SEPTEMBER 2010: Have you ever searched the Web for ‘fake passport’? You will find agencies selling fake passports (and openly advertising it online), supposedly for use by private detectives for legally-permitted levels of espionage. However, we all know that fake passports are put to more dangerous uses! Pawnbrokers and local rogues confiscate the ration cards of villagers and use it to procure groceries at low prices. Such examples make you wonder whether the traditional ID cards really serve the purposes of identification and authentication.
If we had a ‘smart’ identification card instead, it would mean a very secure, unique identity with the potential to replace several individual cards issued in a decentralised and ad-hoc fashion by various agencies. “A smart card combines three functions: identification, authentication and data storage. It could work as a multipurpose card that merges all other cards. Plus, it is highly secure. Smart ID cards prevent identity theft and are important in terms of national security,” explains Sandeep Lugani, practice head-Intelligent Building Management System & Physical Security, Wipro India, Middle East and Africa.
As the technology is reasonably mature, this is indeed the right time to introduce smart IDs, and learn about the challenges and opportunities it throws open to the tech fraternity in India.
Smart IDs: A Look at the Whole Tech Jigsaw
Comprising microcontrollers, memory and the like, a smart card is just one aspect of a whole smart ID setup. The other pieces of the jigsaw include smart card terminals, application software, communication networks and more. Let us take a quick look at all the tech constituents of a smart ID setup and the trends concerning these
A smart card is essentially a card or token comprising a secure microprocessor core and non-volatile memory. Being capable of identification, authentication, communication, application processing and data storage, it is amenable to functions ranging from credit, cash and insurance cards to health, travel and even SIM cards. Shiv Turmari, country sales manager, ARM Embedded Technologies, points out that now smart cards are being deployed even for lottery metering and vending, pay TV, gaming, GSM, healthcare, transportation and pay phones.
If done right, every person would need to carry just one card! “A smart card can hold multiple application data securely without any interference between the service applications. Hence, multiple services can be offered through a single smart card,” explains Dayakar C. Reddy, managing director, MosChip Semiconductor.
However, the smart card by itself plays a very small role in this scheme—smart card terminals, communication networks and application software too play a large role.
Smart card basics
A smart card comprises a secure microprocessor core, memory and some means of powering its functioning.
“Of late, all these components have undergone changes from the price, performance, area and price points of view,” says Turmari. Processors are constantly evolving to meet the rapidly evolving applications, increasing memory and speed requirements, strict cost control, and reduced power consumption needs of the industry.
Security. Speaking of a smart card’s components, the word ‘secure’ requires special attention. Security, be it in the form of PIN numbers, passwords or encryption keys, can be compromised by smart hacking. A secure smart card tries to overcome this challenge by roping together several technologies including even high-level ones like biometric identification.
Sumit Sahai, product manager–processor division, ARM, explains that normal processors offer little or no security in this regard. “With sophisticated hacking equipment, smart card data can be intercepted, modified and spied upon during standard CPU operations. A secure processor core, on the other hand, would be tamper-resistant and prevent retrieval or modification of on-chip information even during the most sophisticated physical attacks. It should also be designed to fail gracefully, where the compromise of one device does not compromise the entire system. The security features should also be highly configurable,” he says.
Market requirements and manufacturers’ answer to these
Memory requirements. More memory is needed to cater to both the increasing complexity of applications and the tight security measures. Security algorithms such as 256-bit+ AES require larger keys, biometric identification involves large data sets, and operating systems and file systems for secure chips are quite big. Sahai mentions that such memory requirements are met using higher code-density and 32-bit addressing in current generation of microprocessors.