India's national ID card is essentially a smart card, a pocket-sized card with embedded integrated circuits which can process data. It can receive an input which is processed, by way of the ICC applications, and delivers it as an output. The National ID card will have 16KB of memory and is designed to uphold the specifications laid out in ISO/IEC 7816, an international standard for smart cards created by the international organization for standardization (ISO) and the International Electrotechnical Commission (IEC). The cards are designed to support a minimum of 300,000 EEPROM write cycles and will retain data for at least 10 years (Source: Government Tender notice for card manufacturers)
The government press release describes the card as:
"The identity card being given to each individual citizen, has a micro processor chip with a memory of 16 KB which is a secure card. Besides having several physical feature into the design of the card, it is the cyber security using ‘asymmetric key cryptography’ and ‘symmetric key cryptography’ that has made the card secure against the risk of tempering and cloning. The National Informatics Centre has made a major contribution towards developing the processes for database management and smart card technology."
It is interesting how far they are going in terms of encrypting the data within the card. On the one hand this does allow for a greater security than normal ID cards have, since normal ID cards (such as driving licenses) can be easily cloned or counterfeit. However, this encryption technology could have some disadvantages. There might be some information hidden which the citizens using it are not aware of. This in effect might be one of the purposes of the ID card by the government, but even so it is somewhat unnerving not knowing for sure what data is in fact inside the card.
ReplyDeleteI find it interesting how you point out that the technology behind the card prevents "tempering and cloning." In terms of technological design, the government press describes it as very secure. I wonder if the design incorporates ways to counteract security problems that don't result from malacious "tempering or cloning," but from the users own irresponsibility. For instance, if an Indian citizen loses their ID card and another person picks it up, what are the necessary steps for preventing identity theft?
ReplyDelete