Smart-card industry leaders tout digital certificates for security applications

Smart-card industry leaders tout digital certificates for security applications

By William Jackson

GCN Staff

Digital certificates are likely to become the dominant U.S. application for smart cards.

Industry leaders attending the Smart Card Forum's recent annual meeting in Washington said strong online authentication will make it possible to leave large programs on networks rather than shoehorn them into the cards.

American Express Co.'s Blue card, a credit card incorporating a digital certificate, is the first large commercial application.

'We've taken a thin-client approach,'' said R. Allen Gilstrap, vice president of smart-card technologies for American Express Technologies and incoming chairman of the Smart Card Forum.

Reflecting the focus on authentication, the forum is setting up an ID and Authentication Work Group to promote use of digital certificates and signatures.

A digital certificate is an electronic identifier issued by a trusted third party using public-key encryption. By matching public and private keys, the holder of a digital certificate can prove identity online. A digital signature uses a digital certificate to electronically sign a document. These software functions can reside on various hardware platforms from PCs to smart cards.

Smart cards have been slow to take off in the United States as payment mechanisms, primarily because of the efficiency of existing systems using cash, checks and credit cards.

Putting multiple applications on a single card has been the industry's Holy Grail, but interoperability always presented a roadblock.

Now some card issuers plan to leave the apps on the network and use the card for secure access. Applications might include physical access control, online financial transactions, secure e-mail and virtual private networking.

Big concerns

'Very substantial security concerns are going to drive applications rapidly,'' said Peter C. Freund, chairman of Certco Inc. of New York.

William J. Barr, executive director of information networking for Telcordia Technologies Inc. of Morristown, N.J., said there is no single killer app but instead many individual business cases. Office access, multifunction IDs, and money cards for college campuses and military bases are among the earliest uses, he said.

The American Express Blue card has a magnetic stripe to work as a conventional credit card at existing point-of-sale terminals; however, its digital certificate issued by GTE CyberTrust of Needham Heights, Mass., also can access online financial tools, including an online wallet for Internet purchasing.

inside gcn

  • cloud migration (deepadesigns/Shutterstock.com)

    What agencies can learn from the Army’s complicated move to the cloud

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group