by Dietmar Wendling, SCM Microsystems and member of the Silicon Trust
“On the Internet, nobody knows you‘re a dog.“ A now-famous cartoon of a dog sitting in front of a computer with the above headline appeared in the US magazine The New Yorker. The message being that, on the Internet, you can pretend to be whoever you want to be. It’s true that as we’ve entered this electronic era, proving our identity has become more challenging. And with the threat of terrorism, identity theft, and worldwide fraudulent activity, it has become more important than ever.
Fortunately, governments around the world are addressing these challenges with a number of programs that bring identity into our electronic world. Electronic passports (ePassports), are now being issued in more than 70 countries, leading the way for more secure identity credentialing worldwide.
The use of smart card chip technology in ePassports secures traveler information and protects the holder’s privacy. Now the use of secure smart card technology has also found its way into new identity credentialing projects, such as national eID, driver license, residence permits, voters ID, eHealth cards among others. Through these programs, citizens can safely prove and protect their identities when traveling, obtaining eServices, conducting government business, and much more.
Why Smart Card Technology?
When you think of smart cards, you should think of security and trust. Both are vital when proving and protecting identity. A smart card has a secure microcontroller that securely stores and processes all sensitive information. Two kinds of smart cards are generally used today: contact and contactless smart cards. To read the information, contact smart cards need to be inserted into a reader, where as contactless smart cards only need to be brought close to the reader’s antenna.
Electronic ID and health cards include features of traditional ID cards like images, personal data, signature and others. However, the inclusion of a smart chip provides more security and enables secure entry to services and applications.
Both contact and contactless smart cards and chips have a variety of built-in security protections to prevent the leakage of sensitive information by utilizing on board cryptographic engines. The information inside the microprocessor cannot be tampered with, copied, or altered, which is paramount to ending the counterfeitingof IDs. Smart cards often need a PIN as well as the presence of the card, adding an extra layer of authentication security.Furthermore, the ability to securely store and process digital certificates and biometrics make these chips ideal for identity credentialing.
Electronic National ID Cards
National ID cards are in use in many projects globally. Many European countries, including Croatia, Cyprus, Germany, Greece, Hungary, Luxembourg, the Netherlands, Poland, Serbia, Slovakia, Spain, have compulsory National IDcard requirements. Other countries that have non-compulsory National IDs are Canada, Finland, Iceland, France, Sweden, and Switzerland. Denmark, Ireland, Norway and United States don’t have yet national ID cards.
The trend in countries with National IDs now is to move to more secure and advanced electronic identification (eID) systems. Belgium, Finland, Italy, the Netherlands, Germany and Spain are only some of the countries that have planned or already started to deploy eIDs. Germany’s eID program – which will be launched in autumn 2010 – stands out, as it will use the same contactless smart card technology as those used in the latest generation of ePassports.
Another example: Spain is a recognized leader in the electronic National ID movement, and is making steps to ease the use of these cards and add security for its citizens. The Spanish government started to rollout the so-called eDNI cards (for Documento Nacional de Identificación electrónica) in 2006, and has issued around 14million cards so far. The eDNI can be used for standard cases like obtaining a driver’s license or a passport, collecting a pension and social security benefits. The integrated smart chip allows for further identity uses to the benefit of the cardholder.With the secure card, Spanish citizens can do eBanking as well as various eGovernment and eAdministration tasks, like requesting a scholarship, making tax payments, carrying out business with private companies, and digitally signing documents.
As users have been slow to use the various functions that the cards enable, the Spanish government has set an initiative to push the usage of the eDNI card by distributing free smart card readers to its citizens, which started in October 2009. The goal of the Spanish government’s eDNI initiative is to overcome this hesitancy and help both citizens and the government experience the full benefits of the National ID scheme.
One more example: To allow a Pan-European use of National ID cards, the European citizen card (ECC) project has been launched. With the challenging goal to enable every European citizen in every European country to seamlessly access services. This will be a longer term initiative, as the required EU directives are not yet implemented, and specifications are still not final. Additionally, existing National eID cards might not be fully interoperable with upcoming requirements.
Nevertheless there is a strong trend to use smart card technology for eIDs globally, as it substantially increases the data security, adds convenience and simplifies administration tasks.
Examples outside Europe are the Ivory Coast voter ID card, Indonesia’s driver licence or Venezuela’s ID card, all based on contactless smartchip technology. Guatemala currently launched its eID program and the United Arab Emirates’ eID card migrates from contact to dual interface chip technology.
The concept of identity is extremely important in healthcare, where mix-ups can sometimes mean life or death, also fraud happens every day. Now, much in the same way that smart cards are recognized as ideal for electronic national identity cards, smart cards are being used in many country’s rollouts of eHealthcare cards. Austria,France, Germany, Italy and Portugal are some of the countries that are involved in eHealth initiatives.
The German eHealth program is setting a good example for other countries. The program uses smart card technology and readers to make their citizens’ identities and medical information secure and private.
In 2003, the Federal Ministry of Health in Germany introduced a law calling for a new eHealth Card, the elektronische Gesundheitskarte (eGK). Because healthcare in Germany is statutory, the eGK eHealth card will ultimately be issued to more than 80 million citizens. This makes the project one of the largest worldwide.
The eGK health card also has smart card technology. The important feature of the eGK is that the patients are in control of their data and can choose which data are to be stored on his / her eGK card. This includes for example, medical emergency data, such as blood type, allergies or prescriptions. When obtaining medical services, patients insert their cards into a terminal. The card also contains a photo of thepatient to allow a visual identity check – this is to cut down on the fraudulent use of medical services. The medical professional must also insert his / her card (Health Professional Card, HPC) and enter a PIN code to prove identity. Only after these actions, can the medical professional access the information stored on the card.
The eGK program also ensures that the card accepting terminals are secure. The devices are completely tamper proof – in case the housing is opened or drilled into, the terminal for example stops working, making any attacks unsuccessful. The terminals also use a special type of encryption so that all patient information are secured and cannot be intercepted.
There are many security benefits to smart card-based eHealth programs. Important personal information is always secure, and patients are in control of their own data. It’s also extremely convenient for patients to be able to carry important medical information with them on a card.
A More Secure Future
Our identity is the most important thing we possess, and as the world has progressed into a more electronic one, identity theft, fraud and other threats have rendered our identities vulnerable. ePassports, with their use of smart card technology, accelerated the world on the path to more secure electronic identities, and other electronicidentity initiatives have followed. National eID and eHealth card projects are now ramping up worldwide, utilizing smart card technology to make citizens’ identities protected and private.The future holds more smart card-based eID and eHealth projects, as well more identity programs in more markets. We’ll also see an effort to make these systems interoperable, which is a challenge, but still an attainable goal for the long term. Inany event, the trend towards the use of smart card technology for secure identity credentialing is one that is sure to continue, ensuring a more secure future for us all.