Principal, Xamax Consultancy Pty Ltd, Canberra
Visiting Fellow, Department of Computer Science, Australian National University
Version of 8 April 1998
© Xamax Consultancy Pty Ltd, 1998
This document was prepared for Centrelink. Its purpose was to support the consultation process between Centrelink and privacy advocates, during a project that was intended to lay the foundations for a variety of projects for Centrelink's client agencies that it was anticipated would involve smart cards
This is chapter 7 of an 8-part document whose contents-page is at http://www.anu.edu.au/people/Roger.Clarke/DV/SCTISK.html
Plastic cards are a commonly-used token, that can be issued to an individual or business entity, and whose production can be required on future occasions as evidence of identity.
Plastic cards may increase the level of confidence that the person or entity is who they purport to be; but they are far from an iron-clad guarantee, especially where a person or organisation has an incentive to misrepresent their identity.
The authentication value of a plastic card can be augmented by securely attaching to it the photograph of the person who they are associated with (although the real value is subject to some important qualifications). Alternatively, presentation of the token may not be accepted as being sufficient, and a check may also be performed as to whether the person also knows something that they would be expected to know, such as a personal identification number (PIN).
Authentication by means of the presentation of a card, supplemented by the testing of the presenter's knowledge, can be undertaken when the person is at a remote site, and hence it is a feasible technology to apply to electronic interactions.
The data carried on conventional plastic cards is in embossed, punched, or magnetically-encoded form. These are all inherently insecure, in the sense that they can be readily accessed by anyone, in the case of embossing and punching with very little effort or expertise, although, in the case of magnetically-encoded data, effort, expertise and equipment are necessary. As a result, a plastic card-based authentication scheme is of at best moderate integrity.
A plastic card can be augmented by the addition of a 'chip'. A chip-card can be used to overcome many of the security inadequacies of a conventional plastic card. It is capable of being programmed to protect data stored on it, and to conduct tests on devices that attempt to communicate with it.
In particular, a chip-card can be used as a means of storing a password or PIN, or private cryptographic keys, or a biometric measure of the individual to whom it is issued. Chip-cards are technically proven, and increasingly economically feasible, and their use as tokens is likely to become mainstream in the near future.
However a chip-card is not an identifier in its own right. It should be conceived of as an element within an authentication scheme, used to store, carry and process data relevant to authentication, and to protect the security and integrity of that data.
The preceding sections related primarily to the identification of individuals in physical settings, and the authentication of evidence provided in person. Chip-cards are capable of assisting in identification and authentication not only in the real world, but also in the virtual settings that characterise electronic commerce and electronic service delivery.
A digital signature needs to be generated using a private key that is held under highly secure conditions by the person concerned. A private key is long. For example, here is one person's public encryption key, stored at http://sof.mit.edu/rdl/pgp.txt.
Key for user ID: Ryan Lackey (firstname.lastname@example.org) 2048-bit key, Key ID 44518EBD, created 1996/11/01 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQENAzJ5cP4AAAEIAMXQAjSvH2FYCEHd3qtO7Bo7X5BoqEtqCOmQZrOooUvfR0s9 A1p7VJQVqLbF/RkB1V6+t8q/n9ZmJT8zaopHPV2JsChN3ayRCj5C/T4LbiqIVxvV TnQL5TXvKwPfbZsJfbnSYi9RaROCOeAn9Mv+AS1zS1NU/NKtMhJDizKQvWRwh/Md yJMY1ZmFjFSggwenQ/WiKH94Xw62GYIDSfxRxCib0zVdB8hRikNxllwNaCjGgaeL X26ZNwTjxn6ZKs1ljrsA/JUntPeaxiOKfWT6zgYfItT6SR4CQXh9nOp1K7VNawC8 R+Yrapj+ORumDLU32oL3UjXKi1s0rB5/G0RRjr0ABRG0GVJ5YW4gTGFja2V5IDxy ZGxAbWl0LmVkdT6JARUDBRAymNumX4Igt7GJo1EBAb/KB/42bs+cQAmplbSzFyEP MvpTTHDxdBVvxBwejzotPjflQoroXKeIel8q9nB2b/XcmU50GCMM8OC+SZ5tbB++ IvHi0lfa8ciAD1tcktJdsRNsIYc42cg6lqAkshvD+jduPppdB0gyEuvqhZ2Q0Ck2 m7intPLn5vLN+dks0PkTK07Q3ToOSTydinwsImmLJ5ILffUExGVfiUAjJH0rdaLy AmZvAtgh6lKCJ9Q90aWic5bljP0+4Dk0AHBfDXS/RoZopoWQxCwx4GTu8vjZCqy4 hjTizqab6uc4/PRoZARw1pFWbJ5GeUMdOn35sOj6G2l8RAaO9KogawHe26TxWKNP SADXiQEVAwUQMnlx56wefxtEUY69AQE0JQf/c3gDthbvXAY5IpPnqhU7Sgi9rCiv D7a8E0In8ZRnZ/qkvkCkJFhnkC1zHapW3XQrNAC20M5pmatIB3+67eERDFsyNo7g Xbg7v0GhWX/4XBa47EihKMlxAsvFkV2MrlRrYX1A9iMna+SmYp3QuUlNdZhEuBng Ib8InkC9hkLR5YJkRaalQ3dKW/NqHeNt5GElO9oVfxFELC9a9YL7uwa8EbAXsAEp EtUGuujS/xeZQOAt+7+F9SXIGE4dCbI7c7wwEKRNX8If7hedbNLTyvNs4gw2pt24 9tTZ/9243Hv0dCYoakZjrOUcD+9ImNbrsAfD22aiBHqOfZutzAlC29iPUQ== =VoV0 -----END PGP PUBLIC KEY BLOCK-----
Quite clearly, it is impractical for a private key to be memorised in the way that passwords and PINs are meant to be memorised. An appropriate device to support secure storage of a private key is a chip, and the most practical carrier for such a chip at present is a smart-card.
It would not satisfy the need, however, if any person acquiring a card carrying a private key could apply that key to the generation of a digital signature. The use of the private key therefore needs to be protected in some manner, such that only the owner can use it.
One approach is to protect it with a PIN or password. This provides moderate, but not high security. Private keys will be used not merely to withdraw a few hundred dollars from an ATM, or to make an EFT/POS payment for a few thousand dollars worth of goods or services. Private keys will be used in international currency dealings, and the trading of stocks and shares, where the transaction-value reaches into the multi-millions of dollars.
A higher level of security can be achieved if the card itself refuses access to the private key, except when the card senses some aspect of the holder's physical person, and is satisfied that it corresponds sufficiently closely to the measure pre-stored in the card. Examples of such biometrics include the patterns formed by rods and cones on the retina, and the geometry of the thumb. Biometrics are further examined in Clarke (1994).
Clarke R. (1994) 'Human Identification in Information Systems: Management Challenges and Public Policy Issues' Information Technology & People 7,4 (December 1994) 6-37
Go to Roger's Home Page.
Go to the contents-page for this segment.
Send an email to Roger
Created: 14 July 1998
Last Amended: 14 July 1998
|These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).|
| The Australian National University|
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Consultancy Pty Ltd, ACN: 002 360 456|
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, 6288 6916