The Identity Theft Prevention and Identity Management Standards Panel (IDSP) released a report calling for the development of an American National Standard on identity verification as a tool to help combat terrorism and identity theft. The report calls for national standards to verify the identity of individuals before being issued identification documents.

The report were driven by recognized vulnerabilities in the issuance of breeder documents, such as birth certificates and Social Security numbers, used to prove identity. The problem is that most agencies go the extra step and verify the information present. 
Read more »

Gemalto has unveiled the Smart Guardian USB token that can be used by federal employees and tied to their PIV credentials. The Smart Guardian FIPS was announced at the Smart Card Alliance’s Smart cards in Government show in Washington.

The federal government has banned the use of non-encrypted USB memory sticks due to fears of data being stolen or misplaced, says Neville Pattinson, vice president of government affairs and business development at Gemalto North America. The new product enables employees to bind the memory stick to their PIV. So in order to gain access to the drive, the employees needs the token, their PIV and the PIN for the token. This essentially enables three-factor authentication. 
Read more »

Privaris, a developer of biometric products and other identity verification solutions, has announced that they have been awarded four new patents for devices and methods from the U.S. Patent and Trademark Office. With the addition of these four, Privaris now holds a total of twelve patents. 
Read more »

Gemalto has announced the availability of a 144-kilobyte PIV card. The product is available and already on the GSA’s approved products list. The new card doubles the memory capacity of the previous card. Gemalto sees the new cards being used to add application to the card, such as e-purse.

The Gemalto PIV Card is dual contact/contactless technology built on the JavaCard platform. It doubles the storage capacity of today’s PIV cards, a highly demanded feature in the government sector. 
Read more »

The Four Bridges Forum aims to bring trusted identity online

by Zack Martin, Editor, Avisian Publications

Trusting transactions online can be difficult. How does a user know who he’s dealing with on the other end of a computer?

To ease this concern the federal government created the Federal PKI Architecture, or the Federal Bridge. It enables government agencies to issue digital certificates that can be used to authenticate individuals for trusted transactions online.

Now organizations outside of the federal government are cross-certifying with the federal bridge for trusted transactions. Along with the federal bridge, there is CertiPath, which serves the defense and aerospace industries, Safe Bio-Pharma, for biopharmaceutical and healthcare industries and HEBCA, which serves the higher education sector in the United States. 
Read more »

Charismathics, a provider of IT security components and smart card middleware, announced that the National Institute of Standards and Technology has certified the Charismathics CSSI PIV Middleware as FIPS 201 compliant.

CSSI is PIV middleware that’s validated to the new NIST SP 800-73-2 specification rather than the older PIV specification, ensuring interoperability and compliance with existing as well as future PIV cards. CSSI PIV middleware supports the interoperability of PIV cards at the middleware level, but we also support PIV cards at the application level. 
Read more »

CertiPath, a credentialing authority for aviation, aerospace and defense organizations, has introduced architecture systems for federated physical access control that leverage high-assurance credentials. The concept demonstrates the viability of a single-credential system that can provide secure access for both physical and logical assets, and provide interoperability for employees, customers and partners.

Funded in part by the General Services Administration, CertiPath was tapped to design and oversee the implementation of a system that could overcome the fragmented, expensive and vulnerable approaches to managing physical and logical identity authentication and access control. 
Read more »