Industry Insights with Neville Pattinson

Identity Self-Defense: The Power of PIV

Identity Self-Defense: The Power of PIV

Identity protection is one of the most pressing topics within our society. Over the course of the last few years, we have seen numerous stories reported where information systems have been compromised and data has been lost potentially compromising the identity of millions. While we could debate the level of security required to properly protect any information system, I believe there is a more fundamental approach to addressing this critical issue. Identity self-defense.

In the months following the September 11 attacks on New York and Washington D.C., it was determined the issue of identity verification needed to be addressed. Homeland Security Presidential Directive 12 (HSPD12) established the requirement to verify the identity of all federal employees and issue them a secure identity credential. This has resulted in the issuance of millions of Personal Identity Verification (PIV) credentials.

This secure identity credential has dramatically increased the level of security for the federal government as a whole. To the casual observer this identity badge worn by federal employees simply looks like an identity with a name and photo on the front. But within this card is a cryptographic microprocessor which has the ability to securely store information about the user. This identity information paired with the appropriate physical and logical systems can regulate access to both buildings and information systems.

For physical access control, the PIV has the capacity to prove an ID credential is authentic, and to make each access unique, eliminating the threat of eavesdropping and recording in the entry and replaying it as an attack on an access system. For higher levels of security, biometrics positively identifies the bearer of the credential.

For logical access control, the PIV can eliminate the threat of stolen passwords as a way to access critical government infrastructures or databases storing sensitive personal information. Requiring the PIV card to be inserted into a standard slot on the PC coupled with either a personal identification number (PIN) or a biometric detail (fingerprint) to gain access ensures that only authorized users are gaining access to government systems.

The PIV credential has proven that this type of identity protection can be accomplished ensuring the security of both the users identity and the access rights to government building and information systems. Imagine if there were an option to provide all citizens with the same ability. By enhancing current identity credentials, like the social security card, to have the same level of identity security as the PIV credential, citizens would be able to govern who has access to their identity and how it is used.

This would take time to implement, but as we have seen with the PIV credential, the ability to use the identity credential as part of the protection of a person's identity brings it to the individual level. This has far reaching ramification for some very pressing topics on Capitol Hill. For example, this type of credential could be used as part of employment verification ensuring that only eligible persons receive employment. Because the credential has the ability to store a person's specific and unchangeable attribute, like a fingerprint, using a person's identity in a fraudulent manner becomes almost impossible.

It is time to address the issue of protecting our identity and thanks to the federal government's implementation of PIV smart card credentials; we have a proven technology in place that could be leveraged for a much broader audience. Putting a stronger, smarter credential in the hands of citizens and tying it to their biometric details puts control into the hands of the card holder, enabling true Identity Self-Defense.

Neville Pattinson, CISSP CIPP, is the vice president of government affairs and business development at Austin-based Gemalto North America. He is on the executive committee of the Smart Card Alliance Identity Council and sits on the Department of Homeland Security Data Privacy and Integrity Advisory Committee. He can be reached at neville.pattinson@gemalto.com. Gemalto, the world leader in digital security, last year supplied more the 1.4 billion secure personal devices for mobile connectivity, identity and data protection, credit card safety, health and transportation services, e-government and national security.


About the Author

Neville Pattinson

Neville Pattinson

VP of Government Affairs & Standards, NA., Gemalto

Pattinson is a leading expert on smart cards and using the microprocessor chip to keep identity credential data and biometrics secure and private. Pattinson has been heavily involved in planning and implementing a number of federal government security initiatives including the Department of Defense Common Access Card (CAC); the State Department's electronic passport; the Western Hemisphere Travel Initiative cards; the Department of Transportation's Transportation Worker Identity Credential (TWIC) and the Transportation Security Administration's Registered Traveler program. Pattinson works closely with the General Services Administration, Treasury, Homeland Security, Veterans Affairs and NASA, which all have smart ID programs underway.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.