Planning for change and growth via the chip management system
By Cath Rawcliffe, head of eID at ACI Worldwide
When the United Kingdom first announced plans for a national, mandatory ID card scheme, little could they have suspected they were opening a political Pandora’s box. A debate has raged both in the British Parliament and press on the relative rights and wrongs of compulsory ID cards.
Now that the dust is beginning to settle, it is apparent that e-ID is fast becoming a reality in the UK. It is now time to concentrate on delivering a robust and cost-effective solution that will ensure that the taxpayer’s money will be put to best use. For a successful rollout of such a large scheme, it is vital for UK’s Government to start considering the challenges and pitfalls involved in living with the ID card.
The typical lifespan of an ID card is estimated at around 10 years from issuance and it is of fundamental importance to decide whether the card details can remain static during this time. If it is realistic to think that the ID card will remain totally unchanged during its 10-year lifecycle, then the issuance and management of the cards will be a relatively simple affair. The evidence from existing ID deployments around the world, however, suggests the UK ID cards must have built-in flexibility to meet future pressures for change. If the government ignores this, the initial investment cannot be safeguarded, and the benefits to citizens will ultimately be harder to realize.
In practice it is most likely that the information stored electronically on the card will need to undergo regular updates, and it is the manner in which this is done that will determine whether the ID card is cost effective and attractive to the user.
To produce entirely new cards every time the information on the chip needs to be updated will prove inconvenient for the cardholder and impractical for the government … as well as prohibitively expensive.
Remote updates and chip management solutions
Rather, the UK should take pains to ensure that the chip has the capacity to be remotely updated as information stored electronically on the card changes and as external factors – such as improvements in chip technology or future requirements from European standards – cause further evolution.
At the same time, it is extremely beneficial for the system to be designed and built incrementally on existing legacy systems so that initial implementation costs and rollout times can be kept to a minimum.
This demands a smart ID card that can be updated post-issuance through its chip management solution. Data stored in the back-office databases can be updated as necessary by authenticated users through a robust interface that provides a secure mechanism for changing the data to be held on the chip of a card.
It should be remembered, however, that legislation by the UK stipulates what information can be kept on its national identity register and what may be held on the ID card. It is essential that all this information is protected. The first phase of the roll-out will see the cards containing similar data to that on e-passports and it is hoped that chip ID cards will eventually replace the function of the e-passport for travel within Europe.
However, management of the core personal ID data on the card is just one part of the issuance and post-issuance debate. Even as the specifications of the smart ID cards are being drawn up, a wider scope for the use of the cards is envisaged to provide extended ID services. This will most likely involve the use of the cards for more than the single identification function.
Planning for a multi-application future
These cards have the capacity to store a large number of different applications, from library cards to leisure center passes, transport cards to e-purses. When the UK ID cards are finally deployed, the government would be wise to maximize the uptake and benefits of the scheme by providing the flexibility for citizens to add any services they may require to their cards without having to update the entire ID program.
There is an enormous opportunity to extract cost and usability benefits from the scheme by adopting this approach. For example, it is inevitable that a certain amount of segmentation will occur, but it is still possible to establish a core infrastructure that will ensure future-proofing. The card issuer must have a means of updating or adding new applications easily and at low cost. The freedom to manage new cards and other ID tokens, such as e-passports, must also be provided.
Control of the smart chip lifecycle will enable the government to meet the future challenges of managing multiple applications on the chip, supporting different cards/tokens and data sources for various departments, agencies or local government entities. Should a card be lost or stolen, the card management system would be able to handle the complexity of interacting with each department/database for the re-issuance of the card.
Likewise, if an application on the card needs to be updated due to, for example, its expiration, then the card management system can ensure smooth interaction between the database and the card without the need for the citizen to be involved or any other application to be affected. The ability to do this with ease will have a major impact on the end user’s experience with the card and allow the government to highlight the flexibility of the scheme that will help ensure future acceptance of the program.
About the author:
Cath Rawcliffe, who has been with ACI for more than eight years, currently heads up new business development in the electronic identity arena. She has worked across Italy, Germany, Austria, Malta, Spain, Portugal and Northern Africa. She has a BSC degree in Mathematics and Computing and a postgraduate CPA in Law.