Cleared for access

Faced with the urgency to tighten access to its buildings, the State Department will begin distributing 20,000 smart cards to employees in October that will make it easier as well as more secure to enter the department's offices in the United States.

It is the first time in 17 years that the department is updating its identification cards, replacing picture cards read by a machine with smart-card technology developed by Datakey Inc., a smart-card solutions company based in Minneapolis.

The new card carries a digital picture of the State employee and a chip that can authorize access to as many as 40 buildings in the United States and to specific secure areas, according to Lolie Kull, access control smart-card implementation manager for the department's Bureau of Diplomatic Security.

But more important, the smart card is likely to serve as a prototype for the government's attempts to authorize access and limit it when necessary.

"The advantage of smart cards is that it gives us much more than a visual ID," Kull said. "It gives us [public-key infrastructure] and ID authentication. It can also hold emergency medical information and other applications such as access to a motor pool."

The card does not contain biometric information, such as fingerprints or eye scans, but these security components are likely to be added to the card's chip, which has 32K of memory, according to Kull.

The department has been "following a very sound plan for deploying the card and updating the infrastructure as they do so. They can manage the existing card and the new card for the transition period," said Randy Vanderhoof, president and chief executive officer of the Smart Card Alliance.

State is working with the Transportation Department's Volpe National Transportation Systems Center to provide engineering and technical support to make the system work. Other federal agencies will be able to tap into the same blueprint.

To use the card, a person must swipe it through a machine and enter a personal identification number. When the employee leaves the building, the card must be swiped again, providing entry and exit data on every person going in and out of a building.

"The major thing that sets us apart is a complete solution: workstation software, smart cards and the software you can use to manage those cards once they are deployed," said Tim Russell, Datakey's vice president and general manager.

"The card is baseline infrastructure that can accommodate whatever biometric or other kinds of data the customer wants to add," he said.

Datakey, which provides cards for both commercial and government use, relies on off-the-shelf products and software to produce a system that provides such tools as password management, host authentication, public-key encryption, digital certificates and digital signatures.

In August, Datakey was selected as a supplier of middleware — including client software, software licenses and maintenance support — for the Defense Department's Common Access Card program. The $6.8 multiple-award, indefinite-delivery, indefinite-quantity contract will extend over three years.

State's program will first provide smart cards to workers in the Washington, D.C., area and then fan out across the country. Even Secretary Colin Powell carries a smart card, although he relies on staff to get him in the door of the department's headquarters, Kull said.

And the system is nearly foolproof. The only way someone could forge the card or break the code is with a lot of "time, money and technical expertise to get into the card," Kull said.

"Before [Sept. 11], it was important to know who was in the building. After [Sept. 11], it is imperative," she said.