Infrastructure Standards for Smart ID Card Deployment

Abstract

Smart card deployment is increasing thanks to the addition of security features and improvements in computing power to support cryptographic algorithms with bigger footprints (for digitally signing and encrypting) in the smart card chips in the past five or six years. Typical applications include subscriber identification module (SIM) cards (in telecommunications), micropayments (in financial transactions), commuter cards (in urban transportation systems), and identification (ID) cards. Although the share of cards used for identification applications (which we'll call smart ID cards) is relatively small within the overall smart card market, it's one of the fastest growing segments. Smart ID cards control physical access to secure facilities and logical access to IT systems (Web servers, database servers, and workstations) and applications. Authentication of the card and holder takes place using a set of credentials. An organization deploying such cards must have an infrastructure for generating, collecting, storing, provisioning, and maintaining credentials. The components involved in these credential life-cycle management activities constitute what we'll call the smart ID card system infrastructure, which supports smart ID card deployment. Not all components involved in this infrastructure have standardized interfaces. Moreover, no robust messaging standards exist for information exchange among the components. Yet, some efforts are under way to partially address the standards gap in this area