Miami's XTec is the wizard of ID cards

From the Miami Herald, April 16, 2007

XTec President and CEO Alberto Fernandez hopes perceptions of his company as small-time -- it only pulled in about $5.3 million last year -- don't limit its chances for a government contract.
ANDREW ULOZA/FOR THE MIAMI HERALD

XTec President and CEO Alberto Fernandez hopes perceptions of his company as small-time -- it only pulled in about $5.3 million last year -- don't limit its chances for a government contract.

Conversations at Miami's XTec often veer into strange territory: how terrorists might defeat fingerprint scanners by hacking off their digits, how bombs might be rigged to detonate when they pick up frequencies emitted by certain ID badges, or how a contactless ID reader similar to the SunPass system might be jammed with radio transmitters.

It's that kind of arcane knowledge that has helped XTec carve a niche making secure identification systems. Think smartcards and ID badges.

BIG MISSION

Now the company, whose headquarters is on Miami-Dade's Blue Lagoon Drive, is hoping to use those skills to outsmart some of the largest firms on the planet in a race to issue the next generation of government ID cards that are likely to become a global standard.

At stake is a hotly contested deal to create a system of secure identification cards for the General Services Administration and the 40 government agencies it supports.

The contract -- expected to be worth $60 million to $100 million -- requires the winner to provide a one-stop system that can collect and transmit biometric data (namely fingerprints) to the FBI; authenticate licenses, passports and other documents; record PINs; and then spit out an ID badge encrypted with all that information and an image of the bearer on the spot.

By October of this year every government agency is supposed to be using the badges to control access into their buildings and computer systems.

THE COMPETITORS

Now there are just three companies in the running for the contract: BearingPoint and EDS -- massive consulting firms with annual revenues last year of $3.5 billion and $21.3 billion respectively -- and XTec, which has 30 employees.

While XTec has won government contracts in the past, President and CEO Alberto Fernandez said he worries Washington may think XTec might not be large enough to be a viable prime contractor -- even though it has partnered with Accenture for the project. ''There is a perception issue,'' he admits.

But those perceptions are misplaced in a field where know-how trumps size, he said, particularly when the large competitors are trying to cobble together solutions by purchasing technology from several different vendors.

'If you call an integrator and say `make my solution secure,' you end up with Swiss cheese -- a lot of security holes you keep having to patch,'' he said. ``Security has to be built from the ground up. We are a security company. Everything we do has security at its core.''

Founded in 1992, XTec got its start developing a patented technology called Mediametrics, which measures the random imperfections that occur when data is recorded onto magnetic strips and other secure media. The imperfections become a virtual fingerprint unique to each card that Mediametrics-enabled readers can recognize. Counterfeiters ''might be able to copy the data but not the imperfections,'' explained Fernandez.

PARTNERSHIPS

Since then, XTec has worked with credit card companies to reduce fraud and the U.S. Secret Service to help detect it. The same encryption technology also made XTec a player in the physical security field, where the risks of failure are much higher.

''If a terrorist gets into your network, they can do a lot of damage, but blowing up a building kills people,'' Fernandez said.

In 1999 the company won a contract to produce ID cards for all U.S. State Department installations and since then has won deals with the Navy, the National Science Foundation and the Department of Labor among others. Currently, XTec has about 250,000 cards in active circulation.

Despite the company's success, up until recently the identification and access control industry was stagnant, said Roy Bordes, the president and founder of an Orlando-based security company, the Bordes Group.

But then came 9/11, and the federal government renewed its push to secure buildings around the globe, said Bordes, who is also the council vice president of the American Society for Industrial Security.

2004 DIRECTIVE

In 2004, the government issued Homeland Security Presidential Directive 12, requiring all federal employees and contractors to have a secure form of identification that will work across all government agencies and that can be used for both physical entry and logistics such as logging onto government computers.

From one day to the next, millions of ID cards already in existence were made virtually obsolete and the new gold rush was on. XTec, for example, upgraded its cards at the U.S. State Department to be compliant.

For companies such as XTec, the presidential decree was ''a light flashing on the horizon,'' said Bordes.

No one knows for sure what kind of opportunity that flashing light represents for the industry, but analyst estimates start at about $5 billion.

Doug Simmons, the director of technical architecture at Burton Group, a technology consulting firm, said HSPD-12 is expected to represent about $350 million to one of his clients alone.

Ultimately, some 4 million federal employees and tens of millions of contractors will have to carry HSPD-12-compliant identification.

''There are some 30-to-40 million cards and card readers and associated hardware that is going to be deployed as a part of this,'' said Simmons. ``This is easily a multibillion-dollar market -- and even that estimate may be way too low.''

While the GSA contract is an important one, it is by no means the only opportunity in the field. XTec is already fielding calls from other government agencies that are not under the GSA's general services contract.

JUST THE BEGINNING

And the real opportunities are likely to surface when the technology makes the leap into the private sector. As the government forces vendors to work together to create a standard that is compatible across agencies, it will reduce the costs of creating HSPD-12-compliant cards from current levels that can range $4 to $10 per card.

''A lot of the kinks in the cost of entry will have been worked out and I think that's significant,'' said Simmons.

Among the numerous capabilities of the system XTec has installed at the U.S. State Department is that employees can be tracked real-time through buildings. By looking at a computer screen, a manager anywhere in the world could, for example, track John Smith as he walked through the front door at 9 a.m., punched in an elevator access code at 9:05 a.m. and was logged onto his computer by 9:07 a.m.

The same technology also could be tailored for a fast-food restaurant to stay on top of employee schedules. And rather than having to rekey the building every time an employee leaves the company, the cards can simply be reprogrammed, said Fernandez.

''The real money is in the consumer market,'' he said. ``That market could be beyond comprehension.''

About XTec

XTec is a leader in secure, interoperable authentication and verification systems. XTec develops, produces, and licenses enterprise level security solutions for Credentialing, Access Control, Information Systems, and Electronic Commerce for a wide range of government and commercial uses. XTec's focus is on providing a secure foundation from which customers can build secure enterprise web-based applications and cryptographic systems. XTec has a long-standing relationship with the Department of Homeland Security (formerly the United States Secret Service or USSS) for document security using XTec equipment to assist in the forensic tracing of counterfeit cards. XTec is a recognized leader in both government and commercial circles for its expertise and products for credentialing, identity, secure payment, and access control.