Industry Insight

A Smart Defense

  • By Kevin Gillick
  • Jan 03, 2007

GIVEN the current geopolitical climate, driving security initiatives forward is high on the agenda for both government and enterprise. Interest in the increased security and authentication capabilities afforded by smart cards has accelerated worldwide. Industry analyst Datamonitor forecasts that global smart card shipments for standalone security will reach 36 million this year. According to the report, the largest market for smart card-based security solutions will be North America, which will comprise 47 percent of global shipments in 2006.

The robust security features of a smart card make it an ideal vehicle for electronic identification. Smart cards can be used to provide logical access to networks and applications, as well as physical access to buildings and secured spaces.

The robust security features of a smart card make it an ideal vehicle for electronic identification. Smart cards can be used to provide logical access to networks and applications, as well as physical access to buildings and secured spaces. The ability to store private keys and digital certificates, and information such as user data and biometrics, provides smart cards with the means to securely authenticate individuals.

In 2005, the industry witnessed the first deployments and pilots of e-passport schemes based upon the International Civil Aviation Authorities specifications. Designed to enhance both global border control and homeland security, the aim of the new standards is to reduce card counterfeiting and provide officials with detailed information on a rapidly changing and migrating population.

On a national scale, the DOD's common access card is an indication of the extent to which the security capabilities of smart cards are being realized. In 1999, DOD began work on a program to issue a smart, common access identification card to 4.5 million active duty, selected reserve, DOD civilian and eligible contractor employees.

The aim of the initiative was to develop one vehicle that enables physical access for multiple government agencies to buildings and controlled spaces, as well as logical access to the DOD's computer network and systems.

A smart card-based implementation was chosen on the basis that it would enable strong identification, digital signature, storage of demographic data and service specific applications. With such privileged rights provided by the cards, security was a fundamental concern.

The CAC was developed to provide assurance and to reduce fraud associated with the current armed forces ID card. A smart card improves the security of physical and logical access, and enables e-commerce to become a possibility. The subsequent reduction in paperwork and decreased transaction and business process time leads to an increase in efficiency and reduce costs overall.

Creating the Smart Card Environment
With logical and physical access often handled by different departments, there is a need for them to work together in order to implement a solution that can do both. The CAC card uses GlobalPlatform technology to simplify the process of multiple government agencies deploying an interoperable smart card. The ultimate goal is to be able to use a CAC anywhere that the cards are accepted, regardless of which government agency issued it.

Since its formation in 1999, GlobalPlatform has created technical specifications that provide the foundation on which to build a smart card management environment capable of hosting both single and multiple applications and implementations, and yet can be adapted to the cardholders' requirements. The technology ensures that the continual rewriting and customization of applications is avoided.

When in place, GlobalPlatform provides a flexible and future-proof smart card architecture. It establishes a universal platform able to support new or modified applications, new cards and interaction with government or commercial entities. Validation of the smart card system only needs to happen once, and updates can be made throughout the program's life cycle efficiently and cost effectively.

As GlobalPlatform standards are universal, by stipulating these standards within a smart card program you can:

  • Reduce development and testing time and, therefore, costs, as GlobalPlatform standards have undergone rigorous security testing.

  • Create a smart card environment capable of housing both single and multiple applications.

  • Establish competition between solution providers; as a like-for-like product is being compared.

  • Easily switch from one technology provider to another, as the standards are free and can be implemented by any technology vendor.

  • Implement a future-proof and scaleable card and systems infrastructure that can support the entire evolution of the smart card program.

Long-Term Investment
A key concern for any government issuing a smart card-based system is to ensure the long-term viability of the solution. Indeed, the introduction of a single card capable of housing multiple applications represents an enormous advantage for any sector. In order to meet implementations, future requirements, the standard smart card infrastructure needs to be in place at the beginning of the implementation to support the program's second-generation, multi-application environment.

Historically, the rate of smart card adoption has been hampered by a reluctance to issue high-memory cards, as these can be deemed prohibitively expensive. However, the cost of microprocessor cards has been driven down in recent years. What's more, by ensuring that the smart card infrastructure is based on GlobalPlatform standard technology, low-capacity memory cards with the same level of security can be issued in the first instance, with the option to migrate to higher capacity memory and multi-application at a later date. By adopting GlobalPlatform standards and specifications at the beginning, the smart card project is future-proofed, and the need for costly re-issuance and redevelopment is removed.

This is particularly important if a smart card program is deployed widely across a region/country. Any modification to the program, such as the addition of a new application or regulation, can require an extensive upgrade of the implementation's system architecture and require the redeployment of cards in a variety of locations and facilities.

And it is not just the advancement of new, efficient technologies that can force the need for a smart card program manager to make alterations to the implementation, but regulatory requirements also have a significant impact. All industries are subject to regulation and updates from governing bodies that often result in a review of the way services are delivered, which, in turn, necessitates changes to the smart card program infrastructure. Therefore, the solution envisaged during the start-up phase may not reflect future demand. This can result in extensive, and costly, redesign, rebuilding and retesting.

Once the system infrastructure is established, the management of this multi-application smart card environment is the real challenge. From a provider perspective, GlobalPlatform specifications are capable of isolating and simultaneously managing all of the different applications on the card. The providers don't need to re-invest in a separate management system for each of the different applications. In the case of the CAC, using GlobalPlatform technology has enabled the DOD to effectively manage a smart card environment that allows for the dynamic loading and deleting of applications, as well as multi-application and software post-issuance capabilities.

An Interoperable Future
Encouraged by the increasing acceptance of smart card programs, many organizations are investigating ways to drive usage of their implementations and seek new routes to market their product or service. It has, therefore, become extremely desirable to create a unified infrastructure for an interoperable smart card program, allowing additional services, such as payment and ID or mobile and healthcare, to be offered on a single card.

In order to realize this vision of a secure, multi-application smart card program, the infrastructure must be in place to allow dynamic management rights and updates without relinquishing control from the issuer. GlobalPlatform technology is designed to meet this requirement, providing maximum flexibility to the issuer, and its business partners.

All this can only be achieved through the implementation of an interoperable and cost-effective, standards-based solution. As an open system, GlobalPlatform provides a smart card infrastructure that is capable of supporting multiple applications and multiple partners for future-proof smart card implementations. With many second generation smart card programs present in the marketplace, end users are beginning to enjoy the convenience and efficiency offered, while providers are benefiting from increased adoption and a future of partnership possibilities.

This article originally appeared in the August 2006 issue of Security Products, pg. 8.

This article originally appeared in the issue of .

Featured

  • Survey: 60 Percent of Organizations Using AI in IT Infrastructure

    Netwrix, a cybersecurity provider focused on data and identity threats, today announced the release of its annual global 2025 Cybersecurity Trends Report based on a global survey of 2,150 IT and security professionals from 121 countries. It reveals that 60% of organizations are already using artificial intelligence (AI) in their IT infrastructure and 30% are considering implementing AI. Read Now

  • New Research Reveals Global Video Surveillance Industry Perspectives on AI

    Axis Communications, the global industry leader in video surveillance, has released its latest research report, ‘The State of AI in Video Surveillance,’ which explores global industry perspectives on the use of AI in the security industry and beyond. The report reveals current attitudes on AI technologies thanks to in-depth interviews with AI experts from Axis’ global network and a comprehensive survey of more than 5,800 respondents, including distributors, channel partners, and end customers across 68 countries. The resulting insights cover AI integration and the opportunities and challenges that exist with regard to security, safety, business intelligence, and operational efficiency. Read Now

  • SIA Urges Tariff Relief for Security Industry Products

    Today, the Security Industry Association has sent a letter to U.S. Trade Representative Jamieson Greer and U.S. Secretary of Commerce Howard Lutnick requesting relief from tariffs for security industry products and asking that the Trump administration formulate a process that allows companies to apply for product-specific exemptions. The security industry is an important segment of the U.S. economy, contributing over $430 billion in total economic impact and supporting over 2.1 million jobs. Read Now

  • Report Shows Cybercriminals Continue Pivot to Stealthier Tactics

    IBM recently released the 2025 X-Force Threat Intelligence Index highlighting that cybercriminals continued to pivot to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined. IBM X-Force observed an 84% increase in emails delivering infostealers in 2024 compared to the prior year, a method threat actors relied heavily on to scale identity attacks. Read Now

  • 2025 Security LeadHER Conference Program Announced

    ASIS International and the Security Industry Association (SIA) – the leading membership associations for the security industry – have announced details for the 2025 Security LeadHER conference, a special event dedicated to advancing, connecting and empowering women in the security profession. The third annual Security LeadHER conference will be held Monday, June 9 – Tuesday, June 10, 2025, at the Detroit Marriott Renaissance Center in Detroit, Michigan. This carefully crafted program represents a comprehensive professional development opportunity for women in security this year. To view the full lineup at this year’s event, please visit securityleadher.org. Read Now

    • Industry Events
Most   Popular

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.