Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

7/17/2013
05:03 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Smart Card Alliance Identity Council Urges Use Of Smart Cards For Security, Privacy In NSTIC Identity Ecosystem

White paper reviews NSTIC initiatives and discusses how smart card technology can provide the credentialing capabilities

PRINCETON JUNCTION, N.J., July 15, 2013 – Smart card credentials are the best choice for online transactions that require higher levels of security and trust within the National Strategy for Trusted Identities in Cyberspace (NSTIC) identity ecosystem, the Smart Card Alliance Identity Council reports in a new white paper released today.

The "Smart Card Technology and NSTIC Brief" is available at http://www.smartcardalliance.org/pages/publications-smart-card-technology-and-nstic. It reviews the NSTIC initiatives and discusses how smart card technology can provide the advanced credentialing capabilities needed to enable high assurance in the NSTIC identity ecosystem.

"We fully support the NSTIC vision of an environment where people use a secure, interoperable, privacy-enhancing credential to authenticate themselves online for different types of transactions," said Randy Vanderhoof, executive director of the Smart Card Alliance. "As the details of the NSTIC identity ecosystem are still being defined, now is the time to make sure that the fundamental design supports high assurance authentication and leverages smart card technology, the global standard for strong authentication."

The Smart Card Alliance has publicly endorsed the White House's NSTIC initiative, which aims to improve on the credentials currently used to access the Internet and authenticate identity online, and to create and secure a trusted identity ecosystem. By enabling the principles of NSTIC, individuals will no longer have to remember an ever-growing (and potentially insecure) list of user names and passwords to access various online services.

"As our use of the Internet has increased, so has cybercrime, especially identity theft. The NSTIC recognizes that traditional forms of online identity verification are no longer sufficient, and takes on the critical task of better securing our online lives," said Bryan Ichikawa, senior manager, Deloitte & Touche LLP, and chair of the Identity Council. "The goal of this paper is to educate stakeholders on how smart card technology fits many of the guiding principles of the NSTIC, and can meet the challenges presented by a heterogeneous identity framework while providing assurance that transactions are secure."

The white paper details how the use of smart card technology within the NSTIC identity ecosystem offers several advantages:

· The technology is designed to reduce the risk of fraud by minimizing the risk that credentials or tokens are fraudulent.

· Smart cards are deployed around the world for financial services, mobile communications, healthcare, and e-government.

· Smart card technology enables secure identity verification while helping to protect personal privacy.

· Only the cardholder is able to initiate or verify a transaction using a PIN, biometric data, or both.

· Smart card technology-based tokens can store electronic credentials and reduce the risk of the credentials being copied, altered, or hacked.

· Smart card technology-based tokens can hold many different identity credentials and support multiple authentication mechanisms.

Participants involved in the development of the "Smart Card Technology and NSTIC Brief" included: Booz Allen Hamilton; CH2M Hill; Deloitte & Touche LLP; Gemalto; IDmachines; IQ Devices; NXP Semiconductors; Oberthur Technologies; and SecureKey Technologies.

More resources from the Smart Card Alliance Identity Council can be found at http://www.smartcardalliance.org/pages/activities-councils-identity.

About the Identity Council

The Identity Council is focused on promoting best policies and practices concerning person and machine identity, including strong authentication and appropriate authorization across different use cases. Through its activities, the Council encourages the use of digital identities that provide strong authentication across assurance environments through smart credentials--e.g., smart ID cards, mobile devices, enhanced driver's licenses, and other tokens. The Council furthermore encourages the use of smart credentials, secure network protocols, and cryptographic standards in support of digital identities and strong authentication on the Internet.

The Council addresses the challenges of securing identity and develops guidance for organizations so that they can realize the benefits that secure identity delivers. The Council engages a broad set of participants and takes an industry perspective, bringing careful thought, joint planning, and multiple organizational resources to bear on addressing the challenges of securing identity information for proper use.

Additional information on the use of smart card technology for identity applications can be found on the Smart Card Alliance Web site at http://www.smartcardalliance.org.

About the Smart Card Alliance

The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology.

Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.smartcard

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.