- Email: [email protected]
ID cards – have we got our priorities right?
news Continued from page 1...
... .NET for cards Microsoft’s .NET-based cards are smart IDs that support both physical and logical access. An embedded contactless feature provides the physical access to buildings. The logical access control is provided via a contact-based chip. The card requires 8K bytes of RAM, more than double the amount used in Java smart cards, as well as 150KB ROM and 128KB EEPROM. Cryptographic operations, such as symmetric and asymmetric algorithms are accessible via an implementation of the standard Cryptographic Services architecture of the .NET Framework. This allows solutions that use .NET cryptographic services to be modified to use smart cards.
industry news
And the SESAMES winners are… Following CTT’s round up of the Cartes show last month, including the shortlist of SESAMES nominees, we are pleased to report the winners. Winning the best hardware award was Infineon Technologies for its SLE 88CFX1M00P smart card microcontroller, which uses Face to Face technology and a 0.13 µm CMOS process. Face to Face is an advanced 3D chip stacking method that allows the design of a system composed of a bottom and a top chip. The best software award was won by Gemplus for its BioEasy concept, which offers a
secure way to deploy biometric technology using a card for authentication rather than a PC or card reader. Verification takes no longer than 80 milliseconds and does not compromise security or memory space, the company claims. Other winners in card applications included: •
IT Security Application – ASK, SPID;
•
Transportation – Ingenico, Ingecab;
•
Banking/Finance/Retail Application – PBS
•
Healthcare – Xiring, Le Point Xiring;
•
Mobile – Gemplus, APDU-TLS;
•
E-Transactions – Way Systems, WayVoucher;
•
Best Loyalty Application – ITEON, Robin.
A/S, PBS PSAM for EMV;
VIEWPOINT ID cards – have we got our priorities right? The publication of the UK government’s identity cards bill has set hares running off in all directions.
Let’s start with the basics. What is the purpose of the bill? To create a national scheme for the registration of individuals and to issue cards that can be used to identify registered individuals. But are high-tech cards really necessary, some people are asking. This particular argument goes like this. Within, say, ten years time, all the authorities entitled to ask someone for their ID will have immediate on-line access to the central government database. If the biometric data held on the database has been linked to an individual’s National Insurance (NI) number (or equivalent number issued in lieu to temporary residents), then an authorised enquirer could ask for the NI number, log on to the database, call up the biometric linked to that number and compare it on the spot using a local device. Would it not be cheaper to concentrate resources in the development of sophisticated biometric terminals, hand-held where required, for use by those entitled to demand ID details? The only ID document that people needed to carry would then be a simple National Insurance card. At the opposite end of the spectrum is the argument for really smart national ID cards which is advanced by Dave Birch of Consult Hyperion. The number of times that a policeman will identify you by looking at the photograph on your card and then comparing it with your face will be far outnumbered, says Birch, by the number of times that a smart ID card will, or could, be used to prove ‘virtual’ identity in a wide variety of computerised contexts – such as proving that the holder is over 18, has the right to vote, or has access rights to systems or premises. The holder’s ‘real’ identity, i.e. the information held on the national register is only one identity and does not need to be revealed in all circumstances. In fact, says Birch, we should stop thinking about ‘ID cards’ and use the term ‘ID computers’ instead. Other arguments against the introduction of the ID card system are based on the vast expense that the taxpayer will
16
have to shoulder. If all goes well, current estimates are that it will cost more than £5 billion over ten years to get the system up and running. But will all go well? The poor record of Whitehall in managing the introduction of computer systems for passports, child support, benefits and criminal records does not fill many people with confidence. In conclusion, we extend our sincere sympathy to Cathy Johnston of ACT Canada, a good friend of this newsletter. On 30 October, four men followed her off a train in Paris and robbed her. Now everything is disturbingly different, Cathy says. “In spite of all the articles and speeches I’ve delivered on identity theft, I failed to appreciate how immediate and devastating the effect would be from losing a small number of cards. ”I was lucky. They only got one credit and debit card, my driver’s licence, health card, and loyalty cards. Perhaps they were satisfied with the Canadian cash and the more than $2500 dollars they got from the credit card while I was in the police station reporting the theft. If I’m really lucky they threw away the rest, but the odds aren’t with me. The information on my driver’s licence is worth money and my health card can be sold or used. Two pieces of information that card issuers routinely ask me for, in order to identify me, appear on my driver’s licence.” Cathy’s experience reminds us that consumers, banks, credit card firms, stores and other businesses are suffering mounting losses from identity theft. The current debate in the UK about ID cards centres around the large issues of national security and immigration control. But will ID cards do anything to combat terrorism. They could even lead to a false sense of security: potential terrorists may not be British, and if they are British they may well possess bona fide ID cards. But identity theft stemming from such old-fashioned motives as robbery is an everyday occurrence. Are we doing enough to prevent identity theft? Have we got our priorities right? David Jones
Card Technology Today January 2005
... .NET for cards Microsoft’s .NET-based cards are smart IDs that support both physical and logical access. An embedded contactless feature provides the physical access to buildings. The logical access control is provided via a contact-based chip. The card requires 8K bytes of RAM, more than double the amount used in Java smart cards, as well as 150KB ROM and 128KB EEPROM. Cryptographic operations, such as symmetric and asymmetric algorithms are accessible via an implementation of the standard Cryptographic Services architecture of the .NET Framework. This allows solutions that use .NET cryptographic services to be modified to use smart cards.
industry news
And the SESAMES winners are… Following CTT’s round up of the Cartes show last month, including the shortlist of SESAMES nominees, we are pleased to report the winners. Winning the best hardware award was Infineon Technologies for its SLE 88CFX1M00P smart card microcontroller, which uses Face to Face technology and a 0.13 µm CMOS process. Face to Face is an advanced 3D chip stacking method that allows the design of a system composed of a bottom and a top chip. The best software award was won by Gemplus for its BioEasy concept, which offers a
secure way to deploy biometric technology using a card for authentication rather than a PC or card reader. Verification takes no longer than 80 milliseconds and does not compromise security or memory space, the company claims. Other winners in card applications included: •
IT Security Application – ASK, SPID;
•
Transportation – Ingenico, Ingecab;
•
Banking/Finance/Retail Application – PBS
•
Healthcare – Xiring, Le Point Xiring;
•
Mobile – Gemplus, APDU-TLS;
•
E-Transactions – Way Systems, WayVoucher;
•
Best Loyalty Application – ITEON, Robin.
A/S, PBS PSAM for EMV;
VIEWPOINT ID cards – have we got our priorities right? The publication of the UK government’s identity cards bill has set hares running off in all directions.
Let’s start with the basics. What is the purpose of the bill? To create a national scheme for the registration of individuals and to issue cards that can be used to identify registered individuals. But are high-tech cards really necessary, some people are asking. This particular argument goes like this. Within, say, ten years time, all the authorities entitled to ask someone for their ID will have immediate on-line access to the central government database. If the biometric data held on the database has been linked to an individual’s National Insurance (NI) number (or equivalent number issued in lieu to temporary residents), then an authorised enquirer could ask for the NI number, log on to the database, call up the biometric linked to that number and compare it on the spot using a local device. Would it not be cheaper to concentrate resources in the development of sophisticated biometric terminals, hand-held where required, for use by those entitled to demand ID details? The only ID document that people needed to carry would then be a simple National Insurance card. At the opposite end of the spectrum is the argument for really smart national ID cards which is advanced by Dave Birch of Consult Hyperion. The number of times that a policeman will identify you by looking at the photograph on your card and then comparing it with your face will be far outnumbered, says Birch, by the number of times that a smart ID card will, or could, be used to prove ‘virtual’ identity in a wide variety of computerised contexts – such as proving that the holder is over 18, has the right to vote, or has access rights to systems or premises. The holder’s ‘real’ identity, i.e. the information held on the national register is only one identity and does not need to be revealed in all circumstances. In fact, says Birch, we should stop thinking about ‘ID cards’ and use the term ‘ID computers’ instead. Other arguments against the introduction of the ID card system are based on the vast expense that the taxpayer will
16
have to shoulder. If all goes well, current estimates are that it will cost more than £5 billion over ten years to get the system up and running. But will all go well? The poor record of Whitehall in managing the introduction of computer systems for passports, child support, benefits and criminal records does not fill many people with confidence. In conclusion, we extend our sincere sympathy to Cathy Johnston of ACT Canada, a good friend of this newsletter. On 30 October, four men followed her off a train in Paris and robbed her. Now everything is disturbingly different, Cathy says. “In spite of all the articles and speeches I’ve delivered on identity theft, I failed to appreciate how immediate and devastating the effect would be from losing a small number of cards. ”I was lucky. They only got one credit and debit card, my driver’s licence, health card, and loyalty cards. Perhaps they were satisfied with the Canadian cash and the more than $2500 dollars they got from the credit card while I was in the police station reporting the theft. If I’m really lucky they threw away the rest, but the odds aren’t with me. The information on my driver’s licence is worth money and my health card can be sold or used. Two pieces of information that card issuers routinely ask me for, in order to identify me, appear on my driver’s licence.” Cathy’s experience reminds us that consumers, banks, credit card firms, stores and other businesses are suffering mounting losses from identity theft. The current debate in the UK about ID cards centres around the large issues of national security and immigration control. But will ID cards do anything to combat terrorism. They could even lead to a false sense of security: potential terrorists may not be British, and if they are British they may well possess bona fide ID cards. But identity theft stemming from such old-fashioned motives as robbery is an everyday occurrence. Are we doing enough to prevent identity theft? Have we got our priorities right? David Jones
Card Technology Today January 2005