Secret Service Makes a Pitch Smart-card development focuses on security By Terry Costlow, EE Times Arlington, Va. -- As government agencies look at smart cards to simplify citizens' interaction with state and federal agencies while trimming government costs, their focus is turning heavily to security. A key facet of their efforts is the topic of certificates, digital signatures that assure identification when transactions are made remotely over the Internet or other communication pathways. Security issues took center stage at the CardTech/SecureTech conference here recently, with agencies saying they are very interested in leveraging secure technology developed in the private sector. Smart cards are seen as a technology that improves security, which has become a big issue in recent months as several federal agencies have responded to an edict from President Clinton to make more information available on the Internet. The need to prevent unauthorized access to data on the Net was driven home earlier this year when the Social Security Web site was shut down for being too easily accessed by unauthorized users. Many top government officials believe smart cards can provide security that minimizes unauthorized access while making it easier for citizens to access many agencies in the complex government hierarchy from a single site. "In the new plan for our information technology, the key issues we have to address are security and privacy," said Greg Woods, who heads a multi-agency federal effort called the National Performance Review. "The card lets us do that, and it is the key to one-stop services in government. One reason I'm so enthusiastic about cards is that they give citizens much more control. They can access their personal data and tell government whether that information is correct." However, for smart cards to live up to their promise, their usage must start without problems in security. Observers in both the public and private sectors note that if there are problems with some of the early programs, the acceptance of smart cards will suffer a huge setback. Underscoring the need for safety, the U.S. Secret Service made a rare public presentation at the conference, asking for cooperation from smart-card users and vendors. Jeff Shaffer of the agency's Financial Crimes Division noted that even though smart cards are seeing increased usage overseas, no cases of fraud have been reported worldwide. However, he noted that a key factor for smart-card providers is to come up with low-cost replacement cards, saying that quick replacement of cards will be "very important as the system becomes compromised, and it will." To avoid that as long as possible, smart-card supporters are coming up with detailed programs for encrypting data. Public key encryption is considered the most efficient and effective way to let smart cards communicate remotely without fear that eavesdroppers can copy ID codes or learn what is in private communications. While the encryption issue is being ironed out, many in the smart-card community are beginning to focus on a certificate, the digital signature that ascertains identity. These certificates are needed to ensure that transactions are made by the card and cardholder that have the right to make the transaction. Certificates are needed for non-repudiation, which means that neither party can come back later claiming a transaction was unauthorized. (c) 1997 CMP Media, Inc [This article comes from EE Times in a joint cooperative effort with the Motley Fool. For more articles like it, please look at Fool's Gold every weekend or simply go to the Fool's Gold Mine and page through our back issues, which all have clever and cool EE Times articles in them.]

© Copyright 1995-2000, The Motley Fool. All rights reserved. This material is for personal use only. Republication and redissemination, including posting to news groups, is expressly prohibited without the prior written consent of The Motley Fool. The Motley Fool is a registered trademark and the "Fool" logo is a trademark of The Motley Fool, Inc. Contact Us

..

..

..

..

..

..

..

..