All Your Passwords on a Single Smart Card

Financial Times USA via NewsEdge Corporation : Technology advances do not necessarily make life easier in the workplace. I, for instance, a frequently confessed technoidiot, have never managed to use a copier properly. The placement of pages - either horizontally or vertically, on the left side or right side always seems to differ, and the copier paper always seems to move just as I lower the cover. In the end, several crushed balls of paper in the trash can bear testament to my attempts to produce one acceptable result.

But there is one product building momentum that even I might manage and which ought to relieve some stress on harried, hurried workers: a "smart card" loaded with password chips and biometric identification systems.

Passwords have not always been the mind bender they are today. Once they required maybe four letters or numbers that could be deployed on the few systems that handled them. Workers now must memorise an average 15-20 passwords each, according to Kent Blossom of IBM Global Services.

Users in particularly sensitive positions and industries must reregister or reformulate their passwords monthly. Not so long ago, passwords stood simply as a bulwark against corporate or government espionage, fraud, identity theft and hackers. With the growth of e-commerce and online banking, passwords proliferated and all seem to demand different formulation requirements. Now, many users are required to dream up memorable words containing numbers and letters as well as obscure punctuation marks.

In 2002, the International Data Corporation estimated that the identification management industry was expanding by 46 per cent a year and was set to reach Dollars 4bn by 2007. "(Usage) is further complicated as companies add or subtract workers, devices, workplace locations, partners or vendors," according to IBM. "In each case, passwords and other protective processes known as 'touch' points are needed for different layers of access, adding to the complexity."

"There are many business drivers of identification management," says John McKeon, direct of security solutions for IBM Global. Collaboration between partnering companies and government agencies has intensified. They are also partnering with their suppliers. "All of them need to be able to trust the people they are letting into their systems," he says. "Everyone wants to create more user-friendly systems."

Fear of terrorism has accelerated the industry's development. The White House recently issued a directive establishing "a mandatory, government-wide standard for secure and reliable forms of identification issued by the federal government to its employees and contractors".

Other regulations - for homeland security, corporate financial activity, healthcare privacy, immigration, and visa authentication - have spurred the search for secure identity solutions.

Companies and government agencies have been investing for the past decade in new technologies to create multifunctional systems. These integrate various security components - ssbiometrics, radio frequency identification or voice recognition technology with smart cards to provide physical or computer access. According to Randy Vanderhoof, head of the Smart Card Alliance, identification management systems are getting faster, more powerful and cheaper.

Most government agencies are moving to vastly improved systems. Airports have begun to install biometrics and radio frequency identification (rfid) both to secure buildings and to improve the flow of American passengers and foreign visitors from countries deemed friendliest. Now, visas are set to be equipped with new technologies to slash waiting lists, speed lines in Custom's and better verify identities.

The US Department of Defense has installed the new identification technology at bases around the world. It has not yet replaced dog tags but, instead of paper IDs, soldiers going off to the wars are given smart cards.

Ben Barnes, CEO of ActivCard Corp, which is providing software for the defence smart card system, works with the Pentagon's manpower data centre, which keeps records on military manpower going back to the 1950s.

The DoD is now each day distributing 10,000 multipurpose cards, which are expected to save Dollars 100,000 each day, Mr Barnes says. These require fingerprint identification and memorising a single pin number. The cards are used in deploying soldiers to war and for checking their equipment and personal affairs such as wills and insurance. Before boarding aircraft they swipe their cards on a handheld device or a computer with biometrics. "It is taking deployment time from hours to a half hour," Mr Barnes says.

Smart Cards, first introduced in France, have been in use for more than two decades, and French companies still dominate the manufacture of the cards, says Mr Vanderhoof of the Smart Card Alliance, a group of 100 corporate users and providers working on standards relevant to smart card adoption and implementation.

The escalation in the number of passwords has grown increasingly expensive. Customer support units spend up to 40 per cent of their time responding to calls about forgotten user names or passwords, according to industry estimates. Each call can cost up to Dollars 40.

Mr Vanderhoof says more than 200m smart cards have been issued in the US since 1999. Half of these have been issued in the last two years. Some are embedded in cell phones, computers or satellite television systems (to prevent piracy). Security vendors, such as General Electric, Honeywell and AMAG, are installing systems that protect both offices and computers. Microsoft is making keyboards and mice with fingerprint sensors.

IBM and four business partners last week presented a new identity management system, which allows organisations to protect their data, applications, employee badges and network along with their buildings and grounds. The technologies are not new but the products have never been integrated before, says IBM. The latest ThinkPad laptop is equipped with technology to authenticate fingerprints.

IBM's Mr McKeon says five years from now passwords will be no more than a distant memory. One pin number will be necessary, but passwords will be embedded in some device so no one will have to remember them.

Loading