---

Canadian ID card specialist Aptika launches new redesigned website

MONTREAL, July 25 - Aptika, a Canadian company specialized in ID card software, hardware and services, integrating high-performance security technologies including digital pictures, electronic signatures, barcodes, fingerprints, holograms, and other security options, is launching its new redesigned website today: http://www.aptika.ca

Aptika helps a variety of organizations enhance their security with Access Control Cards, Membership cards, Convention Badges, Student ID Cards, Employee ID and other identification needs.

“We are constantly improving the overall visitor experience to our site and our customer service both to our end-users and partners. We believe our new site, http://www.aptika.ca, makes it easier to find the right information and we’re excited about the opportunities it now offers to our visitors. So what’s new? A new look and feel, more new products, more technical information, new dynamic sections and much more!” reported Patrick Carrière, Aptika’s Business Development Manager.

• User-friendly appearance: With a fresh design, the new website features several enhancements to overall appearance. Just a few clicks brings visitors to the product section. The site is more attractive, readable, and accessible to all.
• Intelligent navigation and improved search engine: Major sections can be accessed more easily using a more consistent menu, and an improved search tool allows visitors to access the information they need quickly, and provides more accurate results.
• More information: More technical descriptions, new products, new sections such as “Special deal of the week” and “Partners” have been added. Customers can view past invoices online and obtain free updates, all in a convenient, easy-to-access manner.

http://www.aptika.ca will continue to grow and expand over the next few months, adding additional capabilities and features. In particular, resellers will be able to access up-to-date inventory reports, price lists, bulletins and white pages sections.

APTIKA

Aptika is a Quebec-based company whose mission is to develop and market its own IDpack software collection, and to offer a wide range of specialized products and services in the ID-card production field. Aptika is proud to serve an extensive client base which seeks high-performance products and services linked to the ID-card field.

---

Contribution of PKI technology through Sun Microsystems, Mozilla opens certificate revocation list distribution points

DALLAS, July 25–Entrust, Inc. believes that everyone deserves to be secure on the Internet. To support that goal, the layered security expert is contributing public key infrastructure (PKI) technology to the open-source community through Sun Microsystems, Inc. and the Mozilla Foundation. Specifically, Entrust will supply its certificate revocation list distribution points (CRL-DP) patent 5,699,431 to Sun under a royalty-free license for incorporation of that capability into the Mozilla open-source libraries.

“When it comes to online security, PKI really is the gold standard. If companies are going to use open-source PKI, we felt it was our duty to make sure they had the important piece of CRL-DP incorporated,” said Entrust Chairman, President and Chief Executive Officer Bill Conner. “To this day, PKI remains one of the strongest, most-trusted security infrastructures available. The ability to leverage the technology to solve a variety of security challenges makes it the cornerstone of a layered security model – regardless of its intended purpose or objective.”

Certificate revocation lists (CRL) are used to track revoked users’ security credentials and associated rights. CRL-DPs are a key aspect of secure and robust PKI deployments and allow for efficient distribution and processing of revocation lists. Specifically, CRL-DPs partition a revocation list into more manageable pieces and allow greater efficiency, improved performance and reduced network traffic.

“Having support for CRL-DPs is an increasingly essential ingredient to any PKI-enabled application,” said Karen Tegan Padir, vice president, software infrastructure Sun Microsystems. “We appreciate Entrust’s intellectual property contribution, and we are pleased to share this valuable security resource with the open-source community.”

As part of the agreement, Sun Microsystems will incorporate the CRL-DP capability into the Mozilla Network Security Services (NSS) libraries. Under the flexible Mozilla licensing scheme, users of these libraries will have access to the CRL-DP capability and may use the associated NSS code under the terms of any of the Mozilla Public License (MPL), GNU General Public License (GPL), or GNU Lesser General Public License (LGPL).

“Incorporating the CRL-DP capability into our existing NSS libraries will significantly elevate the value of the PKI-enabled applications that use these libraries,” said Frank Hecker, executive director of the Mozilla Foundation. “We are grateful Entrust wanted to participate in this offering and understands that secure technology like PKI is too important not to provide to the open-source community.”

About Entrust

Entrust secures digital identities and information for consumers, enterprises and governments in 1,650 organizations spanning 60 countries. Leveraging a layered security approach to address growing risks, Entrust solutions help secure the most common digital identity and information protection pain points in an organization. These include SSL, authentication, fraud detection, shared data protection and e-mail security. For information, call 888-690-2424, e-mail entrust@entrust.com or visit http://www.entrust.com.

Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In Canada, Entrust is a registered trademark of Entrust Limited. All Entrust product names are trademarks or registered trademarks of Entrust, Inc. or Entrust Limited. All other company and product names are trademarks or registered trademarks of their respective owners.

Sun, Sun Microsystems, and Java are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.

The Real ID Act of 2005, passed by Congress last year, prohibits federal agencies (and airlines) from accepting state-issued driver licenses or identification cards unless they meet minimum security requirements – such as including common machine-readable technology and certain anti-fraud features. It also requires verification of information presented by the license applicant, who must also supply evidence that he is a citizen or a legal immigrant. The act requires standardized driver licenses by May 11, 2008, although states will be able to apply for an extension until December 31, 2009, according to proposed Real ID compliance rules that were issued in March.

The Act came about from 9/11 Commission recommendations that the U.S. improve its system for issuing secure identification documents. In the commission’s words: “At many entry points to vulnerable facilities, including gates for boarding aircraft, sources of identification are the last opportunity to ensure that people are who they say they are and to check whether they are terrorists.” That’s particularly evident since many of the 9-11 terrorists had fake driver licenses.

The biggest concern from the states, once Real ID was enacted, was that it would be expensive, costing billions of dollars – some have warned – to implement.

Promoting a state and federal partnership rather than repeal of the Act

Janice Kephart, former counsel to the 9/11 Commission and currently president of 9/11 Security Solutions, believes a partnership between states and the federal government is needed to assure Real ID compliance.

“I feel so strongly that the commission recommendations have tremendous validity. It’s now defunct, and there is no way to drive this forward,” she said of her reasoning for continuing to stay involved in security areas. “I feel I need to keep pushing these recommendations as best as I can. There has been a lot of misinformation on border issues and a misconstruction of 9/11 recommendations. I feel the record has to be kept straight.”

Her latest white paper, Identity and Security: Real ID in the States, is an attempt to provide states that question Real ID with reasons to seek a federal partnership rather than a repeal of the Act, as some 16 states have proposed.

She notes that Real ID is one of the only 9/11 Commission recommendations that rely heavily on the states for implementation, and successful execution of the Act requires a partnership between the federal government and the states.

“Neither the federal government nor the states can implement this important national security measure on their own. They’re going to have to work together,” she added.

She sees the federal government as providing assistance in “procurement in terms of hardware/software and printing machines. For those who want to comply, the federal government can assist them (states) by setting out a menu of compliance options, so the states don’t have to figure things on their own. The federal government is trying to drive down costs so states can buy at cost.”

One of the key ways the feds can help is with the data it has on file. “The federal government holds data that states normally don’t have, such as a determination if an alien is a foreign resident, if he has legal status, his Social Security number data, passport data. These are databases that can be checked when an applicant applies for a new driver license,” said Ms. Kephart. “Sharing information on a real time basis with the states is necessary.”

Real ID, as proposed by the new rules, is certainly capable of being implemented by the states. “All the technology is there,” she adds, “the government is making sure that only technology that’s proven and capable will be required in the rules.”

Debunking myths and addressing funding

In her Real ID missionary status, she has also gone out of her way to debunk so-called “myths” about Real ID. “Real ID does not invade our privacy, it doesn’t create a national ID card, and states can opt in or out if they want to,” she said.

She does agree, partly anyway, with one of the common complaints … that costs will be prohibitive. It will be expensive, she said, but the Department of Homeland Security will enable states to use up to 20% of the state’s Homeland Security Grant Program funds for Real ID. “In the last grant round, roughly $250 million was provided to states, meaning that about $50 million is available for Real ID compliance. DHS has another $34 million in another grant program expressly created for this purpose,” she added.

This helps but will only make a dent. According to Ms. Kephart, “states have estimated they need an initial $1 billion in start-up costs, and the total costs have been estimated at around $11 billion. More funding is absolutely required.”

Implementing Real ID is not just a government responsibility either, she said. “The ability to verify an individual’s true identity is one of the cornerstones of our national and economic security. As such it’s everyone’s responsibility, for our nation is only as strong as its weakest link.”

Establishing minimum standards but encouraging states to do more

“What Real ID really does is set the bar at a certain place that many states are already meeting but some are not,” she added.

The act sets “minimum standards” for both what goes on the card (driver license) and for the security of the card itself. Probably most states already meet some of those requirements as to what’s included in the license (e.g. photo, name, address, and other personal verifying information).

“The piece that’s a little stronger is the anti-counterfeiting section,” she says. “What’s lacking right now is an easy way for the local police officer to determine whether an ID is fake just by looking at it.”

But while such security features haven’t been built into Real ID, there are ways “you can embed something in a card to make it easy to determine if the card is fake,” said Ms. Kephart. Such security features could include tactile (touch and feel), “bumps in the card that are hard to reproduce. There’s also digital watermarking and other kinds of laser technologies that can be used,” she added.

“I’ve talked a lot to folks who do immigration and ID enforcement and they’re the ones telling me about what you can do against a counterfeiter. We can’t do away with it but we can drive up the cost so high (that you effectively) do away with them.” While such thinking may be naive, doing nothing is just as dangerous.

“We need to drive up the cost of recreating a counterfeit card so the counterfeiter’s cost becomes so high that he’s driven out of business,” she added.

Ms. Kephart said, “every state is looking to get on board as fast as possible with a digital image exchange,” another way to verify if the same person holds more than one license. “Some of the states are already requiring that kind of information. A lot of states have stronger requirements than Real ID requires, but they haven’t been able to cross check with other states.”

With one of the requirements – proving who you say you are, such as with a birth certificate – there’s no way to check if that’s valid or not, “but if you can check against other databases, you’ll know if someone else also has that same birth certificate,” she said. That’s one of the purposes of Real ID, she added, “to give states the ability to have this information in front of them so they can verify that information and use it to make good decisions.”

Another issue that has surfaced regards central issuance of driver licenses. It has its pros – more security, more time to check data – and cons – primarily convenience, since applicants must wait a couple of days before they get their licenses.

She points to states like Kansas that have moved from an over-the-counter system to a central issuance system and have actually seen a decrease in applicant processing time from 14 minutes per person to seven minutes per person.

Real ID isn’t going to go away. But, as she points out in her white paper, Real ID “can make a difference … but only if fully implemented and adequately funded.”

Additional resources

Ms. Kephart has created an online Identity Document Security Library, consisting of legal, technical, and policy pieces regarding identity document security. She calls the library a “one-stop-shop information portal for those seeking objective, credible information on the issue of identity document security.” It is available at: www.911securitysolutions.com/idsecuritylibrary.

---

SafeNet Chosen by Security Biometric Clearing Network to Provide Products and Services for the Transportation Security Administration’s Registered Traveler Program

SafeNet Hardware Security Modules Guard Information and Identities of America’s Travelers

BALTIMORE–SafeNet, Inc., a global leader in information security, announced today that it was chosen by Security Biometric Clearing Network (SBCN) to secure and support the Transportation Security Administration’s (TSA) Registered Traveler program.

SBCN provides the security and biometric services of the TSA’s Registered Traveler system. The Registered Travel program was set up by the TSA to allow passengers to voluntarily submit to a government screening process. Once approved, passengers can take advantage of an expedited screening process at participating airports.

In order to best protect the information on America’s transportation system and the identities of travelers participating in the Registered Traveler program, SBCN required the highest level of hardware security available. SBCN selected SafeNet to provide a key management and cryptographic acceleration solution that featured government certifications, scalable performance, role-based access control and role separation to protect the chain of custody and provide non-repudiation of sensitive transactions.

“SafeNet stepped up when we needed a partner. They provided a quality product, the real world experience and excellent customer service to SBCN. They listened to us to get an understanding of what we wanted to accomplish and then worked with us to achieve our goals. The level of service continued after deployment. They are a true partner,” said Patrick J. Osborne, CIO, SBCN.

SafeNet Luna Hardware Security Modules (HSMs) were used for the most secure root key protection, XML encryption, SSL acceleration and encryption, and other application-specific purposes. SafeNet network attached Luna SA HSMs were chosen to provide high-availability to meet defined service level agreements and performance requirements. This architecture provides scalability for future performance needs as the system grows.

SafeNet’s Security Consulting Services helped to reduce future maintenance and administrative costs by documenting precise procedures for on-going system maintenance and disaster recovery. The scalable design of the solution will allow SBCN to easily upgrade capacity as demand increases without interrupting service.

SafeNet HSMs and Security Consulting Services helped SBCN deploy a multi-tiered Certification Authority (CA) in less time than it would have taken to outsource it, and at a lower cost, all while meeting the strict security requirements imposed by the TSA.

For more information, click on http://www.safenet-inc.com/products/pki/index.asp

About SafeNet, Inc.

SafeNet is a global leader in information security. Founded more than 20 years ago, the company provides complete security utilizing its encryption technologies to protect communications, intellectual property and digital identities, and offers a full spectrum of products including hardware, software, and chips. UBS, Nokia, Fujitsu, Hitachi, ARM, Bank of America, NetGear, the Departments of Defense and Homeland Security, Adobe, Samsung, Texas Instruments, the U.S. Internal Revenue Service and scores of other customers entrust their security needs to SafeNet. For more information, visit http://www.safenet-inc.com.

About SBCN

Security Biometric Clearing Network (SBCN) operates the largest civilian clearinghouse in the nation, processing both Criminal History Record Checks (CHRC) and name-based background vetting requests for TSA and the aviation community. Additionally, SBCN serves as the Central Identity Management System for the U.S. Registered Traveler program.