Smart Card Technologies
Smart Card Technologies |
|
Potential
for Smart Card Technology
The
potential for smart cards can be broken down into two broad
categories: security and
convenience. While there is
clearly some overlap between the two, the uses and limitations of them are
quite different.
Security
Smart
cards can be a revolution for efficient, positive identification. When combined with biometrics,
they can provide unique identification of a user that is extremely
difficult copy or falsify.
Applications where this is currently or could easily be applied
include:
·
Network
security – only authorized users who are authenticated with their card and
a biometric ID (fingerprint or hand scan, retina scan, etc) can access
secure areas. This is not
only far more secure, but also less costly to operate than a traditional
PIN/password security system.
Windows 2000 includes an option to allow network administrators to
require smart card authentication to access an office PC, a sign that
Microsoft believes in this
technology.
·
Government
ID Cards – these could serve as a drivers license, a government benefits
card, a national ID card (replacing paper ID cards currently used in some
countries), or all of the
above.
·
Passports/Visas
– replacing paper passports with smart card electronic versions would
simultaneously improve identification and security and simplify
international passage for travelers.
·
Airline
Security – smart cards could be used to positively identify passengers,
resulting in improved security and streamlined security screening. This is one of many
recommendations made by a US federal task force following the terrorist
attacks of September 11, 2001.
·
E-commerce
– positive ID reduces internet commerce fraud and improves electronic
contracts with the use of digital signatures.
Convenience
Smart
cards can also increase convenience to the user:
·
Transit
Card – speeds passage through mass transit by using a proximity card (only
needs to be near the reader for transaction to take
place).
·
Convenient
transactions – digital authentication and encryption permit secure
transactions from mobile phones and PDA’s. Users can trade stocks, make
purchases, or make binding contracts anytime, any place. Increased acceptance of digital
signatures as legally binding (including in the US) makes mobile
transactions feasible.
·
Electronic
wallet – cards can be used like cash. User could use his PC as an ATM
and “download cash” onto the card any time.
·
Integration
– a smart card can theoretically replace all of a user’s ID numbers,
PIN’s, and passwords with a single “key”. If biometrics are used, no PIN or
password needs to be remembered and the ID cannot be stolen or easily
duplicated
·
More
efficient scanning – proximity cards eliminate the need to scan bar codes
or magnetic stripes. This can
increase efficiency of inventory systems, airline luggage handling,
package handling, etc.
·
Health
records could be immediately available with a smart
card.
Challenges
for Smart Card Technology
The
technology available for smart cards continues to be ahead of applications
and acceptance, so it does not currently limit progress. But as with any emerging
technology, there are
challenges:
Security
Smart
cards have the ability to provide far greater security than conventional
identification processes such as PIN numbers, passwords, signatures,
etc. However, we should not
be deluded into believing this technology is foolproof, even with
biometric verification. As
the value of the data secured by a technology increases, so does the
reward for “cracking the code”.
As with any security measure, vigilance will be required to stay
ahead of the hackers. This
is not a reason to shy away from smart card security since it also applies
to the inferior methods currently employed.
Privacy
Many
people are afraid of the potential for loss or theft of a smart card
carrying a great deal of personal information. This fear, however, probably
indicates a lack of understanding of the technology.
Most
people already carry a great deal of personal information in their wallet
or purse, or in a file cabinet at home or work, and this information is
protected by little or no security.
The information on smart cards, on the other hand, can be made
nearly impossible for a thief to access. Overall security of information is
not likely to be compromised by changing to a smart
card.
An
even bigger concern surrounds the idea of government controlled ID
cards. While about 40
countries are currently implementing or considering national ID cards,
chip-based cards will likely be used in only a few. The primary reason is not cost
(though they are more expensive) but political opposition. Most free societies oppose this
technology, which they believe could be used by the government to collect
data on law-abiding citizens.
But this is really an argument against implementing a national ID
(which is strongly opposed by civil liberty groups in many countries), not
against the smart card technology.
In countries where ID cards are already required (like China and
South Africa), little resistance to the technology is
expected.
Finally,
there may be legislative restriction on the storage and use of private
information (such as fingerprints).
The “European Data Protection Directive”, for instance, may limit
the use of biometric data for corporate applications.
Who
will control the ID?
In
order for smart cards to be successful outside of government/security
applications, different organizations must collaborate to make the
technology attractive to end users and to spread the development and
implementation costs. The
ultimate application for users is a single card that handles many
applications (banking, brokerage, health care, cash, credit, transit pass,
etc), which is possible with current technology. But a debate has arisen –
particularly in the US – over who will control the ID in the card. Banks would like to control the ID
and “lease” space for other applications. Transit authorities already have
sophisticated cards with contactless capabilities and spare capacity, but
banks and health care firms are reluctant to use someone else’s card.
This
obstacle has proven surmountable in Europe, where health and transit
functions are often state controlled, cards can be issued centrally, and
fraud (not convenience) drove the banks to adopt smart cards. But the fragmented nature of the
US market makes this especially difficult: multiple banks, brokerage firms,
health care firms, etc. all will compete to be the primary card
issuer. The unfortunate
result could be a collection of single use cards, which will be
unattractive to end users, inefficient for card issuers, and probably
destined for continued poor
acceptance.
In
order for multi-application cards to be successful in the US, a uniform
standard needs to be applied and the issue of ID control must be
settled.
|
|
Copyright or other proprietary statement
goes here. |