Presentation is loading. Please wait.

Presentation is loading. Please wait.

Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 1 Update on Government Smart Cards 7th Information.

Similar presentations


Presentation on theme: "Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 1 Update on Government Smart Cards 7th Information."— Presentation transcript:

1

2 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 1 Update on Government Smart Cards 7th Information Security Workshop Smart Cards: Technology, Applications and Security Centre for Applied Cryptographic Research Sheraton Reston - Reston VA - April 25, 2001 Presentation by John G Moore GSA Office of Electronic Government 18th & F St NW Washington DC

3 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 2 Trends Driving Government Transformation Government Internet Increased outsourcing and privatization Globalization Increased public expectations Performance measurement and accountability IT skill shortage and aging of workforce

4 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 3 Smart eGov Technologies The Tech Side of Entrepreneurial Government “In the Age of Global Positioning (GPS) Without a Map!” In this age, the role of Government is to identify where progress might be made through Government involvement, and then take the steps necessary for the progress to occur. With regard to Smart Cards, that means Interoperability.

5 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 4 GSA Office of Electronic Government The mission of GSA Office of Electronic Government is strategic leadership in identification and deployment of eGov Technologies

6 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 5 Driving Towards eGov Convergence Hi Tech Call Centers eMarketplaces Buying, selling, auctioning Smart Cards ID, Security, Convenience XML Content management architecture Mobile Computing Wireless e-Business Policy Setting Standards and Guidelines Partnering - Agency/Industry Agency Pilots Task Forces and User Groups Authenti- cation CA Cross Certification Digital Signatures Secure Web GPEAE-SignA-130Sect 508PDD-63 FirstGov FederalBizOpps Federal Commons FedSales ARNet Acquisition Reform Network Intergov Councils IT Leaders Forums White Papers / Talks Business Case Analyses Best Practices Bill Holcombe GSA

7 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 6 The Big “Chunks” of Smart eGov Technologies The Technology Side of eGov Technologies Smart Card, eCert Interactive eForms / eTransactions Wireless / Mobile Seat Management Voice and Speech Technologies, Video, Increased Bandwidth Increasing re-systematization toward web-based and miniaturized Technology Platforms The People Side of eGov Technologies Knowledge Management - Distance Learning - Telework / Future - Customer Relationship Management (CRM) Distance Learning / Increased Leverage Remote Help Desk Workforce / Increasing Population / More Diverse / Increasingly Mobile / Larger Remote Technology Training Burden / Talent Bank Shortage Crisis

8 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 7 Smart eGov Technologies * Smart Cards * ACES – Automated Certificates for Electronic Services E-Certs / Digital Signature E-Forms E-Marketplaces GPEA PKI XML Internet Enhanced Search Engines Format Compatibilizers Video Cams Parametric Graphic User Interfaces Emerging Technologies Wireless / Mobile Bandwidth and Storage Capacity Combined Phone and PDAs TV - Video Sequences Voice and Speech Technology Portable Handheld Scanners Channel Convergence Data Warehousing Business Intelligence Aggregation Globalization One reason these technologies are difficult is the degree they penetrate the general population

9 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 8 What Need Does Gov’t Smart Card Fill? What do “Smart” eGov Technologies Do? Convenience Mobility / Ease of use Makes your life simpler Functionality Actually does something Solves a real problem Protection of privacy and security Protection from hackers and cyber-terrorists “Data Cleanliness” Keeps your “clean” from questionable data

10 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 9 What is a Smart Card for Gov’t? Authentication Architecture Digital Photo, Biometrics, Finger Print, Voice Print, Hand Geometry, Iris Scan, Keyboard Dynamics, Digitized Signature, Signature Dynamics, Personal ID, Electronic Signature Encryption, Compression Public/Private Key, Digital Signature (DSS), RSA for Off-line, Wireless, Telephony Hardware/Software Based, Crypto Co-Processor Uses Pre-paid Money, Credit, Debit, Authorizations, ID, Certificate Secure , eForms, Digital signature * Proximity / Combi Chip are imminent - combining smart card and radio frequency into one chip * RF indicates Radio Frequency Chip Mag Stripe on back Smart Card Chip * Digital Photo Barcode A Multi-Application, Multi-Tech Proximity Smart Card A Hybrid / Composite Card

11 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 10 Smart Card Applications Account Information eForms - Contact Information Rostering / / Internet / eSign Physical Access / Authentication / ID Logical Access / Crypto / PKI Proximity / Transit Financial / Payment / Travel / Phone

12 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 11 Card Functionality in GSA Common Access ID Procurement Rostering Identification Physical Access Computer Access Digital Signature Electronic Purse Medical Information Biometrics Capability Property Management Training/Certifications Electronic Forms Generation Potential Commercial Aplets

13 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 12 Government Smart Card Architecture contains: J8 (Personal Contact Data) –Social Security Number, etc. G8 (Veterans Medical Data Elements) –VA G8 Health & Government Service Delivery Services interactive eForms Fillforms.gov Transactions Screen-Scrapers / XML Government Smart Card Fills Out eForm Does Rostering

14 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 13 Interactive eForms Smart Card Fills Out eForms (cont’d) Web-based Form Inventory Smart Card automatically fills in your personal J8 data into the eForm, can eSign it and submit it electronically Name / Address / Organization SSN / Acct #s and other Contact Information PKI eCert Your eligibility for various service and encryption for secure and non-repudiation

15 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 14 Legislative Mandates and Contracts

16 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 15 Related Legislation and GSA Contracts Web-based Smart PKI –Card Interoperability –Public Key Infrastructure Criteria for Limited Competition on Smart Cards between 5 prime vendors and 42 sub-contractors for 2 year window. ACES – eCert / Digital Signature Government Paperwork Elimination Act GPEA E-Signature / Interactive eForms Health Insurance Portability and Accountability Act of 1996 (HIPAA) GSA Smart Card Policy Guidelines Business Case for PKI on Smart Card

17 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 16 What is it? New legislation passed that requires agencies to provide: eForms alternative to paper eSignatures to authenticate sender eReceipts for acknowledgment For more information: Government Paperwork Elimination Act

18 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 17 Purpose of GPEA GPEA seeks to "preclude agencies or courts from systematically treating electronic documents and signatures less favorably than their paper counterparts", so that citizens can interact with the Federal government electronically. It requires Federal agencies, by October 21, 2003, to provide individuals or entities that deal with agencies the option to submit information or transact with the agency electronically, and to maintain records electronically, when practicable. GPEA states that electronic records and their related electronic signatures are not to be denied legal effect, validity, or enforceability merely because they are in electronic form. It also encourages Federal government use of a range of electronic signature alternatives. Government Paperwork Elimination Act (GPEA)

19 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 18 GSA ACES Contract: Facilitates secure on-line access to Government information and services Used when business need to know identity exists Provides a Government-wide Public Key Infrastructure and digital signature technology. Makes auxiliary services available to agencies to make use of the Infrastructure. Reduces overall costs by aggregating Government requirements. More Info: ACES

20 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 19 GSA Government Smart Card Contract Common Access ID Smart Card Valued at $1.5 billion Is being used by: –DOD for DOD Common Access ID Smart Card Army / Navy / Marine Corps / Air Force / Military Academies –Veterans Affairs –Department of State –FDIC Interoperability –Contract features Smart Card Interoperability - First nation to require vendor smart cards to interoperate

21 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 20 Smart Card Interoperability Interoperability definition - Any card / any reader / common application interface to basic card services Architecture - Card / Reader / Host / Software Physical Access, Authorization, ID Issuance Logical Access, Crypto / Public Key Infrastructure (PKI), Basic Services Interface Biometric Templates for multiple biometrics NIST-supported Conformance Test Suite

22 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 21 Smart Card Interoperability Fitting the Pieces of SC Interoperability Interoperability Components –PHYS Physical/authentication/ID –LOGI Logical/Crypto/PKI –BIOM Biometric Templates –ARCH Architecture Basic Service Interface & Application Profile Interface –TEST Conformance Testing LOGIPHYSBIOM ARCHAPIBSI TEST Getting agencies to read and process cards from different vendors Agency 1Agency 2 Agency 3Agency 4 Card makes major impact toward E-Gov and E-Commerce with access to buildings, internet, transport, purchases, authorizations, and e-documents.

23 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 22 Government Smart Card Implementation Initiatives Many Agencies –DOD Common Access Smart Card / Navy Sea, Army, Air Force –Veterans Affairs –State Department –Federal Depositors Insurance Corporation (FDIC) –DC Metro Transit Proximity Card –Treasury Smart Card Managers Group Many Applications / Multi-Application Card –Common Access ID Smart Card –DOD Troop Readiness –Financial “Pay” Card –Medical –Transit –Electronic Benefit Transfer / Public Assistance

24 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 23 Active duty military Selected Reserve/National Guard DoD civilian employees DoD contractors inside the firewall (Approximately 4 million people) WHO GETS A DOD SMART CARD? Mary Dixon DOD

25 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 24 CHARACTERISTICS OF DOD SMART CARD Crypto co-processor (for PKI) 16K to 32K (availability/cost) ~ $6 per card Interoperability Goal: any operating system, any card, any reader Compliant with and document in Joint Technical Architecture (JTA) Mary Dixon DOD

26 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 25 After Before Government ID Travel Card American Airlines Ticketing Phone Card Purchase Card Willow Wood All-in-one Card Bill Holcombe GSA

27 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 26 APPLICATIONSMAJOR PLAYERS Travel Building access Smart purchase Personal property Phone card Boarding pass Digital signature GSA Citibank IBM Visa 3GI GTE Sandia Labs Willow Wood All-in-one Card Bill Holcombe GSA Phase 2 for GSA FTS is now underway, other GSA efforts being explored

28 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 27 Where are we now re: “Smart” Technologies in the US? Smart Cards / 16K / 32K Smart Card Readers Certificates / PKI / ACES on or off card Software / Infrastructure Combi Chips / Proximity nearly ready Enhanced capacity and security Risk Management GSA Contract DOD Issuance 2002 ** Starting Now **

29 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 28 Worldwide Chip Card Forecast 1997 Total Total 4716 Millions of Cards Source: Dataquest & Schuler Consultancy NOTE The Common Access Smart Card Is Designed for Multiple Applications Now

30 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 29 3 million -- Total North American Chip Cards million -- Total North American Chip Cards Chip Cards In Use - U.S. vs Other Nations –65% -- Western Europe –17% -- Latin America –4% -- U.S. –4% -- Asian Rim –4% -- Eastern Europe –6% -- Rest of World US Chip Card Use

31 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 30 Federal Smart Card Market Maturity Many indicator show market readiness Number of Chip Cards Increased Smart Card Membership Increased Price per Card Decreased Response Time Reduced Memory Capacity from 1 to 32 K Legislation encourages interoperability for EBT –S-1733 and HR 2709 Many of barriers for US implementation have been removed

32 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 31 Potential Smart Card Market Penetration All too often when we judge technology introduction, we do not properly take into account the size and complexity. The full market for smart cards should be taken into account. It must penetrate further than TV –Several in the pockets of each person –(97% of the people) times several cards –The access token of choice –The digital signature of choice

33 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 32 eGov Project Life Cycle 1. Conceptualize/formulate 2. Identify partners 3. Educate and train 4. Develop plan/strategy 5. Establish governmentwide group 6. Set up portal, develop tools 7. Foster pilots 8. Issue policy 9. Transfer implementation to agencies 10. Monitor implementation of policy eBusiness Arch GPEA Privacy Policy Grants PKI-Bridge FedBizOpps Smart Cards Portals Trng&Ed Less Mature More Mature PKI-ACES eCerts PHASES PROJECTS Bill Holcombe - GSA

34 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 33 eGov Life Cycle Time to Market and Expected Impact Targets EGov Life Cycle Dimension- Time to reach the market Impact on US in: Number of people influenced Number of business & orgn’s Number of transactions Productivity Dollars saved Effect on National Economy Smart Cards eCerts EGov Technologies Mobile

35 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 34 How Smart Cards Will Emerge & Some Barriers to Overcome Smart Cards and eCert / Digital Signature / PKI will begin to appear as part of large enterprise or Agency applications, such as Departments of Defense, State, Treasury, and Veterans Affairs, but also at the State Government level for Health and Welfare, and be lead by Transit and University applications. As applications such as standard Extensible Markup Language (XML) eForms become available, Smart Card implementation will accelerate. Federal Agency Smart Cards need to contain a Basic Services Interface (BSI) in accordance with the Government Smart Card specification –This helps puts to rest their concern about expensive retrofits, and accelerates deployment. –Agencies need to get the word to avoid expensive retrofits so that Smart Card applications can flourish. Partnership is needed between Government and Business to agree on a practical Smart Card implementation convention and practice to arrive at a meeting place between GOTS and COTS (off-the-shelf software for Government and Commercial. Backward and forward compatibility between card, reader and card operating systems is a vital issue.

36 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 35 Websites for Smart E-Gov Technologies Access America for Seniorshttp://www.ssa.gov Access America Online Magazinehttp://www.accessamerica.gov CardTech / SecurTechhttp://www.ctst.com CHCS II DODComb’d Health Care Servicehttp://www.cba.ha.osd.mil/index.htm Electronic Benefits Transferhttp://ec.fed.gov/ebt.htm Electronic Funds Transfer Association Electronic Privacy Information Centerhttp://www.epic.org Federal Security Infrastructure PMOhttp://www.gsa.gov/fsi Financial Services Technology Consortiumhttp://www.fstc.org *** FirstGov.govhttp://www. Global Chip Card Alliancehttp://www.chipcard.org *** GSA Egov / eCom Sitehttp://ec.fed.gov GSA Office of Governmentwide Policyhttp://policyworks.gov GSA Office of Intergovt’l Affairshttp://policyworks.gov/org/main/mg/intergov/ *** GSA Smart Card Policyhttp://www.smart.gov *** GSA Center-Smart Card Solutions *** GSA Access Certificateshttp://gsa.gov/aces/ International Card Manufacturers Assnhttp://www.icma.com International Standards Organizationhttp://www.iso.ch Java Card Forumhttp://www.javacardforum.org NACHA EBT Natl Clearing Houseshttp://www.nacha.org/ebt Natl Assn Campus Card Usershttp://www.naccu.org Nat'l Auto'd Clearing House Associationhttp://www.nacha.org/ebt *** Navy Smart Base Projecthttp://www.n4.hq.navy.mil/smartbase/default2.htm PC/SC Workgrouphttp://www.smartcardsys.com Smart Card Forumhttp://www.smartcrd.com Smart Card Industry Association 'Smart Card' Technology International'http://www.globalsmart.com US Budget FY 2001http://w3.access.gpo.gov/usbudget/fy2001/pdf/budget.pdf *** VA Card Site *** VA G8 Health & Govt Service Deliveryhttp://www.open.gov.uk/govoline/golintro.htm *** VA PKI sitehttp://www.va.gov/vapki.htm *** VHA Health eVet - Home Pagehttp://www.health-evet.va.gov/ WGA Annual Meeting WGA Annual Meeting Agendahttp://www.westgov.org/wga/am_hi_agenda.htm WGA Health Passport WGA Western Governors Association

37 Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 36 Contact Information The 7th CACR Information Security Workshop “Smart Cards: Technology, Applications and Security” Wednesday,April 25, 2001 Sheraton Reston Virginia Hosted by Certicom Corporation, and Centre for Applied Cryptographic Research Update on Government Smart Cards Presentation by John G Moore GSA Office of Electronic Government 18th & F St NW Washington DC


Download ppt "Smart Cards: Technology, Applications and Security Workshop by CACR 04/19/01 20:07John Moore - GSAPage 1 Update on Government Smart Cards 7th Information."

Similar presentations


Ads by Google