<http://www.eet.com/article/printableArticle.jhtml;jsessionid=WLX0G30SCVFBEQSNDBGCKHQ?articleID=26100881&url_prefix=sys/news&sub_taxonomyID=2517>
NASA preps for launch of smart ID tags By Junko Yoshida , EE Times August 02, 2004 (12:44 PM EDT) URL: http://www.eet.com/article/showArticle.jhtml?articleId=26100881 Paris - The U.S. Department of Defense has deployed more than 4 million smart-card ID tags since 1999, but it took the rest of the U.S. government until just recently to start converting to chip-based ID cards. The National Aeronautics and Space Administration is the latest convert, having signed Philips Semiconductors as the sole supplier for its contactless access card program. But even as the prospects for government-related contracts grow for suppliers of the tags, technological strides and new standards are altering the bidding landscapes. As the aftermath of 9/11 triggered a broad review of security for government buildings and computer networks, the current administration began pressuring federal agencies to use smart cards for employee IDs. Eventually, the cards will be required not only for government employees but also for those who do business with government agencies, broadening the scope of the potential market and, thus, widening its appeal for suppliers of cards and chips. Smart-card technology suppliers cited six high-profile projects, related to government-mandated identification programs, that are open for bidding by system integrators with turnkey solutions. NASA's access card project is one of them. Two key shifts in government technology choices are changing the rules for suppliers, however. First, many federal agencies are turning to a contactless interface technology for their ID cards (the DOD's current-generation Common Access Cards which have a contact interface). And federal agencies are mandating that access cards comply with the National Institute of Standards and Technology's Government Smart Card Interoperability Specification (GSC-IS) standard. Philips Semiconductors last week emerged as sole-source chip supplier for NASA's new access cards. Philips, whose Mifare family of chips pioneered contactless smart card chips based on the international standard ISO 14443 type A, claims to offer the first contactless chip solution to comply with GSC-IS . Interagency authentication The NIST standard is intended to ensure that a smart card issued by one government agency can be read by another. Whereas the ISO standard leaves it open to the implementation to determine how the card and reader will communicate, the NIST spec locks in card-to-reader communication through a standardized set of protocols, command sets, interfaces and containers for data mangers. The aim for the government is to enable identity authentication across agencies and vendors. Christophe Duverne, vice president of marketing and sales for identification products at Philips Semiconductors, called NASA's selection of Philips' contactless chip noteworthy because NASA becomes "the first U.S. government agency moving forward to the new GSC-IC spec." With other agencies expected to join the GSC-IC bandwagon soon, Philips hopes the NASA design win will open the door to its technology at other U.S. government agencies. But Infineon Technologies - a key IC supplier, along with Philips Semiconductors, for the DOD's Common Access Cards program - intends to stand its ground. Detlef Houdeau, senior director for the secure mobile solutions business group at Infineon, said the German company chose not to take part in the NASA bid, because the "quantity, complexity and security required for the NASA card" were not compelling enough for Infineon to step in and customize its chip for the project. Producing 100,000 customized contactless smart-card ICs for NASA would take "only five wafers," he said. But Houdeau added that Infineon is working on GSC-IC spec-compliant contactless chips. Half a dozen projects Houdeau identified the six key open government-related projects for smart-card ID as the DOD's next-phase Common Access Card; the Transportation Security Administration's transportation worker ID cards; U.S. electronic passports (see July 19, page 1); Boeing employee ID cards, with dual contact and contactless interfaces, that can store iris-based biometric information; freight containers with smart labels; and NASA's access cards. Infineon considered the NASA project the lowest in priority, he said. On the other hand, the DOD's next-phase Common Access Card is particularly intriguing, said Houdeau, because it is a hybrid card for both logical and physical access, with a requirement for a crypto controller. The card is expected to be used by personnel working worldwide for the U.S. DOD, Army, Air Force and Coast Guard. In addition to reading data, the public key infrastructure (PKI)-enabled smart card will be able to record it, logging an individual's comings and goings. The next-generation cards also comply with GSC-IS version 2, just as the NASA cards do. The DOD is said to be ready to issue 2 million to 3 million of the new cards annually. But the U.S. government is still moving cautiously. Rather than embrace a dual contact and contactless interface technology, it is requiring a separate contactless chip alongside the contact chip used to store digital credentials for use with computer and payment applications. NASA's cards use far less memory and are more basic than the next-gen DOD cards. The Philips Mifare DESFire V0.6 chip used in the cards incorporates 4 kbytes of E2PROM, a contactless interface, an 80C51 microcontroller core and additional gates for a Data Encryption Standard (DES) co-processing engine. It's designed to offer a fixed, common set of data exchange functions and features a 424-kbit/second data interface between smart card and reader. NASA this summer will carry out a field trial at the Marshall Space Flight Center in Huntsville, Ala., with potential expansion to 2,000 employees. If the trial is successful, NASA plans to deploy more than 100,000 smart cards for government employees and contractors by the end of the 2005 fiscal year. Transportation stronghold Sources at Philips said the relatively small number of cards requested for NASA access cards did not concern the Dutch company, which has already secured a stronghold for its Mifare chips in such transportation-related applications as contactless ticketing. In its efforts to comply with the GSC-IS spec, Duverne said, Philips "worked very closely with the U.S. administration on this." The DESFire access-control technology on which the NASA card is based was developed a couple of years ago as a follow-on to the original Mifare chip, which features a cryptography scheme proprietary to Philips. The new technology's DES engine lets others build their own cryptographic algorithms, with attention to higher security levels. According to Philips, the development of DESFire was necessary to accommodate the needs of a broader user community, including the U.S. government, which objects to the use of products based on proprietary technology. Production of the V0.6 chips has ramped up in the past few months, Duverne said. -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "Several times a week, to enter a TV studio say, or to board a plane, I have to produce a tiny picture of my face." -- Christopher Hitchens --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
