Federal government use of storage and processor cards for identification and other business purposes are growing at an impressive pace. The number of cards in use is growing into the tens of millions. Accompanying the growing use of storage and processor cards is a growing need for interoperability in the hardware and software associated with those cards necessary to support efficient procurement, maintenance, training, and operations.
The General Accounting Office (GAO) issued a report in January 2003 that evaluated the progress in promoting the use of smart cards across the Federal government. The “Progress in Promoting Adoption of Smart Card Technology”(GAO-03-144 report) sets forth recommendations regarding the role of the National Institute of Standards and Technology (NIST) in the United States Government Smart Card (GSC) program. As an initial response to the recommendations, NIST hosted the Storage and Processor Card-Based Technology Workshop. This workshop was organized to identify requirements for card based storage and processor technologies, card industry capabilities and trends, interoperability requirements and issues, and requirements and capabilities for single platform integration of multiple technologies. NIST not only developed and distributed card technology capabilities and requirements questionnaires and conducted interviews with Federal government agencies to further identify the state of current and planned technologies.
Workshop presentations and interviews disclosed several issues associated with security and privacy, multi-technology integration, standardization of implementations across organizations, and interoperability. These issues have been examined for evidence of gaps in existing standards and other factors that hamper government-wide application integration. It was found that varying requirements affecting the agencies’ selection from among various card technologies appear to be based on the following factors:
Variation of security requirements from agency to agency
Availability and maturity of technologies and related standards
Need for interoperability among sectors and among organizations within sectors
These factors, along with the capabilities and limitations of new and existing technologies, were used to identify gap areas in the existing agency policies and regulations and relevant standards. With respect to policy, agency-unique rules and regulations for identification (ID) proofing need to be addressed for interoperability.
The following technology gaps have been identified:
- Biometrics interoperability
Standards for co existence of multiple technologies on a card
Post embedding printing standards
Implementation of different options in formal standards can lead to non interoperable solutions between cards and card readers
Lack of standardized tests for optical effectiveness and clarity of holograms or diffraction gratings
Need for common standards for identity methods and machine-readable travel documents (both inter-agency and international).
This report includes findings captured from the workshop, interviews, and questionnaires. Although requirements for co-location of different technologies on a common card were identified, no requirements for on card interconnection of different technologies (e.g., optical stripe media, barcodes, magnetic stripes, and smart cards) were expressed. The overall conclusion derived from the findings is that although the building blocks (e.g., international standards and interagency specifications) are in place to support interoperable secure identification systems, business, management, and policy decisions limit the opportunities for interoperability. Specifically, policies regarding what personal information may be stored on card-based storage and processor systems need to be coordinated among agencies, and where necessary, codified in law. Just as importantly, responsibilities and infrastructures for entering and maintaining personal data onto the cards need to be established.
As each new card technology or application is developed, modification of the standards base will be needed to bridge the gap between existing and emerging card technologies and applications. However, to be useful, technical standards need to be consistent with policies that govern the relevant functional requirements for technology. In the case of card-based technologies, policy consensus needs to be established as a prerequisite to prioritization of technical standards activities. Gaps in card technology standards coverage necessarily result from technical innovation. However, the technologies supported by existing standards appear to be adequate to support most current user requirements. Policy and infrastructure developments can be expected to establish requirements not accounted for in existing standards. As these policy and infrastructure developments continue to occur, additional standards requirements are expected to emerge.
CONTENTS
Executive Summary
1. Introduction
1.3 Audience
2. Storage and Processor Card-Based Technologies Workshop
2.1 Overview
2.2 Workshop Sessions
- 2.2.1 Federal Government Card Technology Requirements
2.2.2 Current Card Technology Capabilities
2.2.3 Security and Privacy Issues
2.2.4 Multi-technology Integration Requirements and Issues
2.2.5 Interoperability Requirements and Issues
2.2.6 Technology Gaps Identified
3. Interviews and Questionnaires
- 3.1 Government Agency Interviews
3.2 Questionnaire Responses
4. Findings
- 4.1 Status of Standards, Specifications, and Implementation Guidelines
4.2 Integration Issues
4.3 Multi-technology Composition Issues
4.4 Security Issues
4.4.1 Range of Security Concerns
4.4.2 Current Security Challenges
4.5 Interoperability Issues
4.6 Summary
5. Conclusions
Download
PDF Ebook Card Technology Developments And Gap Analysis Interagency Report
