We recently brought you news of the Department of Home Affairs’ imminent rollout of a smart ID card system for South African citizens. Wanting to know just how smart these cards really are, we quizzed Eric Billiaert, communication director for Government Programmes at Gemalto (the company manufacturing the cards) to learn more about their technical specifications.
What are the headline technical specifications of the microchip embedded in the cards?
The cards feature an embedded microprocessor to securely store citizens’ personal data, including digital photograph and fingerprints. They feature encryption keys (RSA 2048 and Elliptic curves algorithms) to enable identification and verification of the card holder via contactless RFID (ISO 14333) technology.
Gemalto does not manufacture the microprocessors but sources them from third parties. Our value is to develop high-end security software and operating systems which we embed into microchips to enable for secure identification, authentication, biometrics and digital signature.
We assemble the microprocessor and the secure software into the card body at our production sites worldwide. More than just a smartcard manufacturer, we are a solution provider and deliver billions of secure devices worldwide in the banking, telecommunication, transportation industry and for government programmes worldwide.
What physical security measures are incorporated on the cards to prevent forgery?
The cards are made from a highly durable polycarbonate eID body and incorporate visual security printing features to protect against forgery.
What sets polycarbonate apart from other materials is the fact that it is non-delaminable. When used in pure form as is the case for the Republic of South Africa’s eID, the different layers of polycarbonate that make up the identity document fuse together to form a single, solid card body.
In this way, all security imprints (such as the portrait of the owner) and security features (UV inks etc.) are embedded and protected within the solid polycarbonate card body, formed by the fusion of layers. Not all physical security features (OVI, DOVID, guilloches and so forth) were strictly specified in May and will be detailed by the Department of Home Affairs in mid-July.
Polycarbonate is unique in supporting highly fraud resistant security features and its durability (resistance to heat and wear and tear) allows for the production of long-lifespan identity documents, which can last for over 10 years.
Two other aspects are key and come in combination with strong physical security:
The smartcard (microprocessor) has the power of a micro computer and will encrypt all exchanges between its microprocessor and readers or servers, thus protecting the holder’s data for his/her security and confidentiality. Gemalto’s eID embedded software offers both RSA (2048 bits) and elliptic curve encryption methods, which are the very latest and powerful tools.
Smart documents (with a microprocessor) are considered to be the most secure means of authentication, enabling both prevention of identity fraud and protection of a citizen’s personal data in an effective way. It is the media of choice for granting access to e-Government applications, and can also be used as a means for hosting a range of other applications (e-payment, e-purse, digital signature, authentication, identification, travel card, etc.).
This potential to provide a range of different services on a single format means a number of uses can be brought together in the most ergonomic way possible, thereby transforming a simple State identity card into a card which is of genuine use to the citizen, granting them access to the widest possible range of State services.
So we believe that the RSA’s eID card is a powerful tool to bring efficiency in both identifying its nationals and offering new services in the future.
Biometrics has quickly established itself as the most pertinent technology for identifying individuals in a fast and reliable way through the use of unique biological characteristics.
Gemalto’s Sealys BioPIN ‘Match on Card’ feature, selected for the RSA’s eID card, allows fingerprints to be checked locally using the microprocessor of the eID card. It ensures the citizen’s information never leaves the card and does not require any connection to a central database.
This security feature has demonstrated its excellent performance and interoperability during the MINEX II qualification awarded by the US National Institute of Standards and Technology (NIST). Hassle-free deployment equipment is made possible by interoperability with the majority of available extractors and sensors.
Does this same card system have a successful track record of having been deployed in other countries?
Yes, we are delivering the same kind of secure technologies to over 80 national programmes worldwide for eIDs, ePassports, eHealth cards, eDriving licences, eResidence permits etc. They bring benefits to both citizens and authorities in RSA, as in other countries, such as:
Benefits for citizens:
* Eliminates the need to carry multiple ID documents.
* Improves confidence in official identity credentials.
* Speeds identity checks.
* Establishes citizenship in the National Population Register for voting and other civic interactions.
* Opens the door to online government services in the near future as citizens will be able to authenticate themselves online using their eID card as a strong authentication tool.
Benefits for government services:
* Reduces identity fraud and theft compared to previous green booklet.
* One single national eID for all citizens.
* Future platform for a suite of eGovernment services leveraging secure online authentication and digital signatures.
Will the cards be manufactured in South Africa or imported?
The card bodies (and electronic parts) are manufactured in Finland in Gemalto premises. They are personalised (data added on the card body and in the chip) in the RSA by the Government Printing Works.
Does Gemalto also make card readers that banks, airlines etc. will require to read the cards?
We do manufacture card readers: for citizens and authorities as well as portable (handheld) verification terminals for police forces or public service desks. Gemalto can provide complementary technologies if the Department of Home Affairs, Government Printing Works or any other departments request it.
Gemalto has developed a unique eGovernment framework, is delivering eGovernment applications and border control solutions and integrating Mobile ID into National eID schemes around the world. This could also be of interest for South Africa.
© Technews Publishing (Pty) Ltd | All Rights Reserved