Presentation is loading. Please wait.

Presentation is loading. Please wait.

Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 1 Update on Government Smart Cards 7th Information.

Published byMaximillian Ward Modified over 9 years ago

Similar presentations

Presentation on theme: "Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 1 Update on Government Smart Cards 7th Information."— Presentation transcript:

1

2 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 1 Update on Government Smart Cards 7th Information Security Workshop Smart Cards: Technology, Applications and Security Centre for Applied Cryptographic Research Sheraton Reston - Reston VA - April 25, 2001 Presentation by John G Moore GSA Office of Electronic Government 18th & F St NW Washington DC 20405 202.208.7651 johng.moore@gsa.gov

3 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 2 Trends Driving Government Transformation Government Internet Increased outsourcing and privatization Globalization Increased public expectations Performance measurement and accountability IT skill shortage and aging of workforce

4 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 3 Smart eGov Technologies The Tech Side of Entrepreneurial Government “In the Age of Global Positioning (GPS) Without a Map!” In this age, the role of Government is to identify where progress might be made through Government involvement, and then take the steps necessary for the progress to occur. With regard to Smart Cards, that means Interoperability.

5 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 4 GSA Office of Electronic Government The mission of GSA Office of Electronic Government is strategic leadership in identification and deployment of eGov Technologies www.ec.fed.gov

6 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 5 Driving Towards eGov Convergence Hi Tech Call Centers eMarketplaces Buying, selling, auctioning Smart Cards ID, Security, Convenience XML Content management architecture Mobile Computing Wireless e-Business Policy Setting Standards and Guidelines Partnering - Agency/Industry Agency Pilots Task Forces and User Groups Authenti- cation CA Cross Certification Digital Signatures Secure Web GPEAE-SignA-130Sect 508PDD-63 FirstGov FederalBizOpps Federal Commons FedSales ARNet Acquisition Reform Network Intergov Councils IT Leaders Forums White Papers / Talks Business Case Analyses Best Practices Bill Holcombe GSA

7 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 6 The Big “Chunks” of Smart eGov Technologies The Technology Side of eGov Technologies Smart Card, eCert Interactive eForms / eTransactions Wireless / Mobile Seat Management Voice and Speech Technologies, Video, Increased Bandwidth Increasing re-systematization toward web-based and miniaturized Technology Platforms The People Side of eGov Technologies Knowledge Management - Distance Learning - Telework / Future - Customer Relationship Management (CRM) Distance Learning / Increased Leverage Remote Help Desk Workforce / Increasing Population / More Diverse / Increasingly Mobile / Larger Remote Technology Training Burden / Talent Bank Shortage Crisis

8 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 7 Smart eGov Technologies * Smart Cards * ACES – Automated Certificates for Electronic Services E-Certs / Digital Signature E-Forms E-Marketplaces GPEA PKI XML Internet Enhanced Search Engines Format Compatibilizers Video Cams Parametric Graphic User Interfaces Emerging Technologies Wireless / Mobile Bandwidth and Storage Capacity Combined Phone and PDAs TV - Video Sequences Voice and Speech Technology Portable Handheld Scanners Channel Convergence Data Warehousing Business Intelligence Aggregation Globalization One reason these technologies are difficult is the degree they penetrate the general population

9 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 8 What Need Does Gov’t Smart Card Fill? What do “Smart” eGov Technologies Do? Convenience Mobility / Ease of use Makes your life simpler Functionality Actually does something Solves a real problem Protection of privacy and security Protection from hackers and cyber-terrorists “Data Cleanliness” Keeps your “clean” from questionable data

10 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 9 What is a Smart Card for Gov’t? Authentication Architecture Digital Photo, Biometrics, Finger Print, Voice Print, Hand Geometry, Iris Scan, Keyboard Dynamics, Digitized Signature, Signature Dynamics, Personal ID, Electronic Signature Encryption, Compression Public/Private Key, Digital Signature (DSS), RSA for Off-line, Wireless, Telephony Hardware/Software Based, Crypto Co-Processor Uses Pre-paid Money, Credit, Debit, Authorizations, ID, Certificate Secure eMail, eForms, Digital signature * Proximity / Combi Chip are imminent - combining smart card and radio frequency into one chip * RF indicates Radio Frequency Chip Mag Stripe on back Smart Card Chip * Digital Photo Barcode A Multi-Application, Multi-Tech Proximity Smart Card A Hybrid / Composite Card

11 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 10 Smart Card Applications Account Information eForms - Contact Information Rostering / Email / Internet / eSign Physical Access / Authentication / ID Logical Access / Crypto / PKI Proximity / Transit Financial / Payment / Travel / Phone

12 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 11 Card Functionality in GSA Common Access ID Procurement Rostering Identification Physical Access Computer Access Digital Signature Electronic Purse Medical Information Biometrics Capability Property Management Training/Certifications Electronic Forms Generation Potential Commercial Aplets

13 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 12 Government Smart Card Architecture contains: J8 (Personal Contact Data) –Social Security Number, etc. G8 (Veterans Medical Data Elements) –VA G8 Health & Government Service Delivery http://www.open.gov.uk/govoline/golintro.htm Services interactive eForms Fillforms.gov Transactions Screen-Scrapers / XML Government Smart Card Fills Out eForm Does Rostering

14 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 13 Interactive eForms Smart Card Fills Out eForms (cont’d) Web-based Form Inventory www.fillforms.gov Smart Card automatically fills in your personal J8 data into the eForm, can eSign it and submit it electronically Name / Address / Organization SSN / Acct #s and other Contact Information PKI eCert Your eligibility for various service and encryption for secure eMail and non-repudiation

15 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 14 Legislative Mandates and Contracts

16 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 15 Related Legislation and GSA Contracts Web-based Smart PKI –Card Interoperability –Public Key Infrastructure Criteria for Limited Competition on Smart Cards between 5 prime vendors and 42 sub-contractors for 2 year window. ACES – eCert / Digital Signature Government Paperwork Elimination Act GPEA E-Signature / Interactive eForms Health Insurance Portability and Accountability Act of 1996 (HIPAA) GSA Smart Card Policy Guidelines Business Case for PKI on Smart Card

17 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 16 What is it? New legislation passed that requires agencies to provide: eForms alternative to paper eSignatures to authenticate sender eReceipts for acknowledgment For more information: www.ec.fed.gov/gpea Government Paperwork Elimination Act

18 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 17 Purpose of GPEA GPEA seeks to "preclude agencies or courts from systematically treating electronic documents and signatures less favorably than their paper counterparts", so that citizens can interact with the Federal government electronically. It requires Federal agencies, by October 21, 2003, to provide individuals or entities that deal with agencies the option to submit information or transact with the agency electronically, and to maintain records electronically, when practicable. GPEA states that electronic records and their related electronic signatures are not to be denied legal effect, validity, or enforceability merely because they are in electronic form. It also encourages Federal government use of a range of electronic signature alternatives. Government Paperwork Elimination Act (GPEA)

19 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 18 GSA ACES Contract: Facilitates secure on-line access to Government information and services Used when business need to know identity exists Provides a Government-wide Public Key Infrastructure and digital signature technology. Makes auxiliary services available to agencies to make use of the Infrastructure. Reduces overall costs by aggregating Government requirements. More Info: www.gsa.gov/aces ACES

20 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 19 GSA Government Smart Card Contract Common Access ID Smart Card Valued at $1.5 billion Is being used by: –DOD for DOD Common Access ID Smart Card Army / Navy / Marine Corps / Air Force / Military Academies –Veterans Affairs –Department of State –FDIC Interoperability –Contract features Smart Card Interoperability - First nation to require vendor smart cards to interoperate

21 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 20 Smart Card Interoperability Interoperability definition - Any card / any reader / common application interface to basic card services Architecture - Card / Reader / Host / Software Physical Access, Authorization, ID Issuance Logical Access, Crypto / Public Key Infrastructure (PKI), Basic Services Interface Biometric Templates for multiple biometrics NIST-supported Conformance Test Suite

22 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 21 Smart Card Interoperability Fitting the Pieces of SC Interoperability Interoperability Components –PHYS Physical/authentication/ID –LOGI Logical/Crypto/PKI –BIOM Biometric Templates –ARCH Architecture Basic Service Interface & Application Profile Interface –TEST Conformance Testing LOGIPHYSBIOM ARCHAPIBSI TEST Getting agencies to read and process cards from different vendors Agency 1Agency 2 Agency 3Agency 4 Card makes major impact toward E-Gov and E-Commerce with access to buildings, internet, transport, purchases, authorizations, email and e-documents.

23 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 22 Government Smart Card Implementation Initiatives Many Agencies –DOD Common Access Smart Card / Navy ATM @ Sea, Army, Air Force –Veterans Affairs –State Department –Federal Depositors Insurance Corporation (FDIC) –DC Metro Transit Proximity Card –Treasury Smart Card Managers Group Many Applications / Multi-Application Card –Common Access ID Smart Card –DOD Troop Readiness –Financial “Pay” Card –Medical –Transit –Electronic Benefit Transfer / Public Assistance

24 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 23 Active duty military Selected Reserve/National Guard DoD civilian employees DoD contractors inside the firewall (Approximately 4 million people) WHO GETS A DOD SMART CARD? Mary Dixon DOD

25 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 24 CHARACTERISTICS OF DOD SMART CARD Crypto co-processor (for PKI) 16K to 32K (availability/cost) ~ $6 per card Interoperability Goal: any operating system, any card, any reader Compliant with and document in Joint Technical Architecture (JTA) Mary Dixon DOD

26 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 25 After Before Government ID Travel Card American Airlines Ticketing Phone Card Purchase Card Willow Wood All-in-one Card Bill Holcombe GSA

27 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 26 APPLICATIONSMAJOR PLAYERS Travel Building access Smart purchase Personal property Phone card Boarding pass Digital signature GSA Citibank IBM Visa 3GI GTE Sandia Labs Willow Wood All-in-one Card Bill Holcombe GSA Phase 2 for GSA FTS is now underway, other GSA efforts being explored

28 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 27 Where are we now re: “Smart” Technologies in the US? Smart Cards / 16K / 32K Smart Card Readers Certificates / PKI / ACES on or off card Software / Infrastructure Combi Chips / Proximity nearly ready Enhanced capacity and security Risk Management GSA Contract DOD Issuance 2002 ** Starting Now **

29 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 28 Worldwide Chip Card Forecast 1997 Total 962 2002 Total 4716 Millions of Cards Source: Dataquest & Schuler Consultancy NOTE The Common Access Smart Card Is Designed for Multiple Applications Now

30 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 29 3 million -- Total North American Chip Cards - 1995 100 million -- Total North American Chip Cards - 2000 Chip Cards In Use - U.S. vs Other Nations –65% -- Western Europe –17% -- Latin America –4% -- U.S. –4% -- Asian Rim –4% -- Eastern Europe –6% -- Rest of World US Chip Card Use

31 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 30 Federal Smart Card Market Maturity Many indicator show market readiness Number of Chip Cards Increased Smart Card Membership Increased Price per Card Decreased Response Time Reduced Memory Capacity from 1 to 32 K Legislation encourages interoperability for EBT –S-1733 and HR 2709 Many of barriers for US implementation have been removed

32 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 31 Potential Smart Card Market Penetration All too often when we judge technology introduction, we do not properly take into account the size and complexity. The full market for smart cards should be taken into account. It must penetrate further than TV –Several in the pockets of each person –(97% of the people) times several cards –The access token of choice –The digital signature of choice

33 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 32 eGov Project Life Cycle 1. Conceptualize/formulate 2. Identify partners 3. Educate and train 4. Develop plan/strategy 5. Establish governmentwide group 6. Set up portal, develop tools 7. Foster pilots 8. Issue policy 9. Transfer implementation to agencies 10. Monitor implementation of policy eBusiness Arch GPEA Privacy Policy Grants PKI-Bridge FedBizOpps Smart Cards Portals Trng&Ed Less Mature More Mature PKI-ACES eCerts PHASES PROJECTS Bill Holcombe - GSA

34 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 33 eGov Life Cycle Time to Market and Expected Impact Targets EGov Life Cycle Dimension- Time to reach the market Impact on US in: Number of people influenced Number of business & orgn’s Number of transactions Productivity Dollars saved Effect on National Economy Smart Cards eCerts EGov Technologies Mobile

35 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 34 How Smart Cards Will Emerge & Some Barriers to Overcome Smart Cards and eCert / Digital Signature / PKI will begin to appear as part of large enterprise or Agency applications, such as Departments of Defense, State, Treasury, and Veterans Affairs, but also at the State Government level for Health and Welfare, and be lead by Transit and University applications. As applications such as standard Extensible Markup Language (XML) eForms become available, Smart Card implementation will accelerate. Federal Agency Smart Cards need to contain a Basic Services Interface (BSI) in accordance with the Government Smart Card specification –This helps puts to rest their concern about expensive retrofits, and accelerates deployment. –Agencies need to get the word to avoid expensive retrofits so that Smart Card applications can flourish. Partnership is needed between Government and Business to agree on a practical Smart Card implementation convention and practice to arrive at a meeting place between GOTS and COTS (off-the-shelf software for Government and Commercial. Backward and forward compatibility between card, reader and card operating systems is a vital issue.

36 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 35 Websites for Smart E-Gov Technologies Access America for Seniorshttp://www.ssa.gov Access America Online Magazinehttp://www.accessamerica.gov CardTech / SecurTechhttp://www.ctst.com CHCS II DODComb’d Health Care Servicehttp://www.cba.ha.osd.mil/index.htm Electronic Benefits Transferhttp://ec.fed.gov/ebt.htm Electronic Funds Transfer Association http://www.efta.org Electronic Privacy Information Centerhttp://www.epic.org Federal Security Infrastructure PMOhttp://www.gsa.gov/fsi Financial Services Technology Consortiumhttp://www.fstc.org *** FirstGov.govhttp://www. http://www.FirstGov.gov Global Chip Card Alliancehttp://www.chipcard.org *** GSA Egov / eCom Sitehttp://ec.fed.gov GSA Office of Governmentwide Policyhttp://policyworks.gov GSA Office of Intergovt’l Affairshttp://policyworks.gov/org/main/mg/intergov/ *** GSA Smart Card Policyhttp://www.smart.gov *** GSA Center-Smart Card Solutions http://smartcard.gsa.gov *** GSA Access Certificateshttp://gsa.gov/aces/ International Card Manufacturers Assnhttp://www.icma.com International Standards Organizationhttp://www.iso.ch Java Card Forumhttp://www.javacardforum.org NACHA EBT Natl Clearing Houseshttp://www.nacha.org/ebt Natl Assn Campus Card Usershttp://www.naccu.org Nat'l Auto'd Clearing House Associationhttp://www.nacha.org/ebt *** Navy Smart Base Projecthttp://www.n4.hq.navy.mil/smartbase/default2.htm PC/SC Workgrouphttp://www.smartcardsys.com Smart Card Forumhttp://www.smartcrd.com Smart Card Industry Association http://www.scia.org 'Smart Card' Technology International'http://www.globalsmart.com US Budget FY 2001http://w3.access.gpo.gov/usbudget/fy2001/pdf/budget.pdf *** VA Card Site http://www.va.gov/card *** VA G8 Health & Govt Service Deliveryhttp://www.open.gov.uk/govoline/golintro.htm *** VA PKI sitehttp://www.va.gov/vapki.htm *** VHA Health eVet - Home Pagehttp://www.health-evet.va.gov/ WGA Annual Meeting http://www.westgov.org/wga/annual_meeting.htm WGA Annual Meeting Agendahttp://www.westgov.org/wga/am_hi_agenda.htm WGA Health Passport http://www.westgov.org/wga/initiatives/hpp/default.htm WGA Western Governors Association http://www.westgov.org

37 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 36 Contact Information The 7th CACR Information Security Workshop “Smart Cards: Technology, Applications and Security” Wednesday,April 25, 2001 Sheraton Reston Virginia Hosted by Certicom Corporation, and Centre for Applied Cryptographic Research www.cacr.math.uwaterloo.ca Update on Government Smart Cards Presentation by John G Moore GSA Office of Electronic Government 18th & F St NW Washington DC 20405 202.208.7651 johng.moore@gsa.gov

Download ppt "Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 1 Update on Government Smart Cards 7th Information."

Similar presentations

Chapter 3 E-Strategy.

Chapter 3 E-Strategy.
Security Controls and Systems in E-Commerce

Security Controls and Systems in E-Commerce
M.B.A. II SEMESTER Course No. 208 Paper No. – XVI E-Business Dr.N.C.Dhande Unit II e-business frameworks e-selling process, e-buying, e-procurement, e-payments:

M.B.A. II SEMESTER Course No. 208 Paper No. – XVI E-Business Dr.N.C.Dhande Unit II e-business frameworks e-selling process, e-buying, e-procurement, e-payments:
Customer First : Strategic Context and Opportunities Rory Mair.

Customer First : Strategic Context and Opportunities Rory Mair.
Research, Development, and Evaluation Commission Department of Information Management Research, Development, and Evaluation Commission The Executive Yuan,

Research, Development, and Evaluation Commission Department of Information Management Research, Development, and Evaluation Commission The Executive Yuan,
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Public Key Infrastructure (PKI) Hosting Services.

Public Key Infrastructure (PKI) Hosting Services.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
August 2004 Providing Industry-wide Security and Identity Management Solutions.

August 2004 Providing Industry-wide Security and Identity Management Solutions.
Electronic payment Methods: Defined: It is alternative payment mechanism for electronic transactions instead of traditional payment methods like cheque,cash,

Electronic payment Methods: Defined: It is alternative payment mechanism for electronic transactions instead of traditional payment methods like cheque,cash,
Computer Security Biometric authentication Based on a talk by Dr J.J. Atick, Identix, “Biometrics in the Decade of Security”, CNSS 2003.

Computer Security Biometric authentication Based on a talk by Dr J.J. Atick, Identix, “Biometrics in the Decade of Security”, CNSS 2003.
Federal Approach to Electronic Credentials For services to citizens, businesses, other governments, and employees Mary J. Mitchell Office of Electronic.

Federal Approach to Electronic Credentials For services to citizens, businesses, other governments, and employees Mary J. Mitchell Office of Electronic.
1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.

1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.

Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
02/12/00 E-Business Architecture

02/12/00 E-Business Architecture
The Internet & Electronic Commerce THE ELECTRONIC MALL.

The Internet & Electronic Commerce THE ELECTRONIC MALL.
E-Commerce: Technology and Business Development Andy Diaz Sofia Mayor Chris Ratigan.

E-Commerce: Technology and Business Development Andy Diaz Sofia Mayor Chris Ratigan.
Who is FCm? FCm Global Network (Equity & Partner Countries) Total 75+ Countries Network - $4.67b EMEA - $2.51b APAC - $1.25b Americas - $914m Offices.

Who is FCm? FCm Global Network (Equity & Partner Countries) Total 75+ Countries Network - $4.67b EMEA - $2.51b APAC - $1.25b Americas - $914m Offices.

Similar presentations

Ads by Google