About Smart Cards : Applications : Enterprise ID
Enterprise ID Applications
- Smart Card Alliance Enterprise ID Resources
- Smart Cards and Logical Access
- Smart Cards and Physical Access
- Enterprise ID Implementations
- Smart Cards and Campus IDs
- Industry Resources
- A Comparison of PIV, PIV-I and CIV Credentials
- The Commercial Identity Verification (CIV) Credential–Leveraging FIPS 201 and the PIV Specifications
- Expert Series Videos: Biometrics, CIV, NSTIC, PIV-I
- Guide Specification for Architects and Engineers for Smart Card-based PACS Cards and Readers for Non-government PACS
- Identity Management Systems, Smart Cards and Privacy
- Logical Access Security: The Role of Smart Cards in Strong Authentication
- Mobile Devices and Identity Applications
- Personal Identity Verification – Interoperable (PIV-I): A Secure ID Credential for Non-Federal Issuers
- Personal Identity Verification Interoperability (PIV-I) for Non-Federal Issuers: Trusted Identities for Citizens across States, Counties, Cities and Businesses
- PIV-Interoperable Credential Case Studies
- Privacy and Secure Identification Systems: The Role of Smart Cards as a Privacy-Enabling Technology
- Secure Identification Systems: Building a Chain of Trust
- Smart Card Alliance Access Control Council
- Smart Card Alliance Identity Council
- Smart Cards and Biometrics
- Smart Card Technology and the National Cybersecurity Strategy
- Smart Card Technology and NSTIC, Smart Card Alliance white paper, June 2013
- Strong Authentication Using Smart Card Technology for Logical Access
- The Top 10 Hot Identity Topics
- Using FIPS 201 and the PIV Card for the Corporate Enterprise
- Using Smart Cards for Secure Physical Access
Organizations of all sizes and in all industries are working to improve the process used to identify users to their networked systems. With the growing use of wired and wireless networks to access information resources and the increasing occurrence of identity theft and attacks on corporate networks, password-based user authentication is increasingly acknowledged to be a significant security risk. Both enterprises and government agencies are moving to replace simple passwords with stronger, multi-factor authentication systems that strengthen information security, respond to market and regulatory conditions, and lower support costs.
Smart cards support all of the authentication technologies, storing password files, public key infrastructure certificates, one-time password seed files, and biometric image templates, as well as generating asymmetric key pairs. A smart card used in combination with one or more authentication technologies provides stronger multi-factor authentication and significantly strengthens logical access security. Smart card technology also provides the flexibility for including all authentication factors in a single smart card, improving the security and privacy of the overall authentication process.
Smart cards are becoming the preferred method for logical access, not only for their increased security, but also for their ease of use, broad application coverage, ease of integration with the IT infrastructure, and multi-purpose functionality. Both Microsoft® Windows® and Unix® operating systems offer a significant level of smart-card-related support and functionality, through either built-in (out-of-the-box) support or commercial add-on software packages. Smart-card-based logical access allows organizations to issue a single ID card that supports logical access, physical access, and secure data storage, along with other applications. By combining multiple applications on a single ID card, organizations can reduce cost, increase end-user convenience, and provide enhanced security for different applications.
Smart card technology provides organizations with cost-effective logical access. Smart cards deliver a positive business case for implementing any authentication technology. Improved user productivity, reduced password administration costs, decreased exposure to risk, and streamlined business processes all contribute to a significant positive return on investment.
The Obama administration has recognized the need for stronger online identity authentication and established the National Strategy for Trusted Identities in Cyberspace (NSTIC) initiative. NSTIC broadly defines an Identity Ecosystem that would re-establish trust and better protect online identities. According to the Howard A. Schmidt on the White House blog, “Through the strategy we seek to enable a future where individuals can voluntarily choose to obtain a secure, interoperable, and privacy-enhancing credential (e.g., a smart identity card, a digital certificate on their cell phone, etc.) from a variety of service providers–both public and private–to authenticate themselves online for different types of transactions (e.g., online banking, accessing electronic health records, sending email, etc.).”
Smart cards are increasingly accepted as the credential of choice for securely controlling physical access. Standards-based smart ID cards can be used to easily authenticate a person’s identity, determine the appropriate level of access, and physically admit the cardholder to a facility. Through the appropriate use of contact or contactless smart card technology in the overall physical access system design, security professionals can implement the strongest possible security policies for any situation.
More than one access application can be carried on a single smart ID card, enabling users to access physical and logical resources without carrying multiple credentials. Security can change access rights dynamically, depending on perceived threat level, time of day, or other appropriate parameters. Smart card support for multiple applications allows organizations to expand card use to provide a compelling business case for the enterprise. Smart cards not only secure access to physical or logical resources, they can store data about the cardholder, pay a fee or fare if required, certify transactions, and track ID holder activities for audit purposes. Because supporting system components can be networked, shared databases and inter-computer communication can allow separate functional areas in an organization to exchange and coordinate information automatically and instantly distribute accurate information over large geographic areas.
Smart cards are flexible, providing a migration path for which an organization’s requirements, not card technology, is the driving force. Multi-technology smart cards can support legacy access control technologies, as well as include new contact or contactless chip technology. When migration is planned carefully, organizations can implement new functionality, while accommodating legacy systems as may be required.
In January 2008, Datamonitor did research on the state of passwords and smart cards in the enterprise, and published the results in a white paper that shows the ROI for enterprise smart cards. The research found that 62% of enterprises experienced problems with passwords and that 40 man-hours per week would be saved using smart cards and single sign-on. The analysis concluded that a 2000-user company deploying smart cards could see a US$3.4 million savings over the course of 3 years.
The following profiles and resources showcase how organizations can successfully use smart cards for physical and logical access.
Smart cards are used worldwide as campus IDs at colleges and universities, often combining access, identification and payment functions. Selected active campus ID smart card implementations are listed below.
- Federal Information Processing Standard 201 (FIPS 201) Personal Identity Verification (PIV) of Federal Employees and Contractors
- Government Smart Card Handbook
- Initiative for Open Authentication (OATH)
- Kantara Initiative
- Movement for the Use of Smart Cards in a Linux Enviroment (MUSCLE)
- National Association of Campus Card Users
- National Strategy for Trusted Identities in Cyberspace (NSTIC)
- Open Identity Exchange (OIX)
- Open Security Exchange (OSE)
- PC/SC Workgroup
- Security Industry Association (SIA)
- Smart Card Alliance Access Control Council
- Smart Card Alliance Identity Council
- Smart Card Alliance Smart Card Reader Catalog