The National Registration Department public relations officer Nur Ashikin Othman said the GMPC utilizes what is called a card authentication system involving symmetric key cryptography with triple data encryption standard (DES) with a 128-bit key which is supposed to be a proven and secure key management system.
"Other features in the smart card is an operating system with firewalls which separate each application and a secure chip platform," she said recently.
"Other critical data which are non-changeable like name and date of birth are 'writer-disabled' after data insertion to prevent changes after personalisation," Nur Ashikin explained.
She added that data in the smart card was either "open" or "protected". "Open" information are basic personal data such as name, address, identity card number and driving licence data.
"Protected" data is sensitive information like medical records.
Nur Ashikin said such data could only be accessed by authorised people like doctors using a card acceptance device (CAD) and the correct personal identification number.
A few days ago, an Internet security expert had commented that the GMPC was "not 100 percent" secure.
The GMPC is optional unless for those who have lost or damaged their identity cards, changed address and applying for his or her identity card for first time upon reaching 12 years of age.
GMPC Corporation, a consortium of five international and local corporations, was awarded the GMPC project--a Multimedia Super Corridor (MSC) flagship application by the government. The consortium includes CSA MSC Sdn Bhd, Dibena Enterprise Sdn Bhd, EPNCR Sdn Bhd, Iris Technologies (M) Sdn Bhd and Unisys MSC Sdn Bhd.
The smart card has been designed to allow any combination of government and payment (private) applications to be loaded on any chip and on any acceptance device which conforms to the Multi Purpose Card (MPC) platform.
It integrates four government and two optional applications on a single smart card--the national identification, the national driving licence, passport information, health information, MEPS Cash and Public Key Infrastructure (PKI).