 |
 |
 |
 |
July 2006 • Volume 11 Number 7
|
 |
|
Member Profile: Gemalto
Pattinson has been heavily involved in planning and implementing a number of federal government security initiatives including the Department of Defense Common Access Card (CAC); the State Department's Electronic Passport; the Western Hemisphere Travel Initiative cards; the Department of Transportation's Transportation Worker Identity Credential (TWIC) and the Transportation Security Administration's Registered Traveler program. Pattinson works closely with the General Services Administration,Treasury, Homeland Security, Veterans Affairs and NASA, which all have smart ID programs underway. Pattinson is an ISC 2 Certified Information Systems Security Professional (CISSP). He is also a Certified Information Privacy Professional (CIPP) and is member of the International Association of Privacy Professionals (IAPP). Pattinson is a board member of both the International Biometric Industry Association (IBIA) and the Smart Card Alliance and is co-chair of the Smart Card Alliance Identity Council. 1. With the merger of Gemplus and Axalto now complete, what are the key goals for Gemalto in the U.S. and Latin American markets? Axalto and Gemplus have worked together since the merger announcement in December 2005 to develop a detailed, structured program to allow a rapid and efficient integration process. Our top priority is to make sure we continue to provide excellent service to all of our customers, so as we start to bring our operations together we put their needs first. We are already operating under the new Gemalto brand, have defined a joint customer-facing sales team and elaborated a go-to-market strategy aiming to minimize possible sales attrition. Our next step after that is to figure out where we have overlapping resources so we can start to apply those resources toward new priorities. This is essential to moving even faster to meet the rapidly evolving demands of our markets and expanding our range of solutions. A full review of the Gemalto cross-functional business and supporting processes should be completed before the end of the third quarter of 2006. 2. What impact do you see the merger having on the smart card market? The fact that we have two companies combined has a lot advantages for our customers, and will have a major impact on the market. Gemalto is now big enough that we are a legitimate player in the broader market for digital security, and that will give smart cards more credibility as part of the IT infrastructure industry. The new company has 2005 pro forma revenues of approximately $2.2 billion at current exchange rates, with 11,000 employees and 60 production, personalization and R&D centers. A $2.2 billion Gemalto will be larger than VeriSign, at $1.6 billion last year, and McAfee, at $987 million, and very respectable even next to Symantec's $3.6 billion. While these companies don't make the same products we do, and don't necessarily compete with us, this means that smart cards and other digital security products we make are in the same league as the big consumer-facing digital IT security companies. By being a bigger company, we have the resources to go faster and in more directions simultaneously, and that will help the industry to grow. Instead of using our research and development resources to create two versions of the same standards-based products, we can apply that effort to innovation in the broader areas of software surrounding personal identity and security. Our 1,500 R&D engineers can work to accelerate the availability of new products that advance the convergence of hitherto separate markets and clients. For example, mobile banking requires secure identities that cross mobile telecommunications, banking services and Internet transactions -- all sectors in which we have a strong presence as a foundational security technology. 3. Where do you see the major growth opportunities for smart cards? What is driving this growth? What are obstacles do you see to this growth? How do you see these obstacles being overcome? What we see in fact are a lot of positive factors we think will continue to stimulate growth. For instance, government programs remain a strong driver of growing smart card adoption. Major programs like ePassport and the Personal Identity Verification (PIV) card are going to ship in large quantities in the coming 12 to 24 months. At the same time, there are new initiatives that will either be built on smart card technology, or are strong candidates for being smart card programs, like the People Access Security Service (PASS), the Transportation Worker Identification Credential (TWIC), the First Responder Authentication Card (FRAC) and the revived Registered Traveler program. U.S. banks are beginning to move to contactless payment technology to speed up the checkout line and further replace cash transactions with card payments. Another area of potential growth is with CDMA-based mobile network operators, who increasingly appreciate the advantages of using smart cards as a secure space in the handset that they completely control. They see many opportunities to improve both the customer experience and their internal efficiencies by enabling easy/seamless phone upgrades, optimizing their operations across multiple network technology environments and launching new services quickly across an increasingly diverse range of handsets in the field. We're seeing a lot of traction is enterprise IT security too, especially the growing convergence of physical and logical access systems. Many Fortune 500 firms, including Microsoft, Procter & Gamble, Sun Microsystems, Caterpillar, Boeing, Pfizer, Shell, Chevron and Hewlett Packard, are realizing the benefits and efficiencies of using a single, secure credential as both a proximity card to access buildings and offices, and a contact card for managing access to computer networks and applications. The move toward a single credential for physical and logical access is being very strongly driven by federal government requirements; companies have wanted it but justification has been outside reach. Now with HSPD-12 and FIPS 201, the government is driving down costs, so you've got multiple vendors, manufacturers, software firms and code writers from the IT and physical security worlds focusing their R&D efforts on convergence. With a converged security infrastructure, you can create a single point of provisioning and de-provisioning resources like network access, laptops, apps and servers. This can mean multiple things, including adding a cardholder record with a single data entry, and populating it into multiple databases (IT security, physical security, HR, LDAP directory) through role-based access control. You can attach a lot of rules and policies that allow the end user to create incredible efficiencies in populating the employee databases. 4. What new developments in smart card technology do you expect to see in the coming year? One of the biggest trends we see in 2006 and beyond is the growth of the network smart card. Gemalto was first to market last year with this breakthrough technology, which allows cardholders to connect directly to their network using standard Internet communication protocols such as TCP/IP, TLS and HTTPS. Combined with USB plug-and-play connectivity, this means the network card requires zero software footprint on the host PC. This makes it much easier to use in applications, because it works like any other Internet enabled device. Since users can access the card through their browser, it makes deployment of the technology to mass markets feasible. It also means the network card is even more secure than conventional smart cards, because it establishes secure end-to-end connections from the card itself to a remote host. These connections are independent of the host PC to which the network card is connected. Trojan-based man-in-the-middle or keyboard logging attacks will fail because the host PC is circumvented. Phishing and pharming are thwarted because the network card can authenticate the legitimate host and will not connect to an imposter. This network card technology is the vanguard of a new generation of Internet security, and we will be seeing a lot of it. Another key trend in the industry is the pervasive support of smart cards being built into the security infrastructure for Windows Vista, the next iteration of the Windows operating system that is scheduled to go online later this year, and in its next-generation server technology, code-named Longhorn. This is a strong indication of Microsoft's commitment to, and confidence in, smart cards as a way to ensure an enhanced level of security and authentication in its products. Similarly, we are seeing other major hardware, software and system integration firms embedding smart card-based security solutions in their products. This is because the strength of a two-factor authentication system is a tremendous value-add and selling point for leading technology providers, given rising market and public concerns over identity theft, phishing, hacking and other forms of cyber crime. Notable examples of companies that have integrated smart cards into their offerings include IBM, Citrix, Adobe, VeriSign, Sun, Hewlett-Packard and Unisys. These companies will start to promote smart card-based security for their products, and that will further stimulate the growth of the industry. 5. How do you see your involvement in the Alliance helping Gemalto become successful? For me, one of the most important benefits of the Smart Card Alliance has been for both the industry and key members of the user community to be able to speak to important issues of security and privacy with one voice. This has proven very effective in supporting the basic authentication capability of ePassport, and in educating policy makers and consumers about the differences between secure contactless technology and RFID. Of course the other benefit, as always, is the very active interaction with the user community and in particular those in the federal government, which is the area I'm personally involved with at Gemalto. The Alliance has played an invaluable role in providing a vendor-agnostic place where industry and government decision makers can work out the practical issues towards creating interoperable and standards-based solutions for government applications.
|
|
This month Smart Card Talk spoke with Neville Pattinson, Director, Government Affairs and Marketing, Identity and Security, for Gemalto and leading expert on smart cards and using the microprocessor chip to keep identity credential data and biometrics secure and private. 
