Risk
7/17/2013
05:03 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Smart Card Alliance Identity Council Urges Use Of Smart Cards For Security, Privacy In NSTIC Identity Ecosystem

White paper reviews NSTIC initiatives and discusses how smart card technology can provide the credentialing capabilities

PRINCETON JUNCTION, N.J., July 15, 2013 – Smart card credentials are the best choice for online transactions that require higher levels of security and trust within the National Strategy for Trusted Identities in Cyberspace (NSTIC) identity ecosystem, the Smart Card Alliance Identity Council reports in a new white paper released today.

The "Smart Card Technology and NSTIC Brief" is available at http://www.smartcardalliance.org/pages/publications-smart-card-technology-and-nstic. It reviews the NSTIC initiatives and discusses how smart card technology can provide the advanced credentialing capabilities needed to enable high assurance in the NSTIC identity ecosystem.

"We fully support the NSTIC vision of an environment where people use a secure, interoperable, privacy-enhancing credential to authenticate themselves online for different types of transactions," said Randy Vanderhoof, executive director of the Smart Card Alliance. "As the details of the NSTIC identity ecosystem are still being defined, now is the time to make sure that the fundamental design supports high assurance authentication and leverages smart card technology, the global standard for strong authentication."

The Smart Card Alliance has publicly endorsed the White House's NSTIC initiative, which aims to improve on the credentials currently used to access the Internet and authenticate identity online, and to create and secure a trusted identity ecosystem. By enabling the principles of NSTIC, individuals will no longer have to remember an ever-growing (and potentially insecure) list of user names and passwords to access various online services.

"As our use of the Internet has increased, so has cybercrime, especially identity theft. The NSTIC recognizes that traditional forms of online identity verification are no longer sufficient, and takes on the critical task of better securing our online lives," said Bryan Ichikawa, senior manager, Deloitte & Touche LLP, and chair of the Identity Council. "The goal of this paper is to educate stakeholders on how smart card technology fits many of the guiding principles of the NSTIC, and can meet the challenges presented by a heterogeneous identity framework while providing assurance that transactions are secure."

The white paper details how the use of smart card technology within the NSTIC identity ecosystem offers several advantages:

· The technology is designed to reduce the risk of fraud by minimizing the risk that credentials or tokens are fraudulent.

· Smart cards are deployed around the world for financial services, mobile communications, healthcare, and e-government.

· Smart card technology enables secure identity verification while helping to protect personal privacy.

· Only the cardholder is able to initiate or verify a transaction using a PIN, biometric data, or both.

· Smart card technology-based tokens can store electronic credentials and reduce the risk of the credentials being copied, altered, or hacked.

· Smart card technology-based tokens can hold many different identity credentials and support multiple authentication mechanisms.

Participants involved in the development of the "Smart Card Technology and NSTIC Brief" included: Booz Allen Hamilton; CH2M Hill; Deloitte & Touche LLP; Gemalto; IDmachines; IQ Devices; NXP Semiconductors; Oberthur Technologies; and SecureKey Technologies.

More resources from the Smart Card Alliance Identity Council can be found at http://www.smartcardalliance.org/pages/activities-councils-identity.

About the Identity Council

The Identity Council is focused on promoting best policies and practices concerning person and machine identity, including strong authentication and appropriate authorization across different use cases. Through its activities, the Council encourages the use of digital identities that provide strong authentication across assurance environments through smart credentials--e.g., smart ID cards, mobile devices, enhanced driver's licenses, and other tokens. The Council furthermore encourages the use of smart credentials, secure network protocols, and cryptographic standards in support of digital identities and strong authentication on the Internet.

The Council addresses the challenges of securing identity and develops guidance for organizations so that they can realize the benefits that secure identity delivers. The Council engages a broad set of participants and takes an industry perspective, bringing careful thought, joint planning, and multiple organizational resources to bear on addressing the challenges of securing identity information for proper use.

Additional information on the use of smart card technology for identity applications can be found on the Smart Card Alliance Web site at http://www.smartcardalliance.org.

About the Smart Card Alliance

The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology.

Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.smartcard

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web