The program is supposed to eventually create a standardized ID badge for all government employees, but is currently...
only in a pilot stage for selected facilities around the country. The badge is supposed to be tamperproof and not susceptible to counterfeiting.
The badge is essentially a smart card that contains a photo and biometric information, or in this case, a fingerprint, from the user. In addition, users will need to enter a PIN number into the device where they insert the card. The system is a textbook three-factor authentication system. It consists of something you know (the PIN), something you have (the card) and something you are (the fingerprint).
Although the HSPD-12 directive states it also covers logical access to IT systems -- since technologically speaking, physical and logical access is slowly converging -- the current rollout is only for physical access to federal sites.
With that in mind, there might not be an immediate impact on authentication. However, you can expect that the same three-factor authentication system and smart card will be needed to access government IT systems down the road; probably within the next five years.
For specific information, consult the Federal Information Processing Standard Publication 201 (FIPS 201) on the National Institute of Technology Web site, which details implementing the HSPD-required Personal Identity Verification (PIV) cards.
Dig Deeper on Security Token and Smart Card Technology
Related Q&A from Joel Dubin, past SearchSecurity.com expert
The security of RFID chips and smart cards may not be fully mature, but there are best practices to keep facilities safe. Identity and access ...continue reading
Picture passwords for mobile device security aren't a new idea, but they have been recently improved. Identity and access management expert Joel ...continue reading
Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.