Smart card technology vendors are betting that the passing of the United States governments latest worker identification deadline on Oct. 27 will help push use of their products further into the commercial sector and beyond.
The governments Homeland Security Presidential Directive-12 mandate requires that all federal agencies distribute certified PIV (personal identity verification) smart cards to their employees.
As a result of the deadline that has forced organizations including the Department of Defense to distribute millions of new smart cards to workers, makers of related software and devices say that millions more of the IDs will be put into the hands of workers outside the government sector.
First up will be the types of companies you might expect, including government contractors and so-called first responders who interact with federal agencies and law enforcement officials who already carry smart cards, said Jason Hart, chief executive of ActivIdentity, whose software was chosen to support the 3.5 million HSPD cards being distributed by the Department of Defense.
Beyond those workers Hart contends that security-oriented industries such as the health care and financial services sectors will soon begin handing out smart cards to end users to replace more traditional forms of authentication.
Since the devices can be used for everything from opening the door to a server room to encrypting data on a laptop computer, businesses may favor smart card systems over other single sign-on technologies that only address one type of application.
“We truly view HSPD-12 as a starting point because as this first wave of adoption provides success stories, and people see how the cards themselves are being used, private-sector companies will begin to get a better of how many tasks they can serve, and what the cost savings can be,” Hart said.
“If we look at how other countries are adopting smart cards and how that has affected the proliferation of an ecosystem beyond government applications, its easy to see all the possibilities that already exist.”
For instance, Hart said that in Germany, where the government has distributed an estimated 80 million smart cards to citizens since adopting the devices as part of its national health care system in 1993, people are using the devices to register new bank accounts or certify online transactions as private companies have begun tapping into the reach of the cards.
Since the IDs already hold all of a carriers personal details and have been verified by the government, the authentication tools allow businesses to trust the data they provide and to use them in a variety of tasks.
“When you can walk into a bank and hand them this single card that has your picture on it, and the bank can scan it and get all of your personal data in a format that has already been certified by the government, you imagine how much easier the process of opening a bank account, or conducting some other form of business can be,” he said.
The Future of Smart
ActivIdentity, based in Fremont, Calif., predicts that between 50 million and 100 million smart cards will be put into the hands of U.S. citizens over the next 10 years including those issued through state and local governments, such as for drivers licenses.
As business discover new ways to tap into the IDs, the company contends that smart cards could even someday replace traditional credit and debit cards as accepted forms of payment.
The private sector smart card revolution might not happen overnight, said Tom Greco, vice president of enabling infrastructures for CyberTrust, a Herndon, Va.-based provider of smart card software and consulting services.
However, he also believes that the HSPD-12 deadline marks a significant milestone in the overall movement to adopt the tools.
“There should be a natural evolution from that community of existing cardholders over next several years as when we get that level of good electronic credentials out there, things really start to get interesting in terms of pricing and applications that will help drive adoption among commercial businesses,” he said.
“We may not see them in the hands of consumers for another five to 10 years, but businesses will get the picture as they see people like government contractors finding great internal uses.”
As an example, Greco pointed out that smart cards can be used as a way to provide or revoke access to sensitive documents, which could help companies meet regulatory compliance requirements and ward off internal data leaks.
While businesses have only just begun to unify their network and physical security operations, smart cards can serve as a powerful vehicle for allowing authentication across disparate systems, he said.
For emerging consumer applications, the executive highlights the use of smart cards in Belgium, where a government program to distribute the cards has led to their use as a form of identification for accessing Internet chat rooms in the name of protecting minors from online predators.
At least one industry expert agreed that HSPD and other guidelines—such as the Real ID Act passed by Congress in 2005 requiring states to design new drivers licenses with more sophisticated authentication capabilities—will push smart cards into more Americans hands in the next several years.
“It may only be to a small degree over the next several years that we see things moving outside the government programs, but as more government workers get them, and people get them as licenses, that could certainly encourage more commercial businesses to adopt smart cards,” said Gregg Kreizman, analyst with Stamford, Conn.-based Gartner.
“I dont think every American will have one in five years, but something like HSPD does help the industry take a big step forward.”
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.