With the increase in global B2B and B2C Internet commerce, it has become increasingly difficult for parties to truly know with whom they are dealing. The driving force for multi-technology IDs is to insure the authorized, legal identity of the person in both the physical and virtual worlds. Multi-tech cards integrate two or more separate technologies into a single piece of plastic, without sharing information between these technologies. Technologies may include proximity, magnetic stripe, bar code, contactless smart chip, contact smart chip, Wiegand strip or barium ferrite loads. The card evolves from being simply a carrier of technology to an ID credential with the addition of a photo ID, digital watermark, hologram or other form of secure ID data printing, which serves to enhance the security of the card.
SECURITY recently spoke to Debra Spitler, vice president of marketing for HID, Jim Johnson, smart card product manager for HID, Dovell Bennett, business development manager for ASSA ABLOY Identification Technology Group (ITG), to get the low-down on this emerging technology. Also, Tom Stiles, director of channel sales for DataCard, Minneapolis, Minn., and Neil Roberts, regional manager for Infographics, Garden Grove, Calif., add to the discussion.
What size company is most interested in multi-technology IDs, and why? Spitler/Johnson/Bennett—Medium-to-large companies have shown the most interest in multi-technology IDs. These companies typically have multiple sites, systems of different types or ages and have implemented a photo ID policy. Additionally, in the last year or so, these types of companies have begun to express interest in using a single card for multiple applications including access control, PC or network secure log-on, cashless vending and health record storage. The multi-technology ID provides them the ability to leverage their existing investment in various systems, while at the same time promoting future cost-effective upgrades to more advanced technologies. As technology costs drop, sophisticated security eventually becomes available to even the smallest organizations. A question that an organization, no matter how large or small, must ask itself is: What is the value of my employees, data and assets? Roberts—It’s not necessarily the size or even the global presence of a company, but the corporations internal IT, HR and security department’s requirements.
What features are the most important to the end user? Spitler/Johnson/Bennett—It enables the use of multiple levels of verification. For instance, a credential that offers five levels of verification might include a photo, the credential’s proximity serial number and PIN number, a digital watermark to insure the credential is not counterfeit and a smart chip that holds a biometric template. Roberts—Single card for personnel badging, proximity access into common areas, such as elevators and parking. Contactless stored personnel information, such as their unique biometrics, electronic purse for vending and cafeteria purchases and medical records. Stiles—Integrated card issuance, security, ease of use and low cost.
Are most systems easily expandable and upgradeable? Spitler/Johnson/Bennett—When considering a multi-technology ID card, the end-user must consider multiple factors including: What existing systems are in place? Which existing systems will be kept as is, which will be upgraded and which will be completely replaced? What new applications are needed to successfully manage the environment? Stiles—It is important to integrate the card issuance operation seamlessly with the other systems that read the card—access control or network security. This provides lower cost and higher confidence. Connection to a common data source is the key—one database, one enrollment process and one card issuance process.
How have these advancements benefited the end user? Spitler/Johnson/Bennett—Companies are discovering the value of utilizing one card for multiple applications. With smart card technology, users can even incorporate their driver’s license, health and auto insurance onto their card. Biometrics will remove the problems of remembering PINs and passwords. Now one’s fingerprint can gain secure access to a number of points, and there is nothing to remember. PKI in combination with smart cards will help make the Internet, Intranet and Extranet a safer place to conduct business. In organizations with advanced or integrated systems, IDs allows for individual access levels to various systems to be connected throughout the company. For example, if an organization were to change an employees’ building access level, that change could automatically affect the employee’s access to the IT network. Multi-technology IDs also allow the end-user to leverage their existing infrastructure, while adding new systems that capitalize on the latest technology. Rather than replacing all systems, cards can be replaced that utilize existing and new infrastructure simultaneously. Stiles—The ability to store a biometric template on a smart card for use as a “second factor” of authentication has become a reality. Organizations need this additional security to protect their physical and intellectual assets. The implementation of global standards has helped the smart card advancement.
Where do you see multi-tech ID technology heading in the next 5 - 10 years? Spitler/Johnson/Bennett—The need for higher levels of security and stronger methods of authentication will drive the use multi-technology IDs in the future. Multi-tech credentials enable the use of legacy systems, while enabling users to benefit from new identification technology. Roberts—Becoming the standard credential in our marketplace augmenting the current proximity technologies. Stiles—Multi-application smart cards that conform to standards. Contactless RF technology. Biometric template stored on the card.