Publications – Government ID

• Authentication Mechanisms for Physical Access Control.
  This white paper was developed by the Smart Card Alliance Physical Access Council to describe PIV card authentication mechanisms defined in NIST SP 800-116 and to describe additional authentication mechanisms that were not covered in SP 800-116, but that are important for organizations implementing PACS to increase security. These additional mechanisms can be essential to address the threats and risks that an organization anticipates. Download white paper. View executive summary.

• The Consequences to Citizen Privacy and National Security in Adopting RFID Technology for Border Crossing Identity Documents
  The Department of Homeland Security (DHS) is incorporating radio frequency identification (RFID) technology in several border crossing documents that will be used to verify the identity of citizens re-entering the United States. The Smart Card Alliance Identity Council developed this white paper to discuss the security, privacy and operational issues with using RFID in human identification systems. The paper provides an overview of the use of RFID for supply chain applications, describes how RFID is proposed to be used in the DHS program, identifies key vulnerabilities with RFID systems that could be exploited, and proposes an alternative secure smart card-based solution for these border crossing identity programs. Download report. View full executive summary.

• Considerations for the Migration of Existing Physical Access Control Systems to Achieve FIPS 201 Compatibility
  The Smart Card Alliance Physical Access Council developed this white paper to assist government agencies with the first phases of PACS migration to provide support for the new PIV cards that are being issued. It focuses on the current security environment for physical access and, through a series of questions, makes recommendations for how agencies can migrate and upgrade their current PACS to align them with the requirements of HSPD-12 and FIPS 201. Download report. View full executive summary.

• Contactless Smart Chip Technology: The Business Benefits
  This briefing provides an overview of why businesses are implementing contactless smart chip technology in broadly different environments and applications both within the United States and around the world. Download briefing. View full briefing.

• Effective Healthcare Identity Management: A Necessary First Step for Improving U.S. Healthcare Information Systems.
  Government policy makers are looking carefully at the best ways to improve the efficiency of information systems in the healthcare industry. Much emphasis has been placed on the need for electronic health records for every American, and at ways to exchange those records at the regional, state and national levels. This brief was developed by the Smart Card Alliance Healthcare and Identity Councils to introduce the current problems with healthcare identity management, security and privacy, and propose leveraging existing federal standards and technologies already used in other government identity programs. Download brief. View document.

• Emergency Response Official Credentials: An Approach to Attain Trust in Credentials across Multiple Jurisdictions for Disaster Response and Recovery
  The Smart Card Alliance Identity Council and Physical Access Council developed this white paper to describe the benefits of using FIPS 201-based smart cards for ERO credentials and present credential use cases that support both emergency response and daily use. Download white paper. View full executive summary.

• ePassport Frequently Asked Questions
  The new electronic passports (ePassports) include digital and physical security technologies that are integrated together to provide significantly higher levels of security. ePassports use advanced technologies that secure identities and new processes throughout the entire chain of trust – from manufacturing to use of the ePassport. This frequently asked questions (FAQ) document was developed by the Smart Card Alliance Identity Council to answer questions about how the ePassport works and what technology is used to protect an ePassport holder’s personal information. Download FAQ. View document.

• ePassport Security Statement
  The Smart Card Alliance created this statement to respond to a news story stimulated by a German researcher has raised questions by the media about the security of RF-enabled smart card technology in ePassports. View statement.

• FIPS 201 and Physical Access Control: An Overview of the Impact of FIPS 201 on Federal Physical Access Control Systems
  This Physical Access Council white paper provides a roadmap to the key specifications that agencies need to consider in implementing FIPS 201-compliant physical access control systems and provides an overview of the key open questions where work is still being done on standards definition and implementation guidance. Download white paper. View full executive summary.

• FIPS 201 PIV II Card Use with Physical Access Control Systems: Recommendations to Optimize Transaction Time and User Experience
  The Smart Card Alliance Physical Access Council developed this white paper to discuss factors that impact PIV II card transaction performance in PACS applications and provide recommendations on data encoding, user training and installation that can improve the user experience and reduce PIV II card PACS transaction time. Download white paper. View full executive summary.

• Healthcare Identity Management: The Foundation for a Secure and Trusted National Health Information Network.

  Policy makers are looking carefully at the best ways to improve our healthcare system with much emphasis being placed on the need for electronic health records for every American. This effort also includes creating an infrastructure to allow the exchange of these records at the regional, state and national levels. This paper introduces the current challenges and explains why identity management in healthcare is an essential and foundational element that must be made a priority by policy makers in order to achieve the goals of widespread use of electronic health records to support the secure and seamless exchange of healthcare information. The paper also recommends best practices for introducing a healthcare identity management infrastructure–one that provides the needed security and privacy controls that should be specified by policy makers. Download brief. View document.

• Identifiers and Authentication – Smart Credential Choices to Protect Digital Identity
  The Smart Card Alliance developed this position paper to describe the issues with unique identifiers and discuss how smart cards can be used as authenticators when using unique identifiers. Download position paper. View position paper.

• Identity Management Systems, Smart Cards and Privacy
  This position paper describes key elements in the design of an identity management system that affect privacy and security and the benefits that smart cards bring to identity management systems. View document.

• Identity Management Systems, Smart Cards and Privacy: Frequently Asked Questions
  This FAQ answers questions about privacy, security and smart card benefits for identity management systems. Download FAQ. View full FAQ.

• Interoperable Identity Credentials for the Air Transport Industry
  This white paper was developed by the Smart Card Alliance Physical Access Council and Identity Council to provide the air transport industry with educational material on the use and applicability of interoperable identity credentials for use at airport facilities, and to propose a model for an interoperable identity credential that can leverage FIPS 201 and meet airport operational requirements. Download report. View full executive summary.

• January 27, 2010 Federal Interagency Advisory Board Meeting
  Randy Vanderhoof, Executive Director of the Smart Card Alliance addressed the Federal Interagency Advisory Board (IAB) at the January 27, 2010 meeting in Washington, DC. Randy’s 20 minute address covers the Smart Card Alliance Physical Access Council workgroup accomplishments, introduced new training tools, and announced an agreement for the Smart Card Alliance to host four joint IAB/SCA meeting in 2010. View summary.

• Logical Access Security: The Role of Smart Cards in Strong Authentication
  This report describes the trends in implementing secure logical access. Written for decision makers in enterprises and government agencies, the report discusses current issues with logical access, reviews alternative approaches for authentication and presents key considerations that organizations should take into account when implementing stronger authentication for logical access. The benefits of using smart cards for logical access are presented, along with key business case factors that should be considered when deciding to invest in new technology for strong authentication. The report also describes the support provided for smart cards by the Microsoft Windows and Linux operating systems. Download report. View full executive summary.

• Physical Access Control System Migration Options for Using FIPS 201-1 Compliant Credentials
  This white paper was developed by the Smart Card Alliance Physical Access Council, in collaboration with the Security Industry Association (SIA), Open Security Exchange (OSE) and International Biometric Industry Association (IBIA), to assist government agencies with developing migration plans for using FIPS 201 compliant credentials in physical access control systems. The white paper describes key elements of a typical PACS, identifies migration considerations relative to each, and outlines different migration options and their benefits and challenges. The white paper also discusses options for integration, PACS enrollment and registration, and biometrics. Download white paper. View full executive summary.

• Privacy and Secure Identification Systems: The Role of Smart Cards as a Privacy-Enabling Technology
  This white paper defines privacy as the concept applies to an identification system and discusses how privacy considerations affect system design and implementation. It reviews how smart cards can provide a privacy-enabling technology for different ID systems, how they interact with other system components (e.g., smart card readers and host systems), and how smart cards can address the growing problem of identity theft. The paper recommends key guidelines for business practices and system designs that can help protect privacy. Download white paper. View full executive summary.

• Privacy, Identity, and the Use of RFID and RF-Enabled Smart Card Technology – A Smart Card Alliance Brief for State and Local Governments.
  State policy makers are looking carefully at the use of RFID technology in identity cards and the implications that holds for protecting privacy and personal information in identity applications and systems. This brief was developed by the Smart Card Alliance Identity Council to examine best practices for privacy-secure identity systems from the point of view of card technologies. Download brief. View document.

• Questions and Answers about the Proposed Use of RFID for U.S. Border Crossing Documents
  The Identity Council developed this Q&A document to accompany the white paper, “The Consequences to Citizen Privacy and National Security in Adopting RFID Technology for Border Crossing Identity Documents.” Download Q&A.

• The REAL ID Act: Why Real ID Cards Should Be Based on Smart Card Technology
  The Smart Card Alliance Identity Council developed this position paper to provide support for the use of smart card technology to implement state driver’s licenses issued to comply with the REAL ID Act of 2005. Download position paper. View document.

• Recommendation on the Credential Numbering Scheme for the FIPS 201 PIV Card Global Unique Identifier.
  This white paper was developed by the Smart Card Alliance Physical Access Council to recommend a credential numbering schema for the FIPS 201 PIV card GUID that will work for federal as well as non-federal issuers. Download white paper. View executive summary.

• RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards
  This Smart Card Alliance white paper compares RFID technology and RF-enabled smart cards and describes key requirements in RF-enabled applications. Download white paper. View full executive summary.

• Secure Identification Systems: Building a Chain of Trust
  This report discusses the importance of a robust chain of trust for secure ID systems. Developed for decision makers, the report summarizes why today’s ID systems are vulnerable, what makes an identification system secure, and what factors need to be considered in developing a secure ID system’s chain of trust. It defines the components of a secure ID system and discusses key considerations for enrollment, issuance, usage and implementation. The report describes how a robust chain of trust can be implemented to authenticate an individual’s identity and ensure the validity of the ID and credential once the ID has been issued and is in use. It describes the role smart cards play in the chain of trust, discusses smart card implementation considerations, and summarizes how smart cards can help to address the key vulnerabilities of current ID systems. Download report. View full executive summary.

• Smart Card Alliance Response to DHS REAL ID NPRM Federal Register Notice
  The Smart Card Alliance Identity Council developed and submitted this response to the Department of Homeland Security Federal Register notice, “Minimum Standards for Driver’s Licenses and Identification Cards Acceptable by Federal Agencies for Official Purposes,” Docket No. DHS-2006-0030. The response was submitted to the Department of Homeland Security on May 7, 2007. Download response. View full executive summary.

• Smart Card Alliance Response to WHTI Passport Card Federal Register Notice
  The Identity Council developed and submitted a response to the Department of State Federal Register notice, “Card Format Passport; Changes to Passport Fee Schedule,” Docket ID DOS-2006-0329. This notice announced the DHS and Department of State plan to use “vicinity read” RFID technology compliant with ISO/IEC 18000-6 Part C instead of contactless smart card technology for the proposed passport card. Download response. View full executive summary.

• Smart Card Technology in Healthcare: Frequently Asked Questions.
  This frequently asked questions document was developed to answer questions about how smart cards work and how the technology is used to manage patient identity and protect a healthcare consumer’s personal information. Download FAQ. View FAQ.

• Smart Card Technology: The Right Choice for REAL ID
  The Department of Homeland Security (DHS) issued its final rule regarding minimum technology requirements for REAL ID drivers licenses on January 11, 2008. The Smart Card Alliance Identity Council developed this brief to describe the benefits to states for incorporating smart card technology into their REAL ID plans. Download document. View full document.

• The Top 10 Hot Identity Topics
  This white paper was developed by the Smart Card Alliance Identity Council to provide a high-level discussion of the top 10 challenges associated with current identity systems. This paper covers a range of topics and offers perspectives on how the most critical identity issues can be addressed with policy, process, and technology solutions. Download report. View full executive summary.

• Transportation Worker Identification Credential (TWIC) Profile
  This profile describes the TSA TWIC program. Download profile. View all profiles.

• U.S. Department of Defense Common Access Card (CAC) Profile)
  This profile describes the background and origins of the U.S. Department of Defense Common Access Card (CAC). Download profile. View all profiles.

• Using FIPS 201 and the PIV Card for the Corporate Enterprise
  The Smart Card Alliance Identity Council and Physical Access Council developed this white paper to provide an overview of FIPS 201 for corporate enterprise executives and to describe the benefits of using FIPS 201 as the foundation for enterprise identity management programs. Download white paper. View full executive summary.

• Using Smart Cards for Secure Physical Access
  This report provides a primer for understanding physical access control systems that use a smart ID card for personal identification. Designed as an educational overview for decision makers and security planners, the report describes physical access system architecture and components, provides guidance on key implementation considerations, describes smart card technologies used for physical and logical access, discusses migration considerations in moving from legacy physical access systems to smart card-based systems and showcases other applications that can be combined with a smart card-based secure physical access system. Download report. View full executive summary.

• Western Hemisphere Travel Initiative PASS Card: Recommendations for Using Secure Contactless Technology vs. RFID
  The Identity Council developed this position paper to provide support for the use of ISO/IEC 14443-based technology for the Western Hemisphere Travel Initiative PASS card system and to recommend a technology trial to evaluate the performance of both EPC Gen 2 and ISO/IEC 14443-based technologies before DHS makes a final implementation decision. Download position paper. View full executive summary.

• Wiegand Message Recommendations
  The Smart Card Alliance Physical Access Council developed this industry recommendation to respond to requests for sample Wiegand message formats that will handle the additional fields of the Federal Agency Smart Credential Number (FASC-N) for programs that use Credential Series fields and Individual Credential Issue to identify credential holders. In addition, the recommendation defines device status messages to log field device activity. Additional Wiegand formats are defined to support this enhanced messaging along with the extra fields of the FASC-N. Download document. View full executive summary.