The basic idea is that agencies and enterprises will greatly benefit from jointly considering both logical security for information resources and physical security for facilities in order to implement a successful risk management strategy. With physical security comes the concept of an access card, and an example of concrete progress in this space is the recent announcement by HID Global at the ASIS Conference in Atlanta of a contactless smart card reader to be built-in to the palm rest of select Dell laptops.

Furthermore, in the meantime, billions of smart cards have been introduced throughout the world, used as payment cards in most of the world outside the U.S. and as the identifier in GSM mobile phones.

With hindsight, it is now clear that one of the key issues which inhibited the breakthrough of smart cards on a larger scale in the identity and access management domain was the lack of clear standards as well as the lack of interoperability among disparate, proprietary products. Each project ended up being a one-off, specific to the company doing the implementation with different data formats on the smart card chip and specific ties to peripheral equipment such as smart card readers.

Today, PKI has evolved from a complicated infrastructure which had to be deployed in-house, to just another solution provided as a service by a number of service providers such as Verizon Business or Entrust. Also, with HSPD-12 and FIPS 201 there are now clear standards for identity cards, standards to which a whole eco-system of vendors are now committed, given the multi-million user market the directive is guaranteeing.


As HSPD-12 also applies to all Federal contractors and as related programs such as FRAC and TWIC are impacting industries such as healthcare, critical infrastructure, finance and transportation, we are finally seeing renewed interest by enterprises in the concept of smart card-based identity infrastructures.

Indeed, a recent survey of 200 IT decision-makers by Datamonitor found that 80 percent recognize smart cards would provide benefits to their enterprise. The survey confirms that a converged smart card credential can reduce administrative overhead and deliver a high ROI.

2010 promises to be the year when common access card programs will get another chance at conquering the enterprise market due to a number of these described factors, including the government’s drive to implement PIV cards for all employees and contractors, the availability of standards and compatible products, the spread of standards beyond the scope of the Federal government to state and local entities as well as government-linked enterprises, and, finally, the concept of security convergence receiving traction in the market.