Forerunner of the E-Society

By Wolfgang Effing, Giesecke & Devrient (G&D)

The ever-increasing capacity of smart cards is opening up a whole range of new potential applications for chip technology. Intelligent storage media are increasingly developing into a Trusted Personal Device (TPD), which enables individual programs and information to be stored and retrieved. However, ever-greater demands are also being placed on the security requirements.

Passwords are passé, the future belongs to smart cards,” said Microsoft’s Bill Gates recently at an IT forum for his group in Copenhagen. Specifically, Gates identified one of the problems as being the weakness of passwords when it comes to transporting or exchanging secure information. Smart cards, however, are a different story. Secure storage of electronic keys and the use of biometric processes for identification, a process that will be introduced this year (for example: in the US, for its ID documents) offer countless new alternatives. In the near future, Microsoft itself wants to provide all employees with smart cards that will give them access to office buildings and computers. “We will soon be able to dispense with passwords altogether,” predicted Gates.

The main reason for this development lies in the continuing increase in the capacity of smart cards. The small chips are already available with 32-bit processors, offering roughly the same performance as that of a 386 PC processor. According to the so-called Moore’s Law, which experts predict will remain valid for another 10 years, the storage capacity will double every 18 months. However, the combination of biometric processes and contactless technology offers a whole range of new opportunities on the subject of security and authentication. One example of this is the use in the US of the latest chip technology in conjunction with RFID (Radio Frequency Identification) for electronic passports.

Although those concerned about data protection still see problems with this form of passport control, numerous other smart card projects, such as the electronic health card or job card, demonstrate the potential of this technology and should ensure a continuation in the growth of the market for smart cards—which is currently between 15 percent and 20 percent per year. There are a number of experts who even believe that intelligent storage media might be the main forerunner of the evolution from today’s information society toward the so-called e-society. International cooperation arrangements—such as the introduction of a citizen’s card for all EU citizens—could drive this development forward.

The future potential applications for chip cards are influenced both by social as well as technological trends. This is because smart cards have previously been used primarily in telecommunications and payment transactions. The increasing performance capability also opens up numerous additional areas. In this context, experts see the most important development being the innovation of future chip cards that are able to drive Internet protocols themselves and consequently can be directly integrated into existing IT systems without any circuitous routes or additional software.

In addition, smart cards will be able to utilize an ever increasing number of mobile services and applications. In conjunction with any terminal, the chip card will become the multifunction tool for personal communication and identification. Smart cards are developing into a TPD for the storage and retrieval of entirely individual information. Users will benefit in particular from the practical added value that will make both their everyday working and private lives much easier—bringing a new level of quality to mobility.

However, the rapid increase in digitalization and networking, as well as the ability to access multimedia information from anywhere in the world, also calls for more enhanced security services, which up to now have required the use of passwords or access codes. The greater the convenience for users, the more difficult it becomes to solve security problems. Here again, however, new solutions are offered by TPDs with corresponding computing and storage capacity. Although secure links (for example, to a bank’s server) can already be created using additional devices such as an HBCI reader, up to now only individual solutions have been available for these type of transactions, which still require special software to be installed on the user’s PC.

Combining powerful smart cards and biometric processes brings a whole new dimension to the subject of security. As such, the security technology used in smart cards can be combined with, for example, so-called token systems for certificate or authorization retrieval in a rules-based system. In the process, a secure link is created via a Public Key Infrastructure (PKI), with the cardholder identifying him-/herself to any server without having to use a password. The server identifies the participant by his/her personal security device.

Other security functions can also be used, such as the electronic signature or encryption of specific information. This rules out the possibility of so-called phishing. In the future, smart cards themselves will even be able to offer security services.

Security risks are present not only in the networks to which the individual has logged on using a smart card, but the chips themselves can also be the target of physical or computerized attack. The chip industry is therefore putting greater effort into designing processes to make the storage media itself more secure. In fact, smart cards can now be programmed in such a way that they self-destruct in the event of an attack.

The security standards can be realized using either the SIM (Subscriber Identity Module) card in the mobile phone or via the new generation of chips on the debit and credit cards. It is unclear at the moment who will be the first to offer the new services. Banks are giving corresponding consideration to making existing structures available to other market participants. However, the telecommunications sector obviously also has an interest in offering additional functions such as admittance controls or ticketing for local public transport. The reason for this is that these services not only increase the attractiveness of the smart cards, but also the attractiveness of the provider’s own offering.