What has remained a secure way for the U.S. government to keep track of the physical and digital access of its employees may be a new answer to enterprise security concerns in the private sector. MPD CEO Karen Webster sat down with Rick Patrick, SVP of Identity Group-North America, and Christophe Fontaine, Managing Director of the Identity Business Unit at Oberthur Technologies, to discuss how far PIV cards have come and what they may have in store in the future.
Ten years ago the federal government faced a huge national security issue: how to ensure federal employees and contractors could securely access both facilities and IT infrastructures. The answer came in the form of the Personal Identification & Verification (PIV) smart card, a credit-card sized chip-enabled identification card equipped with the ability to authenticate cardholders from both a physical and digital access standpoint.
But a lot has changed in 10 years. And Oberthur’s latest updates to the PIV seek to not only speed up the authentication process but also open the door to leveraging the smart card in new ways.
The next-generation smart card, known as ID-one PIV on Cosmo V8, was created to be five times faster than the legacy version and, as Fontaine put it, “the result of many years of research and development, marketing and most importantly listening to our customers and the users to make the experience of using a PIV card as easy as possible."
Not only do PIV cards provide access to federal buildings, but with a smart card reader either built-in or connected to a federal laptop or personal computer, the PIV cards enable authenticated individuals to access IT infrastructure as well as electronically sign and access sensitive documents and email through either PIN or fingerprint verification.
“By using the PIV card, the enterprise has multi-factor authentication. There is the check about what the cardholder knows through the PIN, who the cardholder is through biometric verification via the device’s smart card reader, and what the cardholder has, which is the physical card itself. It provides three more chances to secure access to the physical or logical world,” Fontaine said.
With a combination of new hardware and an optimized operating system, the next-generation PIV card also has its sights set on mobile authentication.
[bctt tweet=”Nearly 78% of people sleep with a mobile device less than 3 ft away, providing unique security opportunities for ever-present devices”]
"Older PIV cards were unable to be read by mobile devices, but the newer smart cards require a reduced power consumption for smartphones to read. With a NFC or contactless interface, users can put the new card on the back of a smartphone with the equipped interface and communicate with it, allowing them to perform the same functionality available on a laptop from a smartphone or tablet,” Fontaine explained.
The increased mobile capabilities of the PIV card may also present a unique opportunity for mobile device manufacturers as well.
"Providers are looking for applications on their instruments that closely and more tightly integrate our technology into some of the mobility capabilities the PIV card offers,” Patrick said. “Now they are looking at the additional functionality of this technology possibly bleeding over to the instrument that everybody can’t do without."
Patrick pointed to a recent figure that said roughly 78 percent of people sleep with their mobile devices just 3 feet away from their head, providing an interesting opportunity to bring more convenient authentication measures to the devices people have access to the most.
But that’s not to say the idea of a physical card will one day be off the table.
"I think there will always be a card, for certain reasons. Maybe it will just be a card coupled with a phone. I don’t believe cards will go away in the near future but everybody’s imagination is at work,” Patrick added.
While PIV cards have been a mainstay in the federal space for years, the launch of the latest version of the PIV card also brings about the ways in which it can be leveraged outside of the federal government.
There is no doubt that the security needs of corporations, such as identifying employees, access to buildings and access to IT infrastructure, align with the PIV product currently being utilized at over 104 federal agencies.
But convincing these businesses that PIV smart card technology is a necessary investment today seems to be where the challenge lies.
In what is similar to the EMV landslide witnessed now despite the fact that the migration has been years in the making, Patrick explained the move to PIV will most likely follow the same pattern.
"We are in an event-driven market. They think this insurance policy is not necessarily worth the bang for the buck because they all have a piece of plastic or some card to get them into their buildings. But no one, at least publicly, is touting that they have been breached like Target was or corporate secrets are being stolen because they chose to do something a little less secure,” Patrick said.
Making the significant investment in PIV smart cards may remain an ongoing fight in the budgets of companies across the country, but cybercrime and security threats wait for no man.
“We continually try to make it harder for the bad guys. PIV will definitely make it harder,” Patrick added.
For more on the digital identity ecosystem, click here to take a look at our Identity Tracker, which helps identify the issues and trends that arise around the digital identity ecosystem.