Two-chip ID cards to take off in APAC

Summary:Asia-Pacific organizations expected to adopt hybrid identification cards touted to provide ease of access to user records, industry analysts observe, but note security concerns remain.

Two-chip electronic identification (EID) cards will soon be adopted by Asia-Pacific government but its implementation will face cost and privacy concerns, say market watchers.

Also known as hybrid cards, the implementation of the two-chip EID cards can be expected in Asia as they will allow records and information of citizens to be more easily tracked, accessed, verified, noted Damien See, senior industry analyst at Frost & Sullivan. He told ZDNet Asia in an e-mail interview that these cards will also enable governments to carry out census surveys more accurately and comprehensively.

"If information is allowed to be shared, it also allows patterns of financial usage, transit usage, access to government services, medical requirements and others, to be tracked with great accuracy," said See. "This translates to better planning and management on the [national] level all the way to [city or district planning] level."

The global government and ID market has been growing significantly and is expected to reach 198 million unit shipment in 2011, at a market growth rate of 4.2 percent, according to estimates from Frost & Sullivan.

Already, countries such as Sweden and Malaysia are moving toward a hybrid-based EID scheme, said Tan Buan Huat, marketing manager of government programmes and security business unit at Gemalto Asia.

See explained that two-chip EID cards contain two embedded chip technologies, where typical configurations will include a contactless smart chip with antenna, or a contact smart chip with contact pads. Both chips reside on a single card, usually without interconnections between them.

Tan added: "The key benefits of a contactless interface are the level of throughput and end-user convenience. With adequate security mechanisms like Basic Access Control (BAC) and Active Authentication/Extended Access Control (AA/EAC), high levels of security can be obtained."

The contactless chip is usually used for applications that demand quick transaction time such as mass transit, See added.

"On the other hand, the contact chip is used in applications requiring higher levels of security. This is usually where personal data or biometric information resides, and the higher security is imperative to ensure the data is kept safe," he said, listing access to government e-services and banking applications as applications that require the use of contact smart chips.

When contacted, Singapore's Immigration and Checkpoint Authority (ICA) told ZDNet Asia that the country currently has no plans to implement dual-chip EID.

Choosing contactless over two-chip
The German government, on the other hand, chose not to adopt the two-chip technology.

Issued since Nov. 1, 2010, the new German national ID card has only one security chip but with a contactless interface, Philippe Spauschus, spokesperson for Germany's Federal Ministry of the Interior, told ZDNet Asia.

He added that the single chip supports three functions: identity verification using biometric data, reciprocal electronic identification when using e-government, e-business or e-commerce services, and enabling qualified electronic signatures for legal-binding documents in e-government and private-law transactions.

"Germany consciously chose contactless technology over a two-chip card [as] contact chips wear out in about five years, limiting the card's length of validity," Spauschus said in an e-mail. "Germany's Act on Identity Cards sets the card's length of validity at ten years [so] the chip must be able to function that long."

Elaborating on the shortcomings of implementing two-chip EID, Frost & Sullivan's See said security concerns were similar to other types of smartcard, and pointed to privacy concern as a chief point.

He added that if the EID card was lost, information could be compromised and that it could also mean the loss of one's "identity". And if abused, it may also enable governments and their agencies to invade the privacy of citizens, he said.

Gemalto's Tan said: "The security challenges of the contactless interface are [associated with] the usage of government applications and digital signatures, which require the implementation of additional security measures."

A hybrid card option is also not as cost-effective since two chips are required in the implementation, Tan added.

See advised governments and the public sector to take a "holistic approach" in adopting the EID programmes. "A comprehensive check and balance system needs to be in place, with proper recourse on addressing issues such as card loss, card lifespan, [which] agencies can access data on the card, how much information can be accessed, and others."

He suggested using a dual-interface solution where the card contains a single smart chip but is accessible by dual methods--both contact and contactless.

"This is a cheaper alternative, and one that has a longer lifespan," See advised.

Topics: IT Employment, CXO, Government, Government : Asia, Legal, Mobility, Privacy

About

Elly grew up on the adrenaline of crime fiction and it spurred her interest in cybercrime, privacy and the terror on the dark side of IT. At ZDNet Asia, she has made it her mission to warn readers of upcoming security threats, while also covering other tech issues.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.