and services from the GSA Approved Products List
Card Printer Station XTEC Incorporated SETECS, Inc. Gemalto Digital ID Solutions Datacard Group Secure Network Sys. Ultra Electronics Datacard Group Fargo Electronics Inc. Fargo Electronics Inc. Datacard Group Stellar ID Card Printers
AUTHENTX Card Printer Station SETECS OneCARD Card Printing Station SafesITe Card Manager Pro (Software only) XID590i Re-Transfer Printer & Laminator Datacard® MX6000 card issuance system SNS Credential Issuance Magicard Tango+L with Omnikey encoder Datacard® CP80 Card Printer HDP600 HDP600-LC Datacard® SP75 Card Printer Stellar ID CX-320/PVStar Printing Solution
CHUID Reader (Contact) DataStrip DSVII CHUID Reader (Contactless) Sagem Morpho, Inc. MA120 W Cryptographic Module nCipher, Inc. nShield 500 for netHSM nCipher, Inc. nShield 2000 for netHSM nCipher, Inc. nShield PCI 500 TPS, F2 nCipher, Inc. nShield PCI 2000 TPS, F2 SafeNet, Inc. Luna K3 Cryptographic Engine Thales e-Security SafeSign Crypto Module (SGSS v3.3 engine) SafeNet, Inc. Luna PCI Cryptographic Module SafeNet, Inc. Luna K3 Cryptographic Engine Thales e-Security SGSS v3.2 nCipher, Inc. nShield PCI 4000 TPS, F2 nCipher, Inc. nShield PCI 2000 TPS, F3 XTEC Incorporated Oberthur PIV EP V1 on ID-ONE Cosmo 64k SafeNet, Inc. Luna K3 Cryptographic Engine nCipher, Inc. nShield PCI 500 TPS, F3 SafeNet, Inc. Luna K3 Cryptographic Engine nCipher, Inc. nShield PCI 4000 TPS, F3 Electromagnetically Opaque Sleeve Secure Network Sys. SNS IdShield Zippered Wallet XTEC Incorporated XSHIELD Badge Holder Identity Stronghold Secure Badgeholder for ID cards Secure Network Sys. SNS IdShield Womens Zippered Wallet Orient Instr. Comp. Skim Block Horizontal Badge Holder Secure Network Sys. SNS IdShield Tri-Fold Wallet Smart Tools Smart Tools RFID Shield Logic First, LLC Skim-SHIELD ID-Defender II, Smart-Sleeve Orient Instr. Comp. Skim Block Card Insert - Printable Logic First, LLC SKIM-SHIELD Identity Stronghold Secure Sleeve for ID and Payment Cards Logic First, LLC CAC-CAGE Enforcer Identity Stronghold Secure Badgeholder for ID cards Logic First, LLC CAC-CAGE Defender Secure Network Sys. SNS IdShield Bi-Fold Wallet Orient Instr. Comp. Skim Block Sleeve Orient Instr. Comp. Skim Block Card Insert -Thin Logic First, LLC Skim-SHIELD PASS-Porter Secure Network Sys. SNS IdShield Credit and Bus. Card Wallet Exponent, Inc. Electromagnetically Opaque Sleeve Secure Network Sys. SNS IdShield Credential Holder Dual Identity Stronghold Secure Book Cardholder Graphical Personalization Gemalto SafesITe Card Manager Pro Service Electronic Personalization (Product) Thales e-Security SafeSign Management Server for PIV SETECS, Inc. SETECS OneCARD CMS VeriSign, Inc. VeriSign CMS for PIV 28
RSA Security, Inc. Intercede Ltd Actividentity XTEC Incorporated
RSA Card Manager MyID PIV Card Management System AUTHENTX XANODE26SR Core Ent. Appl.
Electronic Personalization (Service) Gemalto SafesITe Card Manager Pro Service XTEC Incorporated AUTHENTX IDMS/CMS Module Facial Image Capturing (Middleware) XTEC Incorporated AUTHENTX Image Capture Middleware Aware, Inc. PreFace/PIVPack SDKs Liska Biometry, Inc. DCS.8500.FIPS Facial Image Capturing Camera XTEC Incorporated AuthentX XA520 Facial Image Capture Sol. BearingPoint, Inc. BearingPoint Facial Capture Kit 2.0 Secure Network Sys. SNS CRITSEC® Image Capture Aware, Inc. PreFace SDK with Canon A640 Liska Biometry, Inc. DCS8000SF Liska Biometry, Inc. DCS8000S Aware, Inc. PreFace SDK with Canon A620 Lockheed Martin Camera BearingPoint, Inc. BearingPoint Facial Capture Kit 1.0 Identix, Inc. TPE-HWOX-DCPIC Liska Biometry, Inc. DCS8000SFR Fingerprint Capture Station Identix, Inc. TPE-3500SD-PIV Identix, Inc. TPE-4x4XDFS-PIV Identix, Inc. TPE-3000XD-PIV Identix, Inc. TPE-4x4XD-PIV Identix, Inc. TPE-3100XDFS-PV Cross Match LScan Guardian Identix, Inc. TPE-4100XDFS-PV Identix, Inc. TPE-3100XT-PIV Aware, Inc. PIVSuite SDK, Epson 10000XL (card scan) Identix, Inc. TPE-4100XT-PIV Aware, Inc. PIVSuite SDK with Epson 4490 (card scan) Aware, Inc. PIVSuite SDK with I3 digID LE flats Identix, Inc. TPE-3000XT-PIV Aware, Inc. PIVSuite SDK with Cross Match Guardian Aware, Inc. PIVSuite SDK with Cross Match ID700 Aware, Inc. PIVSuite SDK with Identix TP-4100 Aware, Inc. PIVSuite SDK with Identix 4x4 Cross Match ID 700 Identix, Inc. TPE-4100XD-PIV Identix, Inc. TPE-3500XDC-PIV Identix, Inc. TPE-3100SD-PIV Cross Match ID 500M Identix, Inc. TPE-3100XD-PIV Identix, Inc. TPE-4100XA-PIV Aware, Inc. PIVSuite SDK with Epson 4990 (card scan) Identix, Inc. TPE-3000XDFS-PV Identix, Inc. TPE-3000SD-PIV Aware, Inc. PIVSuite SDK with I3 digID LE plain/roll Identix, Inc. TPE-4x4XT-PIV Cross Match ID 500 Green Bit Americas VisaScan3 Green Bit Americas PoliScan2 OCSP Responder Tumbleweed CoreStreet, Ltd. SETECS Inc. CoreStreet, Ltd. CoreStreet, Ltd.
Tumbleweed Valicert Validation Authority CoreStreet Responder Appliance 2400 SETECS OnePKI OCSP Responder CoreStreet Path Builder System CoreStreet Validation Authority
visit FIPS201.com to research and compare approved products SafesITe FIPS 201 w/ HID Prox Card SETECS OneCARD PIV Card SafesITe FIPS 201 Card PIV End Point Dual Interface Smart Card
PIV Middleware Sagem Morpho, Inc. Actividentity RSA Security, Inc. SETECS, Inc. ImageWare Systems SafeNet, Inc. Gemalto
Sagem Morpho PIV Client API ActivClient v6.0 RSA Authentication Client SETECS OneCARD PIV Middleware IWS PIV Middleware SafeNet PIV API SafesITe FIPS 201 Client API
Single Fingerprint Capture Device Cogent Systems, Inc. CSD301 Single Finger Capture Device Precise Biometrics, Inc. Precise Biometrics 250 MC SecuGen Corporation Hamster IV Optical Fingerprint Reader Sagem Morpho, Inc. MSO 350 PIV DataStrip DSVII Cross Match Verifier 310 UPEK Inc. TCS1 Identix, Inc. DFR-2100-USB2G Green Bit Americas Scan-IDe26 Green Bit Americas DactyScan26 Green Bit Americas DactyScan26i Green Bit Americas ICT401 Template Generator Precise Biometrics, Inc. Identix, Inc. Sagem Morpho, Inc. Aware, Inc. Bioscrypt, Inc. Cross Match SecuGen Corporation XTEC Incorporated Cogent Systems, Inc. BIO-key International
Precise BioMatch 378 Template Gene BE6-SDK-PIV, BioEngine SDK MorphoKit Aware XM SDK Bioscrypt ANSI/INCITS 378 Generator Cross Match Template Generator License SecuGen 378 Template Generator v3.5 XTEC PIV/INCITS 378 Generator BioSDK 4.1/COGENT BSP Vector Segment Technology, SW-2000005
Template Matcher STARTEK Engineering Cross Match. Sagem Morpho, Inc. Aware, Inc. Bioscrypt, Inc. SecuGen Corporation XTEC Incorporated Cogent Systems, Inc. Identix, Inc. BIO-key International
STARTEK ANSI/INCIT 378 Template Matcher Cross Match 378 Extract & Match MorphoKit Aware XM SDK Bioscrypt ANSI/INCITS 378 Matcher SecuGen 378 Template Matcher v3.5 XTEC PIV/INCITS 378 Matcher BioSDK 4.1/COGENT BSP BE6-SDK-PIV, BioEngine SDK Vector Segment Technology, VST 6 SDK
Transparent Reader Tyco Fire & Security Tyco Fire & Security Precise Biometrics, Inc. Tyco Fire & Security Honeywell Honeywell Gemalto OMNIKEY Americas Honeywell Honeywell Precise Biometrics Inc. Sagem Morpho, Inc. Integrated Engineering Integrated Engineering OMNIKEY Americas SCM Microsystems SCM Microsystems
SWH Multi-Tech Mullion SWH Multi-Technology Reader with Keypad Precise Biometrics 200 MC SWH Multi-Technology Reader OT35HONA OT30HONA SafesITe USB SC Reader (GemPC USB-SW) CardMan 4321 ExpressCard SC Reader OT36HONA OmniAssure OT31HONA OmniAssure Precise Biometrics 250 MC MSO 350 PIV Desktop/SmartLOGON Pro OEM Board 800-1086 SmartID OEM Board OMNIKEY CardMan 3021 USB Reader SCR3340 ExpressCard 54 SC Reader SCR333 Drive Bay USB SC Reader
Actividentity Actividentity PCMCIA Reader Actividentity ActivIdentity USB v3 Reader SCM Microsystems SCR531 Serial/USB S/C R/W SCM Microsystems SCR131 Serial Port S/C Reader SCM Microsystems SCR3311 USB Smart Card Reader SCM Microsystems SCR3310 USB Smart Card Reader OMNIKEY Americas CardMan 5321 Farpointe Data, Inc. Delta5.4, Vandal Res. Contactless Reader SCM Microsystems SCR243 PCMCIA S/C Reader Farpointe Data, Inc. Delta5, Single Gang Contactless Reader Farpointe Data, Inc. Delta1, OEM Contactless Reader Farpointe Data, Inc. Delta3.4, Vandal Res. Contactless Reader Farpointe Data, Inc. Delta3, Mullion Contactless Reader XceedID Corporation XF2110-PIV XceedID Corporation XF2100-PIV XceedID Corporation XF1100-PIV SCM Microsystems SCR331 USB Smart Card reader OMNIKEY Americas CardMan 3821 USB Pin Pad Display Reader Hirsch Electronics Card Reader-IE SmartProxPIN-Mullion OMNIKEY Americas CardMan 3621 Contact Pin Pad Reader Hirsch Electronics Card Reader-IE SmartProx-Mullion Hirsch Electronics Card Reader-IE SmartPIN-Mullion Hirsch Electronics Card Reader-IE Smart-Mullion SCM Microsystems SCR338 Smart Card Keyboard Farpointe Data, Inc. Delta5.3, Euro Style Contactless Reader Ingersoll Rand SCHLAGE SXF2110-PIV Farpointe Data, Inc. Delta6.4, Sgl Gang Contactless w/ Keypad OMNIKEY Americas CardMan 3121 Ingersoll Rand SCHLAGE SXF1100-PIV Ingersoll Rand SCHLAGE SXF2100-PIV Integrated Engineering SmartTRANS 125Khz/ Smart Reader w/ PIN Lenel IE800-8110-0606 Lenel IE800-8100-0606 Integrated Engineering SmartTRANS 125Khz/ Smart Reader Lenel Lenel OpenCard PIV Reader XF2110-PIV Lenel Lenel OpenCard PIV Reader XF2100-PIV Lenel Lenel OpenCard PIV Reader XF1100-PIV Lenel LNL-3121 SCM Microsystems PAT1322 Physical Access Reader SCM Microsystems PAT1312 Physical Access Reader Integrated Engineering 800-1063 Desktop/SmartLOGON Pro Secure Network Syst. SNS CRITSEC® CPKR100 Secure Network Sys. SNS CRITSEC® CPR100 Integrated Engineering 800-8080 SmartID Reader Secure Network Sys. SNS CRITSEC® SCE100 Secure Network Sys. SNS CRITSEC® CKR100 SCM Microsystems SDI010 Contact/Contactless Reader Secure Network Sys. SNS CRITSEC® CR100 Integrated Engineering 800-8085 SmartID Reader w/ PIN HID Corporation iCLASS OEM150 OMNIKEY Americas CardMan 4040 PCMCIA Contact Reader HID Corporation iCLASS RP40 HID Corporation iCLASS RK40 Lenel IdentityDefender IE800-1063-4023 HID Corporation iCLASS R40 HID Corporation iCLASS R30 Lenel OnGuard IE800-8080-4023 HID Corporation iCLASS R10 Lenel OnGuard IE800-8085-4023 SCM Microsystems SCR3310 v2 Secure Network Sys. SNS CRITSEC® CRP40 Secure Network Sys. SNS CRITSEC® CRK40 Secure Network Sys. SNS CRITSEC® CR40 Secure Network Sys. SNS CRITSEC® CR30 Secure Network Sys. SNS CRITSEC® CR10 Key Ovation Goldtouch ErgoSecure SC 2.0 Hewlett Packard Co. HP USB Smart Card Keyboard OMNIKEY Americas CardMan 5125 (USB Contact reader+HID prox) AMAG Technology XF2100-PIV AMAG Technology XF2110-PIV Winter 2007
FIPS 201 products and services from the GSA Approved Products List
PIV Card Gemalto SETECS Inc. Gemalto Oberthur Card Sys.
Extending FIPS 201 beyond government
A starting point for enterprise identity device deployments Ian Lowe Intercede Smart cards and smart card-based devices are rapidly becoming the secure device of choice for individual’s identity. The combination of security and portability allows them to carry credentials, such as photographs, PKI certificates and biometrics, that can be used to easily validate an individual’s identity. When an individual uses a digital credential held on a smart card-based device to validate his or her identity or authenticate to some system, the level of trust required is dependent upon the risks associated with the damage caused by fraudulent use. As the risks rise, the reliance you place in the validation of the identity increases. This means you have to not only trust that the device and the technology itself is secure, but that the device has been issued to a person in a secure and trusted manner.
(PKI), authentication and Single Sign-On (SSO) systems, physical access control systems (PACS), biometrics, etc. These technologies often exist as discrete silos and often do not naturally interoperate. • Lack of policy and process. In many organizations there are no standard policies for issuing identity devices to users. Without reliable processes there is a tangible risk that an identity device will be issued incorrectly, or worse, fraudulently to a user. Establishing reliable processes is complex and requires experience and expertise. When combined, the above factors ultimately lead to the return on investment promised by an identity system not being realized. FIPS 201, however, is helping to remove some of these barriers by providing a standard for interoperability and clearly defined policy and a secure process for issuing identity devices to a population of users.
Enterprise identity deployments = mixed success Smart device-based identity programs within the corporate enterprise have had mixed results. Success has come slowly due to a number of factors including: • Complexity and lack of interoperability. When deploying smart cards in the enterprise there are numerous infrastructure and technology elements that need to work together, including: authoritative user data stores (directories, HR systems, etc.), card management systems (CMS), provisioning systems, public key infrastructure
HSPD-12/FIPS 201 driving identity device deployment In 2004 President Bush issued Homeland Security Presidential Directive 12 (HSPD-12) establishing a standard for the identification of all US Federal Government employees and contractors. HSPD-12 requires the use of a common identification credential called a Personal Identity Verification (PIV) smart card for both logical and physical access.
At the center of any identity deployment is an identity management and card/identity credential management system, such as Intercede’s MyID.
• the technical specifications of the cards, their content and the interoperability of key systems and technologies, and
The card identity credential management system is the central piece that unites all the necessary identity technologies and systems together to create digital identities. The main role of the identity credential management system is to bind people with devices and credentials – creating identities. This process must be secured from both a technology and process standpoint in order for the digital credentials issued by the system to be trusted.
• the business processes necessary to ensure a consistent level of assurance between issuing and relying authorities. HSPD-12 has been an accelerator for the adoption of smart card-based identities within US Federal Government and is now providing a further catalyst for the adoption of smart cards within corporate enterprise and other non-US government environments.
FIPS 201 defining interoperability HSPD-12 and FIPS 201 are paving the way towards a future where identity technologies, IT systems and infrastructure work together in harmony. Any technology vendor wishing to provide identity solutions to the US Federal Government must put their products and solutions through a rigorous testing and approval process. Once the products have been approved and certified interoperable (based on published standards), they are listed on the Approved Products List (APL).
FIPS 201 – secure policy and process for identity device deployment FIPS 201 provides a clear and secure set of roles and processes for the enrolment, issuance and management of people, devices and credentials. The roles are: Applicant An applicant is the person who requires a PIV card (e.g., an employee of a federal agency). They must first contact their designated PIV Sponsor so that they can initiate the application process. An applicant must ensure that they have accurate personal information including: name,
HSPD-12 led to the creation of the Federal Identity Processing Standard 201 (FIPS 201), which set out the two key aspects of deploying a secure identity card:
date of birth, contact details and their employment status within the Government Department (agency/department, status, role, etc.) Sponsor The sponsor is responsible for creating the initial requests for PIV credentials for those individuals under their authority. The sponsor determines whether or not an individual is entitled to apply for a PIV card. A sponsor is typically someone who knows the individual, e.g. their line manager. Registrar The registrar is responsible for verifying the identity of the applicant and the authenticity of their application documents and once he/she is satisfied that the documents are in order he/she will make the request for the PIV card to be issued to an applicant. The registrar will also capture biometric data from the applicant, including capturing fingerprints and a photo. Signatory The signatory is responsible for approving PIV card requests that have been processed by a registrar. Depending on the policies adopted by an agency, this tertiary approval process may or may not be necessary depending on the card types. Issuer The card issuer has the task of actually producing the PIV card and delivering it to the applicant within a face-to-face collection process. This involves electronically personalizing the card (e.g., fingerprints and certificates) and printing the card surface.
FIPS 201 can easily map across to the corporate enterprise
Signatory → Authoriser/Witness (Optional) The Authoriser/Witness is an optional role and is responsible for approving, for a second time, card requests that have been processed by a registrar. If this stage is required in a corporate environment, it is likely to be the applicant’s Line Manager or the Line Manager’s Manager who authorizes the card issuance. Card Issuer The card issuer has the task of actually producing the identity device and delivering it to the applicant within a chosen collection or delivery process. Dependent upon the issuance model, this could be face-toface, issued centrally in batches or via self-service collection.
FIPS 201 helping ease the pain of enterprise identity device deployments FIPS 201 is helping to ease the pain of device-based identity deployment by providing a standard for interoperability and a clearly defined secure process for issuing identity devices to end users. Organizations adopting the interoperability standards, issuance and management process defined in FIPS 201 can be certain that an identity device has been issued to their employee’s with a high level of trust and integrity. Organizations that adopt a FIPS 201-like model can have confidence that: • The device and technologies used are tested and secure. • The applicant’s identity has been verified and validated. • The identity device has been issued in a secure fashion by trusted employees. • The device and identity credential management system has been validated and is interoperable.
Applicant → Employee/Cardholder The person who requires an identity device. Sponsor → Human Resources Typically the Human Resources Department is responsible for the mechanics of hiring an individual and in the FIPS 201 process would make the initial requests for identity devices to be issued to employees. In corporate environments this process is likely to be automated by utilizing information already in an HR system or directory. Registrar → Human Resources/Person During the induction of a new employee, personal data is likely to be gathered (e.g., fingerprints or a photo). This function could be carried out by HR department personnel and is likely to be incorporated into the standard employee enrollment procedure.
HSPD-12 has defined a benchmark. This benchmark can be easily adopted by any organization looking to deploy device-based identities. Not all of the policies, processes and controls defined in FIPS 201 will be appropriate for your organization, but many will. HSPD-12 and FIPS 201 have provided a model that can be quickly adopted and easily adapted to meet an organization’s needs without having to reinvent the wheel or start from scratch. HSPD-12 is removing the barriers to identity device deployment by providing a readily available ‘shopping list’ of interoperable technologies and a clearly defined set of secure process for issuing and managing identities. Combined these factors ultimately pave the way for successful identity deployments by reducing both the complexity and the overall cost of deploying identities.
the premiere resource for compliant credentialing
The way the government handles security changed drastically in August of 2004 when FIPS 201 Standards mandated the standardization of identification security and credentials. These standards are rapidly expanding throughout the US government, and are already influencing the private sector, educational institutions, state and local government, and international markets. AVISIAN Publishing is announcing our latest information source, FIPS 201, as the newest addition to our publications suite. Thousands of people turn to our other resources daily for news and the latest product information. Make FIPS201.com part of your daily routine, and you will have the opportunity to view approved products and services, photos, web links, brochures, contact information, and more. Make sure that you don’t miss out on the FIPS 201 revolution.
Get your FIPS 201 Approved Product listed on FIPS201.com today. Contact [email protected]
for more information.
Angela Tweedie AVISIAN Marketing Coordinator 850-391-2273 [email protected]
id technology resource
Search for Approved Products by category or search by product name or vendor
Recently approved member listings are highlighted on front page, as are random listings
Constantly updated news feed keeps visitors up-to-date on FIPS 201-related content
Resources section enables member companies to promote white papers, webinars, events.
re:ID magazine • ContactlessNews • CR80News • SecureIDNews • RFIDNews
The world is full of the unsolicited. It’s called advertising, and it’s what makes the free market work. It’s about informed consumerism. But spam is breaking all the rules, and the rules can’t abide. Now using identity to connect people is suddenly compelling. And hard.
Daniel Butler Contributing Editor, AVISIAN Publications
Spam has become headache number one for many users. Will email survive?
CAN DIGITAL IDENTITY CURB THE SPAM ASSAULT ON YOUR INBOX? YES, I SENT IT … DID YOU CHECK YOUR SPAM FOLDER? Whether you like it or not, spam may be here for good. The world is at war with it, and spam may be winning. You may recognize some of the terms of warfare: spam, ham, junk, not junk, UCE, UBE, Make Money Fast, Viagra, Cialis, stock scams, viruses, trojans, worms, exploits, phishing, malware, 419 fraud, mail headers, Bayesian filters, filter poisoning, spam scores, white lists, black lists, block lists, port 25 blocking, list washing, spam houses, bounce counts, address harvesting, dictionary attacks, CAN-SPAM, honeypots, botnets, zombies, opt-in, opt-out, false negatives and false positives. The situation is critical … not just for you but for everyone who uses computers, web sites, search engines, phones, or other forms of communications. Modern society’s function is hopelessly intertwined with our ability to communicate quickly and cheaply via email, so you may ask yourself: Why do we put up with spam? Why isn’t email more reliable? What are the smartest minds trying to do about it? And, is there a silver bullet fix to the problem? In this three-part article, we’ll discuss the origins of this assault on your inbox, investigate current attempts to quell the flood of junk
email, and propose that the concepts of digital identity may be the key to a brighter future, a cleaner inbox and secure messaging that you can trust.
Just how bad is it? I fought with spam myself for years, having one of those email addresses that has been “out there” since around 1995. I hosted my own email server, and despite futile efforts to stem the tide with special mailer configurations, blacklists, and spam filtering, I was getting thousands of spam messages a day, nearly more than my aging server could handle. In 2005, I gave up and moved my email service to one of the biggest providers with some of the best filtering technology available, and my inbox was finally liberated. My spam folder, however, was filled at its peak with over 22,000 messages per month. In the past year, the total has diminished, now hovering in the 7-8,000 per month range. Life is better now, but still, the filters are far from perfect, and many false positives and false negatives mean I must think about and deal with spam on a daily, if
How Can We Claim Software House® is the Most Secure?
Easy. The first full access control panel to be listed on the FIPS 140-2 pre-validation list FIPS 197 validated software Our iSTAR eX controller features 256-bit AES encryption, double most others in the industry Industry-first Multi-Technology readers, read all PIV II cards Solutions that feature superior, digital certificates; preventing “man-in-the-middle” attacks Download our Government-Ready toolkit from www.swhouse.com
not hourly basis. But I’m not the only one dealing with the thorny issue of too much junk. Kevin Werbach writes in Death By Spam: The E-Mail You Know and Love is About to Vanish (Slate, Nov. 18, 2002): “Neither legislation nor litigation against spammers has stemmed the tide, and they’re not going to have much of an effect in the future, either. It’s time to give up: Despite the best efforts of legislators, lawyers, and computer programmers, spam has won. Spam is killing e-mail.” Mr. Werbach sums up the essential source of the problem: “Because e-mail inboxes are open to anyone, longtime Internet users now receive hundreds of spams per day, making email virtually unusable without countermeasures.”
Why the history of spam is the history of the Internet Email has become universal because of its simplicity: anyone can use it to send you a note or a small file, and you can use it to contact virtually anyone. Usually. But why is it that way? Why doesn’t sending a message require you to identity yourself, or seek prior permission from the recipient? Electronic mail was modeled after physical postal mail in that anyone can send anything to anyone else, assuming you have the recipient’s mailing address, and you pay the postage fee. But wait, what fee? Electronic mail is free to send, or seems free enough, and as long as the sender doesn’t pay anything per message, email will remain distinctly different from physical mail. Imagine the tons of junk in your mailbox if direct marketers could contact you for free and as often as they like. The Internet’s message exchange protocols were originally created in a closed system, where the hosts connected to the network were known and could be trusted. Users on those hosts could be clearly identified and also trusted not to misbehave. In the early history of spam, the anti-social, anti-network behavior of sending unsolicited messages to others on the network was taken very seriously, and offenders were dealt with fairly quickly and effectively. As the Internet opened up to commercial interests, as dial-up users started logging in, and as millions of people started 36
exchanging messages, those safeguards of host, user identity and reputation fell by the wayside. Email’s very open nature is what may have doomed it to failure.
“Something Posing as Meat” or “Special Purpose Army Meat”. In any case, the name ultimately becomes synonymous with something not especially appealing to consume.
Paul Judge, writing in Redesigning the net to save it from spam (CNN, May 17, 2003), observes: “Simple Mail Transfer Protocol (SMTP) was developed some 20 years ago for a totally different type of Internet, one that was very open and trusting. Today, the Internet is not those two things.”
On December 15, 1970, the infamous Spam Sketch premiered as the final sketch of the 25th show of Monty Python’s Flying Circus, introducing the world to a menu full of culinary delights such as “spam, egg, spam, spam, bacon and spam” and behorned Vikings loudly singing the praises of “Spam, lovely spam, wonderful spam.” And thus the meme of being overwhelmed with too much of a noxious thing in the wrong venue is born, but it will take another 23 years for the term to be generally applied to unsolicited commercial email messages sent in noxious quantities.
As long as there is an economic incentive for spammers to shill their often-obfuscated message to people, we’ll always have spam. We are reminded of the tragedy of the commons. The idea, described in a parable in 1833 by William Forster Lloyd on population growth and popularized in 1968 by Garrett Harden, “demonstrates how unrestricted access to a resource such as a pasture ultimately dooms the resource because of over-exploitation. This occurs because the benefits of exploitation accrue to individuals, while the costs of exploitation are distributed between all those exploiting the resource.” Even the ancient Greeks had something to say to tragic nature of the email commons: “That which is common to the greatest number has the least care bestowed upon it.” The whole game of spam is about a few bad actors exploiting the commons, and will continue to be until the nature of the commons has been changed.
Important milestones in the history of spam How did it get this way, in this state of exploitation? Let’s follow along with the development of spam. On September 13, 1904, the first telegram spam is sent, according to Internet sources, even Wikipedia, but no substantive evidence of this can be found. In other words, this very fact-or-not has been spammed throughout the Internet, with no regard to whether the fact is trustworthy or not. On July 5, 1937, Hormel Foods Corporation changes the name of Hormel Spiced Ham to SPAM, possibly meaning “Shoulder of Pork and Ham”, later becoming backformed by others as
In November 1975, in the Internet standards process document Request for Comments (RFC) 706, On the Junk Mail Problem, Internet pioneer Jon Postel notes, “In the ARPA Network, … there is no mechanism for the Host to selectively refuse messages. This means that a Host (that) desires to receive some particular messages must read all messages addressed to it. Such a Host may be sent many messages by a malfunctioning host. This would constitute a denial of service. Both the local users and the network communication could suffer. The services denied are the processor time consumed in examining the undesired messages and rejecting them, and the loss of network throughput or increased delay due to the unnecessary busyness of the network. It would be useful for a Host to be able to decline messages from sources it believes are misbehaving or are simply annoying.” On May 3, 1978, Gary Thuerk, a marketer at DEC, using a printed directory of everyone on the ARPAnet, sends a notice about an open house to show off new models of the DEC20 computer. The message generated much discussion, as it supported neither research nor education and was thus against the acceptable use policy of the ARPAnet. A young Richard Stallman, champion of software freedom, chimes in on the debate and gains the dubious honor of being perhaps the first spam apologist. Others vehemently oppose the unsolicited mailing. Mark Crispin observes, “I don’t see any place for advertising on the ARPAnet, however; certainly not the bulk advertising of that DEC message. From the address list, it seems
In September 1981, Jon Postel desired to fix this built-in weakness of email exchange via a network, but his desire for open protocols led him to publish his later Robustness Principle known as Postel’s Law, in RFC 793 in 1981:“TCP implementations will follow a general principle of robustness: be conservative in what you do, be liberal in what you accept from others.” In August 1982, the Simple Mail Transfer Protocol was proposed in RFC 821 by Jon Postel as a replacement for a prior mail transport standard that relied on FTP to exchange data. The SMTP protocol solved many problems related to moving messages from server to server, but provided no facility to authenticate senders. On March 31, 1993, Richard Depew’s software, called ARMM, was supposed to help automate the moderation process of USENET groups but went haywire, flooded a newsgroup, and many people were angered. In the resultant discussion, Joel Furr is credited with the first use of the term spam:“Transformed by programming ineptitude into a monster of Frankenstein proportions, it broke loose on the night of March 31, 1993 and proceeded to spam news.admin. policy with something on the order of 200 messages in which it attempted, and failed, to cancel its own messages. … This produced a flood of messages in which each header took up several screens and each message id got longer and longer and longer and each subject line started wrapping around five or six times. ARMM was accused of crashing at least one mail system and inspired widespread resentment among those who pay for each message they have downloaded.” On April 12, 1994, two lawyers from Phoenix hired a mercenary programmer and posted a message to thousands of USENET newsgroups advertising their fairly useless services in an upcoming US green card lottery, and thus sent the first deliberate mass posting to be commonly called “spam”, and the term has stuck in popular usage since, referring to the unsolicited and massive flood of the same message to multiple people or venues. In 1995, the commercial Internet begins to open up and take off. Watch out, inboxes!
By 2001, the EU estimated that spam costs Internet users 10 billion euros per year worldwide. In 2004, Microsoft chairman Bill Gates, in a speech to the World Economic Forum, boldly predicted that spam would be eliminated in two years. He was wrong. This same year many high profile spammers began to be convicted under new US and other nation’s anti-spam legislation. In 2005, Russian spammer Vardan Kushnir, after having obsessively spammed nearly the entire population of the Russian-language Internet, was brutally murdered. Like so many aspects of the dark side of spam, whether his murder was vigilante justice has yet to be determined. Later that year, Britian’s most prolific spammer is sentenced to six years in prison. By 2006 spam is said to account for 40% of all email, with anywhere from 12 to 55 billion spam messages sent daily. An IronPort study estimates that 80% of spam originates from remotely-controlled zombie computers, part of larger networks of sinister “bot-nets,” under the command of covert spam lords. In 2007, research firm IDC forecasts that the volume of spam messages will overtake legitimate person-to-person messages, with a worldwide volume of 97 billion per day.
Enter trust, reputation, and identity Yes, there’s something that can be said about the casual nature of email. You can send messages (even semi-anonymously) to people
who you would never call on the phone, talk to in person or send a letter to. But the price of that freedom is paid by everyone, billions of times a day. We would like to send and receive messages from people and organizations that we trust, from those who have built up a good reputation for treating the commons with respect, and from those whose identity can be verified. In practice, that doesn’t always work, because the noise-to-signal ratio in a world of ubiquitous spam and phishing attacks means you can’t always trust your messages to arrive, to get important messages yourself, or even for those messages to be from whom they claim they’re from. Identity of networks, hosts and users is important in the war on spam, because with identity, you can monitor and track reputation. Those entities with a reputation for spamming can be disconnected from the network, blacklisted and even prosecuted in the real world. Identity is required before trust relationships can be established between any two entities exchanging messages, but because anyone can join the network, there is no central trusted authority on identity. So while identity, trust and reputation are important now, the current state of limited implementation means it cannot yet be used as the solution to the spam problem. In the next article, we’ll discuss current efforts trying to control the flow of spam, with attempts to use the identity and reputation of users, hosts and networks as well as the content of the messages themselves to determine whether to deliver a message to your inbox. In the final installment, we will discuss the future of message exchange as email and trusted identity begin to converge.
“And, now for something completely different” A final tribute to the Pythons’ enduring legacy, with names changed to protect the innocent. Email User: Have you got anything without spam in it? The Internet: Spam, egg, sausage, and spam. It’s not got much spam in it. Email User: I don’t want ANY spam! Tech Support: Why can’t she have egg, bacon, spam and sausage? Email User: THAT’S got spam in it! Tech Support: Hasn’t got as much spam in it as spam, egg, sausage and spam, has it? Vikings: Spam, spam, spam, spam …
clear to me that the people it was sent to were the Californians listed in the last ARPAnet directory. This was a clear and flagrant abuse of the directory!”
Contactless payment makes biggest debut yet with London Launch Barclaycard secures major advantage via exclusive deal with Oyster card Andy Williams Contributing Editor, AVISIAN Publications 38
In London, MasterCard and Visa are in the midst of the world’s largest contactless card launch to date, but a smaller roll-out may have Londoners more excited as it involves their popular Oyster card. The Oyster card, which they use to ride the rails and buses, has been combined with a contactless and EMV-compliant credit card. The bigger rollout, nicknamed the London Launch, has both credit card giants already rolling out cards in London that, by the end of 2008, are expected to blanket the UK. The contactless portion of the cards will handle payments of £10 or less. “Europe has lagged behind Asia and the US when it comes to contactless payments, but the stage is now set for adoption,” commented senior analyst Jonathan Collins, ABI Research, during release of a recent study about contactless payments.
According to the UK payments association, APACS, five million contactless cards are to be issued across the country for use at 100,000 retailers by the end of 2008. It also announced participation from eight banks, including Bank of Scotland, Barclaycard, Citi, Euroconex Technologies Ltd. (now Elavon Merchant Services), Halifax, HSBC, Lloyds TSB and Royal Bank of Scotland Group (RBS).
Now with OnePulse,“We have travel on one piece of plastic plus credit,” said Stewart Holmes, head of Barclaycard Onepulse.
Visa, in its rollout, lists five European banks – HSBC Bank, HBOS, Lloyds TSB, RBS and Barclays – that began issuing Visa payWave cards this fall. Visa payWave is the name for the company’s contactless card that is now seeing use in Europe, the US, Asia and Latin America.
The whole OnePulse project took about two years from initial conversation to launch, explained Sue Doyle, Transys marketing director. The trial itself lasted about four months. “We previously had technical trials to make sure the technology side actually worked,” she said. “There were no problems technology-wise … (it) works perfectly and we were able to carry on as scheduled. We wanted the card to be accessible to everyone in London. Oyster is a very natural way to include everyone on this particular product.”
At the same time as these launches, Barclaycard announced its new multifunction Barclaycard OnePulse, developed in partnership with the public transit operator, Transport for London, and the Oyster card operator, TranSys. Barclaycard OnePulse features three separate functions on a single card – Visa payWave contactless technology for purchases of £10 and under, the standard Chip and PIN (EMV) credit/debit card capability for larger purchases, and the Oyster transit fare application for use when traveling around London. This is the first time that Oyster technology has been licensed to a third party.
Oyster’s popularity gives Barclaycard a big boost in London Oyster first hit the streets in 2003 as an integrated contactless smart card ticketing and revenue collection system implemented on behalf of Transport for London (TfL) by the EDS- and Cubic-controlled TranSys consortium. The Oyster card is valid on all bus, Tube, and Tramlink services, and on selected National Rail services.
“There are very few of the (OnePulse) cards out there right now but Barclays is getting thousands of applications,” said Shashi Verma, director of fares and ticketing for TfL.
Two years ago, Barclays was one of four banks to compete for the opportunity to incorporate Oyster on a standard credit card. “They were chosen because they offered the best customer service,” said Ms. Doyle. “(It) was clearly a huge opportunity to seize that competitive differentiator,” added Mr. Holmes. For competition’s sake, Barclays felt that Oyster plus a credit card would help make the card the “first one that comes to mind” when it’s time to use the credit portion of the card.”
“It’s still early to get any results, but we’re expecting hundreds of thousands (to be issued.) We have six million Oyster cards in active use,” added Mr. Verma.
by pre-loading pay as you go and/or a Travelcard or Bus Pass,” said Mr. Verma. He emphasized that the Oyster function “is entirely separate from the credit card account, but sits on the same card.” However, riders don’t have to switch to OnePulse. They can still use their standard Oyster card if they choose.
Bringing on the merchants Mr. Holmes reports that merchant reaction to OnePulse, “has been very positive. Barclays exceeded the target. We’re rolling out 50 locations a day; since about June we’ve been on the streets signing up merchants.” About a thousand merchants had signed up by the end of summer, mostly smaller establishments, such as fast food restaurants, convenience stores and Krispy Kreme doughnuts.
In addition to the Oyster application, OnePulse includes Visa’s contactless payWave application for purchases under £10 and coincides with the Visa contactless launches throughout London. To handle larger purchases, OnePulse contains a third component, an EMV chip. It requires insertion into a reader along with a PIN the cardholder must enter.
Added Mr. Verma:“The fact that so many customers in London are used to using Oyster and understand the contactless payment process made it easier. In the absence of Oyster, it would have been more tricky.”
Keeping straight with three ways to pay From Oyster’s perspective, OnePulse cardholders “will enjoy the benefits of Oyster, meaning cheaper, easier and more convenient travel on the London transport network, using Oyster exactly as they do today –
The key, for both Visa and MasterCard, is signing up what Mr. Holmes calls “the first sector champions … a big drug store, big news agent that champions cashless in their business sector which will trigger competitive follow-ups from other retailers. Predominantly it has been medium or smaller-size merchants right now, but some of the bigger chains are trialing it in their London branches.”
“The Oyster application on the OnePulse card is no different than what’s on the Oyster card. All Oyster cards can be linked to a bank account and automatically topped off when the balance falls below a certain level. You also have that advantage with OnePulse,” explained Mr. Verma. “The advantage is Oyster and credit are on the same card but the two are still different.”
Since EMV has been in use in the UK since 2005, merchants are already equipped with an EMV, or as Londoners call it, a “chip and pin” reader. But with the introduction of contactless technology, merchants also needed a contactless reader.
card (to pay for transit fares). I’d like people to be able to use the EMV contactless card at the gate.” The New York trial allows riders to use a contactless credit card – in this case MasterCard PayPass – instead of buying a ticket to enter the subway.
Even though there’s a £10 limit for contactless payments, a standard spot check might kick in. Here, a card might be randomly chosen for the user to enter his PIN. There is also a £50 limit per day on transactions.“If you exceed that, you need to go through chip and pin,” said Mr. Verma.
It could eventually mean, “getting rid of Oyster,” said Mr. Verma.
On the Oyster system itself, there were no upgrades required except for a few tweaks. But, Ms. Doyle explains, “a lot of amendments (were needed) to the system to make Barclaycard and transit interact with each other.” There was some coordination required among Barclays and Oyster help desks. “We had to make sure our help desk was able to talk to Barclays customers. That’s not easy – it can get very involved, finding the right routing between help desks. We looked at it very carefully,” said Ms. Doyle. For example, if someone has a credit card problem, he may end up calling TfL, when he should be talking to Barclays. Or, if for some reason he was blocked from entering the Tube, he may call Barclays for help when he should be calling TfL.
However, Oyster’s fare structure “is more involved than New York’s. Our fare structure is dependant on distance, not the kind of thing that PayPass supports by itself. We’re looking at that but it’s much more complicated,” Mr. Verma said. “The big thing about EMV contactless is we have to understand that’s the future. Having gotten to this point (with Oyster as the card’s fare payment mechanism), we’re looking at what we can do next. What we get from Barclays is an understanding of customer behavior. That’s going to be important when moving to the EMV contactless world (for transit payments),” said Mr. Verma. “Oyster has always been about making people’s journeys easier and cheaper and more accessible,” adds Ms. Doyle. “We’re also looking at different media that would carry Oyster, like in a watch, or phone, a natural progression that would make it easier to carry the product. We’re talking to customers now, conducting some research about what would make their lives easier.”
What’s next? First up for Oyster is extending the card to cover the main rail lines coming into London. The next step, explained Mr. Verma, is making “EMV contactless work like New York, where you can use your PayPass
From Barclays’ standpoint, “the only challenge we face is in explaining the new product and getting consumers to make the natural link,” said Mr. Holmes. “The big challenge is to affect consumer behavior. There have been lots of false starts … but we want to make a difference.”
Beijing Olympics to showcase world class security with a record setting price tag Contactless technology is nothing new for China. From the Great Wall to transit, contactless has been around for the past few years, and, coupled with RFID usage (such as tags, etc.), makes the country – for now – the largest RFID smart card technology market in the world. That market is growing as the country gears up for next year’s Summer Olympics. In a recent report, RFID in China 2007-2017, consulting company IDTechEx, states that China has become “the world’s largest RFID market by value.” Of course, that includes all types of RFID technology, from contactless ticketing and access control to supply chains and the tagging of military hardware. The report suggests that of the $4.96 billion invested globally in RFID, $2.7 billion of that will be spent in East Asia, with most – $1.9 billion – in China alone. That’s 38% of the global market. This, the report says, is due to a “peak in delivery of contactless national identification cards in China prior to the 2008 Olympics.” About $1.65 billion is being spent on 300 million of these cards. Another $250 million is going for RFID tags and their systems,“most of this related to transport, cash replacement and secure access cards,” the report adds. It does issue a word of caution: Once the ID card market is saturated, “China will sink below the US and probably Japan in value of its RFID market but that market will nonetheless be growing very fast.” 44
That market will recover within the next ten years, however, as other RFID projects, with animal tagging, transport, cash replacement cards, secure access, manufacturing, military and supply chain applications, making up the difference. Then there’s that small two-week event slated for Beijing August 8-24, 2008. The 2008 Olympic Games will keep China’s RFID market bustling and merchants, hotels and restaurants happy to serve the 800,000 anticipated visitors. It hasn’t been billed as the largest RFID project to date – the country’s national ID card project would take that prize, but it certainly is up there, at least financially. For starters, some seven million contactless tickets are expected to be produced for the 17-day event. About half of the tickets are for domestic sales and the rest will be marketed overseas. Ticket sales are expected to bring in about $140 million, according to one trade paper. Bids for the new contactless ticket haven’t yet gone out, so it’s not known what kind of chip will be utilized. One of the largest chip suppliers in China is NXP. Its MIFARE line is present in many of the contactless transit ticketing systems throughout the country. One of the major benefits of a contactless ticket is that it would reduce counterfeits. Which means eliminating manual checks of each ticket, speeding ingress into the games. Tickets to the opening and closing ceremonies – the two most-attended events – are also expected to include a digital picture and ID information of the holder.
China expects to invest about $300 million to assure a secure Olympics. According to a report from the Security Industry Association, the five major security systems that will be used include video monitoring, burglar alarms, access control, electronic ticketing, security detection and … food. Yes, food. Plans are to employ a food safety tracking system. Food delivered to athletes will be closely monitored with an RFID system throughout the production process and transport. According to ChinaTech News, fruits and vegetables, animal products,and pre-packaged foods will all be covered by the tracking system. Some 15 food safety authorities, several from the US, were named to a Beijing Olympics food security panel two years ago to assist in this project.
Contactless Card Manufacturing
Not only will these tickets speed up entry into the various games, but the contactless technology will enable security to track ticket holders, according to a report from the Security Industry Association. Signals from electronic ticketing systems will be transmitted to monitoring centers where ticket-holders whereabouts are tracked. XceedID Corporation, a global provider of contactless smart cards and readers, and Sino Security, a security equipment distributor in China, will be providing XceedID readers for the Beijing Olympic Committee. One thing the Chinese don’t have to worry about is a learning curve for contactless ticketing. In addition to the contactless transit ticketing systems in place in more than 100 cities throughout China, last year’s Tennis Masters Cup hosted by China included contactless ticketing. And Beijing hosts one of the largest transit projects in China, with around 10 million public transport journeys each day. RFID ticketing has also been implemented for other applications such as access control at tourist sites, including the Great Wall and the Ming Dynasty Underground Palace and Emperor’s tombs.
STAND 3 A 081
Learn more at...
November 13 - 15, 2007
www.cpicardgroup.com / contactless An ISO 9001:2000 registered manufacturer
The Beijing organizing committee announced that this program will rely heavily on the use of Global Positioning System and RFID to monitor and track all Olympic food products through the production, processing and distribution processes.
“All food entering the Olympic Village and other facilities will be given an Olympic food safety logistics code,” said Wang Wei, executive vice president of the Beijing organizing Committee for the Olympic Games. “High technology arts including IC card, RFID and GPS will be used to monitor the whole process from start of production through transportation to the village,” Mr. Wei said. Vegetables, fruits, meat, edible oil, aquatic products, children’s food and health food are the main targets in food checkups according to Olympic organizers’ detailed plan for the campaign. It includes closing, by the end of the year, all unlicensed restaurants, while insuring that all its food producers are qualified and that no harmful material has been used in food processing. Even 10,000 peach farmers in Beijing’s largest fruit-producing area, have pledged not to use banned fertilizers and pesticides in fruits for the Games. Perhaps the best overview of just how secure Beijing is trying to make the Olympics comes from the SIA’s Olympic Update report. SIA is a nonprofit international trade association
representing electronic and physical security product manufacturers. Its report examined “the many security challenges and the technologies being deployed to safeguard both Beijing and the many Olympic venues.” “This report underscores that the Olympic Games not only showcase world-class athletes, they showcase world-class security technolo-
gies and services from our industry,” Richard Chace, executive director and CEO of SIA, said when the report was first released. “People across the globe will be wondering how one of the world’s premiere events will deal with security threats and issues. SIA’s China Olympic Security Update goes a long way toward answering those questions.”
Olympic security spending takes the Gold Medal • Total investment for the Beijing Olympics is $36.3 billion. Its investors include the central government, local governments of host cities, the Beijing Organizing Committee for the Games of the 29th Olympiad and social groups. • Based on the security investment for the Athens and Sydney Olympic Games, Beijing expects to invest $300 million just for the security of the Olympic venues. In terms of purchasing power parity, that’s equivalent to $720 million, the report says. • According to data from the Beijing Municipal Public Security Bureau, the Olympic Security Protection investment will total another $300 to $400 million, to cover the cost of personnel, physical and technical protection. • State-of-the-art RFID technology will be integrated with building intelligence systems for seamless interoperability. This includes tracking of ticket-holders. • The five major security systems that will be used include video monitoring, burglaralarms, access control, electronic ticketing and security detection, totaling $115 million. • Investment in video monitoring is $28.5 million or 33% of the total, due to the large number of spy/CCTV cameras that will be installed in and around the venues. • Some of the Olympic sponsors providing security protection products include GE, Honeywell, Panasonic, Pelco, and Siemens. Source: SIA’s China Olympic Security Update
4HE /RIGINAL -ULTI 4ECHNOLOGY 2EADERS
.)[ 4."35 '*14 1*7** 64(4""1-
4HE -OST 6ERSATILE 3ECURE 2EADERS IN THE )NDUSTRY
5PMFBSONPSFQMFBTFWJTJUXXXYDFFEJEDPN #OPYRIGHT Ú 8CEED)$ #ORPORATION !LL RIGHTS RESERVED 8CEED)$ 8!#44 AND )3/ 8 ARE REGISTERED TRADEMARKS OF 8CEED)$ #ORPORATION
Biometric Authentication News
Biometric products must pass new test for airport use Transportation Security Administration creates Qualified Products List to approve biometric components for airport security Jennifer Slattery Contributing Editor, AVISIAN Publications
The Transportation Security Administration (TSA) was directed by the Intelligence Reform and Terrorism Prevention Act of 2004 to develop standards for use of biometric technology in airport access control systems. The goal of this effort is to establish procedures for implementing biometric systems to ensure that individuals do not use an assumed identity to enroll in a biometric system and to resolve failures to enroll, false matches, and false non-matches.
Qualified Products List (QPL) Process
The TSA was also directed to outline best practices for incorporating biometric identifier technology into airport access control systems in the most effective manner. Finally, it was directed to establish a qualified products list (QPL) of biometric technologies that meet the standards they developed.
Technical requirements contain quantitative qualification requirements including biometric matching error rates, failure to enroll (FTE) rates, and transaction times; reliability/availability requirements; and power/physical requirements.
Manufacturers that wish to have their product approved for the biometric QPL apply to the TSA for consideration and testing. Once all the paperwork and documentation has been submitted, the product is transferred to an independent testing facility to conduct unbiased testing.
The single industry voice for smart cards ... The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology. The Alliance is the single industry voice for smart cards, leading discussion on the impact and value of the technology in the US and Latin America.
Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. Worldwide outreach - A primary mission of the Alliance is to show the world the benefits of smart card technology. We accomplish this through an array of outreach efforts including an informative web site, published industry reports and papers, active press relations campaigns, our Smart Card Talk electronic newsletter, and an international calendar of speaking engagements and exhibitions. Unrivaled education - At Alliance-sponsored events and leading industry conferences, top quality smart card education is offered to the benefit of both members and leaders from industries impacted by the technology.
TASK FORCES & REPORTS
Task forces and reports - Active participation from representatives of member organizations feeds a vibrant network of industry-specific councils and focused task forces. Highly regarded white papers, reports, and other deliverables flow from groups focused on payments, secure identity, health care, transportation, and more. Conferences – Alliance conferences feature informative programs and speakers who provide insight and knowledge on smart card technology and applications, coupled with exhibitions that showcase leading edge products. These events provide exhibitors with invaluable access to true decision makers and enables participants to see the technology in action.
Networking - The best and brightest from the smart card industry and the key markets it serves participate in the Alliance, attend Alliance functions, and share a camaraderie that extends beyond the Alliance organization to the worldwide network of industry activities. Join the Alliance. It will pay dividends for your industry, your company, and your career. For more information, visit www.smartcardalliance.org.
CardTech SecurTech 2008 MAY 13-15, 2008 ORANGE COUNTY CONVENTION CENTER ORLANDO, FL
THE FUTURE OF
PAYMENTS AND SECURITY
TO REGISTER FOR UPDATES AND TO BE PUT ON THE MAILING LIST VISIT WWW.CTST.COM OR CALL 800-803-3424.
Biometric Authentication News
Operational requirements address the biometric sub-system from the perspective of the operations of the existing access control systems. This includes guidance on compatibility with existing credentials, new secondary/backup procedures for resolving Failure to Enroll (FTE) and False Reject Rate (FRR), biometric sub-system administrative burden, user enrollment requirements (e.g., protocol regarding effort level and duration), and revocation of access privileges. Once testing is completed and a decision is made, results are sent to the TSA for final approval. Even if approval for placement is granted, there is no guarantee that TSA or its airport operators will utilize the product. Airport operators are encouraged to use products on the QPL but not required to do so.
Independent testing International Biometric Group (IBG) was selected by the TSA as the testing facility for initial QPL testing. Products tested include enrollment stations, readers, and biometric sensors. In the initial round of QPL testing, ten products were tested indoors in a controlled environment at a cost $25,000 per product. Four of the ten products were approved for inclusion on the QPL.
Approved Products Bioscrypt’s MIFARE V9.50 is one of the products to be approved and placed on the QPL. In order to receive approval, two hundred users were enrolled and asked to verify themselves on the fingerprint reader three or four times per day. Of the seven products that were operation50
ally tested in the physical access control area, the Bioscrypt unit was one of only two products approved. The other approved physical access control product was Cogent’s IDGate, with fingerprint sensor, PIN pad, and contact or contactless smart card capability. In another category, two Lumidigm sensors that use multi-spectral imaging technology to capture fingerprint images were approved.
The future of the QPL The first round of QPL testing is complete and was considered a success by TSA officials. But many industry observers expressed concern that only a handful of products were submitted for testing. Many of the leading vendors that have supplied biometric access components to airports for years were not represented in the tests. There is no one single reason for the low turnout, but likely a series of factors that include the high price tag for testing, the growing number of government agency tests required of the vendor community, and even apprehension about passing or failing.
Still, it seems likely that the Transportation Security Administration’s Qualified Products List will continue to expand as the biometrics industry expands and use of the technology in airports rise. This will certainly be the case if the vendors that successfully applied and were approved see sales increase as a result of their early listings.
Biometrics and the “mark of the beast”
Critics of the technology think retinal and fingerprint scans signify a New World Order
Biometric Authentication News
Jennifer Slattery Contributing Editor, AVISIAN Publications
As the use of biometrics for authentication and identification begins to surge in popularity, there is a corresponding surge in religious and ethical arguments against its use. Biometric proponents argue that the technology helps identify someone in a foolproof way. No need for passwords that can be hacked or cards that can be stolen. Using a retinal, voice or fingerprint scan or using keyboard strokes to authenticate an employee, the company can feel more secure in its procedures. But does everyone agree? Is it going too far? Will our society be reduced to numbers and fingerprints instead of names and faces?
The mark of the beast? Religious objections to biometrics come from a passage in the Bible and are similar in theory to objections against the use of social security numbers as identifiers. The last book of the Bible, Revelation in the New Testament, depicts a society where people are marked by the name or number of the beast on their right hand or forehead. Some liken this marking to hand and facieal orretinal scans. According to James M. Efird, professor emeritus at Duke Divinity School and a Presbyterian minister, Revelation is the most misunderstood, misinterpreted and abused book in the Bible. The writings were for persecuted members of early Christian faith who were forced to pay homage to Roman gods, not for employees who were asked for finger or retinal scans in order to clock in and out of work. The jump has been made from the religious context to societal context in a scenario where leaders and governments implement programs for controlling people through economics and global registration. All people could be required to receive a “mark” on their right hand or forehead as a requirement for the basic transactions of life. This “mark” could be a numeric code, social security (or similar) number or an identifier of any sort (genetic, racial, religious). The argument is made that the “mark” may be visible such as a tattoo or barcode or could be an imbedded chip or radio frequency identification device (RFID). Given post-9/11 security concerns and terrorist threats, is a worldwide registration science fiction? Opponents to biometrics think it is not.
More than just talk, religious opposition impacts real programs About a dozen City workers in Wilmington, North Carolina recently filed suit against their employer because they felt that the new time-keeping system that uses fingerprint biometrics to track workers’ hours is against their religious beliefs. “As my divine … right, I request that you, my employer, accommodate my sincerely held religious belief by not requiring me to submit to the use of a thumbprint, DNA or any other biological identification device,” one employee wrote. It is theorized that the ultimate reasoning behind these complaints is that the system too closely resembles the Biblical mark of the beast. David Alan Carmichael successfully sued the Navy after 16 years of service because they discharged him for refusing to use his social security number. Even today, he will not use the number, even though
that means he cannot open a bank account, get a driver license or register to vote. “It’s truly a manifestation of the bowing down to the beast,” said Mr. Carmichael, who established the American Christian Liberty Society to help others with the issue. Certain cultures and religions prohibit, or at the very least look with great disfavor upon, the photographing of individuals. Others oppose the practice of fingerprinting. And the removal of a woman’s veil required for facial recognition systems is contrary to other faiths.
How much is too much?
At the 2001 Super Bowl in Tampa, Florida, police used facial recognition technology to monitor video surveillance of fans, spectators, and citizens in the
Facial recognition biometrics have been named by civil liberties advocates as the most intrusive because it can be implemented without an individual’s knowledge. There is also concern over the error rates that currently exist for facial biometrics. Opponents stress that false positives (where innocent people can be wrongly identified as terrorists or criminals) and false negatives (where known criminals can fail to be identified) remain high with facial recognition systems. Not only at issue is the manner in which biometrics are taken and how intrusive they are but also the availability of the collected information. Who will have access to that personal information? Is it at risk? What will it be used for exactly? And how will information be stored? Again, privacy experts fear that biometric systems could be used to develop databases of known dissidents for social control purposes. Databases containing biometric information may also be developed by the business or private sector for their commercial advancement without the consent of individuals.
Social stigma? To some people, certain biometric technologies hold a stigma in society. The process of fingerprinting is closely associated with law enforcement and criminal behavior in many societies. Biometric information has, in the past, been gathered by oppressive governments and the memory of these times remains entrenched in some cultures.
Progressing with technology, while addressing and respecting beliefs and concerns The use of biometrics is certainly not going away. As our post- 9/11 world progresses, methods to achieve greater security will also progress. Law enforcement and government agencies need to seriously consider guidelines for use of biometric technologies, continuing to adopt best practices and fair use guidelines. The arguments against biometrics in terms of religion, ethics and society must continue to be addressed if the technology is to reach its potential.
Biometric Authentication News
People may feel loss of privacy or may feel embarrassed if their biometric reading is rejected whether it is due to malfunction, inexperience with the technology, or misidentification. There is also the argument that automated face recognition in public places could potentially be used to track people’s movements without their consent.
The Tampa Police reported after the event that they found 19 matches during Super Bowl week through the video surveillance program but none of those identified had committed crimes that warranted arrest.
Some biometric identification practices could be considered intrusive. A subset of civil libertarians object to biometrics on the basis that they invade people’s privacy and that fingerprinting and photographing travelers is demeaning. Muslim women who are required to remove their veils could certainly argue that their bodily privacy is being violated. Is the intrusion worth the security benefits that are derived from biometric policies?
areas around the football festivities. Unlike normal video monitoring, this technology used the geometry of the face to attempt to identify individuals from the crowd. The intent was to locate criminals and suspected terrorists. But privacy and civil liberty advocates feared then, and continue to warn, that First Amendment rights may be at risk if biometrics are used to identify people who participate in public demonstrations. The fear is that those protesting against corporations or the government could be punished for it.
Vascular biometrics are more than skin deep Vein patterns prove highly accurate and popular for pioneer vascular developer Identica
Biometric Authentication News
Jennifer Slattery Contributing Editor, AVISIAN Publications
Do you know what the back of your hand says about you? Or your finger or palm for that matter? Quite a bit … if you are looking beyond the surface to track the pattern of veins that can uniquely identify an individual.
Dr. Choi, considered one of the fathers of vascular technology, has been working in this area for several years. He got his start in vascular technology while teaching at Myongli University in Seoul, South Korea, when a hand geometry device was brought to him for further research.
Vascular biometrics uses infrared technology to identify an individual’s unique vascular pattern from below the surface of the skin. The process is fairly simple to use and considered one of the most accurate forms of biometrics because variations in skin (e.g., cuts, burns) and environment do not affect the reading. Once an image is captured, it can be encrypted as a template and stored for verification. Like other biometrics, vascular templates can be used in conjunction with other tokens such as smart cards, PINs or passwords and can be used in a variety of functions such as time and attendance, border control, physical access control and banking applications.
Dr. Choi remembers, he “was reading a book about fortune telling” and the idea came to him. Rather than hand geometry, perhaps other patterns – specifically veins – in the hand could uniquely identify the individual. Eventually, Dr. Choi discovered how to extract the vascular pattern through illumination. This began his lifelong pursuit. He began with a lower end camera with infrared to capture the images. Through experiments and research, he eventually developed an algorithm and obtained a patent on his technology. This research led Dr. Choi to be the chief writer for the ISO standard on vascular data interchange format (ISO 19794-9:2007).
Vascular technology pioneers
Benefits over other biometric methods
Identica Corporation is a pioneer in the vascular biometrics industry. Terry Wheeler, President and COO of Identica Holdings, Inc., has expanded the company to all of North and South America as well as Europe. According to Mr. Wheeler “vascular technology is perfect anywhere people are working with their hands.”
The benefits of vascular technology over other forms of biometrics are its usability, psychological acceptance, “spoofability,” and its speed, accuracy and cost.
Mr. Wheeler met Dr. Alex Choi in 2002 and began the relationship between Identica and TechSphere, Choi’s company in Asia. Identica is now the exclusive provider of the TechSphere Hand Vascular Pattern Recognition biometric solution in the US, Canada, Mexico and the Caribbean.
Usability According to Dr. Choi, Usability “is the greatest indicator of performance in large-scale deployments of biometrics.” The vascular readers are very easy to use and require very little training. It can be used by virtually 100% of the population.”
Psychological acceptance There is a social stigma to fingerprinting not seen in vascular technology. While some people are still wary of using a biometric system with fingerprint or iris scans, vascular technology is accepted by more users. “Spoofability” Mr. Wheeler states, “vascular pattern is the only feature that resides inside the body … (which makes) it very difficult to copy so spoofing is almost impossible.” The infrared sensor examines the pattern below the surface of the skin which makes it virtually impossible to fake access control.
Due to Canada’s harsh weather, the Halifax installation also includes their Weather Shield which is designed to protect Identica’s biometric devices from extreme cold, rain, snow, and direct sun. The Weather Shield can be opened in a variety of ways including PIN (motion sensor), smart card or proximity card.
What’s next for the next generation of biometrics?
Identica vascular biometric deployments Identica estimates there are 2 million users of the Identica/Techsphere vascular solutions around the world. Current installations in Asia include approximately 30,000 airport staff in Seoul, Korea, and the Tokyo Police Data Center. Also the government of South Korea is using this technology for access control at its facilities. According to Dr. Choi, “We are proud of our repeat order rate for systems in the Asian region is 40%, which shows our customers are liking the technology.”
• TechSphere/Identica – reading vascular patterns in the back of the hand • Hitachi – reading vascular patterns in the finger • Fujitsu – reading vascular patterns in the palm. Dr. Choi and Identica have plans to make their technology more convenient for the user by eliminating the need for the handle on the VP-II vascular pattern scanner to eventually make it “touchless.” Another future use is with ATMs and everyday transactions. No matter what specific products or installations happen next in vascular technology, one thing is certain … it’s not going away, just like the back of your hand.
Recently, Identica secured a large-scale installation at the Port of Halifax as part of a new system developed by Unisys Corporation. A photograph combined with Identica’s vascular technology is embedded in a smart card and can be verified instantly when the blood flow pattern of the cardholder’s hand matches the one stored on the card.
Biometric Authentication News
The future of vascular technology is wide open. There are three main players in vascular biometrics, each reporting new development and deployments in the prior year:
Speed and accuracy It can be used quickly and accurately in all environments, even harsh environments such as work sites where workers use their hands in paint, water, dust or construction materials.
The biometric information is stored on the individual cards not the database, so the information cannot be stolen or corrupted. Mr. Wheeler feels that “unions are very comfortable with vascular (technology)” because it eliminates the worry about privacy and avoids the ‘touchy’ issue of capturing fingerprints which, some fear, could be cross-referenced against criminal databases.
Back to basics: Understanding magnetic stripe cards Chris Corum Executive Editor, AVISIAN Publications Magnetic stripe basics
What is a magnetic stripe?
They are everywhere. Magnetic stripe cards are so pervasive that most sources do not even try to calculate the number of cards issued worldwide but rather simply refer to the “billions of cards.”
A magnetic stripe is a data storage medium that enables information to be written to it and read from it electronically. However, the mag stripe is not the only incarnation of magnetic storage technology. The same principles were used on magnetic tapes for both audio and video cassettes as well as in floppy discs used for computer data storage. If you think about it, an audio or video tape is very much like an extremely long magnetic stripe rolled up and stored inside a plastic case.
According to AIMGlobal, an ID technology industry association, magnetic stripe cards were first used in the early 1960s by the London Transit Authority. The cards were used for electronic ticketing for riders of the London Underground. The technology migrated to the U.S. later in the decade when San Francisco’s Bay Area Rapid Transit began using a paper-based ticket with mag stripe for transit riders. The use of the plastic magnetic stripe card for financial purposes began in the 1970s as credit cards embraced the technology. 56
If you have ever played with a magnet, you know that some metals are ‘magnetic’ and some are not. For example, paper clips are most often magnetic while pennies, nickels, and dimes are not. If you take tiny particles of a ‘magnetic’ metal and mix them together with a resin that acts as a bonding agent, you create a magnetic paint of sorts. Apply this paint to a substrate such as paper, film, or plastic, and you have made
Exhibitions & Congress 13 - 15 November 2007 Paris-Nord Villepinte Exhibition Centre - France
STRONG AUTHENTICATION CONTACTLESS
ACCESS CONTROL ENCRYPTION TR
IT I O N
S E CU RE
N D BIO IE S A ME
SHOWTIME FOR IDENTIFICATION ! orti
ng the S m
22 Y ea
•••• ••• ••
•••••• •• •••
WORLD LEADING EVENT IN
DIGITAL SECURITY AND SMART CARD
T HE WIDEST INTERNATIONAL OFFER 8 D EDICATED CONFERENCES
YOUR VISIT ON
www.identification-show.com Free badge • Exhibitors list • Exhibitors news Special events • Congress registration • Practical information FOCUS on ASIA CARTES & IDENTIFICATION 2007 70, Avenue du Général de Gaulle F-92058 Paris la Défense Cedex [email protected]
Japan at the honor Cartes & IDentification, exhibitions organized by EXPOSIUM www.exposium.fr
a magnetic medium – a stripe, a card, a cassette tape, etc. – capable of storing data. Most magnetic stripes utilize either barium ferrite or iron oxide (also called gamma ferric oxide) as the magnetic particles in the stripe.
How do these magnetic media store data?
Why is coercivity important? It is a major factor in the magnetic stripe’s lifespan and tolerance to accidental erasure. Items such as refrigerator magnets, children’s toys, stereo speakers, purse and wallet clasps as well as a host of other everyday items contain magnets. A magnetic stripe, brought into close proximity to a magnet, can be damaged. But while these common magnets can impact a LoCo stripe, it is unlikely that they possess the magnetic force sufficient to damage a HiCo stripe.
Magnetic media store data via a technique called magnetic encoding. A good way to think of this process is by picturing the creation of a child’s toy magnet. The magnet is formed using a mix of metallic particles and bonding particles. It is not automatically magnetic, however, because the billions of individual particles are pointed in all directions. Each exerts its own mini-magnetic pull but the chaotic directions of these pulls negate the overall force. By placing the newly formed magnet between two extremely powerful existing magnets, the particles in the new magnet are aligned in a single direction. The forces of the existing magnets align the billions of chaotic particles. It is this common alignment that orients the pull of all the particles in the same direction, forming the magnet’s ability to attract other objects.
It is key to the success of the child’s magnet that the particles, once aligned, hold their alignment rather than reversing back to a state of chaos. For a magnetic stripe, the same principle is used but in a very finite and precise manner. The particles in the magnetic stripe are aligned in specific directions to represent data. The encoder applies a magnetic force to a specific area of particles orienting them in a desired direction much like the strong magnets oriented the direction of the particles in the child’s toy magnet. But by making the direction of the particles change as the encoder progresses down the magnetic stripe (from positive to negative and negative to positive polarity), information can be represented. It is the change between positive and negative states that indicates the information. These changes are called flux reversals. The encoder applies opposite magnetic forces to specific areas of the stripe to record information on it and the reader monitors the stripe for flux reversals to access the encoded information.
Encoding data on magnetic stripes There are two distinct states for the magnetic particles: positive and negative polarity. A situation in which two and only two states are possible is referred to as a binary situation and forms the basis for all digital communications. All digital information is represented as a series of ones and zeros that, in a specific pattern, signify meaningful data such as alphanumeric characters, audio, or video. In magnetic encoding the zeros and ones are actually positive and negatively charged areas of the magnetic stripe. Much like Morse Code represents letters and numbers via a series of dots and dashes, the positive and negative polarities do the same.
A discussion of coercivity Specific encoding schemes Coercivity defines the level of magnetic force required to affect or alter the information encoded on a magnetic medium. Magnetic stripe cards are categorized as either low coercivity (LoCo) or high coercivity (HiCo). As the names suggest, a LoCo stripe requires a lower level of magnetic force to alter its encoding than does a HiCo stripe. Magnetic force is measured in units called oersteds. Coercivity, therefore, is a function of the oersted level. As defined in ISO/IEC 7811, a LoCo stripe is generally considered to have a coercivity level of 300 oersteds. The commonly-used level for a HiCo stripe ranges from 700 – 4200 oersteds, although more frequently a range of 2500 – 4000 oersteds is now utilized.
For the data encoded on a magnetic stripe to be meaningful to a reader that will ultimately access the data, the two must speak a common language. Encoding schemes have thus been created to serve as these common languages. The two schemes commonly used in standard magnetic stripe encoding are the Binary Coded Decimal (BCD) Data Format and the Alpha Data Format, both standardized by the American National Standards Institute (ANSI) and the International Organization for Standards (ISO). The BCD format uses a series of five individual zeros and ones (or bits) to signify each character. Four of these bits actually specify the charac-
ter while the fifth serves as means for the reader to verify the accuracy of its read. This fifth bit is called the parity bit, and it always ensures that there is an odd number of ones in the five-bit character. If the reader ever determines that a single character had an even number of ones, it would recognize that something was wrong and reject the reading, prompting the user to re-swipe the card. In the BCD scheme, four bits make up each character resulting in a maximum of 16 unique characters that can be represented (2 to the power of 4 or 2 x 2 x 2 x 2 = 16). Obviously, alphabetic characters cannot be used as there are 26 letters and only 16 available characters. The BCD provides the numeric character set (zero through nine) with six left to spare. These six characters are called framing and control characters and are used to signify functional descriptions to a reader. The Start Sentinel (SS) signifies the beginning of the string of meaningful data on the magnetic stripe. Prior to the SS, a series of zeros (referred to as syncing characters) gives the reader a chance to sync up with the bit string. The End Sentinel (ES) tells the reader that the string of meaningful data is complete. The Field Separator (FS) informs the reader that one block of data is complete and another is about to begin, for example the ID number is complete and the expiration data is beginning.
wider than this. Why is this? It is because there are multiple tracks on the same stripe. Think of a track as a line of text on paper. You can have a single line or you can stack multiple lines on top of each other and fit more data on the same page. Such is the case with magnetic stripes. Stacking multiple tracks on top of each other enables multiple ‘lines’ of data to be stored on the same stripe and card. Most cards are of the two-track or three-track varieties though it is technically possible to have as many tracks as will fit on the card. The reason that most cards contain either two or three tracks is that the industry has standardized around these types. The ISO/IEC 7811 standard, entitled “Identification Cards – Recording Technique,” details the data formats and encoding schemes for tracks one, two, and three. By establishing parameters for all parties issuing standardized cards, the industry has been able to develop encoders, readers, cards, and applications that are interoperable. Think of it this way. Imagine if there was not a standard for key elements such as the physical location of the stripe on the card, the size and location of the tracks, the encoding scheme used to store data on the tracks, and the specific data elements and their positions. There would be no way that a card issued by one bank could be read in an ATM deployed by another bank. Nor could you be certain that your credit card would be readable on a point of sale device at a merchant location.
If you have ever wondered how an ATM is able to display a welcome message with your name on it, Track One is the key. The ATM reads your name from Track One on the magnetic stripe and displays it on screen.
In the Alpha Data Format, seven bits – or zeros and ones – are used to represent each character. Similar to the BCD Format, the seventh bit is a parity bit so each character is actually signified using six bits. This enables the Alpha Format to represent 64 unique characters (2 to the power of 6 or 2 x 2 x 2 x 2 x 2 x 2 = 64). This is sufficient to enable a full alphanumeric character set to be presented including 26 letters, 10 numbers, and 28 remaining characters.
Magnetic stripe tracks The width of a magnetic stripe track is standardized at about one-tenth of an inch, but as you have likely noticed, most magnetic stripes are Winter 2007
The standards for Track One were originally established by the International Air Transportation Association (IATA). Its intended use was for the storage of airline ticketing and travel reservation data. This use, however, did not materialize and the track has been co-opted for various other applications. Track One uses the Alpha Data Format, so it uses seven bits to store each character. With the data density established at 210 bits per inch, it is capable of storing seventy-nine alphanumeric characters. It is read-only and typically includes the cardholder’s name and account number.
Track Two Frequently people describe a magnetic stripe as ABA-standard or ABAencoded. This is in reference to Track Two, as its definition was established by the American Bankers Association (ABA). ABA standard encoding is a requirement for a card to work in the transaction processing networks for credit, debit, or ATM functionality. While the entire magnetic stripe is often referred to as ABA-standard or ABA-encoded, only Track Two’s standardization is required to make a card ABA compliant. The standard for the Track Two format uses the BCD encoding scheme and is thus capable of holding only numeric data. The 40 numeric characters are compressed at 75 bits per inch. It is read-only and holds in its first field a 16-digit account number.
What does this all mean to my campus? Now that we understand how a mag stripe works and what data is encoded on an ISO standard stripe, what does it mean at the campus level? The information should serve as a guide to making us informed buyers. Let’s look at a series of points to consider: 1. Just because a card has a magnetic stripe on it does not mean that it must be encoded via the ISO standard data formats? In actuality, all tracks are made of precisely the same materials and thus can be encoded any way one likes. For example, you could encode Track One with the Track Two standard information or store alpha-numeric data in the normally numeric-only Track Three. The issuer of the card chooses how to set up the data encoded upon it. If non-standard formats are utilized, however, it can greatly impact the ability to use the card in future applications. 2. How can the use of non-standard track formatting impact my ability to use the cards in future applications? Most widely used applications have opted to take advantage of the existing standards for data layout. This enables simplicity of effort and ease of reader deployment, among other benefits. Take for example the financial card market. If a card is not encoded in a standard manner, it cannot be read by ATMs and point-of-sale terminals. 3. Once I make a decision to issue cards in one data format, can I switch later on?
Track Three The Thrift-Savings Industry developed Track Three, though like the IATA’s efforts with regard to Track One, the track has been co-opted for a variety of other uses. The main differentiation from Tracks One and Two is that Track Three was designed to enable read-write capability. It was designed to be updated with each transaction and can hold 107 numeric five-bit digits at a compression rate of 210 bits per inch via the BCD encoding scheme. It is important to remember that there is no actual difference between the physical make up of the magnetic material on the tracks. All the tracks are exactly the same until they are encoded. The differences only manifest themselves when a card issuer decides how to encode data and what data to encode on a specific track. If the need to follow the standards is not important to a specific issuer, each track can be used in any number of ways.
This is a tricky question. It is impacted by the types of readers deployed and the applications being used. Readers impact the question because not all readers can read all tracks. Some readers are only designed to read a single track on the card. Thus if you moved information required for a specific function to another track, you might have to replace certain card readers. Most readers sold today, however, are able to read all three tracks. They are programmed to read the desired tracks and information in the field and can be reprogrammed as needed. A bigger issue comes when the applications utilizing data on the card are reviewed. If you are currently utilizing a proprietary ID number stored in Track Two for mealplan privilege control, and you decide to switch to an ABA-standard Track Two layout, the proprietary number will likely be replaced or moved. If you are replacing all cards at once, this should not be a problem as you would simply replace ID numbers in the mealplan database and reprogram the readers as necessary. If, however, you are intending to utilize both the old cards and the new cards, the mealplan readers would not know how to judge between the card types. 4. Should I go with the standard even if I don’t plan to use it outside of my campus applications? Whenever possible go with an established standard. It only makes things easier in the long run. Today, every vendor can handle standard data formats and can utilize the ID numbers in their system. If you need certain non-standard elements on the mag stripe (e.g. proprietary student ID number, street address, or entrance date) investigate housing this data in Track Three.
Focus on the printer, the card, and the process to secure your ID issuance “It’s no longer simply about putting a photo on a white piece of plastic,” says Ryan Park, Fargo Electronics’ director of product marketing for secure printers/encoders. “It’s just not secure. Unfortunately, that represents a lot of the ID vehicles out there today. There are very few applications in the ID card world that don’t have a need for security.”
He said there are three elements to security: “The printer you choose, securing the card itself and having the process and personnel in place for when it comes out of the machine.”
Another solution:“Give your printer some business rules,” he said. “For example you could define at what hours should the cards be produced. We know that cards being produced on the weekend may still may be legitimate, but it’s something we need to know about. Or you can determine which operators can physically use the product. The printer can periodically ask for code words that only certain parties should know.” He said there are a “handful of features where a printer can be self-aware. You can set it up so every time a job is produced, a password is needed. Or you can use biometrics, where the operator might have to give his thumbprint. But at same time, you might have this bad person in the office, and you want to prevent him from grabbing the materials so he can produce an ID outside the office. That’s where something like a secure vault comes in handy. You make sure the cards are locked up in the printer. Outside the printer you need to do inventory counts.” Securing the card
said Mr. Park. “For example, a hologram could be shipped by armored car, controlling the entire process. These are services we offer for very sensitive applications.” He said the street figure for these kinds of holograms would reach six figures, which is why securing them is so important. Securing the process and personnel “You’ve got this fantastic card you’re producing with smart encrypted chips and holograms, but you’re using temp labor to produce the cards, and all of a sudden 1,000 cards end up on the black market,” said Mr. Park. “You actually have to secure the production.” With cards that are instantly produced, “you’re basically postponing production of the card as long as feasible so the card is produced and given to the customer as soon as possible. It’s encoded in the machine and it goes directly to you. Once it’s produced, it’s now a valid entity. The more you can shrink that time the more secure it is.” Driver licenses are a good example. Some states utilize a central issuance facility, while most instantly produce the licenses and distribute them right away to applicants, he added.
Securing the printer As to the printers themselves, many have their own security features, he said, such “as the ability to load cards into the machine, then lock the access doors, or the ability to lock up the materials section of the printers so operators can’t access them.” Some Fargo customers have gone so far as to bolt the printer to something immoveable, like a vault.“One of the things we’ve learned is you can have all the alarm bells in the world, but if someone is willing to crash a truck through a wall, you want to bolt the printer to something that can’t be moved,” said Mr. Park.
“The first thing you have to identify is what are the truly sensitive pieces of the process,” he said. “Are you a university utilizing a tamper-proof hologram? While anyone can buy a card printer, a hologram is something you can control.”
“We’re talking about back-end production, but it’s very critical at the front end, too,” he said.“A driver license can be produced in a valid way but you could still end up with a forged driver license.” The chain and its weakest link
The purpose here – whether at a university, a major corporation, as a federal agency, or one that is supplying the feds – is to make the card counterfeit-resistant. “At the very highest level, such as with a government agency, you want to control the movement of your hologram at all stages,”
As the old saying goes, a chain is only as strong as its weakest link. When it comes to issuance of secure identity credentials, the chain involves the securing the printer, the card, and the process. To improve your issuance security, make sure all three are evaluated on a regular basis. Winter 2007
The need for greater security in the issuance process is what’s driving Fargo today. “Two years ago, we (Fargo) decided to step off the path, to not be a printer company anymore but a secure card program producer. We’re looking at all the places, cradle to grave, that could be vulnerable. Our message as a company is that we’ve expanded from printers to helping our customers issue secure credentials. In a post 9-11 world, we’ve seen a rapid increase in ID theft. Previously, we’ve focused on our printers, simply putting photos on cards. We now also want to be the best at securing the entire process.”
He calls it “lock and bolt. It’s your best defense.”
Investigating active and passive tags Jerry Banks and Les G. Thompson Co-authors of RFID Applied In the world of RFID, there are many distinctions, subtleties, and variances between systems and tags. But no difference is more significant than a tag’s active or passive nature. Active tags are powered by an onboard battery while passive tags pull their power from the radio waves emitted by a nearby reader. This distinction is crucial to the application of the RFID system and is a precursor to virtually every other decision that follows.
Active tags An active RFID tag has an onboard power source. This power source is, in most cases, a coin cell battery like those found in many different electronic gadgets. The battery extends the functionality of the RFID tag so that it can be used in a multitude of new applications due to the boost in transmission power and the ability to integrate and power circuitry in the tag beyond that in a passive tag.
The EPC specification defines battery-assisted tags as Classes 3, 4, and 5. EPC Class 3 tags are battery assisted, but they communicate using a method called backscattering. Backscattering is the same method used by passive tags. Backscattering will be covered in more detail in a future article on passive tags, but in short, it is a method of communication by which the tag transmits data to the reader through a transmission that originated from the reader. EPC Class 3 tags are also known as semi-active tags because they do not use a battery to power their transmissions. They only use the battery to power the tag’s circuitry. EPC Class 4 and 5 tags use active transmission communication methods. This means that the transmission originates from the tag. Tags can transmit much farther using active transmission communication methods as opposed to backscattering. The most common type of active tag is the EPC Class 4 tag. EPC Class 5 tags can also act as an RFID reader, and may even be powered through a wall outlet as opposed to a battery.
It is important to mention a subclass of EPC Class 4 tags called the semi-active tag, not to be confused with the semi-passive tag mentioned earlier. The semi-active tag communi-
Protocols for active tags The protocols that active tags use to transmit are varied. Most corporations keep their protocols secret because each corporation’s protocol attempts to conserve as much battery power as possible without sacrificing distance, functionality or tag density. Some RFID tags use known protocols such as WiFi (802.11x) or ZigBee (802.15.4). WiFi tags tend to be large, short on battery life, costly, hard to manage, and relatively hard to pin-point in a real time location system (RTLS). WiFi tags, however, are easy to deploy because most businesses already have a WiFi backbone installed. In addition, any WiFi-enabled device can be tracked. ZigBee was originally designed as a communication protocol for appliances and tools, but it was quickly adopted by the RFID community. ZigBee gets its name from the way in which bees zig and zag as they fly from flower to flower. Analogous to how bees transfer small amounts of pollen between flowers, the ZigBee protocol transmits small packets of data between the wireless nodes. ZigBee tags look more promising than WiFi tags because the ZigBee protocol was created to transmit smaller amounts of data. This equates to longer battery life and less software complexity in the tag. ZigBee tags can also operate at all of the standard active tag frequencies such as 303 MHz, 433 MHz and 2.4 GHz. ZigBee requires the installation of access points in order to provide RTLS functionality, but the good news is that once a ZigBee wireless backbone
is installed, other ZigBee-enabled devices can make use of the access points. Ultra wideband (UWB) tags are taking advantage of a fairly new revolution in RF communications. UWB protocols transmit tiny bursts of electromagnetic radiation across a very large bandwidth at specific time intervals in order to communicate. Traditional RF communications modulated a carrier wave with a narrow bandwidth. UWB is sometimes referred to as zero carrier radio because it does not use a carrier wave. The transmissions are so weak that they are equivalent to the spurious RF transmissions that a computer’s hard drive gives off when it is powered up. The benefits of UWB tags are: • Extremely high data transmission rates compared to other wireless protocols • High accuracy when used in an RTLS (decreased multi-pathing) • Longer battery lives • No interference with legacy wireless transmissions or other UWB communications Looking forward, UWB is one of the most promising protocols for active RFID solutions. The typically large size of the UWB tags is comparable to WiFi tags. For a system to obtain the highest accuracy, four sensors must be installed in every location where tags will be tracked. One downside for UWB systems is the price, as the tags and sensors are very expensive due to the high quality components that are required to build them. Another factor to consider is that the highest data rates are only available at a range of up to 10 meters. Passive Tags Even though the active tag has many applications, it does not get as much press as its sister, the passive tag. It isn’t hard to understand why this is the case. Passive tags are the darling of the retail industry and the US Department of Defense (DoD) because they are cheaper than active tags and are disposable. Passive tags cost less because they do not require a battery to operate and are generally less expensive to manufacture. Winter 2007
EPC Class 4 tags usually transmit on a regular cycle. This is known as the beacon rate of the tag. The beacon rate can be sub-second to several minutes. The application governs the beacon rate. The period of the cycle is set when the tag is manufactured, and for some tags can be set dynamically in the field. Regulatory organizations, such as the Federal Communications Commission (FCC) in the United States, control how a tag’s transmission must behave. Most regulatory agencies have four basic parameters that can be tweaked to meet the RF transmission guidelines for the respective agency. The four parameters are frequency, power, duration and cycle. In most cases, increasing one requires a tag manufacturer to decrease another. For example, a tag that transmits for a longer period of time may need to decrease its transmission power to meet the regulatory rules. Also, note that a tag that beacons every two seconds will have a battery life as much as twice as long as a tag that beacons every second.
cates using active transmission methods. The difference between the semi-active and the standard EPC Class 4 tag is that it only transmits when it is queried or interrogated by a reader. Once queried, the semi-active tag can transmit the same distance as the standard EPC Class 4 tag. Semi-active tags may have longer battery lives when compared to other types of active tags because they are not constantly transmitting on a regular cycle. The drawback is that semi-active tags must be close enough to a reader to be queried before they will transmit. This requirement results in a loss in transmission distance in many cases.
The most inexpensive passive tag is used in electronic article surveillance (EAS) systems. EAS tags are found in books, attached to clothes, and sealed inside DVD and compact disc cases, among many other applications. These types of tags only transmit an “I am here” signal when they are activated. They do not have the unique identifier that is usually associated with RFID technology, but they do discourage would-be shoplifters. The EPC specification classifies passive tags as Classes 0 through 3. EPC Class 3 tags have an onboard battery, but the battery is not used for active transmission. The battery is only used to power the tag’s circuitry and any onboard sensors or peripherals. Class 3 tags are also known as semi-passive tags. The vast majority of passive tags on the market today are second-generation EPC Class 1 tags.
Basics of passive tagging
Selecting an active tag solution, part 1 How do you pick out an active tag that is right for your project? First, create a list of all of the requirements for the tag. The following is a list of some tag characteristics to keep in mind: Tag size The tag size matters. If the tag is as large as a book, it will not be a viable tag for a piece of clothing, but it could be perfectly fine for tagging a train boxcar. Carrier frequency In most cases, tag frequency is paramount when choosing a tag for a specific application. The tag frequency will determine where the tag can be deployed based on governmental regulations, and it will also enhance or retard the propagation of the radio waves through certain substances (e.g. fluids, metal). In real-time location systems (RTLS), being able to accurately locate a tag using methods such as triangulation can be affected by the frequency of the tag. Certain frequencies are more accurate than others when it comes to determining the position of a tag.
Passive tags do not require a battery to operate because they can extract energy from the electro-magnetic radiation with which they come in contact. In 1948, Harry Stockman discovered that radio waves could be used to power a remote transmitter. This wireless power source is the principle of operation for passive tags. Passive tag manufacturers design their tags to be efficient energy collectors. This requires the manufacturers to become very creative with the antenna designs they attach to the tag’s central processing circuitry. The antenna is the key component in the physics behind how energy is collected from the electromagnetic radiation generated by the antenna connected to a reader. This interaction between the tag and the reader’s antenna is also known as coupling. Most passive tags use backscattering to communicate with the reader through a carrier wave that originated from the reader’s antenna. The tag “tugs” on the carrier wave to create minute fluctuations in the wave’s amplitude. The amplitude changes are used to encode digital information to transmit to the reader. The reader must be able to detect these tiny changes while, at the same time, provide enough energy to power the tag.
Backscattering works much like a transformer except that it occurs in free space. The reader and tag play the parts of two coils in the transformer. As the tag shunts the coil through a transistor, the reader’s side will detect a tiny drop in voltage. The tag simply shunts the coil to encode the data that is to be transmitted. Passive tags can be purchased in many different form factors. The naked tag is called the inlay, consisting of the integrated circuit and antenna only. Usually, the inlay is deposited onto a substrate using a chemical process. The substrate can be paper, polystyrene or some other material. Most “slap and ship” RFID tags are nothing more than the inlay in a paper envelope. The paper provides some protection and is ideal for tags that have a short life expectancy. The paper is usually printed with a barcode that contains the RFID tag’s unique identifier so that the item can be identified with an RFID reader, barcode scanner or by simply reading the number printed below the barcode. 64
If a more durable passive tag is required, the tag may be encased in rubber or enclosed in plastic. Passive RFID tags come in a wide range of sizes. Some tags’ dimensions may be measured in millimeters while others could be measured in feet. The selection of antenna affects the size of the tag. Larger antennas allow tags to be read at a greater distance. Once the passive tag is powered and the coupling between the tag and reader has occurred, the transponder, the tag and the reader can now have a conversation as long as the tag stays in close enough proximity to the reader. The conversation that the two components have is known as the air interface protocol. There are several organizations that are in the process of standardizing RFID protocols. Some of the more notable standards organizations are GS1/GS1 US and the International Organization for Standardization (ISO). Many of these organizations work closely with each other so their standards are compatible at some level. In fact, it is not uncommon for the members of these organizations to actively participate in more than one standards organization. Some tag standards of interest are the ISO 18000 series of air interface standards. The ISO 18000 series also includes amendments that ratify other standards such as EPC Class 1 Generation 2 (ISO 18000-6C) air interface protocol.
Key commands for passive tags No matter which standard the tag implements, there are some basic commands that all passive tags must implement to be effective. Readers must be able to control the tag population in an organized manner. If all tags transmitted at the same time and without any order, the reader may never be able to receive a single uninterrupted transmission from a tag when the tag population is high. Tags are usually selected by the reader and given directions on when they are allowed to transmit. The EPC standard refers to a Q value that represents a seed number used to select subsets of the tag’s population for interrogation. Other protocols employ other methods to achieve the same result.
Selecting an active tag solution , part 2 Target deployment environment The target deployment environment not only influences the frequency at which the tag should transmit but it also determines how the tag should be packaged. Harsh environments require enhanced durability enclosures that may be custom made for a particular environment. Extreme cold, heat, vibration, or exposure to corrosive chemicals are a few of the environmental conditions that should be taken into account. Tag density Tag density refers to how many tags can be placed in close proximity to each other before a reader cannot receive all of the transmissions. Most systems will eventually read all of the tags, but it may take several minutes. In high security applications, a single missed read may be significant. Most manufacturers will publish their expected maximum tag density, but it is important to do some testing to validate the manufacturer’s numbers when high tag density can occur.
Once a tag has been selected, the reader must be able to read the data from the tag. If the tag has onboard memory, the reader can request that the tag transmit a certain number of bytes from a given address in the tag’s memory. Some tags do not have extra memory, so they only transmit their unique identifier.
Some protocols have access restrictions for different address regions in the tag. To access these restricted regions, the reader must authenticate with the tag. Authentication may be associated with only certain commands or may be required of them all. Some tags allow readers to write to the tag’s onboard memory. If the tag supports writing, the reader transmits the starting memory address, the number of bytes to write, and the data to write beginning with the starting memory address.
The ‘kill’ command can be issued by the reader to stop the tag from ever transmitting again. This command usually has multiple parts because the tag manufacturers want to make sure that the request to kill the tag is deliberate. These are the basic types of commands that can be found in most standardized air interface protocols.
Interrogating tags in real world environments
Selecting an active tag solution, part 3 Definition of RF coverage When RFID systems are installed, there are usually physical areas that must be covered with an RFID reader. The reader may cover a 25 square foot choke point or portal, or it may cover an entire store. It is important to pick a tag that has transmission characteristics that fit the application. Fine-grain coverage does not require a tag that can transmit a mile, but if the coverage area is a parking lot, a tag that can transmit a mile may be just right. Even though most active tags get praised for their range, most applications require some level of finegrain coverage. In these cases, long transmission distances do not matter.
Beacon rate The beacon rate of the tag governs how fast the tag population can be sampled. For solutions where tagged items move relatively often or where they may move through a reader’s defined coverage area quickly, a faster beacon rate would be preferable. Longer beacon rates can be used in applications where items tend to be idle for extended periods of time, such as in storage warehouses. In the case of security applications, shorter beacon rates are required. For example, if an expensive item such as a laptop leaves the building without being cleared to leave, the on site security team may want to know within seconds that the asset has disappeared and the last known position of that laptop.
The deployment of a solution using passive tags has some interesting considerations. Passive tag antennas are usually set up in a portal type configuration. In this configuration, reader antennas are placed on each side of the path through which a tag may travel. In loading dock scenarios, the antennas may be placed above and/or below the path in addition to the sides. This configuration ensures that no matter which way the tag is oriented, there will most likely be an antenna that can power it. In some cases, tags at the very center of a palette or container of goods may not be able to receive enough energy from the antennas in any configuration. Misreads may require changes in how and when the RFID tags are interrogated. Most RFID enabled systems with these types of issues require the tag to be read at multiple locations and in different configurations. For example, an attempt may be made to read all the tags in a container when the container is taken off of the truck, and a second attempt is made when the container is unpacked. If there are boxes in the container, a third attempt may be made when the items are removed from each box. When these interrogation attempts are correctly integrated into the inventory process, it is possible to obtain a read rate of nearly 100% using passive tag technology. Assembly lines have an added advantage because they can control the orientation of the tag and placement of the tag on the goods being tracked. Real time location systems (RTLS) place portals at each entry and exit way into a zone that is to be tracked. As tags move in and out of these portals, the system can assume the tag’s current physical location. Passive tag prices have not yet reached the US$0.05 per tag goal set by the retail industry, but there is still a great return on investment based on today’s prices. We may not be able to tag every can of soup, but container and pallet tagging is a valid goal with real monetary rewards.
This article is the part of an ongoing series explaining the principles of RFID. It was created for RFIDNews by Jerry Banks, Independent Consultant, Atlanta Georgia and Les G. Thompson, Lost Recovery Network, Inc., Atlanta, Georgia. The authors are two of four co-authors of RFID Applied, John Wiley, 2007, ISBN-10 0471793655; ISBN-13 978-041793656.
Looking for the Missing Link?
RFID and smart card technologies are moving ahead as fast as the world we live in. And ASSA ABLOY
multi applications? Ask us!
An ASSA ABLOY Group brand
Identification Technologies (ITG) is leading the way to connect one application with another – with smart technologies. Supporting our customers with an optimized mix of components and technologies for converged ID and security solutions. For maximum convenience. One partner for all your integration challenges: ITG
EVERYTHING LOOKS BETTER IN HIGH DEF. INCLUDING YOU.
©2007 Fargo Electronics, Inc.
Introducing the HDP5000 Card Printer. Outstanding image quality that makes your organization look great. Reliability and affordability that make you look even better. And right now, receive a $350 rebate* towards Fargo Asure ID® photo ID software when you purchase the HDP5000 Card Printer/Encoder. Learn more at www.fargo.com/hdp For more information, call 800-327-4694 or e-mail us at [email protected]