Identity Self-Defense: The Power of PIV
In the months following the September 11 attacks on New York and Washington D.C., it was determined the issue of identity verification needed to be addressed. Homeland Security Presidential Directive 12 (HSPD12) established the requirement to verify the identity of all federal employees and issue them a secure identity credential. This has resulted in the issuance of millions of Personal Identity Verification (PIV) credentials.
This secure identity credential has dramatically increased the level of security for the federal government as a whole. To the casual observer this identity badge worn by federal employees simply looks like an identity with a name and photo on the front. But within this card is a cryptographic microprocessor which has the ability to securely store information about the user. This identity information paired with the appropriate physical and logical systems can regulate access to both buildings and information systems.
This identity information paired with the appropriate physical and logical systems can regulate access to both buildings and information systems.
For physical access control, the PIV has the capacity to prove an ID credential is authentic, and to make each access unique, eliminating the threat of eavesdropping and recording in the entry and replaying it as an attack on an access system. For higher levels of security, biometrics positively identifies the bearer of the credential.
For logical access control, the PIV can eliminate the threat of stolen passwords as a way to access critical government infrastructures or databases storing sensitive personal information. Requiring the PIV card to be inserted into a standard slot on the PC coupled with either a personal identification number (PIN) or a biometric detail (fingerprint) to gain access ensures that only authorized users are gaining access to government systems.
The PIV credential has proven that this type of identity protection can be accomplished ensuring the security of both the users identity and the access rights to government building and information systems. Imagine if there were an option to provide all citizens with the same ability. By enhancing current identity credentials, like the social security card, to have the same level of identity security as the PIV credential, citizens would be able to govern who has access to their identity and how it is used.
This would take time to implement, but as we have seen with the PIV credential, the ability to use the identity credential as part of the protection of a person's identity brings it to the individual level. This has far reaching ramification for some very pressing topics on Capitol Hill. For example, this type of credential could be used as part of employment verification ensuring that only eligible persons receive employment. Because the credential has the ability to store a person's specific and unchangeable attribute, like a fingerprint, using a person's identity in a fraudulent manner becomes almost impossible.
It is time to address the issue of protecting our identity and thanks to the federal government's implementation of PIV smart card credentials; we have a proven technology in place that could be leveraged for a much broader audience. Putting a stronger, smarter credential in the hands of citizens and tying it to their biometric details puts control into the hands of the card holder, enabling true Identity Self-Defense.