Smart card meets fed security scrutiny
- By Colleen O'Hara
- May 11, 2000
As the General Services Administration prepares to award an estimated $1
billion governmentwide smart card contract, Spyrus Inc. announced this week
that its smart card is the first to receive a certification validating that
it has met a federal security standard.
Spyrus' Rosetta Smart Card is the first to receive the Federal Information
Processing Standard (FIPS) Pub 140-1 certification. The National Institute
of Standards and Technology on May 5 issued the certification, which is
required for cryptographic modules such as those used for data encryption
and user authentication.
Agencies are required to purchase cryptographic devices such as smart
cards that are FIPS 140-1-certified, when they are available on the market.
Until now there have been no smart cards that have received this certification,
said Bill Bialick, technical director at Spyrus. And while other companies
are likely to follow suit, not every vendor will ultimately receive the
FIPS certification, he said.
The move should make the Rosetta card a top contender for government
smart card business, including the GSA's Smart Access Common ID Card program
that will provide a single vehicle for agencies to buy smart card products
and services, Bialick said.
GSA expects to award the contract May 19.
The Rosetta Smart Card is unique, Bialick said, because its processor
is "designed to protect and isolate keys and data." The card can be used
for physical and logical access and as part of a public-key infrastructure.
The card received a Level 2 certification, which means that a user can
visually tell if the card has been tampered with.