Securing Personal Identity and Country Borders with Contactless Radio Frequency Technology in 2006
12 December, 2005
category: Contactless, Financial, Government
A panel of ID industry experts provided predictions for 2006. One of these glimpses into the future will appear here each day during December.
By VC Kumar, Manager for Emerging Markets, Texas Instruments RFid Systems
Nations around the world are looking to provide both citizens and tourists with more secure identification and authorization documents. While the main motivation is improving national security and border control, prevention of fraud in obtaining state and welfare services, such as health care, is also important. Contactless radio frequency (RF) technology is now being implemented as part of more secure solutions for electronic passports, national ID cards and government employee badges. This technology offers the needed security without compromising or delaying the free flow of people and goods across borders.
Over the past year, contactless RF technology has been scrutinized on topics ranging from security and privacy concerns to interoperability issues. One hotly debated topic is the appropriateness of the technology for personal identity applications. Transmitting data wirelessly from devices containing personal identity information, especially when the data can directly or indirectly be linked to an individual, rightly raises privacy and identity theft concerns.
When it comes to security and privacy with radio frequency technology, several key issues are typically overlooked.
Contactless RF technology is only the data transfer channel. As such, protection of the data on the chip and during its transfer can be accomplished by applying existing security technologies. In fact this is being done in several applications today, such as in contactless payments.
For electronic passports, the basic access control scheme is one of the security measures that prevents unauthorized readers from surreptitiously skimming data from the chip. The fear of the chip ID being used to link the identity document to the owner can also be handled using a random ID scheme that changes with every transaction. Appropriate security ensures that the contactless interface does not represent a threat to privacy.
As a chain is only as secure as its weakest link, we need to address more than just the RF chip to reader communication and focus on the entire application ecosystem. Contactless technology offers different challenges from contact based systems in use today, but as stated above, the radio frequency interface is secured. Putting appropriate technologies and policies in place to protect the data at the host and during network transfer is also required.
Finally, we should be cognizant that our efforts to safeguard security and privacy in contactless applications must evolve over time as new threats emerge. The Internet and the evolution of the credit card are primary examples of this need. Credit cards have progressed to ever-higher levels of security, from embossing to mag stripe to holograms and signature panels to contact/contactless chip cards. The Internet was initially considered unsuitable for sensitive data transfer, but today is used safely by millions for electronic commerce.
It is clear that the contactless smart card industry has a critical role in ensuring that applications are successful. Correcting misinformation is critical, as is educating the market about what the technology is, and, more importantly, what it is not. Organizations such as the American Electronics Association (AeA) and The Smart Card Alliance are doing an excellent job on this front. We in the contactless industry should give them our support and contribute to efforts to ensure the success of this superior, secure, personal identity technology.
Visit TI-RFid on the web at www.tirfid.com.