It will not be long until a single card will allow you to make purchases (both as a credit and a debit card, maybe even using electronic cash); borrow a library book; make a phone call; gain access to your place of work; and participate in store loyalty schemes. It will contain your driving licence, passport, national insurance details, personnel and medical records.
The technology already exists - it is called a smartcard.
A smartcard looks like a standard credit card, both in size and material, but instead of having a magnetic stripe on the back it has a gold-coloured computer chip about one centimetre square embedded in it. Some credit cards already carry a chip, and they will become standard when chip and Pin payment methods become the norm by the end of 2005.
Smartcards can be smaller - as tiny as just the computer chip on a plastic base like those used in mobile phones. ISO standard 7816 defines the physical and logical features of smartcards, such as shape, position of contacts, their functions at the user interface, and their file structures.
Depending on the function of the smartcard, the on-board chip can consist of anything from simple EPRom (erasable programmable read-only memory) like those used in phones to a full-blown, tamper-proof "computer-on-a-chip", including an eight-bit microprocessor, Ram, Rom and EEPRom (electrically erasable programmable Rom).
The CPU can process, share and store information, allowing the card to be used in a variety of applications. As well as being able to store much more information than the standard magnetic strip card, the key advantage to smartcard technology is the ability to process information in line with preprogrammed guidelines.
This "programmability" provides the flexibility to allow the card to assume multiple "personalities", as a library ticket one minute or an electronic purse the next. In the future, it should even be possible for multiple applications stored on the same card to interact with one another.
Since most smartcards are used for security-related applications, it makes sense that the design should prevent physical access to the information stored on the chip, except under certain rigorously controlled conditions, such as when the correct Pin is entered and verified.
Between them, the operating system and the functions of the user interface provide mechanisms for controlling access to data stored on the smartcard.
Access can be tightly controlled in a number of ways, and separate access rights and conditions can be set for each application or set of stored data.
Basic smartcard applications can be accessed with no security. The most obvious examples of this would be a library card or a medical record card, from which the patient's name and blood type could be read without need of a password.
Other applications - encryption or access to a telebanking system, for example - may be accessed by the user of the card once a valid Pin has been entered. Multiple unauthorised attempts to enter the Pin would result in the card being disabled, in line with the way Pin technology is already used.
The other category of application is accessible only to the third party which installed it on the card - various payment applications, for instance, use smartcards as trusted devices. Not even the owner of the card could gain access to this category of application or data, for example, as in electronic cash, where the "wallet" can only be replenished by the issuing bank.
Clearly, smartcard technology must be resistant to all forms of hacking or unauthorised access if we are to rely on it to form the basis of a future cashless society.
Changing card information
Information on a smartcard can be divided into four categories:
- Read only
- Add only
- Update only
- No access.
Commercially sensitive data fields, such as the amount of cash available or the level of prepaid accounts, is usually only accessible by cryptographically secured commands. This prevents the holder of the smartcard from manipulating these fields fraudulently.
This method, coupled with hierarchical key management on the card itself, can also be used to control the applications which can be loaded on to the smartcard. A smartcard issuer, for example, can control what data and applications are permitted on the card by securing the initial file structure with its own key.
Further personalisation of the card is then subject to the authority of the issuing authority, which can determine whether the user can alter the preloaded data or is allowed to load data and applications.
Smartcards provide more in the way of security than software-only solutions. They provide an additional "physical" level of security over and above that offered by the usual password protection mechanisms.
For instance, if a password is compromised it is a simple matter for an unauthorised user to gain access to a protected system. When access to that system also requires the physical presence of a smartcard in a reader (coupled with the entry of a Pin), life is made that much more difficult for the would-be hacker.
Smartcards can also store a user's personal encryption keys and digital certificates. The fact that almost any number could be stored securely on a card means that we can issue a separate key per application and you can use keys of the maximum length allowed by law without having to rely on manual entry by the user.
Once the keys and certificates are safely stored in the card memory they become completely portable. Under present arrangements a user's digital certificate is often locked to a particular application on a single machine - say a web browser on a computer at the office. This frequently necessitates obtaining multiple certificates for browsers in other locations, which increases both the management burden and the potential security exposure. If the certificate could be stored on a smartcard and accessed by any application just one would be required.
It is even possible for the encryption process itself to be performed by the card, which is often far more secure than a PC. Several methods of attack are known against keys that are stored in PCs or workstations, or against cryptographic algorithms that are executed on a computer.
Smartcards can store keys in such a way that they can be used by applications on the card but cannot be read in any other way. Since none of the really important information ever leaves the card, an attacker who wants to use the key must have access to the card itself.
Undoubtedly the biggest obstacle faced by the card industry so far is the lack of standards. Proprietary products from all the large suppliers have led to poor compatibility between applications, cards and readers.
Having sourced the appropriate application, users of smartcard technology are often severely restricted in their choice of card reader. Once the reader has been selected, it is unlikely that cards from other suppliers will work with it. The lack of a standard model leads to high development and maintenance costs and administrative complexity.
Some security software suppliers have attempted to minimise the problems by creating drivers and card readers that are capable of working with a range of applications and cards. This is a good first step.
In the long term, however, a standard model for interfacing smartcard readers to PCs is required, together with device-independent programming interfaces for the development of applications and resource sharing capabilities.
Smartcards are ideal as tamper-resistant storage for protecting private keys, account numbers, passwords, and other forms of personal information.
They also serve to restrict access to security-critical computations involving authentication, digital signatures, and key exchange from other parts of the system to a "need to know" category.
In addition, smartcards provide a level of portability for securely moving private information between systems. These factors combine to make smartcard technology suitable for a wide range of applications, such as:
- Customer loyalty schemes - tracking customer preferences
- Ticketless travel
- Electronic banking - authentication for financial transactions
- Multimedia and online services - pay-per-view and satellite television
- Health care - payment and entitlement verification, as well as storage of patient records
- Personal records - storage of personal data such as driving licence, car insurance or passport details
- Telephones - already in use as Sim cards in mobile phones
- Internet commerce - authentication for online shopping
- Electronic cash - to replace small bills and coins.
Smartcards also have a niche to carve in the workplace. They are capable of enhancing software-only solutions such as client authentication, single sign-on, secure storage, and system administration, making them suitable for both physical and logical access control applications in the enterprise.
A smartcard personalised with the holder's name and photograph can act both as a general purpose employee ID card and an access control mechanism for
- Physical access control - electronic door locks keyed on employee ID
- Logical access control - access to network resources, applications, VPN links
- Encryption of e-mails and electronic documents
- Digital signature of e-mails and electronic documents.
Although a relatively new technology, the smartcard already affects the lives of millions of people and will ultimately influence how we work, shop, see the doctor, use the phone and enjoy our leisure activities.
To drive the uptake of smartcard technology we need wider implementation of standards in order to allow universal writing and reading of the cards - PC/SC and Opencard are a huge step in the right direction.
In the short-term some suppliers are working to provide readers that can handle cards from multiple suppliers and drivers that sit between applications. This at least allows users to begin implementing smartcard applications with confidence that they can mix and match components.
However, in the long term, smart suppliers will comply with upcoming standards to ensure widespread acceptance.
Bob Walder and the NSS Group
Network security expert Bob Walder is one of the founders of the NSS Group. He is also author of the PKI report, Public Key Infrastructure Group Test (Edition 6), which is available from the NSS website.
The NSS Group is an independent security testing facility. Based in the UK with separate security and network infrastructure testing facilities in the South of France, the NSS Group offers a range of specialist IT, networking and security-related services to suppliers and end-user organisations throughout Europe and the US.
Output from the labs, including detailed research reports, articles and white papers on the latest network and security technologies, are made available on the NSS website.
To view detailed Gigabit IDS product reviews and a full set of performance results, see: