ID card loyalty access analysis

Allikas: eid.eesti.ee
Redaktsioon seisuga 31. oktoober 2012, kell 13:23 kasutajalt Martlaur (arutelu | kaastöö) (Using the ID card in access control systems)
(erin) ←Vanem redaktsioon | Viimane redaktsiooni (erin) | Uuem redaktsioon→ (erin)

Using the ID card as a loyalty card and in access control systems

Using the ID card as a loyalty card

Using the ID card as a loyalty card primarily means that the personal data file will be read electronically from the ID card and saved to a database (or that the card is checked against it). It can be said that every company who wants to use the ID card as a loyalty card creates a custom solution for it (i.e. there is no universal library/plugin/application that would be used similarly in e.g. a bookstore, a clothing store, and a cinema). Therefore, a developer who wants to execute such a solution should pay most attention to the section Using the personal data file and take into account the costs and risks mentioned in section Aid to contractor of IT developments.

For instance, SK says that as different sales, customer management and cash register systems are used in Estonia, the company should find a partner at the early stage of the project who would be responsible for necessary hardware and software developments.[1]

Using the ID card in access control systems

These systems usually work on the same principle: a smart card reader reads a unique card number from the inserted ID card and forwards it to the access control system. If the number of this card can be found in the allowed numbers database, the person can, for example, open a locked door. If the number is not in the database, the card user is not granted access. Two distinct security methods can be deployed in access control systems:

  • Reading the personal data file from the card (usually this is enough);
  • Authentication with PIN code based on PKI.

If the personal data file is used, it is recommended to link access rights to the document number, not personal identification number, because when the card is lost, access with this specific card can be revoked. For certificates, the serial number of the certificate (not that of its owner) fulfils the same purpose.

There are also arguments against using the ID card:

  • As the ID card has a contact chip, on frequent usage (e.g. an office with many employees) not only cards but also the card readers become worn out (at least those that require the chip to be pressed against the read head). Therefore, such systems usually use contactless (e.g. RFID technology based) access certificates.
  • The data transfer rate of an ID card is 9600 bps and it takes about a second to read the data from the card (data procession time is added). Newer generation cards may be faster, but still it should be kept in mind that in places with a lot of traffic, accessing the card might be too slow.
  • Whenever a card is lost, access is lost for the card owner for several days until a new card is issued (unlike with a typical unpersonalised (contactless) card that can be taken from a stack and prepared in minutes). Here digital ID can be an alternative, where the personal data file only contains the card number.

There are many companies offering access control systems in Estonia, but most of them use contactless or magnetic cards as access certificates; at the time of writing, few support the ID card:

  • Telegrupp
  • Ektaco - in Ektaco's ARGOS-series access control systems (e.g. Argos 3010) it is possible to use the Estonian ID card as a key.

Implementation analysis

Benefits

Considering that at the time of writing over 1.1 million active ID cards have been issued[2], it is safe to say that effectively every Estonian citizen has an ID card. Keeping that in mind, potential profits of implementation should be viewed through the two main functions of eID tools in an electronic environment: authentication and signing.

Authentication:

  • Makes it possible in an electronic environment to be sure that the person is who he or she claims to be. In environments with a high security level (banks, etc.), this is unavoidable; in environments with medium or lower security levels (e.g. business environments, forums, etc.), it enhances the feeling of trust in the other party. One of the profits is lower security risk;
  • A widely tested and reliable solution;
  • A unified and universal authentication interface that works on different platforms and languages;
  • The company will not have to plan and execute its own authentication solution (including guarantees that it will also work when end-users update their software, e.g. web browser);

Signing:

  • It becomes possible to sign documents automatically (see digital stamp);
  • Smaller expenses on paper and faster document processing;

Expenses

It should be remembered that the expenses of the implementation of eID solutions or ID card in a company's work depends greatly on which workflow or business processes the solution will be integrated with and how many users it will have.

  • Development costs as represented below in the section Aid to contractor of IT developments
  • SK's digital signature profitability calculator helps determine the approximate expenses of electronic singing.
  • Using the ID card as a loyalty card means reducing the expenses of the company on the one hand (taking into account the preparation costs of the loyalty cards) and is comfortable for the clients, but it also incurs expenses of renewing the information system and a business risk if it is important for the company to have their corporate graphics on the card.

Risks

  • Limited international usage (essentially, the card is only usable in Estonia and/or by Estonian citizens);
  • Different business risks while using as a loyalty card: cost effectiveness (if the loyalty card and ID card remain in parallel usage), the psychological fear of sensitive data being read from the card (which is receding), cannot help a customer who has problems using the ID card;

Aid to contractor of IT developments

The table presents a list of typical eID-related developments that a hypothetical company or organisation might want to contract.

Development Approximate work volume in man-hours (one workday = 8 man-hours) Notes
Adding personal identification with ID card to their web service. As a result, users will not have to remember another username/password combination and it is guaranteed for the service provider that the user's actual name, surname and personal identification number are submitted. 36 For verifying certificate validity, a choice has to be made on application level about whether to use revocation lists or validity verification -- see Certificate validity check.
Adding signing with ID card to their web service. This lets the service provider ask the user for a legally binding signature without the user having to send signed documents by land mail or going somewhere physically.

NB! Here the work volume depends on how many different processes or workflows the signing functionality will be added to.

60 Unlike with personal identification, there is no choice here with certificate validity verification: validity confirmations have to be used, as in the course of these queries a record will be entered into SK's security log about the signature -- see Digital signing. Therefore, SK's service fees will be added here.
Adding digital stamping to their services. This will enable attaching an organisation's stamp automatically to issued documents, so the client can be sure of their validity and integrity. 60 The crypto-stick software has not been tested and is not supported for Linux by SK. At the time of writing, there were no known problems with the software.
Encrypting documents for transportation. As the cryptocontainer can only be opened by those to whom the document is destined, unsecure channels (e.g. email) can be used for transportation. 36 If a service is created that accepts a message encrypted with a public key and attempts to open it with the corresponding secret key, returning error messages should be avoided -- see Padding oracle attack.

The mail message itself can only be encrypted if it is sent to the address that is contained in the receiver's certificate, i.e. in the case of ID cards, the message has to be sent to the @eesti.ee address. In the case of digital stamping, the organisation can choose the address that will be included in the certificate.

Adding logging in with ID card to all computers in the organisation, to guarantee access for authorised persons only. Here the employees could use their ID card in any machine to log in with their user account. 72 EIDAuthenticate application does not verify certificate validity in an outside source (e.g. revocation lists). If there is a need for certificate validity verification, additional developments are needed.

Each user must be granted access separately, on the basis of his/her certificate or data contained in it -- in the case of a large number of users this can mean a significant amount of time spent on configuring.

* Extending the above to desktop applications, where it can only be used after authentication with an ID card (e.g. the general practicioners' work application that requires authentication with an ID card). 36 Usually, this use case is only sensible in case the application communicates with a server that requires ID card login. With local applications, it is safe to say that once the user has logged in to the computer, he/she has the rights to use the application.
* Extending the above to VPN-s, where ID card is used to encrypt connections coming into the internal network from without (e.g. a company using this solution gets access to a partner company's internal network). 48 As there are several VPN solutions, the time spent on development varies. E.g. for configuring OpenVPN see Virtual private networks.
The card can be enquired for the owner's personal data without entering a PIN, so loyalty cards or access cards can be created (e.g. the Tartu University library where you need to insert the card into a reader for a second to gain access). 60 There is no unified solution for reading personal data. If it is done in a closed and securely controlled environment, it is relatively simple using the eidenv application. But if this solution is not suitable, reading data from the card requires direct communication with the card on a low level.

Note: The time estimates are based on programming time only. Additional time, which is harder to estimate, will be spent on the collection and analysis of requirements, documentation, installing support applications, configuring the database, testing (e.g. whether testing is done manually or automated, whether unit tests will be written), etc.

References

  1. Andres Aarma, marketing manager of AS Sertifitseerimiskeskus, http://leht.aripaev.ee/?PublicationId=464dc490-fb94-4024-9b75-258ddc8543a9&articleid=5616&paperid=5CC0605B-EA2B-4FCF-B1BA-E05B11FCE00D (in Estonian)
  2. Active ID cards: 1 190 032, id.ee data from 23.09.2012 22:41