Actually I have to agree with this. Normally I am opposed to the increasing use of technology in ways which reduce our privacy. However in this case I think the benefits actually outweigh the costs.
I do see potential for abuse but I also see how this technology can be used to make car theft (and particularly resale) much more difficult.
The way I see it, it could work like this:
Licensing authority when issuing plates encodes the following information on the integrated chip: "KV4782-Blue Honda Civic Saloon-VIN 1M8GDM9A_KP042788" The proposed information being : License number-Description-Vehicle Identification Number
The trick being that, along with the plain-text, is stored a private key signed signature of the encoded data, using one of the recognised encryption/signing algorithms such as RSA. Furthermore the private key used is only stored on the government issuing equipment and never on the chip itself. Thus no amount of tampering can reveal the key.
Granted there is still the requirement to ensure the security of the issuing machines. However this is can be solved with good old fashioned physical security, multiple keys, revocation lists etc.
The government then publishes the corresponding public keys allowing law enforcement agencies and other interested parties to validate license plates. e.g. Officer stops the car, pulls out hand-held device compares the license plate and vehicle description. If he has any reason to be suspicious, he can also ask to inspect the VIN.
The other benefit of this system is that companies can start to offer hand held scanners which perform the same function. Thus if I am buying a new car I can pull out my cheap $10 scanner and perform a verification that the car plate matches the VIN. If the government then publish a list of stolen plates I can have a reasonable degree of confidence that the car I am buying isn't stolen.
I reckon that if such a system was in widespread use the lives of the car thieves would get considerably more difficult. It will be very interesting to see how this system works out in Malaysia but if its done right I think it could be a powerful tool against crime.
Actually, the idea of processors running Java naively hasn't died.
Some modern embedded processors have been specifically designed to execute Java naively. e.g. ARM Jazelle and the new Atmel AVR32.
These processors use various hardware mechanisms to make part of the RISC register file look like a stack. They then convert as much as 80% of the JAVA instruction set into native RISC instructions and interpret only those instructions which they cannot convert in simple hardware.
Such processors are mainly targeted at the increasing number of embedded devices which run JAVA. e.g. Mobile phones.
While the headline sounds scary, when you examine it closer, this isn't really surprising.
The ability to copy the passport is not the issue here.
The key point of the technology was to have the issuing government digitally sign the information contained in the passport.
This means that a forger cannot simply tip-ex out the name and and put in a new one;-)
The article did not mention if the German passport contains bio-metric data. i.e. a digital copy of the photo.
This combined with a digital signature of the photo would make the system very secure indeed.
The passport inspector simply scans the data and compares the photo to the person standing before him.
I don't see how this "hack" compromises the security of the system, except in cases where the inspecting authority misuses or misunderstands the basis of security in the system.
Slashdot Mirror
Actually I have to agree with this. Normally I am opposed to the increasing use of technology in ways which reduce our privacy.
However in this case I think the benefits actually outweigh the costs.
I do see potential for abuse but I also see how this technology can be used to make car theft (and particularly resale) much more difficult.
The way I see it, it could work like this:
Licensing authority when issuing plates encodes the following information on the integrated chip:
"KV4782-Blue Honda Civic Saloon-VIN 1M8GDM9A_KP042788"
The proposed information being : License number-Description-Vehicle Identification Number
The trick being that, along with the plain-text, is stored a private key signed signature of the encoded data, using one of the recognised encryption/signing algorithms such as RSA.
Furthermore the private key used is only stored on the government issuing equipment and never on the chip itself. Thus no amount of tampering can reveal the key.
Granted there is still the requirement to ensure the security of the issuing machines. However this is can be solved with good old fashioned physical security, multiple keys, revocation lists etc.
The government then publishes the corresponding public keys allowing law enforcement agencies and other interested parties to validate license plates.
e.g. Officer stops the car, pulls out hand-held device compares the license plate and vehicle description. If he has any reason to be suspicious, he can also ask to inspect the VIN.
The other benefit of this system is that companies can start to offer hand held scanners which perform the same function.
Thus if I am buying a new car I can pull out my cheap $10 scanner and perform a verification that the car plate matches the VIN.
If the government then publish a list of stolen plates I can have a reasonable degree of confidence that the car I am buying isn't stolen.
I reckon that if such a system was in widespread use the lives of the car thieves would get considerably more difficult.
It will be very interesting to see how this system works out in Malaysia but if its done right I think it could be a powerful tool against crime.
Actually, the idea of processors running Java naively hasn't died.
Some modern embedded processors have been specifically designed to execute Java naively. e.g. ARM Jazelle and the new Atmel AVR32.
These processors use various hardware mechanisms to make part of the RISC register file look like a stack. They then convert as much as 80% of the JAVA instruction set into native RISC instructions and interpret only those instructions which they cannot convert in simple hardware.
Such processors are mainly targeted at the increasing number of embedded devices which run JAVA. e.g. Mobile phones.
While the headline sounds scary, when you examine it closer, this isn't really surprising. The ability to copy the passport is not the issue here. The key point of the technology was to have the issuing government digitally sign the information contained in the passport. This means that a forger cannot simply tip-ex out the name and and put in a new one ;-)
The article did not mention if the German passport contains bio-metric data. i.e. a digital copy of the photo.
This combined with a digital signature of the photo would make the system very secure indeed.
The passport inspector simply scans the data and compares the photo to the person standing before him.
I don't see how this "hack" compromises the security of the system, except in cases where the inspecting authority misuses or misunderstands the basis of security in the system.