March 2009


In early March, snow was falling heavily outside the Capitol building in Concord, New Hampshire during my testimony in opposition to House Bill 478.

HB 478 bans the use of RFID technology in state issued identification documents, among other provisions. The snow was as unexpected as the thoughtful questions posed to me by some of the House Commerce Committee members before whom I testified.

Their questions bespoke much of the confusion that surrounds RFID technology and what it can and cannot do. How much information can a chip contain? That depends. What about the ability to track individuals carrying RFID contained in identity documents or retail products? Possible in a closed system maybe, but highly improbable in the real world was my response. Did I know that the citizens of New Hampshire rejected REAL ID? Yes, but REAL ID has nothing to do with RFID. What is the best way to define RFID? The problem is not with the definition of RFID but with the perception that RFID presents a threat to privacy.

While I tried to answer their questions precisely, the heart of the problem is that the answers are not concise. That’s because every application of RFID is not the same. And therein lay the problem - for industry, for the privacy community and for policymakers.

We all need to take a step back from the heated rhetoric that has dominated the conversation around RFID and begin a dialog where we truly listen to each other. I believe, for the first time in the three years that I have been testifying against anti-RFID bills, that we are moving to separate fact from fiction in our RFID discussions.

Why? Because the House Commerce Committee members voted to retain HB 478, meaning it won’t go to the House floor for a vote in 2009. What happens in 2010 will either support my optimism or crush it abysmally.


On April 1st, I'll be giving a talk at the ICMA Card Manufacturing and Personalization Expo in San Juan, Puerto Rico where I'll help separate fact from fiction when it comes to convergence of card applications .

Technological convergence is a trend where elements having distinct functionalities come together with all the features, benefits, and advantages of each original component to provide the added value of a single item. Contactless smart card technology is transforming itself to play a major role in the convergence of applications including payment, transit, loyalty and access control where previously there has been a unique card for each function.

Card manufacturers are increasingly looking for products with added value to maintain their shrinking profit margins in a commodity market. A card that has multiple uses provides added value and convenience which will create the desired "top of wallet" position with consumers. Even in today's difficult economic climate, banks are investing in contactless technology because of the differentiation and competitive edge it provides.

We're also starting to see convergence happening on non-card form factors like the new cell phone/mobile device stickers, which enables the phone as a payment device and serves as a bridge to future NFC technology.

My session will explore the benefits and operational issues associated with implementing multi-application contactless smart cards or credentials for various market segments as well as a description of early pilot activity.

I look forward to seeing you at ICMA!


Marketing is an exciting profession especially when launching a new product …IN PERSON!


What could be better than physically demonstrating a uniquely innovative solution in front of end-customers, channel partners, OEMs and media, receiving instant feedback, initial impressions and comments on how this solution will benefit them and their future prospects.


Last week, we brought our HID on the Desktop solution Launch Tour on the road and took a ‘bite out of the big apple’ (pardon my pun) in NYC. I felt like it was Old Home Week, having the pleasure of catching up with Wayne Vodar, Larry Seltzer and my old buddy, Steve Ludeking (all now with Niscaya). I also reconnected with Tom Echols and my dependable, good friend, Steve Lasky from Security Technology Executive. While it was great to meet up with customers I know, I also had the opportunity to meet new customers like Casey and Alex, from TX Systems. I was sincerely impressed that these two gentlemen not only joined us in NYC, but also came along to our launch event in the Windy City (two days later)! Their commitment to promoting and engaging with HID Global is truly impressive!


I may be partial to NYC (as I was raised in New Jersey), but Chicago took me by surprise! I was never more excited to meet a great group of customers and industry professionals! Customers like Thomas from Dexa, Debra from IdentiSys, long-time industry partner, Laura, from SDM, and best of all: end-customer Joe from Northwestern University.


Space prohibits me from mentioning all the industry partners I reconnected with during our whirlwind tour, but I wanted to write this blog to invite launch tour attendees from NYC and Chicago to provide impressions of the HID on the Desktop solution and the Launch Tour events by commenting on this blog post. I am reaching out to you in hope that you will provide comments and feedback about the tour, the presentation, the demonstration of the solution, etc.


So many great ideas were shared at these tour events, but I’d appreciate hearing your impressions. I would even encourage my colleagues to participate, sharing thoughts with our customers on the value of the feedback from these meetings.


For those of you reading this blog who were unable to attend our first two tour events, HID on the Desktop (HOTD) is our latest solution for converged security environments, enabled by the use of a single credential for both physical and logical access. The same card you use to get in the door can now be used to log onto your PC or laptop-- Convenience meets Security at the Desktop! How convenient is that!?! And, if you don’t have the card yet, no problem. Deployment is simple, affordable and most importantly, secure.


Our next launch tour stop will be “Viva Las Vegas,” during ISC West. If you would like to see a demonstration of HID on the Desktop at ISC West, email me [email protected]. And for those who were unable to attend the first two tour events, click on the link below and you can view a video of our New York event!


Get the Flash Player to see this player.

I hope to meet more customers on the road, sharing thoughts and ideas that shape our marketing programs to benefit you--our customers.


And finally, on behalf of HID Global, I thank all of the customers who attended our first two HID on the Desktop Launch Tour events. This blog is in appreciation of all of you and I encourage you to respond to this with your opinions.


That would be my second greatest pleasure to end a great week!



How many passwords do you have? I know I use between 15-20 on a regular basis. Corporate IT network? Check. Frequent flyer program? Check. Email password? Ditto. On-line banking access? Check.

It’s pretty hard to stay on top of all these passwords, so what do you do? If you’re like a lot of people, you write them down on a note pad stored inside your desk drawer. And you try to use the same password for as many applications as possible. Security industry professionals recognize that these work-arounds violate basic Security 101 principles. They’re easily stolen or hacked.

The Password Problem


Get the Flash Player to see this player.



Upon realizing the security limitations of username and password, industry regulators began calling for stronger passwords. To make password less “hack”-able, my IT group asked me to change my password every 60 days. The password had to be a specific lengths (e.g., more than 12 characters) using a combination of upper and lower case letters, numbers and/or special characters.

This model may have increased the password’s security level, but it also created an entirely new headache. My associates and I forgot the obscure passwords we had created, resulting in a need for increased IT helpdesk support. In the attempt to enhance security, basic user convenience was sacrificed. Does this sound familiar?

At this point, people recognized that while security is necessary for any log-on solution, the security method only works if the end-users follow the policy. Many called for using multi-factor authentication (“something you know”, “something you have”, “something you are”). Vendors chased that market, creating one-time password solutions, contact smart card log-on, biometric log-on and other ways to secure log-on. While some would agree that these solutions addressed the need for security, they were generally seen as expensive, a burden on IT infrastructure and inconvenient for users.

A new approach to log-in security that addresses a) an acceptable level of security and b) a high level of user convenience (and therefore, user acceptance and adoption) is needed.

With HID on the Desktop™, we think we’ve found that new approach. The installed base of 300 million HID cards in use around the globe provides secure access to offices and other sites. Why not use these cards as the second factor for IT authentication? Using a combination of “something you know” and “something you have”, multi-factor authentication can be provided using the ubiquitous corporate ID badge together with a short PIN number.

People are used to presenting their corporate ID badge to a reader to get into the building. So how much of a leap is it to ask them to use it to log-in to their computer? Not much.

With HID on the Desktop, I don’t need to remember passwords anymore. I present my card, I enter my pin and I’m logged on to my PC. Its something I know. It’s something I’m familiar with. I guess I’m dating myself here, but I’ve been using this same model for 25 years to access my bank account through an ATM. And yet, I’m using multi-factor authentication, a far more secure means of IT assurance and security than just user name and password.

A simple solution for network log-in, HID on the Desktop offers user convenience. It offers improved security via multi-factor authentication. It’s simple to deploy and install, using intuitive naviGO™ software. This is the new convergent approach we’ve all been looking for.