IBM, Partners Unveil Smart Card Solution

New option combines physical and logical/network security into one; designed to meet governmental requirement of a unified security system


IBM and four business partners announced a new smart card that will combine physical and logical security into one. The new secure identity management system created by IBM with ActivCard, Bioscrypt, ImageWare and VeriSign gives organizations and government agencies the ability to protect their data, applications and IT networks along with their physical assets, such as buildings, workplaces, and grounds.

"This solution helps eliminate many of the confusing technology choices and complicated business processes in use today," Kent Blossom, director, IBM Safety and Security Services said. "It provides a single platform to help customers' fulfill their logical and physical access needs."

Randy Vanderhoof, executive director of the Smart Card Alliance, said IBM is finding ways to bind an identity with an individual and turn it into electronic form.

"I can keep my identity portable, electronic and secure," he said.

The new secure identity management system protects against identity theft, security breaches, and even password security all while reducing time and costs.

Tammy Borkowski, director, Enterprise Shared Services Division, Department of Treasury said it currently takes them weeks or months to get employees access. With the new system, the Human Resources department can enter new employee information, take the employee's picture and fingerprint and give them their access card in less than an hour. Ben Barnes, CEO of ActivCard said the new system might have a cost savings that could approach $1 million dollars a day.

The card has a chip that connects to the human resources computer. If a company wishes to change an employee's access, all they have to do is type in the appropriate changes on the computer and the card is reset.

The new security system also incorporates both contact and contact-less chip encoding. Users can use the contact-less reader to get into the door of their building and the contact reader to gain access to their computer.

System users no longer have to remember multiple passwords and user IDs either. The card stores passwords and creates a password vault. The user also doesn't have to manage password changes, as the new system automatically changes passwords on a regular basis. This also results in a reduction of password related support calls. In some companies, $30-40 is spent each time a password is forgotten and needs to be reset.

"An employee might have had to learn and remember 30 passwords," John McKeon, principal in the IBM Safety and Security Services group said. "We can alleviate all that stuff. We can go behind the scenes, change the password every week and the user doesn't have to know."

Biometrics is included in the system to protect against identity theft. When a user scans their card and then places their finger on a biometrics scanner, the scanner ensures that the card carrier is the person that should be carrying the card. If the fingerprint and the card do not match up, the user is not given access. The biometrics also gives users the ability to swipe their finger to add their signature to an online document.

"The value of this solution is its simplicity," said Blossom. "We're helping transform complex, manual processes into an integrated, easy-to-manage workflow."

The new system is currently on display at IBM's Institute for Electronic Government in Washington, D.C. and is in the Beta testing stages. IBM hopes to have the new smart card available for distribution in late November.