Member Profile: EDS

This month, Smart Card Talk spoke with David Troy, Director of Identity Management Solutions for EDS' U.S. Public Sector.  He has over 20 years of IT industry experience, including 11 years designing, delivering and supporting biometric identity solutions, an array of credentialing technologies and a variety of access control technologies.

Troy began working in identity solutions in 1995 and was responsible for leading the teams that developed and implemented a number of innovative automated inspections systems for the U.S. Immigration and Naturalization Service (INS), including the INS Passenger Accelerated Service System (INSPASS), Secure Electronic Network for Travelers Rapid Inspection/Dedicated Commuter Lane (SENTRI/DCL) and NEXUS.  He was also instrumental in the successful implementations of the Ben Gurion Airport Express Entrysm System and the Basel Border Crossing Project, both in Israel.

Over the past two years, Troy has applied his expertise and the expertise of his team to develop the EDS Assured IdentityTM Solution, which was designed and developed to help agencies meet the Homeland Security Presidential Directive 12 mandate as well as provide an integrated, end-to-end identity management solution.

1. What are EDS' main business profile and offerings?
EDS provides a broad portfolio of business and technology solutions to help its clients worldwide improve their business performance. Our core portfolio comprises information-technology, applications and business process services, identity management, as well as information technology transformation services.

2. What role does smart card technology play in supporting EDS' business?
Smart card technology is a supporting component of a strong authentication mechanism used in verification and credentialing of individuals within an organization. Coupled with multi-factor authentication mechanisms such as certificates or USB tokens, smart cards can enable a higher level of security for access to resources. Currently smart card technology plays a strategic role in EDS business.

EDS has implemented smart card technology at border crossings in Israel, in the transit system in London, and for the credentialing of U.S. Department of Defense (DOD) employees, through the Defense Manpower Data Center (DMDC). EDS has provided operational and application support to the DMDC – which maintains the largest archive of personnel, manpower, training and financial data at the DOD – for more than 30 years. In 1999, EDS began the design and implementation of DOD’s worldwide Common Access Card (CAC), the largest multi-application Java smart card implementation to date for the U.S. government. The DOD issues CACs to all active duty, Reserve and National Guard personnel, civilian government employees and designated contractors. Currently, DMDC is issuing over 10, 000 cards a day. Every day employee use of the CAC to cryptographically log on to the DOD network has reduced successful “hacker” intrusions by 46 percent.

The DOD is also testing the new PIV (Personal Identity Verification) compliant CAC card on physical access systems, with the intention of using the PIV CAC for secure, physical access to DOD facilities. Recently, EDS was selected by the U.S. General Services Administration (GSA) to be its Homeland Security Presidential Directive-12 (HSPD-12) provider. In this role, EDS will support GSA in assisting federal civilian agencies to comply with the primary mandate of this directive – to issue PIV II compliant credentials to all federal employees and contractors. EDS leveraged its experiences in providing services to the DOD to establish a capability for GSA that will support meeting the timelines of the HSPD-12 directive, and ensure a successful program for GSA and its clients.

3. What trends do you see developing in the market that EDS hopes to capitalize on?
As the smart card landscape is maturing, further uses and benefits are being realized. EDS realizes that smart cards will be a major growth area in the market and believes that as one of the world’s largest issuers of smart cards, it will be at the cutting edge of developing robust new solutions. Growing customer requirements around compliance and audit are going to continue to drive identity provisioning, along with the concept of “identity” expanding to encompass devices, applications and physical assets leading to the real application of identity-based computing.

There are several areas that EDS sees where smart card technology will emerge. Obviously the HSPD-12 arena will continue to grow and EDS hopes to expand business in this sector using our current experience with DOD and GSA. Transportation is another area that will continue to grow. Healthcare is a sector where smart cards seem to be a natural fit. The use of smart cards can help health organizations comply with HIPAA requirements and help ensure secure logical and physical access, in addition to securely storing critical personal health information of health providers and patients.

Regulatory compliance has been and continues to be the driving force behind identity management adoption within enterprises. Although the REAL ID Act is opposed by many states and privacy organizations, this could potentially be a huge market. Another area beginning to get a foothold is the ability of organizations to “cross-credential,” or verify each other’s ID credentials using a common, secure network. The Federation for Identity and Cross-Credentialing Systems (FiXs), of which EDS is a founding member, has developed a network, procedures and technical standards to help make this happen. And of course, as immigration issues continues to be in the forefront, the use of a biometrically secure credential, a smart card, may be an answer to help control our borders more securely and efficiently.

4. What obstacles to growth do you see that must be overcome to capitalize on these opportunities?
Cost, privacy concerns and a lack of a champion are things that come to mind. Cost is always a factor in any technology implementation. But as more smart card solutions are implemented the prices of cards, readers, etc., will continue to fall. The cost benefit of smart cards, such as reduced help desk calls for PIN resets and increased network security, must be communicated to the decision makers. Privacy issues always need to be addressed with the client and public (where applicable). Many smart card initiatives have failed due to privacy issues, many of which could have been alleviated with the proper education.  Any smart card implementation truly benefits by having a “champion,” someone who knows the industry and the benefits of smart cards and is willing to go the extra mile to sell the solution to upper management. Consumers need to be educated on what smart cards can – and cannot – do for them. A business might not be ready for a smart card implementation and conducting a mid-level review of business processes and procedures could determine this very quickly.

5. What do you see are the key factors driving smart card technology in the market?
One of the most important factors driving smart card technology is HSPD-12, the FIPS 201-1 standard and the special publications that have been and are being developed to support the use of interoperable credentials as a tool for identity authentication and secure access to systems, facilities and individual applications. This standard can support smart card credentialing initiatives for first responders, registered travelers, transportation workers, driver's licenses, passports, college identification cards and identification/access cards for public corporations.
The need for stronger authentication factors such as PKI certificates and biometrics is another market driver. In our world today, it is important to make educated decisions based on trust. Smart card technology can provide an authentication platform to provide that trust. Perhaps the hottest topic today that will drive smart card technology is the convergence of physical and logical security. Convergence takes us into a new security paradigm that will require the use of smart card technology for it to be successful.

6. How do you see your involvement in the Alliance and the industry councils helping EDS?
Certainly it is a networking opportunity and an opportunity to see what is happening in the government, commercial and healthcare industries. There are a lot of overlapping things that are happening on the different councils. We gain access to different groups of people focusing on similar activities.
As a global company, EDS will use the knowledge that we gain from our participation in the Smart Card Alliance and its many industry councils to help our customers, worldwide, understand what solutions we can provide to their many and varied smart card related requirements. We will better understand the challenges that our customers may face and the options that vendors can provide. The Smart Card Alliance industry councils bring experts together in a collaborative environment to tackle problems that we are all facing. Staying involved allows us to become part of the solution. We are now on top of the latest industry trends and best practices and can provide our customers with the best service.

7. We understand Lolie Kull is a member of the Alliance Physical Access Council. What does she see are the key goals for the Council in the coming year?
The Physical Access Council has a unique opportunity to provide unbiased and vendor neutral guidance and support to federal, state and local agencies as well as private corporations that will use FIPS 201-1 compliant smart cards for physical access. The Council’s key goals for the coming year should be:

• Providing sound guidance and support to federal agencies as they begin to migrate from using the existing technology for physical access to using their new PIV cards.
• Providing assistance and technical expertise to NIST, GSA, OMB and the Interagency Security Committee as we move into full FIPS 201-1 compliance for physical access.
• Collaborating with other industry associations and groups such as the Security Industry Association (SIA), the Open Security Exchange (OSE) and the International Biometrics Industry Association (IBIA) to coordinate efforts related to migration and convergence.
• Working in concert with peer councils to share information, close the loop on overlapping activities and support the excellent work being done in related councils
• Continuing to work to provide solutions and education regarding the use of smart card technology for physical access.

8. How does EDS view convergence and why is it so important?
As they have emerged over time, industry’s approaches to physical and logical (IT) security have essentially taken separate paths. The technologies, solutions and organizational structures have developed and evolved with very little overlap or cross-integration. This began to change at the beginning of the decade when a more holistic approach to security and identity management began to emerge. The events of 9/11, as well as significantly increasing security requirements and risks related to virtual enterprise collaboration and identity theft, have forced this convergence to accelerate and the world to rethink all aspects of security and, in reality, fundamental definitions of identity.

Working with clients from large-scale manufacturers to those in critical infrastructure, the airline industry, as well as government and defense, EDS sees the convergence that is taking place from a business perspective as well a technology perspective. We see an end state where security, both physical and logical, and identity management, are fully integrated and permeate all aspects of our daily business and personal lives. Strong authentication technologies, like smart cards, will become ubiquitous. Business processes will merge. Security will become an inherent component of HR processes. Background investigations and provisioning and de-provisioning of access rights will become more efficient, more accurate and more frequent. The challenge, through all of this, will be the management of change and the balancing of personal privacy, while maintaining core business mission capabilities and services.

Copyright 2006-2007· Smart Card Alliance · 191 Clarksville Rd. · Princeton Junction, NJ 08550
Phone: (800) 556-6828 info@smartcardalliance.org · www.smartcardalliance.org