1. What is a smartcard ID?
A smartcard includes an embedded computer chip that can be either a microprocessor with internal memory or a memory chip alone. The card connects to a reader with direct physical contact or with a remote contactless electromagnetic interface. With an embedded microprocessor, smartcards have the unique ability to store large amounts of data, carry out their own on-card functions (eg, encryption and digital signatures) and interact intelligently with a smartcard reader. A smartcard ID can combine several ID technologies, including the embedded chip, visual security markings, a magnetic stripe, a bar code and/or an optical stripe. Smartcards are used worldwide in financial, telecommunications, transit, healthcare, secure identification and other applications.
2. Why is a smartcard the ideal alternative for a privacy-sensitive secure personal ID system?
A smartcard is the only alternative that can securely combine several applications and technologies onto one card, providing both convenience and security while minimising the need to present personal, private information. With a smartcard-based system, there is no technical requirement to have a central database system that observes all requests for services. Because the smartcard is an active device (a small computer), the card is able to give only that information that is required for the specific service at the time the card is presented.
3. Are privacy rights of individuals at risk as we move closer to a standardised identification system?
Yes. There are potential impacts on privacy with any new identification system, particularly one that relies on large interconnected data bases. It is prudent that privacy concerns be kept in the forefront during the design of identification/security systems. But, as mentioned previously, a smartcard-based system does not require a central database of information and can have an active interaction with the information requestor. Services and participant information can be distributed to those points where the service takes place. The unique ability of the smartcard to verify the authenticity and authority of the service request allows it to be the best guardian of the card owner's personal information.
4. How does this white paper define privacy?
Privacy is a broad topic, one that invokes differing definitions often coloured by cultural, political, and economic factors. To many people, privacy is that imaginary protective bubble surrounding our personal lives. It is an insulating barrier between ourselves, and those we care about, and the outside world. To others privacy might include a sense of secrecy, an ability to carry out our daily activities without the knowledge of others. And to some privacy can even mean outright anonymity, where we are able to remain nameless or unrecognisable in our dealings with other individuals or entities. The white paper defines a 'privacy-sensitive' secure ID system as one that has technology, policies and processes in place to protect the individual's personal information and that provides the ability for the individual to control who has access to the personal information used by the secure ID system.
5. What are examples of ID system implementations that use smartcards and biometrics today?
There are numerous government ID systems implemented worldwide that are using smartcard and biometric technology, including:
* US Department of Defense Common Access Card - with photo, biometrics (fingerprint), and smartcard chip.
* Malaysia's national ID (Government multipurpose card) - with photo, biometrics (fingerprint) and smartcard chip.
* Spain's social security card - with biometrics and smartcard chip.
* Netherlands' 'Privium' automated border crossing system - with photo, biometrics (iris) and smartcard chip.
* Brunei's national ID - with photo, biometrics (fingerprint) and smartcard chip.
* UK's Asylum Seekers Card - with photo, biometrics (fingerprint) and smartcard chip.
6. Are biometric systems alone not enough to prove an individual's identity as they pass through critical check points such as airports or border crossings?
They may be, but having only a face, fingerprint, or other biometric available for identification requires a large, very fast and as yet undefined infrastructure. Having a smart ID device, which supports existing authentication infrastructures and which can compare the biometric at the point of interaction, allows much more flexible identity authentication with less impact on privacy. This is because it is not necessary to record who passed a security point, only to verify the identity of whoever it was had been previously authenticated. A combined smartcard and biometrics ID system also delivers the highest security, supporting two- or three-factor authentication.
7. How is a biometric template created on a smartcard, and what stops someone from overwriting the card with his/her own biometric?
A biometric template is an encrypted hash of the actual biometric itself. Once created, the template is digitally signed and locked onto the card by the issuing authority. Any attempt to overwrite would not be authenticated by the issuing authority as the smartcard prevents modifications of its memory by anyone who is not correctly authenticated.
Smart Card Alliance
© Technews Publishing (Pty) Ltd | All Rights Reserved