1. 1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS

2. 2 Satisfies requirement for updateable information on a portable medium. Portable hardware token for PKI Reduces proliferation of single use, non- standard cards. Eliminates redundant data entry. SMITH JOHN JAMES MARC Smart Card Concept

3. 3 Why a Multiple Application Smart Card Replace Currently Issued Single Use Cards Driver’s License, Loyalty Cards, I.D. Card, Financial Card Eliminate/Reduce Redundant Data Entry Ensure Accurate Data Entry Updateable/Portable Data Carrier Write Once - Read Many Card and Infrastructure Costs Can be Shared Across Participating Businesses

4. 4 Why a Multiple Application Smart Card, Continued Security Network - Log On, PKI Physical - Access Control Stored Value Eliminate Handling, Collection, Counting of Cash Guaranteed Form of Payment Completely Auditable Reduce Opportunity for Theft

5. 5 People Issues…  Privacy/Security Concerns  Operational Effectiveness  User Satisfaction  Training Management Issues…...  Requirements  Managing Data Across Multiple Applications  Risk Factors Technical Issues…  Durability  Availability  Maintainability Issues

6. 6 The key to e-government solutions is authentication Organizations providing private information over the net need assurance that the person or entity viewing and using that information is the person or entity they claim to be and that they are authorized to do so.

7. 7 Representative Data Model CONNECTIVITY GENERAL MILITARY FINANCE LEGAL MEDICAL IMMUNIZATION DENTAL OPTOMETRY GENERAL TRAINING CREDENTIALS SECURITY BIOMETRICS PHYSICAL TRAINING LOYALTY STORED VALUE TRAVEL SUPPORT ACCESS CONTROL DEMOGRAPHICS Data Sets to Support Range of Applications Broad Range & Depth Medium Range & Depth Limited Range & Depth

8. 8 ISO 7816 Cards JAVA Cards EMV Cards Multos Cards WFSC Cards Proton Cards… Serial Readers Parallel Readers PC Card Readers On Board Readers 32-bit Windows PC/SC POS JAVA DOS Card Data Management and Version Control Multiple Data Management and Version Control Systems Applications Communications Protocol Manager UNIX CE WFSC Specialty Application Applications on Card Multos Specialty OS TCP/IP SMART CARD MULTI-APPLICATION VIEW Smart Card Chips

9. 9 Critical Paths RequirementsDecisionDocumentationCustomer Acceptance FundingDecisionDocumentationProvided Card PlatformDecisionDeliveryIssuance SoftwareDevelopmentDeliveryAcceptance HardwareDecisionDeliveryInstallation Business CaseAS-ISTO-BEBusiness Case Analysis

10. 10 Vulnerabilities Additive Functional data bases Functional IT infrastructure Card reader devices Users security PIN Card possession Integrity Large user population increases threat

11. 11 Multi-application Maturity Information and Referral Information and Referral e-business Transactions e-business Transactions e-business Transformation e-business Transformation Customer Home Page Customer Home Page Characteristics Static Web Page Presentation of Services Basic Information Links to Other Sites No Impact on Operations Characteristics Dynamic Information Resource Directory Search Engine e-Mail Documents Available for Download Minor Impact on Operations Characteristics On-line Transaction Processing Web Enabled Applications Limited Interface to Legacy Systems Security and Authentication Limited Personalization Electronic Payment Major Impact on Operations Characteristics Internet is Primary Means of Informational Exchange Reengineered Business Processes Optimized Organizational Model Full Integration with Legacy Systems Extensive Personalization Supply Chain Optimization Advanced Security and Authentication Stage 1 Stage 2 Stage 3 Stage 4

12. 12 A Day in the Life of a user Access Control Reduce Paperwork Medical Public Key Infrastructure Replaces Paper-based Records Verifies Qualifications Monitors/Tracks Personnel Automates Reporting Physical Access Logical Access Verifies Identification Protects Personal Information Increases Readiness for Mobilization Safeguards Benefits Verifies Identity Automates Transactions Eliminates Redundancy Quality of Life Easy win for Policies Eliminates input error Verifies Identification Key Management Secure Communications Automates Transactions

13. 13 A Day in the Life Cont’d E-Commerce Interoperability Entitlements Web Enabling Meets Agency Business Rules Fits into existing infrastructure Not a stand alone“system” Automation Enabler Increases customer satisfaction Automation of Processes Minimizes Dual Entries Leverages Infrastructure Minimizes Training Reduces technical issues Reduces Money Handling Identifies Entitlements Automates Headcount Paperless Reports Verifies Qualifications Virtual Office Support Information Visibility

14. 14 Questions?