Enterprise ID Applications
- Secure Technology Alliance Enterprise ID Resources
- Smart Cards and Logical Access
- Smart Cards and Physical Access
- Industry Resources
Secure Technology Alliance Enterprise ID Resources
- A Comparison of PIV, PIV-I and CIV Credentials
- The Commercial Identity Verification (CIV) Credential–Leveraging FIPS 201 and the PIV Specifications
- Guide Specification for Architects and Engineers for Smart Card-based PACS Cards and Readers for Non-government PACS
- Identity Management Systems, Smart Cards and Privacy
- Identity on a Mobile Device webinar series
- Mobile Devices and Identity Applications
- Mobile Identity Authentication
- Personal Identity Verification Interoperability (PIV-I) for Non-Federal Issuers: Trusted Identities for Citizens across States, Counties, Cities and Businesses
- PIV-Interoperable Credential Case Studies
- Secure Technology Alliance Access Control Council
- Secure Technology Alliance Identity Council
- Smart Cards and Biometrics
- Smart Card Technology and the FIDO Protocols
- Smart Card Technology and NSTIC, Smart Card Alliance white paper, June 2013
- Strong Authentication Using Smart Card Technology for Logical Access
- Using FIPS 201 and the PIV Card for the Corporate Enterprise
Smart Cards and Logical Access
Organizations of all sizes and in all industries are working to improve the process used to identify users to their networked systems. With the growing use of wired and wireless networks to access information resources and the increasing occurrence of identity theft and attacks on corporate networks, password-based user authentication is increasingly acknowledged to be a significant security risk. Both enterprises and government agencies are moving to replace simple passwords with stronger, multi-factor authentication systems that strengthen information security, respond to market and regulatory conditions, and lower support costs.
Smart cards support all of the authentication technologies, storing password files, public key infrastructure certificates, one-time password seed files, and biometric image templates, as well as generating asymmetric key pairs. A smart card used in combination with one or more authentication technologies provides stronger multi-factor authentication and significantly strengthens logical access security. Smart card technology also provides the flexibility for including all authentication factors in a single smart card, improving the security and privacy of the overall authentication process.
Smart cards are becoming the preferred method for logical access, not only for their increased security, but also for their ease of use, broad application coverage, ease of integration with the IT infrastructure, and multi-purpose functionality. Both Microsoft® Windows® and Unix® operating systems offer a significant level of smart-card-related support and functionality, through either built-in (out-of-the-box) support or commercial add-on software packages. Smart-card-based logical access allows organizations to issue a single ID card that supports logical access, physical access, and secure data storage, along with other applications. By combining multiple applications on a single ID card, organizations can reduce cost, increase end-user convenience, and provide enhanced security for different applications.
Smart card technology provides organizations with cost-effective logical access. Smart cards deliver a positive business case for implementing any authentication technology. Improved user productivity, reduced password administration costs, decreased exposure to risk, and streamlined business processes all contribute to a significant positive return on investment.
For additional information on the use of smart cards for logical access, see the Secure Technology Alliance reports on secure ID systems, Access Control Council resources, and Identity Council resources.
Smart Cards and Physical Access
Smart cards are increasingly accepted as the credential of choice for securely controlling physical access. Standards-based smart ID cards can be used to easily authenticate a person’s identity, determine the appropriate level of access, and physically admit the cardholder to a facility. Through the appropriate use of contact or contactless smart card technology in the overall physical access system design, security professionals can implement the strongest possible security policies for any situation.
More than one access application can be carried on a single smart ID card, enabling users to access physical and logical resources without carrying multiple credentials. Security can change access rights dynamically, depending on perceived threat level, time of day, or other appropriate parameters. Smart card support for multiple applications allows organizations to expand card use to provide a compelling business case for the enterprise. Smart cards not only secure access to physical or logical resources, they can store data about the cardholder, pay a fee or fare if required, certify transactions, and track ID holder activities for audit purposes. Because supporting system components can be networked, shared databases and inter-computer communication can allow separate functional areas in an organization to exchange and coordinate information automatically and instantly distribute accurate information over large geographic areas.
Smart cards are flexible, providing a migration path for which an organization’s requirements, not card technology, is the driving force. Multi-technology smart cards can support legacy access control technologies, as well as include new contact or contactless chip technology. When migration is planned carefully, organizations can implement new functionality, while accommodating legacy systems as may be required.
For additional information on the use of smart cards for physical access, see the Secure Technology Alliance reports on secure ID systems and Access Control Council resources.
Industry Resources
- Federal Information Processing Standard 201 (FIPS 201) Personal Identity Verification (PIV) of Federal Employees and Contractors
- FIDO Alliance
- The Identity Ecosystem Steering Group
- Initiative for Open Authentication (OATH)
- Kantara Initiative
- National Association of Campus Card Users
- Open Identity Exchange (OIX)
- Open Security Exchange (OSE)
- PC/SC Workgroup
- Security Industry Association (SIA)
- Secure Technology Alliance Access Control Council
- Secure Technology Alliance Identity Council