The future of government ID cards
- By Shawn McCarthy
- Jun 27, 2014
Nearly 10 years after the release of Homeland Security Presidential Directive 12 (HSPD-12), the goal of “secure and reliable forms of identification” for government employees and contractors has not yet been met. http://gcn.com/articles/2014/05/29/hspd-12-mixed-results.aspx
Still, some relatively mature technologies are being used in interesting ways for employee IDs. The level of interaction, and also the level of employee tracking, is going nowhere but up.
One example is the Personal Duress Alarm System ID badges currently in use in California’s Napa State Hospital. The badges include bidirectional radio-frequency identification (RFID) tags that can be read by sensors located in campus buildings. Information is sent over the psychiatric hospital’s Wi-Fi network to provide real-time location of the 2,300 employees. Staff location data shows up as icons on real-time campus maps monitored by the hospital's security staff.
Every ID is also capable of triggering an alarm. Staff members who run into trouble tug the ID down a little in order to activate the signal. Once the ID sends an alarm, that person's icon (the one shown on the monitor in the hospital's security office) changes color. The alarm signal also is relayed to nearby staffers who can help. The data transmitted includes information on the staffer whose ID was triggered, complete with name and photo.
The Napa project started in 2011 (after the murder of a staff member by a patient in 2010). It has been considered successful enough that it has been expanded to other state hospitals, and may be tested soon in California prisons.
The Napa example is a great illustration of how ID badges can be used to improve worker safety and enhance emergency communication. However, this type of technology also has the potential to be used by employers to track something as basic as how often a worker steps outside for a cigarette or how often he sits at their desk. And, as we head toward ubiquitous connectivity, the credentials we carry could be used to identify us wherever we go.
Meanwhile, we are seeing smart cards becoming the preferred credential in many ID systems. That means government offices might soon find they need to move away from magnetic stripe cards and even more recent proximity card systems. Smart cards can be designed with a challenge and response progression as they interact with a network, and their traffic can be encrypted in a variety of ways. This makes them harder to spoof.
And as government networks become increasingly cloud based, access control management is becoming more easily federated. That means that the access control management can be based in cloud solutions hosted by a third party, rather than supporting multiple forms of ID and sign-on systems. It also tends to mean lowered costs and condensed management and distribution times.
But, again, these types of sign-on systems also can be used to track highly personal employee information, such as time and attendance, system and resource access, payments - if supported (for use of copy machines, cafeteria purchases, vending machines, etc.) or checking special agency equipment into or out of a facility.
Another method of ID management is based on near field communications. A smartphone enabled with NFC could allow employees to use their own phones as their access credential to get into a building or to log into networks.
With all of these ID options on the horizon, chief security officers and access control managers (whether they work with IT security or physical security) need to choose access control systems that can easily be upgraded. They also need to move toward an enterprise architecture that covers ID interactions across all facilities. This architecture should be able to accommodate emerging access control technologies in order to support future system expansion.
Shawn McCarthy, a former writer for GCN, is senior analyst and program manager for government IT opportunities at IDC.