Alliance Activities : Publications : Secure ID Systems
Secure Identification Systems: Building a Chain of Trust
Publication Date: March 2004
- Click here to download the report.
- Click here for the report table of contents.
- Click here for the press release announcing the report.
Today, nearly everyone carries multiple identification cards (IDs), issued by multiple public and private organizations. Such IDs include driver’s licenses, membership cards, credit cards, and corporate identification badges.
The primary purpose of an ID is to identify the holder as having particular rights, privileges, and responsibilities. IDs verify a person’s identity, both to the system that issued the ID (for example, a driver’s license verifies the license-holder’s right to operate a motor vehicle) and to other systems that do not issue their own IDs (for example, a driver’s license verifies the identity of someone trying to board an aircraft).
Identification systems are needed by both public and private organizations. ID systems may operate completely within a single organization (an employee ID), span multiple organizations (across government bodies, between businesses and their customers), or extend out to the general population. Given the complexity of the identity verification problem, the number of involved parties, and the number of choices in ID system designs, it isn’t surprising that many of today’s ID systems are vulnerable.
To address these vulnerabilities and implement a secure ID system, organizations must define a chain of trust that encompasses all of the secure ID system processes and components. This chain of trust includes:
- The trust model and security policies adopted within an organization or among organizations that participate in an identification system.
- The processes and documents used to verify that people are who they say they are and enroll them in the identification system.
- The process that validates identities and identity credentials.
- The architecture, technologies, and processes that keep identity information private and secure and ensure accurate identity verification when the ID is used.
- The system management functions that maintain the chain of trust.
Smart cards are a vital link in the chain of trust for secure ID systems. They serve as the issuer’s agent of trust and deliver unique capabilities to securely and accurately verify the identity of the cardholder, authenticate the ID credential, and serve the credential to the ID system. Widely acknowledged as one of the most secure and reliable forms of electronic identification, smart cards can provide secure and accurate identity verification and, when combined with other ID system technologies (such as biometrics and digital certificates), they can enhance the security of the system and protect the privacy of system information.
Smart card-based ID systems offer significant benefits for individuals, businesses, and governments. Individuals using smart ID cards enjoy greater satisfaction through faster, more convenient and more secure access to information and services. The efficiency, consolidation of programs, and security features provided through the use of smart ID cards enable governments and businesses to enhance security while also improving services and reducing operating costs. Smart cards provide an optimal technology platform for a secure ID system that can meet government and business requirements for secure and accurate identification verification.
About This Report
This report was developed by the Smart Card Alliance to discuss the issues with current identification systems, describe the chain of trust in a secure ID system, and define the role that smart cards play in the chain of trust. This report provides answers to commonly asked questions about secure ID systems, such as
- Why are today’s identification systems vulnerable?
- What are the key challenges and issues facing citizen-facing, employee-facing and customer-facing ID systems?
- What makes an identification system secure?
- What factors need to be considered in developing a secure ID system’s chain of trust?
- How can a robust chain of trust be implemented to authenticate an individual’s identity and ensure the validity of the ID and credential once the ID has been issued and is in use?
- What is the role of smart cards in a secure ID system’s chain of trust?
- What are business and implementation considerations for a smart card-based secure ID system?
The report also includes brief profiles of a number of organizations who are either implementing new secure ID systems or who are developing the trust models and policies that other organization can use to improve ID systems. Profiles include: American Association of Motor Vehicle Administrator’s (AAMVA) Driver License/ID Security Framework; U.S. Department of Defense Common Access Card; Federated Identity and Cross-credentialing System (FiXs)/Defense Cross-credentialing Identification System (DCIS); Transportation Security Administration Transportation Workers Identification Credential (TWIC); U.S. Department of State, new passport project; and Rabobank.
If you would like to join the task force, please contact email@example.com.