Germany will become the first country to outfit its national ID cards with RFID chips, embedded biometric photos, and optional digital fingerprints, reports RFID Journal. Germany will begin issuing the RFID-based national identity cards on Nov. 1, 2010.
The RFID-based card, approximately the size of a credit card, will replace the nation’s current national ID card, which is slightly larger than a credit card and lacks an RFID chip. It will be mandatory for all citizens receiving an ID card for the first time, or who are replacing older ID cards. Those who do not need to renew or replace their ID cards will continue to be able to use their non-RFID version until their cards expire—typically, within 10 years.
In 2008, the German government passed a law paving the way for the new ID cards. One motivation for issuing the cards was to help reduce the misuse of personal data over the Internet. Many Germans are still reluctant to make online purchases, due to worries that their personal data or financial information could be misused.
By installing an RFID card reader on their home computer, citizens can use the card to positively identify themselves online, via a USB connection. This enables vendors and online organizations to know for certain whom they are dealing with. If a business wants to offer residents of a particular city a discount on a product or service, for instance, that company can verify an individual’s address on his or her ID card.
Before carrying out a transaction online, an ID cardholder must place his or her card on the RFID reader and input a PIN in order to authorize the transmission of specific data stored on that card. At the same time, only those organizations that have obtained a certificate from the government will be able to collect the information from the electronic ID cards, such as a person’s name, address and birth date.
Each ID card will contain a SmartMX passive 13.56 MHz RFID chip manufactured by NXP Semiconductors. NXP reports that its SmartMX chip platform incorporates a number of unique security features to guard against reverse-engineering and attack scenarios with light and lasers, as well as a dedicated hardware firewall to protect specific sections on the chip.
According to NXP, the version of the SmartMX chip being used was designed specifically for Germany’s ID card, and is 100 percent compatible with the ISO 14443-A RFID standard.
Some citizens have rallied against the cards, claiming that anyone with an RFID reader could collect the data stored on them at any given time—but the government has been able to quell such fears, by pointing out that only certified organizations can request such information, and by citing proprietary security controls. If a person loses his card, he can call a government hotline and have the card blocked from network use. Officials will then list the card as blocked on a central server accessible to licensed participants.
Germany hopes to set technological and data-security standards with the new ID cards, says RFID Journal.
Some 90 countries will have electronic passports by the end of 2010 and 104 by 2014. The United Kingdom started an electronic passport scheme in 2006, only to be hacked shortly thereafter with biometric data extracted from the chip at a distance. The initial cost to British taxpayers was over C$670 million. The British passport was hailed as the most secure in the world.
Cyber Security Awareness Month, an annual event since October 2001, was organized by the National Cyber Security Alliance, the Anti-Phishing Working Group (APWG) and more than two dozen government agencies and companies including Microsoft, Google, PayPal, RSA, Facebook, Visa, and Wal-Mart. The goal is to get security precautions to become second nature.
