Companies To Provide Smart IDs For First Responders
A group of smart-card technology companies have formed a consortium to put affordable smart identification cards into the hands of first responders at the state and local levels, according to Government Computer News.
The companies will provide hardware, software and services free or at steep discounts to cut the cost of deploying interoperable cards by as much as 75 percent.
The consortium, Tiers of Trust, was announced Sept. 11, the sixth anniversary of demonstration of the need for, and the lack of, reliable interoperable IDs that could be used to verify identity and track the presence of emergency response personnel. The same need and shortfalls were demonstrated again in the 2005 response to Hurricane Katrina.
"One of the problems we're running into is that people who are authorized and should have been there are unable to get in," says Howard Schmidt, former cyber-security adviser to the White House, who is leading the Tiers of Trust program. At the same time, many rescue workers who do gain access to sites cannot be tracked or deployed to take best advantage of their skills.
The problem has been addressed to an extent by Homeland Security Presidential Directive 12, which mandates smart Personal Identity Verification cards for federal workers and contractors. Federal Information Processing Standard 201 sets out the technical requirements for the PIV cards. Other presidential directives have established the National Incident Management System, which sets credentialing requirements for state and local first responders to qualify for federal preparedness grants.
Schmidt told Government Computer News: "The federal government has done a pretty good job of putting a scheme together" for interoperable ID cards. But the cost of fully implementing such a program nationwide could run as high as $300 million and is beyond small state and local agencies. The consortium "provides an opportunity to close the gap in ID-ing those who need to be there or who are already in," Schmidt says.
The Tiers of Trust First Responder Access Credential (FRAC) system offers agencies an affordable migration path to full FIPS-201 compliance by providing them with a "FIPS-201 lite" card that complies with the federal standard but does not offer the full set of features found on federal PIV cards. The FRAC package is all commercial technology and 31 of the component products have been FIPS-201 certified. The difference in what is being offered through Tiers of Trust is in some of the functionality and pricing. Cost has kept FIPS-201 technology from being more widely deployed.
The cost of issuing a fully FIPS-201 compliant PIV card can run from $68 to more than $120. A card could be issued through a FRAC system for as little as $10. The big differences are that software is being made available for free, and the Emergency Management One smart card, available only to first responders, contains only the cheaper contactless chip rather than the dual-contact and contactless interface of the PIV card. "The contact chip is more expensive," says Melani Hernoud, chief executive officer at Secured Network Systems. The issuing process also is streamlined and the card does not contain the full range of public-key infrastructure and cryptographic functionality.
The contactless cards will be available with either the 125 KHz proximity chip, which has no storage, or the 13.56 MHz DESfire contactless chip with 4K or 8K storage capacity. Data on the DESfire chips can be encrypted with the Triple DES algorithm. The cardstock is ruggedized to withstand the harsh environments of an emergency response scene and decontamination processes.
Agencies with an access card system would be able to issue cards to their own employees for use at an emergency scene. Because the cards work with most readers now in place to control building access, they also could be used as the agency's primary ID or access card. Information on the cards would include, at a minimum, mandatory FIPS-201 fields for the Federal Agency Smart Card Number, the Card Holder Unique Identifier and an expiration date. There also is room for professional qualifications and certifications, such as emergency medical technician, so that workers could be effectively deployed in the field.