Security executives in any market can take a lesson from federal and government ID card security and issuance systems.
Photo credit: Photo courtesy HID Global Corp.
While any ID card can benefit from advanced visual and logical technologies for enhanced security, it is particularly important that these technologies be used in Federal and other government identity applications — including driver’s licenses, permanent resident or “green” cards, and ID cards used by Federal agencies and the military.
The most common form of ID in the U.S is the driver’s license. Green Cards are also widely used to identify foreign-born residents living in the U.S. as permanent residents. Two other prevalent credentials are the Common Access Card (CAC) issued by the Department of Defense (DoD), and the personal identity verification (PIV) card used by Federal agency employees and their contractors.
Each of these ID cards is issued according to guidelines established by its issuing body, but all are influenced today by the U.S. Department of Homeland Security (DHS). While the focus here is on card issuance for the government, there are certainly lessons and strategies that can hit home for private-sector security executives tasked with issuing cards on a daily basis in industries such as healthcare and large corporations.
Advancements in secure issuance solutions — including printers, card materials and software — are making it easier to meet the latest issuance guidelines by incorporating critical visual and logical technologies, and using multi-layered management procedures that improve issuance system security and efficiency.
The DHS Influence
One of the most far-reaching credential initiatives is Homeland Presidential Directive 12 (HSPD-12), which established a government-wide standard for identity credentials to improve both logical and physical access control. HSPD-12 requires the use of this standard credential by all Federal employees and contractors when gaining physical access to Federally controlled facilities, as well as for logical access to Federally controlled information systems.
In Feb. 2005, the National Institute of Standards and Technology (NIST) released the required standard as Federal Information Processing Standards Publication 201 (FIPS 201). The associated credential is called the Personal Identity Verification (PIV) card.
PIV cards leverage smart card and biometric technology, and also support strong authentication methods both on the desktop and at the door. FIPS 201 has had far-reaching implications: the cards have not only impacted Federal agencies, but also their contractors and even commercial businesses and other state and municipal government organizations, as well as the military’s Common Access Card (CAC), which has become the most widely used Department of Defense (DoD) identity credential. The DoD launched a new CAC in compliance with HSPD-12 in Oct. 2006.
Another card impacted by Federal security mandates is the U.S. driver’s license. According to DHS, preventing terrorists from obtaining state-issued identification documents is critical to securing America against terrorism. It has established minimum standards for driver’s licenses and identification cards that Federal agencies would accept for official purposes, including accessing Federal facilities and boarding Federally regulated commercial aircraft.
Green Cards, too, have been a focus area for DHS, which aims for these credentials to stay years ahead of counterfeiting techniques. For a card designed to last a decade, this is vital. In May 2010, the U.S. Citizenship and Immigration Services (USCIS) began issuing all Green Cards in a new, more secure format using state-of-the-art technology that prevents counterfeiting, obstructs tampering and facilitates quick and accurate authentication of the card.
Meeting security needs for these cards requires multi-layered validation using a combination of card elements, as well as a multi-layered card issuance and management approach that also optimizes efficiency, utility and user convenience.
Enhanced Security via Multi-layered Validation
The majority of today’s card issuance and licensing systems rely on two-dimensional identity validation — comparing the person presenting credentials with identifying data displayed on a card. Over time, cards and licenses have evolved from a simple photo ID to include sophisticated elements that enable more trustworthy visual authentication while acting as effective deterrents to tampering and forgery. These elements include higher-resolution images, holographic card over-laminates, and the laser engraving of permanent and unalterable personalization attributes into cards, which makes forgery and alteration virtually impossible.
Even with the most advanced techniques, there is always someone intent on circumventing credential requirements. Would-be counterfeiters take advantage of advanced tools and materials, which fuels an ongoing need for training and diligence on the part of security staff and law enforcement personnel to keep ahead of attempted fraud.
Digital components, such as smart card chips or magnetic stripes, add a third security dimension to ID card and license issuance systems. In addition, expanded data storage on the card can enable the inclusion of biometric and other information to enhance the validation process. It is generally accepted that multiple factors of authentication consisting of something you have (e.g., a card), something you know (e.g., a password), and something you are (e.g., a biometric) increases the probability that the person presenting his card at a reader is the same person that was initially issued the card. Smart cards enable multi-factor authentication, and leverage cryptography and keys to ensure that the user possesses the correct keys at that specific moment.
Card and License Issuance and Management
While multiple layers of visual and digital security are critical to protect the integrity of each credential and each cardholder, the integrity of the overall licensing system requires that a layered security approach also be applied to the process of issuing valid cards. The same principles can be applied to a corporate card issuance system.
The first security layer is to limit unauthorized operator access to physical components. Mechanical locks should restrict access to card printers, including card input and output hoppers and rejected cards. Physical locks should be placed on all access points to protect ribbon and film consumables.
Electronic security is a critical second layer. Ideally, operator access to each printer is controlled via personal identification numbers (PINs). Print job data packets should meet or exceed advanced encryption standards to ensure system privacy, integrity and authentication to the final issuance endpoint.
An often-overlooked third layer is to ensure automatic elimination of personal data on used print ribbon panels. Some card printers also increase security by including integrated sensors that only permit the use of custom print ribbons and holographic card overlaminates in authorized printers.
Increasing Utility with Smart Card Technology
Enhanced security is a strong standalone argument for governments and Federal agencies — and high-security private-sector deployments — to use technology cards for license and card issuance. In addition, the integration of enhanced digital capabilities into card issuance and licensing systems creates new opportunities, such as:
- Cross-application usage within territory. A single card can be issued that provides access to multiple services and facilities within a licensing zone, reducing the need for multiple cards and authentication processes.
- Borderless credentials. Government entities can work together to create credentials that work within city, state, provincial and even international borders; thus simplifying the ID verification processes for travelers.
- Greater flexibility in issuance alternatives. The use of smart card technology and the latest printing solutions gives card issuance systems greater flexibility to issue cards or licenses from a centralized processing facility or from multiple distributed facilities throughout a region or country.
- Expedited credential status updates. Systems using smart card technology can manage real-time privilege approval, changes or cancellation. This is a critical advantage for license systems that store detailed cardholder records — from important medical data, to records of past legal violations.
- Enhanced responsiveness in emergencies and crises. Victims and emergency response personnel moving into and out of crisis zones may be identified, and their ID cards validated using hand-held readers, with communications technology enabling real-time reporting to crisis management teams. This can also be a great help in an emergency mustering situation.
Today’s technology enables virtually any organization to cost-effectively raise the security of its credentials system to the highest standards — significantly reducing the potential for fraud. Further, the combined technologies that are making credentials more secure are also opening roads to greater utility for the issuing entity, and greater convenience for cardholders.
Alan Fontanella is Vice President of product marketing, secure issuance, for HID Global Corp. To request more information about HID and its products, visit www.securityinfowatch.com/10213866.