I always thought the term smart card was a bit..Oh I don't know, unfounded? It has a digital signature, great, what happens when it's stolen? And used against the owner? I'd like to see a card that had an image of your retina so they could tell if it was you, the eye has so many patterns, its almost impossible to fake. Cosmetics can already make someone look like someone else, but they havent figured out to replicate the eye yet...
For you information: belgium allready has non-digital ID cards, which are obligatory to every citizen. You are even obligated to carry them around at any time and CAN be asked to show them to police if they have "reason" to suspect you of something.
Re:Java based???
by
c_oflynn
·
· Score: 5, Informative
There are many types of smartcards.
Some are the memory only type, where the card just has some sort of (normally secured) memory on it.
Then there are also the microcontroller cards. These cards have memory and a microcontroller built into them. You can write a program on it to do something, however you don't exactly have a lot of I/O lines or anything (just a communications link actually).
Most of the microcontroller smartcards have built-in encryption and decryption as well.
Java is pretty popular for programming smartcards, but they even have BASIC for smartcards.
The microcontroller only needs an external clock and power source, and will execute whatever program is on it.
Re:Java based???
by
philfr
·
· Score: 5, Informative
Memory cards only contain data, some parts read-only, some parts read-write, and some parts write once. They have been used since a long time for prepaid public phone cards or access control.
Smart cards also contain a CPU, sometimes highly optimized for e.g. RSA encryption, and their data is available through a file system abstraction. Smart card suppliers call this an operating system... Multiple applications can run on these smart cards, which means you could theoretically have only one card for your ID card, your electronic purse and various loyalty cards (if your are not too worried about security/privacy issues in case of breaking into such a chip).
Memory cards are also called synchronous cards and smart cards asynchronous cards. That's because of the nature of the serial protocol they use to communicate with the device that reads them. Smart cards have a real UART embedded, and implement one of two protocols (T0 and T1) defined in ISO 7816, the second of which is fairly complex and allows to multiplex communication between multiple applications running in the card reader and their peer inside the smart card.
JavaCards embed a "JVM", but a very limited one: you can't just open a network connection or dynamically load a class. Sun specifies the precise subset of Java that corresponds to a JavaCard profile. But, yes, they run Java "cardplets"...
Fundamental Flaws
by
Anonymous Coward
·
· Score: 5, Informative
I was at an E-Gov day some months ago, where this was presented and discussed. (Vince Rijmen, of AES fame was there talking about how they solved the problems associated with e-voting). Some of the comments really scared me:
1) The keypairs on the card will be pre-generated when the citizen receives the card. IMHO a private key that has been in someone else's hands/machine is totally useless. This of course allows for involutary escrow..
2) The Belgian Federal Gov representative (Peter Strickx, ex-Sun, by total coincidence) plainly declared they do not want to have the necessary expertise in-house, but wants to outsource the whole thing (to Sun and ZETES, it now seems)
So this will put our identities (and the authentication/non-repudiation/existence of some very important personal documents) at the mercy of a couple of *private companies*, one of them American, no less, at a time when the US is governed by a madman, that gets away with secret military tribunals and illegal warmongering..
Some of the excuses, when I asked about this were that the.be gov already uses much outsourced security for its own communications!
I say this is unacceptable and an enormous security blunder. Verisign, a US company, could issue some revocations, and thereby completely stop the flow of information inside the.be gov!
Do I they want the US gov to be able to screw around with any.be citizen's identity? It would seem to be so..
Please forgive me for using AC for once, one would get paranoid for a low less...
Re:What does java actuall add to an id card?
by
philfr
·
· Score: 5, Informative
The ID cards are able to prove your identity. For this, they embed a private key, and calculate a signature themselves on data that is sent to them.
If they only gave this private key to the device that asked for it, they would be easy to duplicate.
Of course, you don't need Java for this, but you need a smart card with a CPU inside, and you need to develop the application that runs on that CPU.
The choice of a chipcard determines the SDK to be used for it. One of them is JavaCard...
Why is national id cards / numbers bad ?
by
Simon+Lyngshede
·
· Score: 5, Insightful
Being Danish I was given a social security number when I was born, works just like a national id. My social security card work pretty much like an national id card, you sometimes need some sort of picture id in combination with the social security card.
The only thing I hate is that it doesn't include more "features". I what to use it as a credit card, drives license, access card to the university and so on. Having an all purpose id card would make my life a lot easier. Why is national id cards a bad idea? Are people afraid that the government will track them. Who really gives a fuck if it allows the government to track you with it? They could do that anyway if they really cared enough. I simply don't get it.
Please tell me why national ids are bad. Who are you people afraid of ? Im tired of hearing that national ids are bad, without being given a good reason. So fare I just heared "National id, bad" and it's every time Slashdot brings it up. Only once have I hear of misuse in Denmark and that was due of lack of security at the post office, not really something you can blame the system for.
Slashdot Mirror
I always thought the term smart card was a bit..Oh I don't know, unfounded? It has a digital signature, great, what happens when it's stolen? And used against the owner? I'd like to see a card that had an image of your retina so they could tell if it was you, the eye has so many patterns, its almost impossible to fake. Cosmetics can already make someone look like someone else, but they havent figured out to replicate the eye yet...
For you information:
belgium allready has non-digital ID cards, which are obligatory to every citizen. You are even obligated to carry them around at any time and CAN be asked to show them to police if they have "reason" to suspect you of something.
You could have a look at mine, for example...
http://studwww.rug.ac.be/~bdejong/id.jpg
There are many types of smartcards.
Some are the memory only type, where the card just has some sort of (normally secured) memory on it.
Then there are also the microcontroller cards. These cards have memory and a microcontroller built into them. You can write a program on it to do something, however you don't exactly have a lot of I/O lines or anything (just a communications link actually).
Most of the microcontroller smartcards have built-in encryption and decryption as well.
Java is pretty popular for programming smartcards, but they even have BASIC for smartcards.
The microcontroller only needs an external clock and power source, and will execute whatever program is on it.
Memory cards only contain data, some parts read-only, some parts read-write, and some parts write once. They have been used since a long time for prepaid public phone cards or access control.
Smart cards also contain a CPU, sometimes highly optimized for e.g. RSA encryption, and their data is available through a file system abstraction. Smart card suppliers call this an operating system...
Multiple applications can run on these smart cards, which means you could theoretically have only one card for your ID card, your electronic purse and various loyalty cards (if your are not too worried about security/privacy issues in case of breaking into such a chip).
Memory cards are also called synchronous cards and smart cards asynchronous cards. That's because of the nature of the serial protocol they use to communicate with the device that reads them.
Smart cards have a real UART embedded, and implement one of two protocols (T0 and T1) defined in ISO 7816, the second of which is fairly complex and allows to multiplex communication between multiple applications running in the card reader and their peer inside the smart card.
JavaCards embed a "JVM", but a very limited one: you can't just open a network connection or dynamically load a class. Sun specifies the precise subset of Java that corresponds to a JavaCard profile. But, yes, they run Java "cardplets"...
I was at an E-Gov day some months ago, where this was presented and discussed. (Vince Rijmen, of AES fame was there talking about how they solved the problems associated with e-voting). Some of the comments really scared me:
.be gov already uses much outsourced security for its own communications!
.be gov!
.be citizen's identity? It would seem to be so..
1) The keypairs on the card will be pre-generated when the citizen receives the card. IMHO a private key that has been in someone else's hands/machine is totally useless. This of course allows for involutary escrow..
2) The Belgian Federal Gov representative (Peter Strickx, ex-Sun, by total coincidence) plainly declared they do not want to have the necessary expertise in-house, but wants to outsource the whole thing (to Sun and ZETES, it now seems)
So this will put our identities (and the authentication/non-repudiation/existence of some very important personal documents) at the mercy of a couple of *private companies*, one of them American, no less, at a time when the US is governed by a madman, that gets away with secret military tribunals and illegal warmongering..
Some of the excuses, when I asked about this were that the
I say this is unacceptable and an enormous security blunder. Verisign, a US company, could issue some revocations, and thereby completely stop the flow of information inside the
Do I they want the US gov to be able to screw around with any
Please forgive me for using AC for once, one would get paranoid for a low less...
The ID cards are able to prove your identity. For this, they embed a private key, and calculate a signature themselves on data that is sent to them.
If they only gave this private key to the device that asked for it, they would be easy to duplicate.
Of course, you don't need Java for this, but you need a smart card with a CPU inside, and you need to develop the application that runs on that CPU.
The choice of a chipcard determines the SDK to be used for it. One of them is JavaCard...
Being Danish I was given a social security number when I was born, works just like a national id. My social security card work pretty much like an national id card, you sometimes need some sort of picture id in combination with the social security card.
The only thing I hate is that it doesn't include more "features". I what to use it as a credit card, drives license, access card to the university and so on. Having an all purpose id card would make my life a lot easier. Why is national id cards a bad idea? Are people afraid that the government will track them. Who really gives a fuck if it allows the government to track you with it? They could do that anyway if they really cared enough. I simply don't get it.
Please tell me why national ids are bad. Who are you people afraid of ? Im tired of hearing that national ids are bad, without being given a good reason. So fare I just heared "National id, bad" and it's every time Slashdot brings it up. Only once have I hear of misuse in Denmark and that was due of lack of security at the post office, not really something you can blame the system for.