The tech that locks down ID cards

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Stephanie Kanowitz,
Contributor, Route Fifty
 

Connecting state and local government leaders

By Stephanie Kanowitz

|

Whether the card allows for access into a government building or another country, new technologies are making it easier for officials to verify identities.

Across federal and state governments alike, secure identity cards are getting securer. Whether the card allows for access into a government building or travel to another country, new technologies are making it easier for officials to verify identities.

Take the new Permanent Resident Card, or green card, which lets holders live and work in the United States on a permanent basis. The U.S. Citizenship and Immigration Services recently began issuing redesigned cards, the front of which features ink that shifts from gold to green, embedded radio frequency identity (RFID) technology, tactile laser personalization, a laser-engraved fingerprint and a unique background design.

On the back, the cards have a personalized embedded hologram. Additionally, ultraviolet technology and tactile clues help deliver more accurate readings at border crossings.

Like the previous version of the card, the new cards use embedded optical media to store digital files including biometrics, a holographic image and micro-images of high-resolution pictures of state flags and U.S. presidents.

USCIS placed an $88.3 million order with identity solutions provider HID Global to redesign, manufacture and supply the cards. Under the agreement, the Austin, Texas-based company will produce, deliver and store up to 34 million identity cards in the next five years.

HID Global is no stranger to making green cards. This award continues the relationship between USCIS and HID Global, which in the past has developed security technology such as an optical stripe. That metallic stripe, HID Global Vice President of Corporate Affairs Kathleen Carroll told the House Oversight and Government Reform Committee in October, is embedded into the laminate that is laser-engraved with a high-resolution replica of the card-holder’s face and signature.

“It is easy to visually confirm its authenticity; it holds digital data that must be programmed to match the data printed on the card; and is virtually impossible to replicate without very sophisticated and hard-to-obtain laser engraving technology,” Carroll said. “We intend to work with USCIS to continue making the most secure, most reliable credential on the planet.”

Two types of ID card technology are being used in the federal security market today, said Randy Vanderhoof, executive director of the Smart Card Alliance. One is long-range RFID technology and is primarily used for border crossings. RFID lets inspectors read unique, 192-bit serial numbers from a distance and link the information to the personal data on file.

“The U.S. passport card, which is a companion card to passports and provides land access to Canada and Mexico, is a long-range RFID technology,” Vanderhoof said.

Passports themselves use the other main card technology: a short-range high-security chip that operates at a different frequency and has additional security capabilities. This is often found in personal identity verification (PIV) cards that governments issue to grant card holders access to facilities and information systems.

“There’s incremental steps in security, and the first level of security is to have what we call a machine-readable card rather than something that is simply a visual proof of one’s identity, because visual-only cards have no active security measures in them,” he said. “It really is up to the security guard to make a decision as to whether or not that credential belongs to that individual. Having a machine-readable [card] makes it much more difficult to alter or counterfeit, and it offers the security checkpoints additional security data that they could use to verify one’s identity.”

The highest-level identity cards, which are required for federal badges and passports in the United States and abroad, also contain cryptographic and biometric features that can be authenticated in real time, which makes them much better at authenticating identity, Vanderhoof added.

When such cards are lost or stolen, for example, the biometrics provide an extra layer of protection.

“You could always use makeup or disguises to replicate someone’s identity,” Vanderhoof said. “Visual methods are only a slight increase in security. Having a [system] where there is a live biometric captured when the card is used and that is matched up with a biometric that was captured at the time the card was issued provides a much higher level of security.”

To know which technology is best, government officials must look at the situation and determine the tradeoffs between speed of identity verification and the security level required, Vanderhoof said. At border crossings, cards with long-range RFID that can be read at a distance reduce the likelihood of people waiting in their cars for hours to cross borders. On the flip side, some citizens worry that their movements could be tracked by RFID readers without their knowing. To address that concern, they can request a sleeve that protects the radio frequency signal. That means the card can’t be read until the holder is at the border checkpoint window.

“There’s always going to be tradeoffs in every security system,” Vanderhoof said. “There’s no one universal technology that works in every use case.”

Following the attacks on the Office of Personnel Management that exposed millions of personal records, government officials have started looking more seriously at two-factor authentication -- passwords and biometrics, for instance -- for network access cards to prevent breaches, Vanderhoof said. PIV cards can allow employees into not only buildings, but also onto computer systems -- and a growing number of agencies are taking that approach.

“We’re seeing an expansion of the use of the government’s secure identity credential from simply being a door access system to being a totally integrated access control solution for both physical and logical computer access,” he said.

Benji Hutchinson, senior director of federal programs at MorphoTrust USA, an identity solutions provider, agreed. Last year, the Defense Department combined its ID badge with common access cards, which allow access to computer systems, and the State Department is working to do the same, Hutchinson said.

At the state level, the most common form of ID -- the driver’s license-- has yet to adopt much technology in terms of biometrics. Instead, states such as New York are turning to tougher-to-counterfeit materials such as polycarbonate, color-changing ink and laser-engraved photos.

The Real ID Act, however, is forcing states to provide enhanced driver’s licenses that have machine-readable RFID chips, strips or barcodes that store personal information such as the holder’s Social Security number. Almost all states now comply with the act or have received extensions on a comply-by date. The Transportation Security Administration might deny air travel to travelers who don’t have this type of card by the deadlines.

NEXT STORY: Feds want mobile security, except when they don’t

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.