The face of an opportunity

The ID management business sparkles with high expectations, but is it still in a hurry-up-and-wait mode?

4 Stages of Identity Management


The applicant submits biometric
information, typically fingerprints,
and demographic
information to be enrolled in
the system. Documents such as
a driver's license are usually
also included in the application
as a validation of the demographic


The issuing authority ?
most often a government
agency ? checks the applicant
against government and private
databases to determine if the
applicant meets the criteria for
receipt of the credential. This
may include law enforcement
background checks, government
watch lists and commercial
databases. The issuing
authority must then approve or
deny the application.

Creating, issuing and
managing the credential

There are vendors that will
print, personalize and encode
information on the card, and
securely manage creation of the
credential and applications on
the card. Once cards are
issued, the authority needs systems
to manage them. Vendors
of such systems include publickey
infrastructure providers and
companies that quickly validate
the certificates online.

Applying the card in operations

When a cardholder uses the
credential, it is validated at the
access point. That requires
integration with physicalaccess-
control systems and

The anticipated business
boom in government identity management
systems is taking longer
to arrive than some had expected.
Sustained growth in spending on
biometrics, identity management
systems, and identification cards
and readers is seemingly just
around the corner ? but the greatest
bursts of activity have not yet

"The agencies and Congress are
trying to push these programs full
speed ahead, but there have been a
few bumps in the road," said
Jeremy Grant, senior vice president
of Stanford Group Co.'s investment

"Things have been moving in
stages," said Scott Price, vice president
of homeland security and
civilian solutions at General
Dynamics Corp. "First, people
asked, 'Do we need this?' And then
? until the ID card programs had
teeth ? no one cared, and there
was evangelizing going on. Now we
are getting the cards out."

Several powerful forces have
been converging in recent months
to nurture public-sector identity
management programs and push
them to maturity such as:
  • Urgent need for physical and
    cybersecurity since the Sept. 11,
    2001, terrorist attacks.
  • Serious interest in authenticating
    identities and protecting
    against identity theft.
  • Technology advancements in
    biometrics, radio frequency identi-
    fication and smart cards.
  • Development of Federal
    Information Processing Standard
    201 and other standards.
  • Major investments in identity
    solutions by large systems integrators
    including Lockheed Martin
    Corp., General Dynamics Corp.,
    Northrop Grumman Corp., EDS
    Corp., Maximus Inc., BearingPoint
    Co. and Unisys Corp.

"The intersection of identity
management with biometrics and
security has been in a big boom
since 9/11," said Victor Lee, senior
analyst at the International
Biometric Group consulting firm.
"The market is significantly more
active than a decade ago. With
regard to performance, things have
improved tremendously."


Spending on the 10 largest U.S.
government identity solutions programs
is projected to total $7.7 billion
from 2007 to 2011, according
to a January report from Stanford
Group. Accelerated growth is projected
for 2007, 2008 and 2009,
with spending peaking in 2009
and flattening in 2010 and 2011.
An additional $14 billion in international
government ID card programs
and $250 million in statesponsored
identity solutions is
forecast during the period.

Although the Defense
Department took an early lead in
issuing millions of Common Access Cards in the past several years, new
ID solutions are moving aggressively
out of the gate, including the State
Department's e-Passport and the
Transportation Security
Administration's Registered Traveler
ID cards for frequent airline travelers.
The intelligence community and
the FBI also have projects in the
works. Last month, Arlington
County and the city of Alexandria in
Virginia issued prototypes of the
First Responder Authentication
Credential to police, fire and emergency
medical personnel.

"Growth is being driven by a
number of programs that have
been in the works for years ? but
to date gone nowhere ? and will
finally take off in 2007," Grant
wrote in the Stanford Group
report. Systems integrators will
take a lead role in implementing
the ID card projects, and industry
consolidation and pressure to
reduce prices will continue as a
large number of companies vie for
a finite number of programs.

The largest program, deployment
of government employee ID cards
under Homeland Security
Presidential Directive 12, achieved
milestones in late 2006 but has
since slowed in momentum, in part
because of a lack of interoperability
among vendors' cards. But industry
executives are optimistic that those
issues will be resolved.

"We believe there is tremendous
potential in the HSPD-12 market,"
said Jon Rambeau, director of credentialing
systems at Lockheed
Martin. "FIPS-201 is a phenomenal
standard, and that is driving down
the price."


Even so, Grant and others said
that several major programs ?
while moving forward in recent
months ? have experienced significant delays because of technical
glitches and policy and funding
impasses, and they have not yet
begun accelerated growth. For
example, the Real ID Act of
2005, which will standardize
state driver's license programs,
has faced numerous objections
from state governments over
its costs and possible impact
on privacy. On March 2,
Congress delayed by 20
months the states' required
implementation of the law,
until the end of 2009.

Other rumblings: The U.S.
Visitor and Immigrant Status
Indicator Technology initiative
stumbled in creating a program
to identify visitors as they
exit the country, and rollout of
the Transportation Worker
Identification Credential has
lagged because of uncertainties
about encrypting the data and
changes in specifications for
the card readers. Harbor operators
balked because they did
not want to manage complex
encryption keys, and they
insisted on a contactless reader.

"The problems have not
been solved yet, but in my
opinion, they will be able to
encrypt the data," said Walter
Hamilton, chairman of the
International Biometric
Industry Association.

Meanwhile, Lockheed
Martin, which won the TWIC
enrollment and card-issuing
contract in January, is working
with the maritime industry
and TSA to ensure compatibility
once the reader design is
made final.

The People Access Security
Services border-crossing card
experienced a setback after
Homeland Security Secretary
Michael Chertoff revealed that
the long-distance RFID chip
failed to perform adequately
in field tests on a similar ID
document. Industry sources
said the failures are likely
because of faulty placement of
the readers rather than the
chip technology.

"The technical solution in
the PASS card is still lagging
behind the need," Price said.


Also affecting momentum is
the new, Democratic
Congress, which is increasing
oversight on federal contracting at the same time it is scrutinizing
the Iraq War budget.
And privacy advocates are
opposed to huge expansions in
biometric cards and centralized
databases because they
open the door to invasive government
snooping. Jim
Harper, director of information
policy studies at the Cato
Institute, said a government-controlled
ID system will
threaten privacy and civil liberties.
For example, DHS regulations
for the Real ID Act
lay the groundwork for racial
tracking, Harper said.

"The bar code system standard
that DHS calls for in the
regulation includes machine readable
information about
race and ethnicity. This is
deeply concerning and
unwise," Harper told a congressional
committee on
March 26.

Nonetheless, industry executives
are optimistic that identity
management technology
offers substantial benefits in
protecting and verifying identities,
and that privacy concerns
can be resolved. Niche opportunities
also abound in selling
networking services, middleware,
public-key infrastructures
and federated identity
management services.

For example, there are
opportunities in providing the
middleware for HSPD-12 solutions
and in upgrading the
backbone networks to combine
physical and cybersecurity, said
Greg Gardner, vice president of
government and homeland
security solutions at Oracle

The challenge is that the
cybercomponents typically are
run by the chief information
officer while the physical access
systems are run by
building security directors, and
there is little integration
between them, he said.

Another area of growth is in
federated identity management,
in which infrastructures
are created so a single ID card
can be used at different agencies.
This usually requires linking
the networks.

"What really resonates is
that the federated capability is
simple and easy to implement,"
Gardner said. "The other parts
of HSPD-12 are harder to

Despite the challenges, identity
management continues to
be a burgeoning field.

"A year ago, people were
scrambling. There was no real
funding and a lot of churn in
these programs," said Ivan
Hurtt, director of federal solutions
at Novell Inc. "Now people
are rolling out the enrollment
and beginning deployment
of the cards. People really
see the value of it."

Staff Writer Alice Lipowicz can be
reached at alipowicz@1105govinfo.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.