Smart card market ready to explode

Depending on whom you ask, smart card technology is either on the verge of tremendous growth in the federal government or has yet to make a significant impression within most agencies. On the plus side, smart cards already have become a fixture at some military bases, for example, where they contro

Depending on whom you ask, smart card technology is either on the verge of tremendous growth in the federal government or has yet to make a significant impression within most agencies.

On the plus side, smart cards already have become a fixture at some military bases, for example, where they control access to buildings and mess-hall privileges. The Navy and the General Services Administration plan to issue smart cards to thousands of their personnel. Numerous pilot projects are ongoing, and at least some of them are expected to produce a sizable demand for smart cards.

Improvements in the basic technology of smart cards - more powerful microprocessors and larger memories - will allow multiple applications to be put onto a single card, as well as provide for much stronger security.

But most observers recognize that many agencies still lack knowledge of smart cards and that federal information technology managers have a lot bigger fish still to fry.

"The major challenge for many people is that they are currently overwhelmed with technology concerns," said John Moore, chairman of the Federal Smart Card Users Group and a computer specialist at the Treasury Department's Financial Management Service. "As soon as the funds free up after the Year 2000 has been dealt with, then we might see more money available [for smart card pilots], and that could drive things forward."

There could well be "an explosion of interest" in smart cards, Moore said. But it is far too early to predict whether that will lead to an explosion in their use.

Even the technology's biggest boosters acknowledge it has not yet arrived, but they insist its appearance has been foreshadowed by the numerous federal pilot projects and recent technological developments.

"It isn't there right now," said Mike Irvine, program manager for the Health Passport Project at Siemens Information and Communications Network. "But I think all of this will cause the smart card market to explode."

Siemens is the prime contractor for the Health Passport Project, a multistate pilot program involving various federal and state agencies that is looking at ways to deliver a variety of public health programs on a single card. Program officials claim that Health Passport is the largest health care smart card program in the country.

A big drawback to gauging government demand is that there is no commercial business for smart cards in the U.S. on which to base comparisons. Although analysts estimate there were more than 1 billion smart cards in circulation last year, the vast majority of them were in Europe. Only about 6 million smart cards - with as many as half of those used in "embedded" applications such as satellite TV receivers - are currently thought to be in use in the United States.

"The business drivers in the U.S. are not the same as overseas," said Donna Farmer, president of the Smart Card Forum, an industry group. "There, it's been for such things as telecommunications, as pre-paid cash and phone cards. Privacy and security are the driving issues in North America."

Given the current lack of a commercial market, the government finds itself leading much of the technology development of smart cards in the United States.

The government's drive for public-key infrastructure (PKI), in particular, is considered a natural fit for smart cards. Unlike instances where the private "user" key employed in PKI is kept in software on a computer, it can alternatively be embedded on a smart card. Software keys could be copied without the knowledge of the user, but the private key on a smart card would never leave the card. And if the card goes missing, the rightful owner presumably would know.

The government has embraced smart cards for other applications, such as secure sign-on to networks; as "transportable" devices to allow people to log on to secure sites no matter which computer they use; and to carry other security elements, such as digital signatures. So it's little wonder smart cards increasingly are viewed - at least in certain parts of government - as one of the principal enablers of secure, distributed computing.

The Navy, for example, is one of the most active agencies in using smart cards. It was set this year to issue more than 100,000 cards to many of its operational groups. It also was designated as the lead agency for the overall Defense Department smart card program in the fiscal 2000 Senate Defense authorization bill and was given $30 million to help it field the technology.

The Navy initially saw smart cards as a way for someone to carry essential personal data, such as medical records, around with him. The service now views smart cards as "multipurpose cyberidentity" cards that can be used as a PKI hardware token, a building pass key or a personnel ID. In general, Navy personnel use them to get to data held on a secure World Wide Web site.

"We are changing from the model of a card-centric world and evolving to a server-centric environment using the smart card as a trusted client," explained Anthony Cieri, program manager for the Navy's smart card program office. "The card would be used as the authenticating device in a PKI environment, to gain access to a portal on the Web. The PKI scheme is in lieu of one where the card itself would be used to carry all of this extra data."

Vendors are beginning to fit their products to the PKI universe. Gemplus S.C.A., one of the biggest manufacturers of smart card systems, recently introduced its GemSafe Enterprise suite of products, specifically designed to support PKI. Secure Computing Corp., whose Sidewinder firewall is widely used in government and particularly in DOD, has come out with the e.ID "multicard," which can authenticate a user's identification through digital certificates or one-time passwords, or it can be used for physical access control to a site using a photo ID and magnetic stripe or bar code.

Datakey Inc., which has been involved in government security for years, is trying to get ahead of the Internet security crowd with Private Access, a turnkey solution that provides a ready-made secure Internet site with the smart card technology needed for authentication.

PKI is an essential part of the future, said Carl Boecher, Datakey's president and chief executive officer. "We can't operate without that. There have been around 100 smart card pilots, and only 14 have gone into production. But with PKI being built out over the next couple of years, we expect explosive growth beginning in 2000."

Meanwhile, GSA is planning to make smart card technology widely available to all government agencies through the Smart Access Common ID Card program, for which it hopes to make an award in the fall. Run by GSA's Office of Electronic Commerce, this contract will cover smart card applications that combine both physical access to buildings as well as "logical" access to IT systems and networks. It also will support the use of biometric technology and digital signatures.

Until recently, smart cards' memory size was limited to either 4K or 8K, and microprocessors were almost always 8-bit chips. That is more than adequate to cope with the on-card cash, phone card and simple ID applications but not for the multi-application, security-dense cards that government users will be looking for in the future.

Bill Holcombe, director of card technology in GSA's Office of Government Policy and chairman of the Federal Smart Card Project Managers Group, said increases in chip performance and memory are necessary for cards capable of handling digital signature, certification and cryptography.

For this, cards with 16K to 32K of memory will be needed. More powerful 16- and 32-bit-processor cards already are in the pipeline.

Another essential development will be the move to fewer operating systems for smart cards. Historically, there have been a large number of proprietary and incompatible operating systems-practically one for each smart card vendor. Consequently, each vendor manufactured its own smart card reader, which meant that a smart card user could not use one reader with another vendor's smart card.

That began to change several years ago, when Sun Microsystems Inc. developed a version of the industry-standard Java language for use with smart cards.

Then Microsoft Corp. last year announced Smart Card for Windows, an 8-bit operating system for which application developers could write programs using C++ or Visual Basic.

Microsoft also said it would build support for smart card readers into its upcoming Windows 2000/NT 5.0 operating system and has begun accreditation testing for various vendors' readers. That should mean that any smart card that supports Smart Card for Windows could be accepted by a Windows-compatible reader. Several PC makers have said they intend to incorporate smart card readers directly into the keyboards of their computers.

Those factors could push the smart card market into overdrive, said Duncan Brown, director of research, North America, for market watcher Ovum Ltd. For example, if Microsoft decides to ship a smart card with each of its Office 2000 packages, that could stimulate the purchase of readers and the use of smart cards.

"I expect the smart card market then would follow the dynamics of the CD-ROM market," Brown said.

Ovum is projecting a total worldwide market for smart cards of 2.7 billion units by 2003, with the largest markets still in pre-payment applications, followed by access control and electronic cash.

But Brown said the caveat is that the window for smart cards to establish themselves as a dominant security access technology is relatively narrow. "If smart card technology is not implemented shortly, say over the next three years, then other technologies will come along that could usurp them," he said. "The technology for [stand-alone] biometrics, for example, is maturing very fast."

That promises little relief for federal smart card proponents. By the time they begin to get comfortable with the idea of smart cards, another technology may already be knocking.

-- Robinson is a free-lance journalist based in Portland, Ore. He can be reached at hullite@mindspring.com.

NEXT STORY: Market Trends -- ERP

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.