[Reader-list] News Items posted on the net on Multipurpose National Identity Cards-81

[Taha Mehmood]

http://www.expresscomputeronline.com/20030317/newsan1.shtml

SISL uses Intelligent Digital Passport for total security

In an era when security is on the minds of everyone from corporates to
the home user, there is an urgent need for a device that ensures
maximum protection against intruders. The scientific applications
centre of Siemens Information Systems (SISL) recently came out with a
biometric-based smart card, which promises just this. Stanley Glancy
has more details

September 11 may now be a distant memory for those of us not directly
touched by the carnage. But the fundamental issues it raised with
respect to the foolproof nature of our security systems continues to
haunt us. No system is invulnerable. But with traditional modes of
access control such as passwords, PINs, keys, entry cards, codes and
other handwriting-based identification methods proving to be far more
susceptible to attack than previously believed, it became imperative
to develop a technology that would provide higher levels of security.
Over the past year, technologists across the globe went into
overdrive, trying to develop the perfect security system. Biometrics
has been the buzzword but the fascination with smart card technology
still holds sway over the majority. Taking this trend into
consideration, many companies have been trying to develop
biometrics-based smart cards. Among them is Siemens Information
Systems (SISL) India. The company has introduced an authentication
device called the Intelligent Digital Passport (IDP), which
incorporates multiple biometrics into a smart card for authentication
purposes.

The Market
Says Dr Vinay Vaidya, associate vice president-scientific applications
centre for SISL, "The total market for security in the US alone is
worth $60 billion. The global market for smart cards is worth $100
billion and is expected to touch $600 billion by 2006." According to
Vaidya, most of these cards will be biometrics-based. The reason for
this being that biometrics is today considered the most foolproof
method of access control. And with multiple biometrics available on
the same card, the chances of a breach becomes all the more remote.
Even research and advisory firm Gartner says that the security space
is seeing high growth in India. Many countries have introduced smart
card-based identity cards and others are in the process of launching
them. Hong Kong, for instance, has introduced a national ID card.
China, on the other hand, plans to launch close to 800 million cards
by the end of March. Master Card has already introduced a PKI-based
solution, called MC2 card, in Latin America.

History
SISL's foray into biometric-based smart cards was a natural evolution
of R&D work done at the scientific application centre in Pune. Started
in 1997, this centre has been conducting experiments in the areas of
image processing, satellite imaging, document processing and medical
imaging. Medical imaging required compression of data. Says Vaidya,
"Though storage rates have gone down, code optimisation and
compression is a must. With the rate of data acquired by an
organisation growing at a rapid pace, the overall spending on storage
has been on the rise. The only way to cut cost is to compress data as
much as possible."

It was at this point of time that SISL decided to conduct R&D in the
biometrics-based smart card space. Vaidya's team identified three
areas of biometrics that could be incorporated on the card to provide
maximum security—fingerprint identification, facial recognition and
voice recognition. The company had already gained considerable
expertise in the area of data compression. The challenge now was in
using this expertise to compress the biometrics of an individual into
the 32 KB chip on the smart card. Elaborates Vaidya, "Though 64 KB
cards are available abroad, 32 KB is the maximum limit offered by
vendors here in India. Hence, it was even more of a challenge for us
to compress heavy data into a 32 KB chip."

This was when the company decided to expand its expertise in data
compression into other areas. Fingerprint identification was an
evolved technology and could be compressed to the required size, but
the problem with most companies experimenting with compression of
facial data features was that due to loss of data during the
compression process the resulting image was difficult to recognise.
But SISL's expertise in the JPEG2000 standards area came in handy. The
company was able to compress facial features to the bare minimum
without any loss of data. Incidentally, SISL is the only company in
India and among 10 other companies in the world working on the
JPEG2000 standard.

The next step was speech recognition or what SISL calls speaker
identification. According to Vaidya, SISL's system is not concerned
with speech recognition but with speaker verification.

SISL integrated all the various technologies along with the
traditional text information and compressed it into a 10 KB file. The
entire information could be verified by a system in less than 50
seconds. But many organisations found this too long a time for
verification. This prompted SISL to work on further compression of the
data on the chip. The company succeeded in its objective. In the
current version of biometrics-based smart cards offered by SISL, the
data has been compressed to less than 6 KB and can be verified in 15
seconds. The challenge the company has posed for itself is to reduce
the verification time to less than eight seconds, without any loss of
data or compromise on quality.

Advantages
Since the verification unit is not connected to the server, an
organisation deploying IDP can save a lot in terms of cost of hardware
and real estate space occupied by servers. Also, since the system is
an independent unit, the problems associated with authentication if
the server were to crash have been alleviated. The IDP can be used for
myriad purposes, including access control to highly secured areas,
banking applications such as ATM services, Web-enabled transactions,
network access, time and attendance monitoring systems.

The IDP unit has both software and hardware components consisting of a
fingerprint scanner, speaker/microphone, camera and a smart card
reader. In addition, it also has a computer-processing unit, and
application software. If required, all the above components can be
integrated in a kiosk along with a barcode reader for additional
functionality.

The customer is allowed to choose the number of biometrics at the time
of purchase, with options to expand at a later date. IDP also has
provisions for adding more biometrics as and when SISL achieves
breakthroughs in new areas.

Security
Though it is possible to duplicate a smart card personalised by IDP,
the uniqueness of each cardholder's biometrics makes it practically
impossible for an unauthorised person to use the card.

However, according to Vaidya, duplication of the smart card would mean
that a new card is created for the original cardholder. But new data
insertion for an unauthorised person will be extremely difficult. Says
he, "Proper safety measures have been incorporated in the system so
that data on the smart cards is difficult to decipher. The entire data
is compressed, encrypted, and put in a non-conventional format,
ensuring that unauthorised card creation does not take place."

Challenges
Vaidya visualises several challenges before the solution will gain
acceptance in the country. Says he, "Awareness is still not very high
in India. The technology can't work with a mass of people,
verification is done on each individual separately. We also have to
train people on how the system works."

In the case of speaker identification, if there are long pauses
between words the system can't function effectively. Or if the
concerned person speaks in a different tone—too loudly or too
softly—then the system won't work.

In India, though the government introduced the system of a national ID
card, there have been no coherent efforts to develop something on the
lines of a smart card. But SISL has been working in association with
EPFO (employee provident fund organisation) to provide smart cards to
its more than 2.5 crore subscribers. The card, based on the US social
security number system, will provide a unique identification number.
It will provide the subscriber access to his account position, pension
payments, claim settlements, etc. The best part about the card is that
the employee can use the same card even if he were to change jobs.

The company plans to spread the technology in India. Target verticals
for SISL include defence and banks. But according to Vaidya, the
technology is applicable wherever security of premises is valued. As
part of its expansion strategy, SISL has appointed a number of channel
partners for selling and providing requisite support. Says Vaidya, "We
have already appointed partners in Indore, Bhopal and Kolkata and we
are at the moment looking for established channel partners in the
metros."

The card is currently priced at Rs 250, which is still too high for
many organisations. But advancement in technology should see prices
coming down in the near future. Also, though there are no competing
products in the Indian market, we should see more and more security
companies coming out with similar products. This will definitely
provide the boost required for increasing visibility. Besides,
government adoption of the technology should also see this sector
receiving a major boost.