Plastic Gets Smarter

Oct 1, 2005 12:00 PM, By Jacqueline Emigh

IT MAY BE SMALL IN SIZE, but a smart card is actually an elaborate piece of engineering work. Within a relative few enterprises, these small, credit card-sized strips of plastic have long provided accurate identification for access to physical premises and/or computer systems. Thanks to a recent surge of technological advances, smart cards are embarking on intriguing new roles ranging from cargo protection to storage of iris scanning data.

Just last month, for instance, IBM Corp., Armonk, N.Y., and shipping giant Maersk Logistics unveiled a smart card-enabled cargo protection system. IBM's Intelligent Trade Lane system uses three types of wireless communication, together with the Internet, for automatically transmitting cargo information from ships, trains and trucks moving about anywhere in the world.

Meanwhile, the U.S. Department of Defense is now working with two sorts of biometric smart card technology from Tadpole Computer, Spokane, Wash., using fingerprint data in some agencies, while evaluating iris scanning, as well. Tadpole, a close partner of IBM competitor Sun Microsystems, Santa Clara, Calif., was recently acquired by General Dynamics, becoming a wholly owned subsidiary of the Falls Church, Va.-based corporation.

What makes these smartcode innovations possible? “Smart cards provide a lot more memory than traditional magnetic stripe or barcode cards,” says George Feitel, vice president of feasibility and assessment at Wavera, a Chicago-based venture research and development firm.

In another departure from ID card tradition, smart cards are capable of containing their own built-in processors. “This turns them into tiny computers,” Feitel says.

As a result of their higher memory capacity, smart cards are able to make use of biometric data as an extra identifier, says Bruce Borden, Tadpole's chief technology officer.

In an authorization scenario known as “three-factor authentication,” the card itself is “something you have.” A password or PIN associated with the card represents “something you know.” Biometric data, on the other hand, provides verification around a factor: “something you are.”

“So in our cards, we have all three factors,” Borden says. Some agencies within the department of defense have already adopted fingerprint ID smartcards from Tadpole, Borden says.

“But fingerprint reading technology can be cumbersome, particularly for soldiers out in the field,” he adds. Now, certain branches of the U.S. military are looking at emerging technology from Tadpole that will contain the heftier amounts of data required for iris recognition.

Other Tadpole customers keenly interested in iris scanning include banks and customer service call centers, Borden says.

Moreover, smart cards equipped with built-in processors can carry out their own onboard encryption, promoting harder-to-crack security through more efficient data “scrambling,” Feitel says. Tadpole's smartcards, for example, already boast onboard encryption.

Driven mostly by government initiatives such as PIV FIPS 201, an emerging standard from the National Institute of Standards and Technology, technological advances in both memory and processing power are moving along at a brisk clip. So are industry activities, which give the cards common interfaces to outside systems.

When smart cards appeared on the scene during the early 1990s, memory was limited to about 8 KB. By now, cards are available with as much as a whopping 56 MB or more, experts say.

Several European nations have deployed the higher capacity technology to place all of a patient's medical records on a single smart card. Higher memory capacity also deserves the credit for enabling iris scanning data to fit inside such a small form factor, Feitel says.

But the effectiveness of a smart card also hinges on how it fits within the scope of larger systems. On the interface side, smart cards come in two main varieties, contact and contactless, although some products are available with both kinds of interfaces.

Contactless cards

The contactless interface always relies on a short-range wireless technology of some sort, tends to save on replacement costs by sparing the wear and tear of card swiping, Feitel says.

IBM is finding other advantages to the contactless interface. Geared for use by manufacturers, distributors and other companies that are shipping goods to other countries, the new Intelligent Shipping Lane revolves around a small computer known as a TREC (tamper resistant embedded controllers), which attaches to the shipping container carried aboard the ocean vessel, train or truck. Each TREC contains an encrypted contactless smart card, along with a set of sensors for measuring container location and temperature, says Mogens Roedbro, partner and vice president of IBM Consulting Group.

The TREC uses a choice of either satellite-based, Zigbee mesh, or cellular wireless networks to communicate to a server-based system known as the CIS (cargo information system). From the CIS, data from the TREC device can be sent back to the shipper over the epcGlobal Network, a special network that uses the Internet as its underlying infrastructure.

Contact cards

Cards designed for controlling access to enterprise computer networks tend to use contact interfaces. Tadpole uses this type of interface on its cards, which plug into peripheral smart card reading devices attached to the PC. Unlike most laptops, which come with hard drives for built-in storage and processing power, Tadpole's “thin client” laptops must be used with computer servers over a network. Tadpole's laptops also ship with Sun's Solaris operating system, rather than Microsoft Windows.

When an employee steps away from a Tadpole laptop, he or she pulls a smart card out of the slot, preventing anyone else from logging onto the PC to gain unauthorized network access.

Yet in some environments — such as military field operations — pulling a card out of a slot is not particularly convenient, Borden says. As a result, Tadpole is now working on adding built-in card readers to its laptops and on adding RFID — a sensor-based form of short-range wireless communications — to its cards.

Through RFID, if the laptop is left unattended, a systems administrator will be able to find out immediately, Borden says. The administrator can then shut down the laptop from a remote location elsewhere on the network.

Meanwhile, some makers of standard, hard drive-equipped Windows-based PCs have already starting selling laptops with built-in fingerprint readers, including Acer Computer, Taipei, China.

Card-less cards

However, nothing could be more streamlined than a biometric access control system that does not require any cards. That's what Sarnoff Corp., Princeton, N.J., has in mind with a recently announced system dubbed “Iris on the Move,” according to Dr. James Matey, a senior member of Sarnoff's technical staff. “Iris on the Move is hands-free,” he says.

Still in prototype stage, the system is ultimately targeted for controlling physical access to office buildings, for instance. Instead of swiping cards or waving them at a reader — or stopping at an iris scanning station, to line up their eyes with the scanner for recognition — staffers will be able to breeze quickly through a “recognition portal” in the lobby.

There is really no reason why Sarnoff's hands-off approach cannot be used for controlling computer access, too, except that its “freedom of movement” benefit might miss the mark when people are seated in front of PCs, anyway, Matey says.

The main downside to the system is that it provides only a single factor of identification, Matey says. But the biometric ID data can always be augmented with a PIN or password housed on a separate card: either a smart card, or a less costly piece of plastic.

---

ABOUT THE COMPANIES

For information, circle the Reader Service Card number (listed below) or visit securitysolutions.com

Acer Computer	60
General Dynamics	61
IBM Corp.	62
Sarnoff Corp.	63
Sun Microsystems	64
Tadpole Comupter	65
Wavera	66

A Closer Look

Trucking, computer companies
team on tracking system

Government cargo inspectors would be able to get real-time data about the contents and whereabouts of shipping vessels around the world under a new tracking service being introduced by IBM Corp. and the Danish shipping giant A.P. Moller-Maersk.

The monitoring program involves putting a shoebox-sized wireless sensor inside individual cargo containers. The devices would relay data on the containers' location and condition — and whether they appear to have been tampered with — via satellite to a centralized system accessible by manufacturers, retailers and shipping companies in addition to government inspectors.

Dubbed Intelligent Trade Lane (ITL), the wireless technology includes intelligent tracking devices called Tamper-Resistant Embedded Controllers, or TRECs, that are attached to cargo containers. Unlike typical RFID tags that collect data only, these controllers have enough processing power to correlate information from each container, explained Stefan Reidy, ITL program leader at IBM.

“Communication is done via satellite and GPS systems, which can provide information on physical location and parameters such as temperature and humidity, as well as sensory readings to detect tampering with the container,” Reidy adds.

Currently, U.S. port inspectors can electronically access information about the contents of a cargo vessel, but it's generally limited to static data gathered when the ship left port, according to Patrick Jones, a spokesman for Customs and Border Protection, part of the U.S. Department of Homeland Security.

“If we were able to track the movement of the ship, that would improve security,” he tells The Associated Press. “If there's technology out there that can tell us if a container's been tampered with, then let's see if we can we develop it and use it.”

Industry group establishes
HSPD-12 PIV working group

The Security Industry Association (SIA) has established a Personal Identity Verification (PIV) Working Group in conjunction with the U.S Department of Commerce (DoC) and the National Institute for Standards and Technology (NIST).

The group, led by Rob Zivney of Hirsch Electronics, was established to address the requirements of Homeland Security Presidential Directive-12 (HSPD-12), which calls for a policy on common identification standards for federal employees and contractors.

The newly-established PIV Working Group will establish task forces to focus on areas such as biometrics, contact and contactless readers and cards, access control panel databases and interfaces, and standards for data exchange between Physical Access Control Systems (PACS) and Identification Management Systems (IDMS).

The working group will also ensure GSA procurement channels are in place so that SIA manufacturers with Schedule 84 contracts can participate with the PIV opportunities now assigned to Schedule 70.

SIA has dedicated a section of its Web site to the PIV working group's activities.

The group will serve as a liaison between SIA member companies and government agencies and contractors involved in implementing the requirements for PIV products and processes in accordance with HSPD-12, Federal Information Processing Standard (FIPS) 201 and related standards and specifications. And it will serve as a resource body of security industry manufacturers to federal government agencies and departments to expedite and influence the availability of Commercial Off The Shelf (COTS) products.

Information is available at www.siaonline.org/response

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Opening Up About Door Closers
• An Enterprise Approach
• The Framework For Open Systems
• On A Higher Plane
• More from April's issue