SEPTEMBER 2010: Have you ever searched the Web for ‘fake passport’? You will find agencies selling fake passports (and openly advertising it online), supposedly for use by private detectives for legally-permitted levels of espionage. However, we all know that fake passports are put to more dangerous uses! Pawnbrokers and local rogues confiscate the ration cards of villagers and use it to procure groceries at low prices. Such examples make you wonder whether the traditional ID cards really serve the purposes of identification and authentication.
A smart card or token is like a visiting card with a tiny computer chip inside it.
It can store information and communicate with smart card terminals that can read and write information to the card, as well as act as the interface between the smart card and a larger network or application.
A smart card is highly secure, and is often combined with even higher levels of security such as biometric identification.
At a basic level, a smart card can perform some or all of four functions: data storage, identification, authentication and application processing.
Depending on the information stored, and coupled with appropriate smart card terminals and software, the same smart card can be used for multiple applications.
In an ideal situation, a person would carry just a single smart card that acts as a credit card, cash card, ration card, PAN card, voter’s ID, SIM card and even passport. However, such an implementation would require a concerted effort by various agencies, including government and private ones, along with adherence to several common standards and regulations.
We have a long way to go in this regard, but a beginning has been made through the inception and implementation of the Unique Identity Authority of India (UIDAI).
If we had a ‘smart’ identification card instead, it would mean a very secure, unique identity with the potential to replace several individual cards issued in a decentralised and ad-hoc fashion by various agencies. “A smart card combines three functions: identification, authentication and data storage. It could work as a multipurpose card that merges all other cards. Plus, it is highly secure. Smart ID cards prevent identity theft and are important in terms of national security,” explains Sandeep Lugani, practice head-Intelligent Building Management System & Physical Security, Wipro India, Middle East and Africa.
As the technology is reasonably mature, this is indeed the right time to introduce smart IDs, and learn about the challenges and opportunities it throws open to the tech fraternity in India.
Smart IDs: A Look at the Whole Tech Jigsaw
Comprising microcontrollers, memory and the like, a smart card is just one aspect of a whole smart ID setup. The other pieces of the jigsaw include smart card terminals, application software, communication networks and more. Let us take a quick look at all the tech constituents of a smart ID setup and the trends concerning these
A smart card is essentially a card or token comprising a secure microprocessor core and non-volatile memory. Being capable of identification, authentication, communication, application processing and data storage, it is amenable to functions ranging from credit, cash and insurance cards to health, travel and even SIM cards. Shiv Turmari, country sales manager, ARM Embedded Technologies, points out that now smart cards are being deployed even for lottery metering and vending, pay TV, gaming, GSM, healthcare, transportation and pay phones.
If done right, every person would need to carry just one card! “A smart card can hold multiple application data securely without any interference between the service applications. Hence, multiple services can be offered through a single smart card,” explains Dayakar C. Reddy, managing director, MosChip Semiconductor.
However, the smart card by itself plays a very small role in this scheme—smart card terminals, communication networks and application software too play a large role.
Smart card basics
A smart card comprises a secure microprocessor core, memory and some means of powering its functioning.
“Of late, all these components have undergone changes from the price, performance, area and price points of view,” says Turmari. Processors are constantly evolving to meet the rapidly evolving applications, increasing memory and speed requirements, strict cost control, and reduced power consumption needs of the industry.
Security. Speaking of a smart card’s components, the word ‘secure’ requires special attention. Security, be it in the form of PIN numbers, passwords or encryption keys, can be compromised by smart hacking. A secure smart card tries to overcome this challenge by roping together several technologies including even high-level ones like biometric identification.
Sumit Sahai, product manager–processor division, ARM, explains that normal processors offer little or no security in this regard. “With sophisticated hacking equipment, smart card data can be intercepted, modified and spied upon during standard CPU operations. A secure processor core, on the other hand, would be tamper-resistant and prevent retrieval or modification of on-chip information even during the most sophisticated physical attacks. It should also be designed to fail gracefully, where the compromise of one device does not compromise the entire system. The security features should also be highly configurable,” he says.
Market requirements and manufacturers’ answer to these
Demand for high performance stretching beyond existing 8-/16-bit proprietary cores
• proprietary architectures nearing end of life
•Mid-range SIM memory sizes increasing beyond 16-bit addressability
• Service consolidation—multiple services/applications running on one device
• Advanced security algorithms
• High performance at very low power
• Preference for NFC and contactless cards
• Increasing pressure on profit margins
Solution for the current market trends:
• 32-bit power to handle multiple services and advanced security algorithms
• 32-bit memory addressing
• Industry standard architecture
• Configurable security features
• Fast multiply and divide
• Easy designing
• Broad tools and ecosystem support
• Fast time-to-market
• Low-cost project entry
—Shiv Turmari of ARM
Memory requirements. More memory is needed to cater to both the increasing complexity of applications and the tight security measures. Security algorithms such as 256-bit+ AES require larger keys, biometric identification involves large data sets, and operating systems and file systems for secure chips are quite big. Sahai mentions that such memory requirements are met using higher code-density and 32-bit addressing in current generation of microprocessors.