Risk
7/17/2013
05:03 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Smart Card Alliance Identity Council Urges Use Of Smart Cards For Security, Privacy In NSTIC Identity Ecosystem

White paper reviews NSTIC initiatives and discusses how smart card technology can provide the credentialing capabilities

PRINCETON JUNCTION, N.J., July 15, 2013 – Smart card credentials are the best choice for online transactions that require higher levels of security and trust within the National Strategy for Trusted Identities in Cyberspace (NSTIC) identity ecosystem, the Smart Card Alliance Identity Council reports in a new white paper released today.

The "Smart Card Technology and NSTIC Brief" is available at http://www.smartcardalliance.org/pages/publications-smart-card-technology-and-nstic. It reviews the NSTIC initiatives and discusses how smart card technology can provide the advanced credentialing capabilities needed to enable high assurance in the NSTIC identity ecosystem.

"We fully support the NSTIC vision of an environment where people use a secure, interoperable, privacy-enhancing credential to authenticate themselves online for different types of transactions," said Randy Vanderhoof, executive director of the Smart Card Alliance. "As the details of the NSTIC identity ecosystem are still being defined, now is the time to make sure that the fundamental design supports high assurance authentication and leverages smart card technology, the global standard for strong authentication."

The Smart Card Alliance has publicly endorsed the White House's NSTIC initiative, which aims to improve on the credentials currently used to access the Internet and authenticate identity online, and to create and secure a trusted identity ecosystem. By enabling the principles of NSTIC, individuals will no longer have to remember an ever-growing (and potentially insecure) list of user names and passwords to access various online services.

"As our use of the Internet has increased, so has cybercrime, especially identity theft. The NSTIC recognizes that traditional forms of online identity verification are no longer sufficient, and takes on the critical task of better securing our online lives," said Bryan Ichikawa, senior manager, Deloitte & Touche LLP, and chair of the Identity Council. "The goal of this paper is to educate stakeholders on how smart card technology fits many of the guiding principles of the NSTIC, and can meet the challenges presented by a heterogeneous identity framework while providing assurance that transactions are secure."

The white paper details how the use of smart card technology within the NSTIC identity ecosystem offers several advantages:

· The technology is designed to reduce the risk of fraud by minimizing the risk that credentials or tokens are fraudulent.

· Smart cards are deployed around the world for financial services, mobile communications, healthcare, and e-government.

· Smart card technology enables secure identity verification while helping to protect personal privacy.

· Only the cardholder is able to initiate or verify a transaction using a PIN, biometric data, or both.

· Smart card technology-based tokens can store electronic credentials and reduce the risk of the credentials being copied, altered, or hacked.

· Smart card technology-based tokens can hold many different identity credentials and support multiple authentication mechanisms.

Participants involved in the development of the "Smart Card Technology and NSTIC Brief" included: Booz Allen Hamilton; CH2M Hill; Deloitte & Touche LLP; Gemalto; IDmachines; IQ Devices; NXP Semiconductors; Oberthur Technologies; and SecureKey Technologies.

More resources from the Smart Card Alliance Identity Council can be found at http://www.smartcardalliance.org/pages/activities-councils-identity.

About the Identity Council

The Identity Council is focused on promoting best policies and practices concerning person and machine identity, including strong authentication and appropriate authorization across different use cases. Through its activities, the Council encourages the use of digital identities that provide strong authentication across assurance environments through smart credentials--e.g., smart ID cards, mobile devices, enhanced driver's licenses, and other tokens. The Council furthermore encourages the use of smart credentials, secure network protocols, and cryptographic standards in support of digital identities and strong authentication on the Internet.

The Council addresses the challenges of securing identity and develops guidance for organizations so that they can realize the benefits that secure identity delivers. The Council engages a broad set of participants and takes an industry perspective, bringing careful thought, joint planning, and multiple organizational resources to bear on addressing the challenges of securing identity information for proper use.

Additional information on the use of smart card technology for identity applications can be found on the Smart Card Alliance Web site at http://www.smartcardalliance.org.

About the Smart Card Alliance

The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology.

Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.smartcard

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web