понедельник, 3 декабря 2012 г.

Smart Card Alliance Government Conference Concludes with Updates on Usage of PIV and PIV-I, and Progress in NSTIC and …

PRINCETON JUNCTION, N.J., Dec. 3, 2012 (GLOBE NEWSWIRE — The 11th Annual
Smart Card Alliance Government Conference
, known as the leading
event for government identity management, security, and healthcare
ID security, was held last week at the Walter E. Washington
Convention Center in Washington, DC. More than 700 people attended
the three-day conference and exposition. Below are highlights from
the conference.

PIV and HSPD-12 Implementations

Government agencies are continuing to make progress implementing
physical and logical access control using their PIV credentials,
and representatives shared lessons learned and provided updates on
their progress with their peers at the conference.

J’Son Tyson, FEMA’s chief for Identity Credential and Access
Management Support Operations, reported that his agency has
successfully updated its 105 locations to a single physical access
control system now used by its 22,000 employees. The new system
fully supports PIV, CAC and PIV-I credentials and data. PIV-I
support is crucial for the agency to fulfill their mission by being
able to authenticate first responders and other state and local
individuals’ identities, qualifications and privileges under
post-disaster conditions; for example, after Katrina the agency had
as many as 72,000 people actively working on assistance and clean
up. For logical access control, 90% of FEMA employees now have the
option to use their PIV cards for secure login. He reported that
interest in issuing PIV-I credentials for first responders
continues to grow rapidly at the state and local levels.

As for the Department of Health and Human Services and its
120,000 employees, virtually 100 percent of those located in the
continental United States have been issued a PIV card, and 50
percent are now required to use the PIV card to access networks
either directly or remotely. Ken Calabrese, associate director of
the Office of Security Strategic Information and HSPD-12 program
manager, anticipates successfully achieving the goal of 85 percent
using PIV for logical access control by FY2013.

The Department of Defense is spearheading the use of PIV and
PIV-I credentials to pay public transit fares using either
bank-issued open payment contactless EMV accounts or closed-loop
programs with employee transit benefits. The DoD has already
demonstrated savings of $19 million using a separate «Smart
Benefits Card» in a joint program with Washington, D.C. transit
operator WMATA. Two proof-of-concept trials are planned in Salt
Lake City and Philadelphia. Program leader Bob Gilson issued a call
to action for other federal agencies to participate in the trial by
providing additional volunteer users in those regions.

Disaster Response Security

FEMA uses the PIV card along with visual identification as a
countermeasure to mitigate risk for many access control issues the
organization faces. FEMA’s Charles Luddeke praised the card,
saying «the PIV card, when issued and used correctly, is a
tamper-proof key to the multiple layers of protection to facilities
and sites. » Responding to the problem of imposters claiming
to be FEMA housing inspectors during disasters, Luddeke said that
PIV-I cards will be required of all housing inspectors within the
next year, and also envisions a future where citizens can use their
mobile devices to validate PIV cards and the identity of the person
entering their home. The priority, according to Luddeke, is
to «give our customers – the disaster survivors – more security and
more assurance of whom they can trust in a disaster. «

PIV-I in Aerospace and Defense

Members of the Transglobal Secure Collaboration Program (TSCP
have reached the milestone of more than one million smart
card-based PIV and PIV-I credentials issued, according to estimates
made by Stephen Race, VP of operations. The organization provides a
common framework for federated trust including identity management
and data protection between stakeholders in the global aerospace
and defense industry and its government clients.

NSTIC Pilots

Conference attendees were given updates on four of the pilots
awarded for the proposed U.S. identity ecosystem, the National Strategy for Trusted
Identities in Cyberspace
(NSTIC. Catherine Tilton from Daon,
Inc. detailed the Daon Smart Mobile Device Pilot, which is «off and
running» to prove «the suitability of strong, mobile-based
authentication — including biometrics — for online
authentication. » The pilot has an aggressive deployment plan
with team members AARP, PayPal, Purdue University, and the American
Association of Airport Executives.

David Coxe, ID/DataWeb, Inc., outlined Criterion Systems
Consumer-selected Attributes Exchange Pilot that will start in
January 2013. The pilot will focus on an «attribute exchange
ecosystem» that will replace the use of passwords, more accurately
validate identities, and create online IDs. Consumers can opt in to
have their attributes such as age, address and other personal
details verified by «trusted attribute providers» like LexisNexis
and Experian, and create online IDs that can be managed and
controlled by the consumer.

Paul Blanchard from the American Association of Motor Vehicle
Administrators (AAMVA talked about the AAMVA Cross Section Digital
Identity Initiative Pilot, a cross sector digital identity
initiative that will allow users to «level up» a Windows Live ID
credential and use it to apply online for Virginia state services
more securely. AAMA plans two proof-of-concept phases and one
pilot phase over the next two years.

The Resilient Network Systems Secure Health Educational
Systems Pilot will focus on identity ecosystems for two industries
- healthcare and education – to provide «very high assurance
authentication using public infrastructure and ubiquitous devices.»
The healthcare pilot, Patient-Centric Coordination of Care, will
enable multi-factor, on-demand identity proofing and authentication
of patients, physicians, and staff, Resilient’s Jonathan Hare told
attendees. The education pilot aims to coordinate interactions
among parents, students, educational institutions, and media
providers to address the online safety and security of children -
all while staying compliant with the Family Educational Rights and
Privacy Act (FERPA and the Children’s Online Privacy Protection
Act (COPPA.

State Identity Management

Chad Grant of the National Association of State Chief
Information Officers (NASCIO told attendees of the organization’s
work to provide a standard, unified identity access and management
framework for states to utilize and adopt. The framework,
called State-Issued Identity Credentialing and Access Management
Framework (SICAM, aims to tackle the «lack of trust within the
state systems» by defining the programs, processes, technologies,
and personnel needed to create trusted identities. The same
day Grant spoke to conference attendees, NASCIO released a «call to
action» for states to adopt the SICAM, embrace the principles of
the NSTIC, and adopt interoperability and a federated approach to
identity.

Mobile Credentialing and Security

Panelists in several mobile panels engaged in spirited debate
over the ideal method to securely store identity credentials in
devices. Options include in an embedded secure element in the
device, within the UICC or SIM card, or within an external MicroSD
card. NIST’s Salvatore Francomacaro «likes the idea of the
UICC» personally, citing the propensity for people to change
devices often and the UICC is «easy to move from one device to
another. » Gemalto’s Neville Pattinson explored the merits of
a combination of the UICC, which provides a tamper-proof container
for credentials, with a standardized trusted execution environment
in the mobile device, which enables credentials to be securely used
with multiple apps. He posited this could effectively deliver high
security while providing compatibility across the rapidly changing
landscape of devices and operating system versions.

The Smart Card Alliance has an active cross-council project to

draft guidance on supporting the PIV credential and application in
mobile devices
. The Identity, Access Control and Mobile and NFC
Councils are all participating.

For more information on this project and other Smart Card
Alliance activities, please contact the Alliance office via email
at info@smartcardalliance.org
or via telephone at (800 556-6828.

About the Smart Card Alliance

The Smart Card Alliance is a not-for-profit, multi-industry
association working to stimulate the understanding, adoption, use
and widespread application of smart card technology.

Through specific projects such as education programs, market
research, advocacy, industry relations and open forums, the
Alliance keeps its members connected to industry leaders and
innovative thought. The Alliance is the single industry voice for
smart cards, leading industry discussion on the impact and value of
smart cards in the U.S. and Latin America. For more information
please visit http://www.smartcardalliance.org.

Читать полностью или написать коммент.. Про установку спутниковых тарелок в Московской областиhttp://tarelka-tv.ru/

Комментариев нет:

Отправить комментарий