U.S. Government Smart Card / PKI Initiatives & NIST Specifications
The United States government has established a multitude of specifications and compliance requirements needed to deploy cryptographic security and access smart card functions across it's many agencies. These agencies have coordination and steering committees as well as test facilities.
Two important industry-shaping activities on the security and identity management side of the smart card industry have been Presidential Directive HSPD-12, and the U.S. State Department's rush towards electronic passports that are built with contactless chip technology.
The specifications for Presidential Directive 12, which mandates a strong ID credential for all government employees, will be released by the end of February 2005 and government agencies will be under a time clock to comply with those specs. This presidential directive set in motion a federal enterprise-wide smart card standardization effort.
In addition, there was the much publicized U.S. Passport office’s ePassport program that goes into effect in 2005 along with other high profile projects from the Department of Defense, Department of Homeland Security, NASA, Veterans Affairs, and even some state governments.
Neither project directly relates to the other but both projects are breaking new ground in defining interoperability on a national and international scale. The level of standards engagement and policy-making by powerful bodies like ICAO, NIST, ANSI, and ISO and the smart card industry is unprecedented.
The ePassport testing and procurement program has been delayed twice but is now underway again after a vendor protest led to the Bureau of Consular Affairs inviting four additional vendors to join the evaluation process and resulting in a total of eight awards.
Department of Homeland Security
Homeland Security announced in October, 2004 the adoption of its first biometric facial recognition standard, designed to be consistent with international standards for biometrics used in such applications as travel documents.
Officials from the National Institute of Standards and Technology (NIST), Office of Management and Budget (OMB) and other agencies drafted the Federal Information Processing Standard (FIPS) 201 – which was approved
in February 2005 – and specifies the minimum technical and operational requirements for such a system and card. More than 80 organizations and individuals commented on the proposal.
Information and specifications for the GSC-IS specifications. These specifications are a guide to the next generation of smart card used throughout most US government agencies. The GSC-IS specification is split into parts: host side software stack (BSI), on-card APDU specification for Java Cards, and on-card APDU specification for file-system cards.
The computer scientists at NIST have for decades helped the FBI improve the automation process for matching prints found at crime scenes against the FBI's master file of fingerprints. NIST also works with systems that match facial images. While facial recognition systems employ different algorithms than fingerprint systems, many of the underlying methods for testing the accuracy of these systems are the same.
1. How can Federal agencies and other organizations use biometrics to authenticate unsupervised remote claimants whose computers and workstations they do not manage or control?
Information and test facilities to test your DoD Common Access Card with HTTP/SSL authentication.
Information on PKE-enabling applications and the requirements for validating PKI applications for use inside the government.
Information on how to validate your products for use inside government agencies. JITC performs testing and analysis on various hardware and software products.
Information on how to validate smart card and PKI products for use inside the US Army.
"Working with our DOD and U.S. government partners, DOD Biometrics has taken significant steps to improve our use of biometric technologies, particularly in supporting U.S. efforts in the global war on terrorism," said BMO director John Woodward.
"We continue to work this area as an urgent priority and welcome Dr. Joseph Guzman to our team. Dr. Guzman's expertise will help [BMO] advance our mission to bring biometrics closer to the warfighter."
Government Computer Smart Card News - search results for articles in Government Computer News
March 8 Pre-conference--Government Secure Credentialing workshop:
Track 1: Technology and Standards
Global Information Grid (GIG)
The Global Information Grid (GIG), as it is being defined by the U.S. Department of Defense (DoD), provides a fundamental shift away from centralized "information-push" technologies, toward a new era of information sharing by authorized users, anywhere, anytime. Building on the currently available Internet technologies, the GIG will provide to the U.S. DoD, its allies and coalition partners, a secure, highly available, and globally interconnected information environment to meet the real-time and near real-time information needs for security, military, diplomatic, and civil government purposes as well as for commercial enterprises.
Department of Homeland Security Access Card
03/05 - WASHINGTON -- A new smartcard, the type privacy advocates fear because it combines biometric data with radio tags, will soon be one of the most common ID cards in Washington.
The DAC, which stands for Department of Homeland Security Access Card, will carry a digital copy of its bearer's fingerprint and other personally identifiable information. It will use radio-frequency identification and Bluetooth technologies to communicate with reader devices at the department's offices.
RFID Invades the Capital - Wired News Story - continued