05:03 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly

Smart Card Alliance Identity Council Urges Use Of Smart Cards For Security, Privacy In NSTIC Identity Ecosystem

White paper reviews NSTIC initiatives and discusses how smart card technology can provide the credentialing capabilities

PRINCETON JUNCTION, N.J., July 15, 2013 – Smart card credentials are the best choice for online transactions that require higher levels of security and trust within the National Strategy for Trusted Identities in Cyberspace (NSTIC) identity ecosystem, the Smart Card Alliance Identity Council reports in a new white paper released today.

The "Smart Card Technology and NSTIC Brief" is available at http://www.smartcardalliance.org/pages/publications-smart-card-technology-and-nstic. It reviews the NSTIC initiatives and discusses how smart card technology can provide the advanced credentialing capabilities needed to enable high assurance in the NSTIC identity ecosystem.

"We fully support the NSTIC vision of an environment where people use a secure, interoperable, privacy-enhancing credential to authenticate themselves online for different types of transactions," said Randy Vanderhoof, executive director of the Smart Card Alliance. "As the details of the NSTIC identity ecosystem are still being defined, now is the time to make sure that the fundamental design supports high assurance authentication and leverages smart card technology, the global standard for strong authentication."

The Smart Card Alliance has publicly endorsed the White House's NSTIC initiative, which aims to improve on the credentials currently used to access the Internet and authenticate identity online, and to create and secure a trusted identity ecosystem. By enabling the principles of NSTIC, individuals will no longer have to remember an ever-growing (and potentially insecure) list of user names and passwords to access various online services.

"As our use of the Internet has increased, so has cybercrime, especially identity theft. The NSTIC recognizes that traditional forms of online identity verification are no longer sufficient, and takes on the critical task of better securing our online lives," said Bryan Ichikawa, senior manager, Deloitte & Touche LLP, and chair of the Identity Council. "The goal of this paper is to educate stakeholders on how smart card technology fits many of the guiding principles of the NSTIC, and can meet the challenges presented by a heterogeneous identity framework while providing assurance that transactions are secure."

The white paper details how the use of smart card technology within the NSTIC identity ecosystem offers several advantages:

· The technology is designed to reduce the risk of fraud by minimizing the risk that credentials or tokens are fraudulent.

· Smart cards are deployed around the world for financial services, mobile communications, healthcare, and e-government.

· Smart card technology enables secure identity verification while helping to protect personal privacy.

· Only the cardholder is able to initiate or verify a transaction using a PIN, biometric data, or both.

· Smart card technology-based tokens can store electronic credentials and reduce the risk of the credentials being copied, altered, or hacked.

· Smart card technology-based tokens can hold many different identity credentials and support multiple authentication mechanisms.

Participants involved in the development of the "Smart Card Technology and NSTIC Brief" included: Booz Allen Hamilton; CH2M Hill; Deloitte & Touche LLP; Gemalto; IDmachines; IQ Devices; NXP Semiconductors; Oberthur Technologies; and SecureKey Technologies.

More resources from the Smart Card Alliance Identity Council can be found at http://www.smartcardalliance.org/pages/activities-councils-identity.

About the Identity Council

The Identity Council is focused on promoting best policies and practices concerning person and machine identity, including strong authentication and appropriate authorization across different use cases. Through its activities, the Council encourages the use of digital identities that provide strong authentication across assurance environments through smart credentials--e.g., smart ID cards, mobile devices, enhanced driver's licenses, and other tokens. The Council furthermore encourages the use of smart credentials, secure network protocols, and cryptographic standards in support of digital identities and strong authentication on the Internet.

The Council addresses the challenges of securing identity and develops guidance for organizations so that they can realize the benefits that secure identity delivers. The Council engages a broad set of participants and takes an industry perspective, bringing careful thought, joint planning, and multiple organizational resources to bear on addressing the challenges of securing identity information for proper use.

Additional information on the use of smart card technology for identity applications can be found on the Smart Card Alliance Web site at http://www.smartcardalliance.org.

About the Smart Card Alliance

The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology.

Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.smartcard

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-08-31
The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which all...

Published: 2014-08-31
Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that lever...

Published: 2014-08-31
app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory ...

Published: 2014-08-31
A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption pas...

Published: 2014-08-31
The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary fil...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.