Princeton Junction, NJ, June 8, 2006 - Contactless smart card technology best meets the objectives set forth by the Department of Homeland Security (DHS) for high throughput and the protection of individual privacy at the nation's border crossings for its People Access Security Service (PASS) card program supporting legislation directed by the Western Hemisphere Travel Initiative (WHTI). PASS cards would be required by 2008 for all U.S. citizens who cross the northern and southern borders of the United States without passports. The Smart Card Alliance makes its case for DHS using secure contactless chip technology vs. RFID in a new white paper from its Identity Council.
In the paper, "Western Hemisphere Travel Initiative PASS Card: Recommendations for Using Secure Contactless Technology vs. RFID," the Alliance disagrees with the current DHS technology choice of EPC Gen 2, a type of radio frequency identification (RFID) technology based on the Electronic Product Code Generation 2 (EPC Gen 2) specification. This technology allows cards to be read at a distance of up to 30 feet, which raises security and privacy concerns for the Alliance members as well as other organizations.
To back up this position, the Alliance report presents alternative operational scenarios and concludes that contactless smart card technology best meets the objectives of the PASS card program, which are to secure our borders without compromising personal privacy or impeding the flow of people crossing the border.
Contactless smart card technology is different from radio frequency identification (RFID) technology. Contactless smart cards are designed for secure applications such as payment and secure identification of people.
They contain a small but fully functioning microcomputer that can deliver the highest levels of security, and include built-in features that protect the contactless smart chip from a wide variety of attacks. In contrast, RFID technology is used in applications such as identifying animals, tracking goods through the supply chain, tracking assets such as gas bottles and beer kegs, and controlling access into buildings. RFID tags include a chip that typically stores only a static number (an ID) and an antenna that enables the chip to transmit the stored number to a reader. There is little to no security on the RFID tag or during communication with the reader.
"RFID chips are not designed for human identity applications, but are optimized for supply chain and other applications that need low-cost, electronic identifiers that serve as a replacement for barcodes. In contrast, contactless smart card technology is widely used in secure identification cards and travel documents, supporting the level of security functionality required for protecting individual privacy," said Randy Vanderhoof, executive director of the Smart Card Alliance.
There are many advantages to using contactless smart card technology for the WHTI PASS card program, including the ability to support electronic verification of authenticity to prevent counterfeiting and to use secure, encrypted communications to thwart eavesdropping and replay attacks, and ensure privacy protection for cardholders. A WHTI PASS card based on contactless smart chip technology can also leverage the infrastructure that is being put in place by DHS and the Department of State to support the new ePassport. Using the same secure contactless technology for the PASS card and ePassport could potentially decrease the implementation time and lower the cost of the program.