Apocalyptic Hope ....................Smart Card Index...................................... e-ID cards .......................... VeriChip Index

Translate this web page: http://www.google.com/language_tools?hl=en (all languages)

Search this site powered by FreeFind

One Smart ID Card : Several Deployments
e-ID card ( with an embedded Computer - Chip -- a microprocessor ) deployed in phases :
( A National ID card with many applications, including financial abilities ... e-shopping )
Is the bottom line 666 accessibility ?

What are PIV cards ? http://www.atsec.com/01/index.php?id=06-0301-01 Tutorial


atsec
Please note the missing categories. Are they reserved for e-medical, e-banking, e-driver's license, visas, digitized biometrics,
and other data, etc. ? Time will tell.

1. PIV -- Personal Identification Verification cards mandated for all Federal Government employees beginning
October 27, 2006
Fed- Gov. employees to begin smart card IDs
The U.S. government will soon be issuing new, high-technology identification cards to more than ten million people in the federal work force. The move is prompting a debate over whether the work I.D.s represent the first step toward a national identification card.
http://www.voanews.com/english/AmericanLife/2006-10-02-voa32.cfm

2. PIV for STATE and LOCAL Government employees begins January 1, 2007
http://www.gcn.com/online/vol1_no1/42410-1.html

3. PIV for Businesses, Industry, Companies, Corporations in the Public Sector

4.. REAL ID -- for all citizens beginning 2008; an upgraded smart Driver's license

ONE Card for everything

The final operation of this e-ID smart card is to be Multi-functional, particularly for e-banking
( eft electronic fund transfer ). And it will also be used as a health card, visa, driver's license, etc.
The e-ID smart card is capable of adding many new functions while it is in use, without any observable changes, because of the microprocessor and because of the back end software.
That means that each time one places their smart card into a termional, data is being received AND transmitted from the many interconnecting databases that keep a running profile on each citizen in real-time. Facts about the owner are constantly updated. And not only that, but new applications / functions are added to the chip's abilities that weren't there previously, due to the backend software that enhances the chips capabilities while out in the field. That means that there is no need to get a new chip. It is automatically morphed for you while in use. Not only is this an added convenience, but it is also an added pitfall.

Each time an e-ID card interacts with a terminal ( POS point of sale etc.) new data is continuously upgraded on your chip-card. The profiling gets more and more detailed , and is communicated between many databanks.

For instance ... has your card tabulated that you bought cookies at the grocery store ?
There goes your insurance to cover diabetes.
It says you bought potatoe chips? Too much salt for your blood pressure !
You will have to pay for pharmaceuticals out of your own pocket.
Buying more than the ususal amount of groceries ? Perhaps someone is living with you.
You smoke ? Insurance possibly denied ; and so on, and so on.

While most articles say that the PIV smart card with PKI infrastructure is for Government employees, the more recent articles are stating that the PIV cards are required for government services. ( See ActivIdentity below )
So ..... will we be required to have these e-ID cards ? Yes. Beginning in 2008.
"Yesterday came suddenly " -- Beatles

1. PIV Cards : First, for Federal Government employees ( DoD etc. ) beginning October 27, 2006
Next, PIV cards for STATE and LOCAL employees beginning Jan. 1, 2007
Federal , State and Local Government employees
By October 27, 2006 all government employees are told that they must begin deploying e-ID cards for "interoperability" .. which means that only these cards will give the authorized holder access to their building where they are employed, or to any government building for services.
And it will also allow them to have computer access, upon verification. Without that smart ID card, there will be no building or computer access. It will become "ACCESS DENIED".

Latest update : September 19, 2006
Each participating agency won’t necessarily get an ID card issued Oct. 27. Instead, over the next several months, agencies will be scheduled to place their orders and get their cards. The goal is to issue cards to all participating agencies within 24 months,
[ Ed: by Sept. 2008 ] said Chris Niedermayer, steering committee chairman and associate CIO of the Agriculture Department.
Issuing the cards is only the beginning of the HSPD-12 equation, however. Even agencies signed up with GSA or another shared-services provider are on their own to acquire the appropriate card readers and infrastructure to use the cards, officials said. “Everyone is focusing on the next date, but it is really a much larger initiative we’re trying to achieve,” Kareis said.
http://www.washingtontechnology.com/news/21_18/federal/29323-1.html

GSA to approve PIV ( Personal Identity Verification ) cards -- May 20, 2006
Among these is a new Personal Identity Verification (PIV) ID card. The standards for the PIV cards have been in development since HSPD-12’s release, guided by the National Institute of Standards and Technology (NIST).
The HSPD-12 mandate requires all federal agencies to switch to these PIV cards to raise the level of identity verification and security across government. But getting all agencies to implement the new cards, mandated for new employees by Oct. 27, ( 2006 ) is proving to be a major undertaking
http://www.secureidnews.com/library/2006/05/18/new-government-smart-id-cards-slowly-coming-along/

Interoperability for Multiple Applications : ActivIdentity -- Oct. 4, 2006
FREMONT, Calif., Oct. 3 /PRNewswire-FirstCall/ -- ActivIdentity Corporation (NASDAQ: ACTI) , a global leader in digital identification for government and enterprise, today announced its plan to support the emerging ISO/IEC 24727 smart card interoperability framework standard as it is finalized and approved by the International Organization for Standardization (ISO). By extending its industry leading smart card software to support ISO/IEC 24727, ActivIdentity continues its strategy of support for global industry standards to ensure application interoperability across multiple standards and provide a migration path for organizations looking to implement secure, cost-effective authentication solutions based on this emerging standard
As a result, our applications support multiple standards, provide a clear path for our customers
to make post issuance field upgrades of the card and support new standards as they emerge."
Editor ISO 24727 Part 5. "I am glad to see commercial company leaders in this market, acknowledge the usefulness of this effort and decide to endorse such an architecture in their product line."
About ISO 24727
ISO/IEC 24727 is a set of programming interfaces for interactions between integrated circuit cards and external applications to include generic services for multi-sector use. The organization and the operation of the ICC conform to ISO/IEC 7816-4.
It consists of five parts:
Part 1: Architecture, Part 2: Generic card interface, Part 3: Application interface, Part 4: API administration and Part 5: Testing procedure.

Part 1 is approved; Parts 2-4 are expected to be approved during 2007 and Part 5 is likely to be approved in 2008.
National Institute of Standards and Technology (NIST) is leading the US contribution of this worldwide ISO standard through ANSI. Australia is proposing to use ISO/IEC 24727 as a common framework for multiple large scale smart card projects, including the Queensland Drivers License Program and the Australian Government Access Card project. In Europe the European Citizen Card standard Cent/TS 15480 is endorsing its use.
http://sev.prnewswire.com/computer-software/20061003/SFTU05603102006-1.html

Federal Compliance by due date -- Sept. 19, 2006
GSA still hopes to approve at least three products in each of the 22 categories, but Temoshok said some content areas will not be approved in time because they are not critical for agencies meeting the deadline.
http://www.gcn.com/online/vol1_no1/42034-1.html

BACK END SOFTWARE : PIVMAN
PIVMAN: real time updates in the field for those on "watch list" and everyone else too -- Sept. 22, 2006
The product consists of server software that keeps track of the status of credentials and handheld computers that are continually updated with current information and that can be used in the field.
http://www.cardtechnology.com/article.html?id=20060921S6L4Z1QG

PIVMAN for first responders ( police, fire, ambulance)
The PIVMAN is a mobile identification checking system [ Ed: current updates ] that supports the federal government’s new FIPS-201-standard Personal Identity Verification cards, plus a slew of others. Such solutions are increasingly important. Access control is straightforward at established entry points such as doors, but in a disaster, how can agencies ensure first responders should have access to a site?
http://www.gcn.com/print/25_28/41987-1.html

CoreStreet's PIVMAN
The PIVMAN System collects this information, links it to the cardholder identity, and distributes the data to handheld devices in the field. Those tasked with site management use the information displayed on-screen when making access decisions.
"PIVMAN offers organizations a way to set up secure perimeters on the fly. When an event happens, they need to ensure that the right personnel get to the right locations," added Broderick. "No other technology on the market today can use the FIPS 201 infrastructure to ensure both security and access without relying on network connections. The reality is, a network connection is not always available."

The PIVMAN System has played a key role in recent homeland security exercises run by the DHS ... . The exercises demonstrated that individuals from multiple organizations and jurisdictions could have the status of their government-issued smart credentials accurately checked and logged during an emergency in which communications channels were unavailable. The logs generated by the PIVMAN Handhelds were then used to create comprehensive audit trails and after-action reports. In addition to FIPS 201 cards, the types of credentials employed as part of these exercises included
the Department of Defense Common Access Card (CAC),
Transportation Worker Identification Credential (TWIC),
First Responder Authentication Credential (FRAC), and
Mariner Administrative Card (MAC).
http://business.itbusinessnet.com/articles/viewarticle.jsp?id=64386

The REAL ID Act for all citizens . ( upgraded drivers license by 2008 )
For more on REAL ID, please see www.cybertime.net/~ajgood/id.html

Starting in 2008 , ALL citizens must carry an e-ID smart card on their person at all times.
The REAL ID ACT of 2005 mandates that all Americans must carry an e-ID smart card by 2008. That would include a smart driver's license. Besides being "interoperable", these smart cards will be multi-functional, meaning they will be used for the following : identification purposes, for visas, for transportation, for driver's licenses, for medical / health records ( accessing files and databases) , and they will access your bank account for eft ( electronic funds transfer .. becoming a cashless society) ; It will be for all commerce and financing. The REAL ID smart card will also have building and computer ( logic) access. The REAL ID smart card will be the ONLY card that a citizen needs, in order to transact everything and anything in his or her's life time. It is a person's number for life.

So already, all of us are well on our way to being tracked, controlled and numbered for life.
Every transaction we make will be monitored. If ever the time comes that we are considered "politically incorrect",
our cards will no longer be operable, and they will generate "ACCESS DENIED" in every POS terminal, or wherever applied. Just as 911 was a major turning point in our lives, so will 1027 be a major turning point in our lives.

REAL ID -- USA http://www.federaltimes.com/index.php?S=1590231

Would Flu fears mandate an ID card for health etc.?
HSPD 12 http://sanantonio.bizjournals.com/sanantonio/stories/2006/04/24/focus5.html

Homeland Security www.cybertime.net/~ajgood/hshd.html

Futher Deployments: Businesses in the Public Sector

Health and Financial Sectors
"millions more of the IDs will be put into the hands of workers outside the government sector.
First up will be the types of companies you might expect, including government contractors and so-called first responders who interact with federal agencies and law enforcement officials who already carry smart cards, said Jason Hart, chief executive of ActivIdentity, whose software was chosen to support the 3.5 million HSPD cards being distributed by the Department of Defense.
Beyond those workers Hart contends that security-oriented industries such as the health care and financial services sectors will soon begin handing out smart cards to end users to replace more traditional forms of authentication. http://www.eweek.com/article2/0,1759,2043085,00.asp?kc=EWYH104039TX1B0000665
http://www.eweek.com/article2/0,1895,2043370,00.asp

Global Mandate for e-ID smart cards
more countries at www.cybertime.net/~ajgood/ax5.html

HSPD 12 ( Homeland Security Presidential Directive 12 ) mandates that all Federal employees must have an e-ID smart card. Although this was issued by the U.S. government, it is the standard of operation around the world . Each and every Government -- in both hemispheres ---is complying with HSPD 12 and also FIPS 201 to have "open" systems that can function anywhere and everywhere around the planet. That means that a Swedish e-ID card will be just as multi-functional in the U.S. as in anyplace ( and visa-versa).

Sweden complies with US directive HSPD 12: "Match-On-Card" -- June 1, 2006
The company is launching its smart card solution, Precise Match-On-Card, in a version compliant with the US Federal government standard, American National Standards Institute (ANSI 378). The standard is an important requirement in implementing the US Federal Government Homeland Security Presidential Directive 12 (HSPD-12) and the closely aligned Federal Information Processing Standards 201 (FIPS 201). By fall this year all US Government agencies must initiate the deployment of smart card based ID cards, the so called PIV (Personal Identity Verification) Cards.

"The Precise Match-on-CardT technology adjusted for the standard ANSI 378 takes biometric security and convenience one step further by performing the actual fingerprint match within the tamper-proof environment of a smart card. This reduces the vulnerability of matching on a network-connected device, an external server, or a database - normally considered weak links in the security chain." [ Ed: offline authentication]

While many of biometric devices used today still operate in a database environment making the solutions vulnerable to attacks and hacks, the Precise Match-on-CardT technology eliminates the need for the database by both storing and processing biometric data directly on a smart card, providing a secure, privacy-enhancing biometric program with dynamic flexibility and scalability
http://www.secureidnews.com/news/2006/06/01/precise-biometrics-launches-ansi-378-compliant-matchoncard-technology/
Precise
http://www.securitydocumentworld.com/public/news.cfm?&m1=c_10&m2=c_6&m3=e_0&m4=e_0&subItemID=579

The entire globe is following HSPD 12 and its further requirements.
All over the world there is a fast movement in progress that is mandating e-ID smart cards for all citizens of the planet. The whole process is gradual, so that the advancement is scarcely noticed ( with rare--or no-- media coverage).
First, there is a government directive that mandates smart ID cards .
http://www.osec.doc.gov/osy/HSPD12/HSPD-12Information.htm
and
http://www.idmanagement.gov/content/hspd12_faqs_implementation.htm

http://www.swhouse.com/applications/applications_solutions_FIPS.aspx

Already, the people of the Netherlands are carrying e-ID smart cards and cannot leave home without one.

Already the Far Eastern Nations are well advanced in e-ID smart card operations. There is not a nation upon this earth that is not working toward this goal.

Here is an example of the first stage of deployment in the Philippines. .... state workers
"People's ID Card " --- First for Gov. employees, then the people -- Aug. 2006 .... Ed: numbered for life
" NSO Administrator Carmencita Ericta in an interview said that after the pilot testing in the two agencies, they are targeting to implement the new ID system to the entire 1.5 million state employees.
She said the new ID will be the "primary identifier of a person transacting business with government" and will solve the problem of "assumed identity
"All the ingredients are now present for a garrison state ...
The identification card would help gain access to health insurance, pensions, housing loans and help those seeking work overseas. The card stores some of the owner's physical characteristics, including fingerprints, to give a definitive identification of the person presenting it.
"Isn't it better to just have one ID that you can use for all your transactions with the government instead of having a wallet bursting with so many IDs that you need?" she said
http://newsinfo.inq7.net/breakingnews/nation/view_article.php?article_id=16869

Philippine "unified multi-purpose ID system" by end of 2006
http://www.sunstar.com.ph/static/zam/2006/08/14/news/national.id.pilot.testing.slated.last.quarter.of.2006.html

Here is another example of how gradually the cashless society is evolving in New Zealand.
http://www.fivedoves.com/letters/sep2006/carlh99.htm

ActivIdentity -- "for accessing government resources globally"
The National Institute of Standards and Initiatives (NIST) responded to HSPD-12 by issuing FIPS 201, which identified
smart cards as the device to be used to provide the security and rapid electronic authentication to verify the identity of individuals accessing government resources globally. The rapidly approaching October 27, 2006 deadline for HSPD-12 mandates government agencies to deploy FIPS 201-certified Personal Identity Verification (PIV) cards, which incorporate identity assurance and strong authentication practices utilizing PKI and biometric fingerprint credentials on a single cryptographic smart card for increased security of both facility and network access.
http://www.secureidnews.com/news/2006/09/13/actividentys-fips-201-certified-products-gain-major-industry-partners/

Gemplus and HSPD 12 [ Homeland Sec. Presidential Directive ... same as executive order ]
FIPS 201 = Federal Information Processing System [ encryption]
LUXEMBOURG and ARLINGTON, Virginia, May 10 /PRNewswire/ -- Gemplus International S.A. (Euronext: LU0121706294 - GEM, NASDAQ: GEMP), a leading provider of secure card solutions, announces the launch of its SafesITe Government solution compliant with the US federal government's FIPS 201 regulations. Gemplus' solution will enable federal agencies to meet the HSPD-12 requirements for interoperability for government employees and contractors to access federal buildings and IT networks. As set forth in the presidential directive and regulations, all federal agencies must start to issue FIPS 201 compliant identity credentials by October 26 2006.
http://sev.prnewswire.com/computer-electronics/20060510/3159432en-1.html

LINKS pertaining to PIV
ax ......... ax 2 .......... ax 3 .......... ax 4 ........... ax 5 ............. ax 6

PIV : Many applications, including financial transactions -- Oct. 27, 2006
While many agencies will initially use the cards for physical access to buildings, and perhaps access to computers and networks, vendors predict that agencies will use the cards for a variety of functions, including encrypting data, authenticating e-mail senders, identifying beneficiaries of government worker benefits and even paying for transactions as a debit card.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=government&articleId=9004502&taxonomyId=13&intsrc=kc_top

HID global : smart card readers -- Nov. 28, 2006
IRVINE, Calif.--(BUSINESS WIRE)--HID Global, a leading manufacturer in the access control industry, today announced that its iCLASS® R10, R30, R40, RK40 and RP40 model access control readers have been approved by U.S. General Services Administration (GSA) as
Transparent Contactless Readers for their FIPS 201 Approved Products List. The certifications now enable HID Global to provide government agencies and other organizations with a trusted source for FIPS 201 certified contactless smart card readers. In addition to these readers, HID Global has also received approval on the iCLASS OEM 150 module to assist manufacturers in embedding HIDs FIPS 201 approved products into their own

HID Global is a leading manufacturer in the access control industry { Ed: buildings ] , serving customers worldwide with proximity and contactless smart card technologies; central station managed access controllers; secure and custom card solutions; digital identity and photo card management software solutions; secure card issuance solutions; and RFID electromechanical cylinders. Headquartered in Irvine, California, HID Global operates international offices that support more than 100 countries and is an ASSA ABLOY Group company. To learn more, please visit www.hidcorp.com.
http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20061128005262&newsLang=en

smart-chip now 1/2 as thin -- Nov. 3, 2006
NXP Semiconductors, the new semiconductor company founded by Philips, has come up with a new chip design that is finer than a human hair, or a sheet of paper. The development means that more protective material can be incorporated into the overall package..........
which is 50 percent thinner than the current industry standard for smart card ICs.

The new chip also enables the design of further security features such as additional layers for laser engraving.
Alternatively, designers can create new applications which are much thinner than was previously possible

The new 75µm wafer will be incorporated into products such as NXP’s new contactless package called MOB6 for ePassports and other contactless electronic identification solutions. At approximately 260 µm thick, the MOB6 is 20% thinner than existing solutions
http://www.securitydocumentworld.com/public/news.cfm?&m1=c_10&m2=c_4&m3=e_0&m4=e_0&subItemID=809

Smart Card Alliance helps government deploy new System -- Sept. 26, 2006
In order to aid organizations with the physical access control system (PACS) aspect of the implementation, the Smart Card Alliance
Physical Access Council released a new white paper today :
"Considerations for the Migration of Existing Physical Access Control Systems to Achieve FIPS 201 Compatibility".
Additional Smart Card Alliance educational resources that support FIPS 201 implementation will soon be announced.
Smart cards and readers are just the tip of the iceberg in FIPS 201 deployments. Government agencies need to consider new enrollment and issuance systems, as well as PACS changes and integration with back-end authentication systems," said Lars Suneborn, director, government programs, Hirsch Electronics and Smart Card Alliance Physical Access Council lead for the project.
http://www.govtech.net/magazine/channel_story.php/101214

Enabling Microsoft for PKI- PIV cards -- August 3, 2006 --TC Trust Centre
TC Enterprise ID Version 2007 includes a full set of features enabling integration with a Microsoft CA to allow auto enrollment of users.
TC Enterprise ID 2007 allows organizations to simplify PKI rollouts by allowing administrators to automatically apply for, issue and integrate digital certificates for all users of Microsoft Windows applications.
The principle of interoperability with leading smart card printers and makers means that the SmartCard Manager can be adapted on-site to issue personalized cards and integrate company-specific databases and workflows.
http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/08-02-2006/0004408683&EDATE=

Contactless .. 4 inches away
The interface for both contact and contactless readers must conform to the Personal Computer/Smart Card format. The contactless readers, which use radio frequency to read the card’s smart chip, will not be able to read a PIV card more than 10 centimeters, or about 4 inches, from the reader.
NIST also released a fresh draft of SP 800-76-1, titled Biometric Data Specification for Personal Identity Verification, for public comment. SP 800-76 sets out specifications for the biometric components of Federal Information Processing Standard 201, the overarching standard for PIV cards. http://www.gcn.com/print/25_29/42047-1.html

* The Terminator *
Novell : enrollment, registration, issuance and maintenance ( life cycle )
Novell has now integrated its industry-leading identity management capabilities into the solution, delivering an enhanced offering that enables federal agencies to go beyond the basic HSPD-12 mandate. The Novell® solution now manages identity enrollment, registration, issuance and all maintenance associated with the PIV life cycle, including immediately preventing terminated users from entering federal networks, buildings and facilities.
http://biz.yahoo.com/prnews/060912/sftu059.html?.v=67
For more information on Novell's Identity Assurance offering, please visit http://www.novell.com/industries/government/hspd12.html

It takes time to manufacture smart cards
http://www.frost.com/prod/servlet/vp-further-info.pag?mode=open&sid=2850250

Probaris PIV enrollment module
Most importantly, the Enrollment Module is built to support the same high security features as SP, including smart card authentication, separation of roles, authorization and digital signature support.
When using the SP system, an Enrollment Officer authenticates using their PIV smart card and their authorization to act in that role is verified. The enrollment data is then digitally signed using the Enrollment Officers' PKI certificate, and securely transmitted back to Probaris SP.
http://photography.consumerelectronicsnet.com/articles/viewarticle.jsp?id=63549

Salvation www.cybertime.net/~ajgood/sal.htm

Bible www.blueletterbible.org