Identity Lab
John Gist’s identification technology laboratory has been fielding one call after another since late August when Homeland Security Presidential Directive 12 (HSPD-12) came out. The directive requires a common identification standard for all federal employees and contractors to be developed within six months — by February 28, 2005. Four months after the standard arrives, compliant identification systems must come on line throughout the federal government.
Gist is the program manager for the Northrop Grumman Information Technology (IT) smart access common identification card contract with the Government Services Administration (GSA). He also manages the Center for Smart Security Solutions, a $5 million demonstration lab opened by Northrop Grumman IT in March of 2003. “Ever since the lab opened, we’ve had federal agencies calling us to explain what HSPD-12 requires them to do,” he says. “The best way to answer that question is to walk them through the Center.”
The carpeted 40-ft. square lab offers a series of workstations set up in a circular racetrack around the perimeter. Each station demonstrates a leading-edge identification technology, moving from enrollment, when a person receives an ID card to termination, when he or she moves on to another job.
More importantly, the technologies at each station, provided by about three-dozen different vendors, are integrated. For example, the access control readers, supplied by several leading vendors, all connect to an access control management system and to a closed circuit television (CCTV) system, an auditing system, and so on. “We can show people how various technologies can work together in an integrated solution,” Gist says. “That’s important because all of our visitors come from departments that have installed various brands of access control over the years, and it can be a challenge to integrate older technologies with new smart card technology.
A tour of the facility begins at the identity station where visitors swipe driver’s licenses through a magnetic stripe reader or a bar code scanner provided by Intelli-Check Inc. of Woodbury, N.Y. “For the purposes of the simulation, we assume the driver’s licenses are valid and we use that data to simulate fingerprint checks, document forgery checks and background checks,” Gist says.
Within a few minutes, everyone receives a newly printed smart card enabled with appropriate logical and physical access privileges. Datacard of Minnetonka, Minn., supplies the lab’s enrollment and issuance technology. The encoder also writes public key infrastructure (PKI) data on the chip, enabling cardholders to manage signed electronic documents. Another demonstration here illustrates how the data that has been collected can be managed to meet HSPD-12 requirements.
The next station uses a turnstile to simulate carding in at an office in the morning. Visitors present cards to contactless readers positioned next to a monitor that accesses a photo and other information on that person from the system database. The station also demonstrates biometric access control readers. Companies supplying equipment to the access control station include Axalto Inc. of Austin, Texas; HID Corp. of Irvine, Calif.; Precise Biometrics, a Swedish firm with U.S. offices in Vienna, Va.; and SCM Microsystems Inc. of Fremont, Calif.
At still another station, Gist demonstrates how Microsoft’s PKI technology can exchange encrypted e-mail.
The largest station in the lab changes each month in response to new applications developed or tweaked by vendors. Currently, the wall illustrates two applications: an Air Force asset management system using smart cards and radio frequency identification (RFID) technology; and a mariners administrative card that stores an individual’s training records.
The final station demonstrates how an organization can audit data collected by identification systems. “We show an audit log of the transactions that have occurred since we issued cards at the beginning of the process,” Gist says. “By using the audit entries, we call up digital video from a CCTV system that shows individuals in the group carding in back at the access control station.”
ADT Security Services Inc. of Boca Raton, Fla., supplies the lab’s CCTV technology.
The last stop on the tour returns to the enrolling station, which demonstrates how cards are revoked. “To prove the revocation process worked, we take the cards back to the access control readers and present it,” Gist says. “The reader delivers a message that the card has been disabled and access has been denied.”
While Northrop Grumman IT uses the lab to demonstrate technology integration, the facility also spends time evaluating and comparing various technologies from different vendors and making recommendations to government agencies. One agency, for example, might prefer a lower cost biometric fingerprint reader that works well enough for its purposes, while another agency may need the highest possible security reader available. “The lab’s goal is to survey available technologies and show agencies how to put them together into a single integrated solution,” Gist says.