Corporate Access Cards: Securing Corporate Networks With Military-Strength Digital Identity Solutions
‘Identity theft’ has recently hit the headlines as a major security issue but the importance of digital identity and how to protect it has been a consideration for much longer. Even before the dramatic events of September 11, 2001, corporations worldwide were already well aware of the need to ensure a positive verification of the identity of people conducting business online. The concepts that there is no security without identity and that identity provides accountability are increasingly understood by an ever-wider audience.
Fortunately the technology for strong user authentication, whether based on two or three factors, is already available to establish trusted digital ID credentials for secure access to multiple applications. And the issuance, usage and management of those credentials can now be achieved in a very rapid, convenient and cost-efficient way while at the same time meeting the network security needs of governments, corporations and financial institutions worldwide.
Digital IDs Gaining Recognition In Government Circles
The recognition that digital IDs can ensure the level of confidence needed to do business online has gained significant ground, not least in the government sector as strategies are put in place to deal with the threat of international cyber terrorism. In addition, national, regional and local government organisations are increasingly looking to deploy digital identity solutions for a host of applications such as national ID card schemes, student cards, online voting, online tax return submissions, online passport applications, health benefits cards and drivers’ licences.
For example, protecting and managing those digital IDs on a large scale is at the heart of the deployment by the US Department of Defense of its Common Access Card (CAC), a smart card-based ID badge. The US Defense Manpower Data Center has recognised the dual benefits of increased security and a strong return on investment that result from being able to consolidate and manage multiple user credentials on a single chip-based ID card. The Common Access Card has already been issued to over 1.3 million military and civilian personnel out of an initial target population of 4.3 million people. The cards enable staff to access physical areas and logical systems such as computer networks.
To access these systems, staff strongly authenticate themselves by inserting their Common Access Card into the smart card reader of the terminal and keying in a PIN code on its keyboard. In doing so, staff are not changing anything in their ATM user experience. Then, in a totally transparent and automatic manner, staff will use all of the ID credentials that are loaded on the chip of the ID card. Depending on the nature of the applications, these ID credentials can be static passwords, PKI keys and certificates for digital signing and encryption, fingerprint biometrics as well as demographic credentials required, for example, to manage medical benefits and other entitlements.
This infrastructure has been rolled out to around 60% of over 900 DMDC locations worldwide and issuance is continuing at an average rate of around 10,000 cards per day.
Today, the IDentity Management (IDM) system that has been developed by ActivCard and its partners for the U.S. DoD Common Access Card project has become a ‘commercial off-the-shelf’ solution for enterprise applications.
Enterprises Seek to Maximise Return on Investment
The decision-making process as to which digital identity solution to deploy extends well beyond issues of security. In today’s corporate environment security for security’s sake is no longer sufficient to justify the significant IT investment involved.
Corporations are increasingly focused on cost reduction and invest only where there are clearly identified operational efficiencies and a measurable return on the initial investment. IT managers are required to maximise their return on investment in all of the credential systems that they have already deployed. The key here is to deploy a solution that enables multiple digital IDs to be consolidated on a single card, thus saving the enterprise money and enhancing employee productivity.
ActivCard’s Corporate Access Card solution suites, the civilian equivalent of the Common Access Card, have proved themselves to be deployable, manageable, robust and very flexible in establishing and managing identity in the corporate networked environment. These smart corporate ID cards enable employees to access their corporate resources as confidently and easily as they access cash at ATM terminals.
Global corporations such as Microsoft, Sun Microsystems and Hewlett Packard have already turned to smart card-based corporate ID badges that leverage the military-strength architecture developed for the DoD to manage employees’ digital IDs for access to buildings as well as for access to corporate network resources and applications, both remotely and locally.
All three enterprises are deploying digital identity management solutions which enable them to consolidate on a single card the wide diversity of credentials a company has to manage for each individual user. These include a picture ID card, a remote authentication token to access network resources while on the road, PKI certificates to digitally sign emails, potentially also biometric information and any number of static passwords.
The cards can also be configured to contain employee health and benefit information, payroll information and even e-cash for purchases. And they offer the flexibility of embedding the ID credentials in a variety of different form factors, including smart cards, tokens and USB keys.
EMV and beyond – winning and retaining customers
There are already a significant number of promising initiatives underway in the financial sector to offer multiple applications on a bank card, thus extending the comfort of the familiar ATM experience for simple financial transactions.
Croatia’s Zagrebacka Banka is among leading European financial institutions which are already offering smart card-based digital identity solutions for secure online consumer and corporate banking. The bank has successfully adopted a smart card-based PKI solution which is already used by over 30,000 corporate banking customers, the largest such deployment in Europe. This has created a standard for other banks to follow.
The migration towards the EMV (Europay/MasterCard/Visa) electronic payment standard will offer significant opportunities to financial service providers to deliver additional applications. E-purse, secure EMV-compliant credit/debit transactions, electronic payments and loyalty programmes are already being tested or rolled out to cardholders as part of the financial and retail organisations’ strategy to win and retain customers in the highly competitive financial services marketplace. Digital ID applets embedded in the chip on the EMV card will enable these ‘smart financial cards’ to perform strong authentication in addition to the traditional debit/credit services, thus expanding their appeal.
Looking ahead-¦
The Corporate Access Card solution suites enable governments, enterprises and financial institutions to combine and manage multiple credentials on a single multi-application smart card-based device. The CAC does for the networked environment what the ATM or bank card has been doing for personal finance for at least twenty years -¦changes the way we do business.
Leveraging the military-grade IT architecture developed for the US Department of Defense, the civilian CAC will enable enterprises to enhance overall business confidence. Corporate networks will be secure from the threat of unprotected digital IDs and the flexible nature of the infrastructure will mean enterprises can select just how many applications they want to download onto the card. At the same time they will be able to maximise their return on investment for a true Return on Identity.
Side bar
Corporate Access Cards in action – experiencing identity management
Microsoft Corporation: Microsoft has issued smart card-based ID badges to more than 25,000 employees at its Redmond campus. The authorised users will carry the ID smart card for physical access to on-site campus facilities as well as remote access to Microsoft’s corporate network. Microsoft has adopted the ActivCard Identity Management Systemâ„? for secure issuance and distribution of smart cards and user credentials, leveraging the built-in authentication and digital certificate management capabilities of Windows .NET Server and Windows XP.
Hewlett Packard: Hewlett Packard is deploying ActivCard smart corporate ID solutions to employees worldwide, migrating from its existing single-function token system to a multi-application smart card solution that offers new levels of mobility, security, productivity, and user convenience. HP is using ActivCard for global remote access with dynamic one-time passwords, secure mobile usage of PKI user certificates, secure email, digital signatures, secure Web access, and a single sign-on experience with legacy applications.
Sun Microsystems: Through a service provided by ActivCard licensee SchlumbergerSema, Sun Microsystems is issuing new corporate ID badges to all of its employees worldwide. Sun is using ActivCard Digital IDentity software as the underlying platform to consolidate multiple credentials, applications, and budgets into a single cost-efficient system. The new Java Card-based ID badges consolidate a number of current employee credentials and IDs – including picture IDs, building access cards, network login, digital signature, remote access tokens, and static passwords.
ActivCard are exhibiting at Infosecurity Europe, Europe’s largest and most important information security event. Now in its 8th year, the show features Europe’s largest FREE education programme, and over 200 exhibitors at the Grand Hall at Olympia from 29th April – 1st May 2003.