In 1996, Europe accounted for 70 per cent of worldwide smart card consumption, with the USA trailing behind at a meagre three per cent. But, as a sign that the USA may be moving out of the magstripe age into the silicon chip age, consumption last year was expected to grow to 12 per cent of the predicted annual worldwide distribution of 2.8 billion cards.
Consider the facts: Every single French Visa debit card (of which there are about 25 million) is a smart card. In Germany, 120 million smart cards are in circulation for a variety of uses, ranging from banking to healthcare.
Magstripe still rules
One reason the USA has been slow to get on board has been the lack of relevant, cost-justifiable applications. In Europe, where governments often subsidise the deployment of smart cards to solve problems in the healthcare and telecommunications industries, smart card applications were obvious and financially compelling. In the USA, a highly developed telecommunications infrastructure, combined with the massive installed base of magstripe technology, has lessened the attraction to smart card technology.
But that was before the Internet. While the Internet has lowered the barriers to transacting business in the cyber realm, it has at the same time exposed individuals and businesses alike to unimagined criminal exploitation.
For example, what might happen if someone were able to remotely lock all the entrances to a chain of department stores in America for two peak business hours? Difficult to imagine, but that is exactly what happened when Internet giants eBay and Yahoo were the victims of relatively simple denial-of-service attacks last year. Or how about the 300,000 CD Universe customers whose credit card numbers were stolen by a hacker during a Christmas season?
Here is where the smart card promise hits pay dirt. Let's use the metaphor of a physical access control system. Companies invest in access control technology because they value the security of their internal operations, but want to allow authorised traffic into and out of their facilities. To grant authorisation and to monitor who is accessing secure areas, companies issue identification cards.
Levels of access These cards grant their holders specific levels of access into various parts of the buildings they work in. When a card holder presents his or her card to a reader posted outside the entrance, the access control system is able to verify identity and either grant or bar further progress.
Things are not much different in cyberspace. Companies need a way to control access into their virtual properties, their networks and databases. They need a way to verify the identity of the person, whether an employee, partner or customer, who attempts to gain access to their data. In the absence of visual verification, a solution is required that not only blocks undesired parties, but assures the company that approved users get in. And, just like real space, the most prevalent cyber security threats come from within the company.
This situation is much like what you might have experienced when shopping for a computer ten years ago, before the Windows PC became the standard
One solution is HID's pcProx system, which provides simple but effective secure computer access control. It consists of a proximity card reader connected to a PC and the AIR ID software package.
The system heightens the value of the company's current HID proximity cards used for physical access control, and eliminates the need to retrain employees. Users simply place their existing HID proximity cards on the reader and, if required by the system administrator, enter a password. The software verifies their identity and access rights and allows them to use their computer. By guarding access to the computer, the company also protects the network it is connected to.
Alternatively, magstripe technology may appear to be another cost-effective technology for accessing information. The problem is that it does not have the capacity to perform the increasingly complex encryption functions required. Without encryption, the sequence of numbers (a credit card account number for example) that corresponds to the identity of the card holder can be captured as it travels through a network. That is where the smart card comes in.
Processing power
Most modern smart cards have the data processing power to support complex applications, like encryption. Of course, smart cards have a multitude of other non-security applications, but protecting networks and the information that resides on them seems to be the pre-eminent application for the market in the USA.
The Government Sales Administration recently awarded a $1.5 billion contract to a handful of subcontractors to develop a smart card program that will eventually include every federal government employee. The primary goal of the program is increased security of the government's computer networks.
What does all this mean for the industrial security market? The heightened profile of security in a company's business objectives provides a tremendous opportunity for those who can provide physical and virtual security.
Where do you begin to develop these new smart card-based security offerings? The answer is both complex and simple. Complex because you cannot just go out and buy a smart card without first addressing the unique cyber security needs of your customers and how that will affect the applications they need to have written to their cards.
The heightened profile of security in a company’s business objectives provides a tremendous opportunity for those who can provide physical and virtual security
The number and kind of applications will affect the required memory capacity of the card, which affects the overall price. Then you will need to decide which of the various operating systems supports the applications your customer needs, and how that operating system will be supported in the future.
This situation is much like what you might have experienced when shopping for a computer ten years ago, before the Windows PC became the standard.
Multi lingual aid
HID Corporation has translated its installation manual into multiple languages. HID's MiniProx, ThinLine and ProxPoint Plus readers now come packaged with a single installation manual in Chinese, Japanese, German, French, Spanish, Portuguese and English.
HID's web site is currently translated into French, German and Portuguese. By mid 2002, the web site will be translated into Spanish, Japanese and Chinese as well. The company is developing additional multi lingual technical documents for products such as the HID MIFARE smart card reader and EntryProx stand-alone reader. HID's How To Order Guide is currently translated into French and Spanish, with additional languages to be completed by early 2002.
The company is the largest manufacturer of contactless access control readers and cards for the security industry and was a pioneer in the development of radio frequency identification (RFID) technology for security.
More information at www.HIDCorp.com
Dual role for cards
What is simple is this. The role of the traditional access control card in this new model is the point of convergence for physical and logical, or computer access. In fact, dominant smart card manufacturers like Gemplus and Schlumberger have partnered with HID to create smart cards that feature HID's proximity technology.
Source
Security Installer
Postscript
By Jim Johnson, Smart Card Product Manager of HID Corporation