Unifying the Card: HSPD-12 Shapes Government Access Control

The lowly employee identity card, that hall pass for government bureaucrats and the corporate masses, is getting an upgrade.

Soon, all federal agencies must move to comply with a presidential directive that requires issuing a new ID card to every government employee and private contractor.

The directive, issued two years ago through the Department of Homeland Security, is intended to address a variety of concerns that emerged in the months after the terrorist attacks of Sept. 11, 2001.

"The government realized they don't even really know who is working for them," said Jason Halvorson, a security industry analyst with Frost and Sullivan in San Antonio.

Detecting someone using a counterfeit ID card was an obvious problem. But it was compounded by the fact that government offices throughout Washington often refused to accept ID cards issued by other federal agencies. As a result, many government employees and military officials routinely carry multiple ID cards issued by different agencies.

Under the directive, agencies are required to issue a new, uniform ID that includes an embedded "smart card" processor that can be verified by advanced security equipment at any government building or military base.

The directive requires federal agencies to begin implementing the system Oct. 27, although the process is expected to take years and at least $1 billion to complete. Estimates of how many people will be affected vary from 3 million to more than 12 million, depending mostly on how many contractors adopt the new technology for their employees.

Yet even the low range represents a potential boon to companies that specialize in smart-card technology, including San Diego's ImageWare Systems, Cubic Corp. and SAIC.

"From a historical perspective, the security industry has been moving from simple photo-ID badges to machine-readable cards for the past 10 years," said Randy Vanderhoof, executive director of the Smart Card Alliance, a New Jersey trade group.

In recent years, the market has moved to even more sophisticated versions, such as smart cards with programmable microprocessors that can store biometric data. Such cards can be read by wireless devices that download data to verify that the credential is authentic.

Smart cards even include technology that can be used to control access to computer networks by requiring employees to use their ID cards to log on to their computers at work.

"Some federal agencies are much further along in changing their procedures and policies and lining up the equipment and supplies they need," Vanderhoof said.

The investment required to upgrade security systems, including reader devices, software, door controllers and computer network log-in devices, will be huge, Vanderhoof added.

The security directive also was a prominent topic at the recent annual conference of ASIS International, a Virginia industry group that previously was known as the American Society for Industrial Security.

Many companies promoted their ID-card technologies on the exhibit floor during the conference.

"For us, it was a matter of putting together a suite of products that would fit these new requirements," said Jim Miller, chairman and chief executive of ImageWare, a software developer. The company's software includes programs that can read and compare fingerprints, along with other ID authentication data, and operates with smart-card technology.

The government also has set technical standards for the software, hardware and other components of the system that verify a person's identity. Miller said the government has certified that ImageWare's software meets the new standard.

Cubic already was working with the Pentagon on development of a common access card, which also must meet the presidential directive, said Bruce Roberts, vice president of Cubic's advanced programs.

Because the cards and card readers must be interoperable, the Pentagon's Defense Management Data Center asked the company to provide a "test suite" to check various cards and readers and certify that they are indeed interoperable, Roberts said.

Cubic was selected because the company has developed wireless smart-card technology for use in its mass-transit fare collection business that are "card agnostic," he said.

"We have chosen as a strategy to make readers that can work with any card," Roberts said. Such card readers have been installed for transit systems in the Washington and Baltimore area, he added.

ImageWare's software has been used to create IDs and other documents chiefly for law enforcement agencies, "so this would be a fairly new business for us," Miller said.

In the second quarter ended June 30, ImageWare posted a loss of $1.3 million, or 10 cents a share, on revenue of $2.3 million. The company reported a net loss of $8.3 million on annual revenue of $9.5 million in 2005.

Miller attributed the company's losses in part to heavy expenditures on research and development, particularly over the past three years.

Still, the tiny company, which has 90 employees and a market valuation of $26 million, has not posted a profit since it became publicly traded six years ago, according to Bloomberg financial data.

To compete with companies such as Lockheed Martin, General Dynamics and SI International, which also offer ID technology to meet the presidential directive, ImageWare will incorporate its software in equipment offered by GE Security, Hewlett-Packard and other partners, Miller said.

Now that the federal government has set standards for smart-card IDs, the market probably will expand because government contractors and other companies are likely to adopt the same technology for their own use, Miller said.

Others agree.

"There's money to be made all over the playing field now, simply because of the amount of penetration into the market that the government smart card will have," said Bill Richardson of HID Global, an Irvine, Calif., company that specializes in smart-card technology.

Copyright 2006 Copley News Service

Visit Copley News Service at .


Loading