1 / 34

Update on Government Smart Cards

Update on Government Smart Cards. 7th Information Security Workshop Smart Cards: Technology, Applications and Security Centre for Applied Cryptographic Research Sheraton Reston - Reston VA - April 25, 2001. Presentation by John G Moore GSA Office of Electronic Government 18th & F St NW

siusan
Download Presentation

Update on Government Smart Cards

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Update on Government Smart Cards 7th Information Security Workshop Smart Cards: Technology, Applications and Security Centre for Applied Cryptographic Research Sheraton Reston - Reston VA - April 25, 2001 Presentation by John G Moore GSA Office of Electronic Government 18th & F St NW Washington DC 20405 202.208.7651 johng.moore@gsa.gov John Moore - GSA

  2. Internet IT skill shortage and aging of workforce Increased outsourcing and privatization Performance measurement and accountability Globalization Increased public expectations Trends Driving Government Transformation Government John Moore - GSA

  3. Smart eGov TechnologiesThe Tech Side of Entrepreneurial Government “In the Age of Global Positioning (GPS) Without a Map!” In this age, the role of Government is to identify where progress might be made through Government involvement, and then take the steps necessary for the progress to occur. With regard to Smart Cards, that means Interoperability. ??? John Moore - GSA

  4. GSA Office of Electronic Government • The mission of GSA Office of Electronic Government is strategic leadership in identification and deployment of eGov Technologies • www.ec.fed.gov John Moore - GSA

  5. Driving Towards eGov Driving Towards eGov New Ideas in The Big Picture Portals Technology FirstGov Convergence Hi Tech Call Centers Policy Setting Standards and Guidelines Partnering - Agency/Industry Agency Pilots Task Forces and User Groups FederalBizOpps eMarketplaces Buying, selling, auctioning Federal Commons XML Content management architecture FedSales Change Agents ARNet Acquisition Reform Network Intergov Councils IT Leaders Forums White Papers / Talks Smart Cards ID, Security, Convenience Metrics / Results Mobile Computing Wireless e-Business Business Case Analyses Best Practices Infrastructure Legislation / Mandates Authenti- cation Digital Signatures CA Cross Certification Secure Web GPEA E-Sign A-130 PDD-63 Sect 508 John Moore - GSA Bill Holcombe GSA

  6. The Big “Chunks” of Smart eGov Technologies • The Technology Side of eGov Technologies • Smart Card, eCert • Interactive eForms / eTransactions • Wireless / Mobile • Seat Management • Voice and Speech Technologies, Video, Increased Bandwidth • Increasing re-systematization toward web-based and miniaturized Technology Platforms • The People Side of eGov Technologies • Knowledge Management - Distance Learning - Telework / Future - Customer Relationship Management (CRM) • Distance Learning / Increased Leverage <Implosion Effect - Traffic - Stress> • Remote Help Desk • Workforce / Increasing Population / More Diverse / Increasingly Mobile / Larger Remote Technology Training Burden / Talent Bank Shortage Crisis John Moore - GSA

  7. Smart eGov Technologies • Parametric Graphic User Interfaces • Emerging Technologies • Wireless / Mobile • Bandwidth and Storage Capacity • Combined Phone and PDAs • TV - Video Sequences • Voice and Speech Technology • Portable Handheld Scanners • Channel Convergence • Data Warehousing • Business Intelligence • Aggregation • Globalization • * Smart Cards • * ACES – Automated Certificates for Electronic Services • E-Certs / Digital Signature • E-Forms • E-Marketplaces • GPEA • PKI • XML • Internet • Enhanced Search Engines • Format Compatibilizers • Video Cams One reason these technologies are difficult is the degree they penetrate the general population John Moore - GSA

  8. What Need Does Gov’t Smart Card Fill?What do “Smart” eGov Technologies Do? • Convenience • Mobility / Ease of use • Makes your life simpler • Functionality • Actually does something • Solves a real problem • Protection of privacy and security • Protection from hackers and cyber-terrorists • “Data Cleanliness” • Keeps your “clean” from questionable data John Moore - GSA

  9. Digital Photo, Biometrics, Finger Print, Voice Print, Hand Geometry, Iris Scan, Digital Photo Smart Card Chip * Keyboard Dynamics, Digitized Signature, Signature Dynamics, Personal ID, Electronic Signature Mag Stripe on back Public/Private Key, Digital Signature (DSS), RSA for Off-line, Wireless, Telephony Hardware/Software Based, Crypto Co-Processor Barcode What is a Smart Card for Gov’t? A Multi-Application, Multi-Tech Proximity Smart CardA Hybrid / Composite Card Authen tication Architecture Encryption, Compression Uses Pre-paid Money, Credit, Debit, Authorizations, ID, Certificate Secure eMail, eForms, Digital signature * Proximity / Combi Chip are imminent - combining smart card and radio frequency into one chip * RF indicates Radio Frequency Chip John Moore - GSA

  10. Smart Card Applications • Account Information • eForms - Contact Information • Rostering / Email / Internet / eSign • Physical Access / Authentication / ID • Logical Access / Crypto / PKI • Proximity / Transit • Financial / Payment / Travel / Phone John Moore - GSA

  11. Card Functionality in GSACommon Access ID Procurement • Rostering • Identification • Physical Access • Computer Access • Digital Signature • Electronic Purse • Medical Information • Biometrics Capability • Property Management • Training/Certifications • Electronic Forms Generation • Potential Commercial Aplets John Moore - GSA

  12. Government Smart Card Fills Out eForm Does Rostering • Government Smart Card Architecture contains: • J8 (Personal Contact Data) • Social Security Number, etc. • G8 (Veterans Medical Data Elements) • VA G8 Health & Government Service Delivery • http://www.open.gov.uk/govoline/golintro.htm • Services interactive eForms Fillforms.gov • Transactions • Screen-Scrapers / XML John Moore - GSA

  13. Interactive eFormsSmart Card Fills Out eForms (cont’d) • Web-based Form Inventory • www.fillforms.gov • Smart Card automatically fills in your personal J8 data into the eForm, can eSign it and submit it electronically • Name / Address / Organization • SSN / Acct #s and other Contact Information • PKI eCert • Your eligibility for various service and encryption for secure eMail and non-repudiation John Moore - GSA

  14. Legislative Mandates and Contracts John Moore - GSA

  15. Related Legislation and GSA Contracts • Web-based Smart PKI • Card Interoperability • Public Key Infrastructure Criteria for Limited Competition on Smart Cards between 5 prime vendors and 42 sub-contractors for 2 year window. • ACES – eCert / Digital Signature • Government Paperwork Elimination Act GPEA • E-Signature / Interactive eForms • Health Insurance Portability and Accountability Act of 1996 (HIPAA) • GSA Smart Card Policy Guidelines • Business Case for PKI on Smart Card John Moore - GSA

  16. Government Paperwork Elimination Act • What is it? • New legislation passed that requires agencies to provide: • eForms alternative to paper • eSignatures to authenticate sender • eReceipts for acknowledgment • For more information: • www.ec.fed.gov/gpea John Moore - GSA

  17. Government Paperwork Elimination Act (GPEA) Purpose of GPEA GPEA seeks to"preclude agencies or courts from systematically treating electronic documents and signatures less favorably than their paper counterparts", so that citizens can interact with the Federal government electronically. It requires Federal agencies, by October 21, 2003, to provide individuals or entities that deal with agencies the option to submit information or transact with the agency electronically, and to maintain records electronically, when practicable. GPEA states that electronic records and their related electronic signatures are not to be denied legal effect, validity, or enforceability merely because they are in electronic form. It also encourages Federal government use of a range of electronic signature alternatives. John Moore - GSA

  18. GSA Government Smart Card ContractCommon Access ID Smart Card • Valued at $1.5 billion • Is being used by: • DOD for DOD Common Access ID Smart Card • Army / Navy / Marine Corps / Air Force / Military Academies • Veterans Affairs • Department of State • FDIC • Interoperability • Contract features Smart Card Interoperability - First nation to require vendor smart cards to interoperate John Moore - GSA

  19. Smart Card Interoperability • Interoperability definition - Any card / any reader / common application interface to basic card services • Architecture - Card / Reader / Host / Software • Physical Access, Authorization, ID Issuance • Logical Access, Crypto / Public Key Infrastructure (PKI), Basic Services Interface • Biometric Templates for multiple biometrics • NIST-supported Conformance Test Suite John Moore - GSA

  20. ARCH BSI API TEST PHYS LOGI BIOM Agency 1 Agency 2 Agency 3 Agency 4 Smart Card Interoperability Fitting the Pieces of SC Interoperability • Interoperability Components • PHYS Physical/authentication/ID • LOGI Logical/Crypto/PKI • BIOM Biometric Templates • ARCH Architecture Basic Service Interface & Application Profile Interface • TEST Conformance Testing Getting agencies to read and process cards from different vendors Card makes major impact toward E-Gov and E-Commerce with access to buildings, internet, transport, purchases, authorizations, email and e-documents. John Moore - GSA

  21. Government Smart Card Implementation Initiatives • Many Agencies • DOD Common Access Smart Card / Navy ATM @ Sea, Army, Air Force • Veterans Affairs • State Department • Federal Depositors Insurance Corporation (FDIC) • DC Metro Transit Proximity Card • Treasury Smart Card Managers Group • Many Applications / Multi-Application Card • Common Access ID Smart Card • DOD Troop Readiness • Financial “Pay” Card • Medical • Transit • Electronic Benefit Transfer / Public Assistance John Moore - GSA

  22. WHO GETS A DOD SMART CARD? • Active duty military • Selected Reserve/National Guard • DoD civilian employees • DoD contractors inside the firewall • (Approximately 4 million people) John Moore - GSA Mary Dixon DOD

  23. CHARACTERISTICS OF DOD SMART CARD • Crypto co-processor (for PKI) • 16K to 32K (availability/cost) • ~ $6 per card • Interoperability Goal: any operating system, any card, any reader • Compliant with and document in Joint Technical Architecture (JTA) John Moore - GSA Mary Dixon DOD

  24. Willow Wood All-in-one Card Before After Government ID Travel Card Purchase Card Phone Card American Airlines Ticketing John Moore - GSA Bill Holcombe GSA

  25. Willow Wood All-in-one Card APPLICATIONS MAJOR PLAYERS • Travel • Building access • Smart purchase • Personal property • Phone card • Boarding pass • Digital signature • GSA • Citibank • IBM • Visa • 3GI • GTE • Sandia Labs Phase 2 for GSA FTS is now underway, other GSA efforts being explored John Moore - GSA Bill Holcombe GSA

  26. Where are we now re: “Smart” Technologies in the US? • Smart Cards / 16K / 32K • Smart Card Readers • Certificates / PKI / ACES on or off card • Software / Infrastructure • Combi Chips / Proximity nearly ready • Enhanced capacity and security • Risk Management • GSA Contract • DOD Issuance 2002 ** Starting Now ** John Moore - GSA

  27. US Chip Card Use • 3 million -- Total North American Chip Cards - 1995 • 100 million -- Total North American Chip Cards - 2000 • Chip Cards In Use - U.S. vs Other Nations • 65% -- Western Europe • 17% -- Latin America • 4% -- U.S. • 4% -- Asian Rim • 4% -- Eastern Europe • 6% -- Rest of World John Moore - GSA

  28. Federal Smart Card Market Maturity Many indicator show market readiness • Number of Chip Cards Increased • Smart Card Membership Increased • Price per Card Decreased • Response Time Reduced • Memory Capacity from 1 to 32 K • Legislation encourages interoperability for EBT • S-1733 and HR 2709 Many of barriers for US implementation have been removed John Moore - GSA

  29. Potential Smart Card Market Penetration All too often when we judge technology introduction, we do not properly take into account the size and complexity. The full market for smart cards should be taken into account. It must penetrate further than TV • Several in the pockets of each person • (97% of the people) times several cards • The access token of choice • The digital signature of choice John Moore - GSA

  30. eGov Project Life Cycle eGov Project Life Cycle PHASES PROJECTS Less Mature 1. Conceptualize/formulate 2. Identify partners 3. Educate and train 4. Develop plan/strategy 5. Establish governmentwide group 6. Set up portal, develop tools 7. Foster pilots 8. Issue policy 9. Transfer implementation to agencies 10. Monitor implementation of policy eBusiness Arch GPEA Privacy Policy Grants PKI-Bridge PKI-ACES eCerts FedBizOpps Smart Cards Trng&Ed Portals More Mature John Moore - GSA Bill Holcombe - GSA

  31. EGov Technologies Mobile eCerts Smart Cards eGov Life CycleTime to Market and Expected Impact Targets EGov Life Cycle Dimension- Time to reach the market Impact on US in: Number of people influenced Number of business & orgn’s Number of transactions Productivity Dollars saved Effect on National Economy John Moore - GSA

  32. How Smart Cards Will Emerge &Some Barriers to Overcome • Smart Cards and eCert / Digital Signature / PKI will begin to appear as part of large enterprise or Agency applications, such as Departments of Defense, State, Treasury, and Veterans Affairs, but also at the State Government level for Health and Welfare, and be lead by Transit and University applications. • As applications such as standard Extensible Markup Language (XML) eForms become available, Smart Card implementation will accelerate. • Federal Agency Smart Cards need to contain a Basic Services Interface (BSI) in accordance with the Government Smart Card specification • This helps puts to rest their concern about expensive retrofits, and accelerates deployment. • Agencies need to get the word to avoid expensive retrofits so that Smart Card applications can flourish. • Partnership is needed between Government and Business to agree on a practical Smart Card implementation convention and practice to arrive at a meeting place between GOTS and COTS (off-the-shelf software for Government and Commercial. • Backward and forward compatibility between card, reader and card operating systems is a vital issue. John Moore - GSA

  33. Websites for Smart E-Gov Technologies Access America for Seniorshttp://www.ssa.gov Access America Online Magazine http://www.accessamerica.gov CardTech / SecurTech http://www.ctst.com CHCS II DODComb’d Health Care Servicehttp://www.cba.ha.osd.mil/index.htm Electronic Benefits Transfer http://ec.fed.gov/ebt.htm Electronic Funds Transfer Association http://www.efta.org Electronic Privacy Information Center http://www.epic.org Federal Security Infrastructure PMO http://www.gsa.gov/fsi Financial Services Technology Consortium http://www.fstc.org ***FirstGov.govhttp://www. http://www.FirstGov.gov Global Chip Card Alliance http://www.chipcard.org ***GSA Egov / eCom Sitehttp://ec.fed.gov GSA Office of Governmentwide Policy http://policyworks.gov GSA Office of Intergovt’l Affairs http://policyworks.gov/org/main/mg/intergov/ ***GSA Smart Card Policyhttp://www.smart.gov ***GSA Center-Smart Card Solutions http://smartcard.gsa.gov ***GSA Access Certificateshttp://gsa.gov/aces/ International Card Manufacturers Assn http://www.icma.com International Standards Organization http://www.iso.ch Java Card Forum http://www.javacardforum.org NACHA EBT Natl Clearing Houses http://www.nacha.org/ebt Natl Assn Campus Card Users http://www.naccu.org Nat'l Auto'd Clearing House Association http://www.nacha.org/ebt ***Navy Smart Base Projecthttp://www.n4.hq.navy.mil/smartbase/default2.htm PC/SC Workgroup http://www.smartcardsys.com Smart Card Forum http://www.smartcrd.com Smart Card Industry Association http://www.scia.org 'Smart Card' Technology International'http://www.globalsmart.com US Budget FY 2001 http://w3.access.gpo.gov/usbudget/fy2001/pdf/budget.pdf ***VA Card Sitehttp://www.va.gov/card ***VA G8 Health & Govt Service Deliveryhttp://www.open.gov.uk/govoline/golintro.htm ***VA PKI sitehttp://www.va.gov/vapki.htm ***VHA Health eVet - Home Pagehttp://www.health-evet.va.gov/ WGA Annual Meeting http://www.westgov.org/wga/annual_meeting.htm WGA Annual Meeting Agenda http://www.westgov.org/wga/am_hi_agenda.htm WGA Health Passport http://www.westgov.org/wga/initiatives/hpp/default.htm WGA Western Governors Association http://www.westgov.org John Moore - GSA

  34. Contact Information The 7th CACR Information Security Workshop “Smart Cards: Technology, Applications and Security” Wednesday,April 25, 2001 Sheraton Reston Virginia Hosted by Certicom Corporation, and Centre for Applied Cryptographic Research www.cacr.math.uwaterloo.ca Update on Government Smart Cards Presentation by John G Moore GSA Office of Electronic Government 18th & F St NW Washington DC 20405 202.208.7651 johng.moore@gsa.gov John Moore - GSA

More Related