Smart Card Digital Security Initiative

Charles CagliostroExecutive Director of Digital Security

Initiativeccagliostro@smarcardalliance.org

April 25, 2001 CACR Information Workshop 2

Mission of Digital Security Initiative

• To increase the size of the smart card market in North America by establishing a broad-based understanding that smart cards are synonymous with security in the networked world and by seeking to resolve any technical or business issues that may exist, or arise, that could make it difficult for a developer or user organization to employ smart cards in their security solutions.

April 25, 2001 CACR Information Workshop 3

Goals1. Promote the critical role of smart card technology in

securing B2B e-business, enterprise systems, bank card transactions, and consumer Internet applications;

2. Help ensure the smooth implementation of smart card technology for security purposes in internet, credit/debit card, mobile commerce, and network security applications; and,

3. Strongly advocate the inclusion of smart card reader/writers as original equipment on all types of network capable devices including PC’s, Internet appliances and mobile phones, to ensure that smart card-based security can be broadly implemented.

April 25, 2001 CACR Information Workshop 4

Operational Units

• Expert Technical Committee– address technical issues

• Marketing and Communications Committee– undertake promotional and educational programs

• Reader Task Force– industry advocacy to make reader/writers standard equipment on

new PCs, workstations, and network appliances.

• Full Time Executive Director– Charles Cagliostro – Former SCIA Exec. Dir.

April 25, 2001 CACR Information Workshop 5

Expert Technical CommitteeThe committee’s goal: address any and all issues which could stand in the way of solution providers or user organization adopting smart cards for the purpose of providing security.

The Tasks of the committee are: – establish a mechanism for developing an on-going list of technical “road

block” issues. – develop methodology for prioritizing and classifying “road block issues” – develop functional description of each “road block” issue and a plan to

address the issue. It is expected that there will be three categories of issue:1. those that can be address through educational efforts including development of printed

materials, public relations campaigns, speaking and other out reach.2. those that can be addressed by the industry on a technical basis, such as establishment or

endorsement of specifications or standards,3. those that are beyond the reach of the committee, but require the attention of the smart card

community as a whole

– work with the Marketing & Communications Committee to generate materials for education, outreach and promotional efforts

April 25, 2001 CACR Information Workshop 6

Marketing & Communications Committee

The Eyes, Ears and Voice of the Initiative

Activities of Committee:• Produce Educational/Outreach materials and programs

flowing from the activities of the Expert Technical Committee

• Develop materials to explain the business case for using smart cards in network security solutions including a templates and case studies which illustrate the cost-effectiveness of the adoption of smart card technology over time.

• Provide a quick-response mechanism (under 24 hours) to respond to any security related incidents that appear in the media.

April 25, 2001 CACR Information Workshop 7

Smart Card Reader Deployment Task Force

The Task Force Goal: Convince the suppliers of network hardware that there is about to be a critical mass of smart cards issued in the US. And that this event demands that they include readers in ALL their product offerings.

The key elements of the SCRD Task Force:• SCRD Petition: The petition is a document expressing philosophical

commitment by user organizations and card issuers to having smart cards play a major in the future of their networks.

• SCRD Tour: The SCRD Tour is actually a series of trips to be made in 2001. A group of representatives from major user organizations and card issuers will visit key electronic equipment suppliers, armed with presentation materials put together by the Marketing & Communication Committee.

• Smart Card Reader Logo Program: a logo that OEMs can use to identify products, which have a PC/SC compliant smart card reader.

April 25, 2001 CACR Information Workshop 8

2001 First Half Deliverables• Publish Opportunities/Obstacles Report.

– Incorporate survey responses and input of expert technical group.

• Case studies report: successful security implementations.– Audience: CIO/MIS security officer.– Purpose: education-reference successful

programs with how-to, why and who info.– Method: case study template is provided to

interested companies who submit to editorial review.

April 25, 2001 CACR Information Workshop 9

2001 First Half Deliverables

• Reader Initiative Petition– Draft Petition and List of Signers– Have at least 15 significant

individuals sign Petition.

April 25, 2001 CACR Information Workshop 10

To Learn More

• Visit www.smartcardalliance.org/dsi– DSI Plan – basis of this presentation.– DSI Newsletter – Monthly update of Initiative.– DSI ‘Obstacle/Opportunity’ Survey – add your

perspective to the Initiative.– Case Studies Template – Submission Format

• If interested in submitting a case study, please contact me at ccagliostro@smartcardalliance.org

April 25, 2001 CACR Information Workshop 11

Conclusion

• The Smart Card Alliance (formed by the combination of the Smart Card Industry Association and Smart Card Forum) has funded the Digital Security Initiative for two years.

• The goals of the Initiative are ambitious, but with continued industry support, achievable.

• If you’d like to become involve, then join the Smart Card Alliance by visiting www.smartcardalliance or contacting ccagliostro@smartcardalliance.org

Thank you