Unifying the Card: HSPD-12 Shapes Government Access Control

From a time when employees carried multiple cards to an explosion in the gov't access market

The lowly employee identity card, that hall pass for government bureaucrats and the corporate masses, is getting an upgrade.

Soon, all federal agencies must move to comply with a presidential directive that requires issuing a new ID card to every government employee and private contractor.

The directive, issued two years ago through the Department of Homeland Security, is intended to address a variety of concerns that emerged in the months after the terrorist attacks of Sept. 11, 2001.

"The government realized they don't even really know who is working for them," said Jason Halvorson, a security industry analyst with Frost and Sullivan in San Antonio.

Detecting someone using a counterfeit ID card was an obvious problem. But it was compounded by the fact that government offices throughout Washington often refused to accept ID cards issued by other federal agencies. As a result, many government employees and military officials routinely carry multiple ID cards issued by different agencies.

Under the directive, agencies are required to issue a new, uniform ID that includes an embedded "smart card" processor that can be verified by advanced security equipment at any government building or military base.

The directive requires federal agencies to begin implementing the system Oct. 27, although the process is expected to take years and at least $1 billion to complete. Estimates of how many people will be affected vary from 3 million to more than 12 million, depending mostly on how many contractors adopt the new technology for their employees.

Yet even the low range represents a potential boon to companies that specialize in smart-card technology, including San Diego's ImageWare Systems, Cubic Corp. and SAIC.

"From a historical perspective, the security industry has been moving from simple photo-ID badges to machine-readable cards for the past 10 years," said Randy Vanderhoof, executive director of the Smart Card Alliance, a New Jersey trade group.

In recent years, the market has moved to even more sophisticated versions, such as smart cards with programmable microprocessors that can store biometric data. Such cards can be read by wireless devices that download data to verify that the credential is authentic.

Smart cards even include technology that can be used to control access to computer networks by requiring employees to use their ID cards to log on to their computers at work.

"Some federal agencies are much further along in changing their procedures and policies and lining up the equipment and supplies they need," Vanderhoof said.

The investment required to upgrade security systems, including reader devices, software, door controllers and computer network log-in devices, will be huge, Vanderhoof added.

The security directive also was a prominent topic at the recent annual conference of ASIS International, a Virginia industry group that previously was known as the American Society for Industrial Security.

Many companies promoted their ID-card technologies on the exhibit floor during the conference.

"For us, it was a matter of putting together a suite of products that would fit these new requirements," said Jim Miller, chairman and chief executive of ImageWare, a software developer. The company's software includes programs that can read and compare fingerprints, along with other ID authentication data, and operates with smart-card technology.

The government also has set technical standards for the software, hardware and other components of the system that verify a person's identity. Miller said the government has certified that ImageWare's software meets the new standard.

Cubic already was working with the Pentagon on development of a common access card, which also must meet the presidential directive, said Bruce Roberts, vice president of Cubic's advanced programs.

This content continues onto the next page...