NASA preps for launch of smart ID tags

Mon Aug 2 15:19:40 EDT 2004

<http://www.eet.com/article/printableArticle.jhtml;jsessionid=WLX0G30SCVFBEQSNDBGCKHQ?articleID=26100881&url_prefix=sys/news&sub_taxonomyID=2517>

 NASA preps for launch of smart ID tags
 By  Junko Yoshida  , EE Times
 August 02, 2004 (12:44 PM EDT)
 URL:  http://www.eet.com/article/showArticle.jhtml?articleId=26100881

Paris - The U.S. Department of Defense has deployed more than 4 million
smart-card ID tags since 1999, but it took the rest of the U.S. government
until just recently to start converting to chip-based ID cards. The
National Aeronautics and Space Administration is the latest convert, having
signed Philips Semiconductors as the sole supplier for its contactless
access card program.

 But even as the prospects for government-related contracts grow for
suppliers of the tags, technological strides and new standards are altering
the bidding landscapes.

As the aftermath of 9/11 triggered a broad review of security for
government buildings and computer networks, the current administration
began pressuring federal agencies to use smart cards for employee IDs.
Eventually, the cards will be required not only for government employees
but also for those who do business with government agencies, broadening the
scope of the potential market and, thus, widening its appeal for suppliers
of cards and chips.

Smart-card technology suppliers cited six high-profile projects, related to
government-mandated identification programs, that are open for bidding by
system integrators with turnkey solutions. NASA's access card project is
one of them.

Two key shifts in government technology choices are changing the rules for
suppliers, however. First, many federal agencies are turning to a
contactless interface technology for their ID cards (the DOD's
current-generation Common Access Cards which have a contact interface). And
federal agencies are mandating that access cards comply with the National
Institute of Standards and Technology's Government Smart Card
Interoperability Specification (GSC-IS) standard.

 Philips Semiconductors last week emerged as sole-source chip supplier for
NASA's new access cards. Philips, whose Mifare family of chips pioneered
contactless smart card chips based on the international standard ISO 14443
type A, claims to offer the first contactless chip solution to comply with
GSC-IS .

 Interagency authentication
The NIST standard is intended to ensure that a smart card issued by one
government agency can be read by another. Whereas the ISO standard leaves
it open to the implementation to determine how the card and reader will
communicate, the NIST spec locks in card-to-reader communication through a
standardized set of protocols, command sets, interfaces and containers for
data mangers. The aim for the government is to enable identity
authentication across agencies and vendors.

 Christophe Duverne, vice president of marketing and sales for
identification products at Philips Semiconductors, called NASA's selection
of Philips' contactless chip noteworthy because NASA becomes "the first
U.S. government agency moving forward to the new GSC-IC spec." With other
agencies expected to join the GSC-IC bandwagon soon, Philips hopes the NASA
design win will open the door to its technology at other U.S. government
agencies.

 But Infineon Technologies - a key IC supplier, along with Philips
Semiconductors, for the DOD's Common Access Cards program - intends to
stand its ground.

Detlef Houdeau, senior director for the secure mobile solutions business
group at Infineon, said the German company chose not to take part in the
NASA bid, because the "quantity, complexity and security required for the
NASA card" were not compelling enough for Infineon to step in and customize
its chip for the project. Producing 100,000 customized contactless
smart-card ICs for NASA would take "only five wafers," he said.

 But Houdeau added that Infineon is working on GSC-IC spec-compliant
contactless chips.

 Half a dozen projects
Houdeau identified the six key open government-related projects for
smart-card ID as the DOD's next-phase Common Access Card; the
Transportation Security Administration's transportation worker ID cards;
U.S. electronic passports (see July 19, page 1); Boeing employee ID cards,
with dual contact and contactless interfaces, that can store iris-based
biometric information; freight containers with smart labels; and NASA's
access cards. Infineon considered the NASA project the lowest in priority,
he said.

On the other hand, the DOD's next-phase Common Access Card is particularly
intriguing, said Houdeau, because it is a hybrid card for both logical and
physical access, with a requirement for a crypto controller. The card is
expected to be used by personnel working worldwide for the U.S. DOD, Army,
Air Force and Coast Guard. In addition to reading data, the public key
infrastructure (PKI)-enabled smart card will be able to record it, logging
an individual's comings and goings. The next-generation cards also comply
with GSC-IS version 2, just as the NASA cards do. The DOD is said to be
ready to issue 2 million to 3 million of the new cards annually.

 But the U.S. government is still moving cautiously. Rather than embrace a
dual contact and contactless interface technology, it is requiring a
separate contactless chip alongside the contact chip used to store digital
credentials for use with computer and payment applications.

 NASA's cards use far less memory and are more basic than the next-gen DOD
cards. The Philips Mifare DESFire V0.6 chip used in the cards incorporates
4 kbytes of E2PROM, a contactless interface, an 80C51 microcontroller core
and additional gates for a Data Encryption Standard (DES) co-processing
engine. It's designed to offer a fixed, common set of data exchange
functions and features a 424-kbit/second data interface between smart card
and reader.

 NASA this summer will carry out a field trial at the Marshall Space Flight
Center in Huntsville, Ala., with potential expansion to 2,000 employees. If
the trial is successful, NASA plans to deploy more than 100,000 smart cards
for government employees and contractors by the end of the 2005 fiscal year.

Transportation stronghold
Sources at Philips said the relatively small number of cards requested for
NASA access cards did not concern the Dutch company, which has already
secured a stronghold for its Mifare chips in such transportation-related
applications as contactless ticketing.

In its efforts to comply with the GSC-IS spec, Duverne said, Philips
"worked very closely with the U.S. administration on this."

 The DESFire access-control technology on which the NASA card is based was
developed a couple of years ago as a follow-on to the original Mifare chip,
which features a cryptography scheme proprietary to Philips. The new
technology's DES engine lets others build their own cryptographic
algorithms, with attention to higher security levels.

 According to Philips, the development of DESFire was necessary to
accommodate the needs of a broader user community, including the U.S.
government, which objects to the use of products based on proprietary
technology. Production of the V0.6 chips has ramped up in the past few
months, Duverne said.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"Several times a week, to enter a TV studio say, or to board a plane, I
have to produce a tiny picture of my face."  -- Christopher Hitchens

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com