Smart card meets fed security scrutiny

As the General Services Administration prepares to award an estimated $1

billion governmentwide smart card contract, Spyrus Inc. announced this week

that its smart card is the first to receive a certification validating that

it has met a federal security standard.

Spyrus' Rosetta Smart Card is the first to receive the Federal Information

Processing Standard (FIPS) Pub 140-1 certification. The National Institute

of Standards and Technology on May 5 issued the certification, which is

required for cryptographic modules such as those used for data encryption

and user authentication.

Agencies are required to purchase cryptographic devices such as smart

cards that are FIPS 140-1-certified, when they are available on the market.

Until now there have been no smart cards that have received this certification,

said Bill Bialick, technical director at Spyrus. And while other companies

are likely to follow suit, not every vendor will ultimately receive the

FIPS certification, he said.

The move should make the Rosetta card a top contender for government

smart card business, including the GSA's Smart Access Common ID Card program

that will provide a single vehicle for agencies to buy smart card products

and services, Bialick said.

GSA expects to award the contract May 19.

The Rosetta Smart Card is unique, Bialick said, because its processor

is "designed to protect and isolate keys and data." The card can be used

for physical and logical access and as part of a public-key infrastructure.

The card received a Level 2 certification, which means that a user can

visually tell if the card has been tampered with.