The use of RFID in government documents will make identification easier, but will have security risks. In the first of two articles, Joseph Pearson, Government Identification Marketing Manager, RFID Systems for Texas Instruments, discusses how technology will protect data.
Today, more than 50 countries have electronic passport (e-passport) programs, and many countries are putting in place more secure forms of electronic citizen, visitor and government employee identification. As the volume of document issuance increases and new security threats occur, there is an increased need for industry-standard, next-generation contactless smart integrated circuit (IC) solutions that securely store, process and communicate data.
Electronic versions of government-issued identification documents use an IC or chip to establish a digital link between the holder and personal biometric information, such as a digitized photo, fingerprint or iris image. Designed to enhance border, physical and IT security, electronic chips ensure that the person holding a passport or government document is the one to whom it was legitimately issued. The next generation ICs will employ an advanced embedded memory technology, called FRAM (ferroelectric random access memory), which improves the speed and reliability of future smart, secure e-passports and government ID documents. These smart ICs will have increased writing speeds to produce and process documents faster and more efficiently, as well as enhanced memory for future security requirements.
Performance and Functionality Gaps in Legacy IC Technologies
While some government-issued electronic ID documents employ traditional secure contact smart card technology, many new applications use dual interface or contactless smart ICs developed with contact smart card technology and radio frequency identification (RFID) technologies. Contact
smart cards obtain processing power and communication via physical contact between the reader and the cardˇs eight-pin contact pad, while contactless smart cards are powered and communicate by means of a radio frequency (RF) signal. To create the existing generation of secure e-passports, most smart IC vendors modified their existing contact-based smart IC designs by adding RF Analog Front-End (AFE) circuitry. The AFE is both the power source for the smart IC and the communications interface to an RF reader using the ISO/IEC 14443 standard air interface protocol. As a result, todayˇs contactless smart ICs, such as those used in e-passports, are based on older technology, where neither passive power management nor RF communications speed were original design requirements.
While legacy smart IC architectures enabled the creation of first-generation government electronic ID applications, writing and reading data on the chip is slow, and the RF link for power and communication is less than optimal. This negatively affects throughput and quality in credential production and the level of read performance in the field. New contactless RF-enabled chip technologies developed for e-passport and other electronic government ID programs have advantages. They deploy the latest microcontroller and RF advances while using ultralow power, fast memory and high levels of security. The next generation of smart ICs will have faster data write and transaction read times to improve document issuance and personalization times, meet new security requirements and enable new applications in future iterations of government IDs.
EEPROM and Flash Memory: Widely Used, but Limited Capabilities
The performance and capabilities of current government-issued electronic identification documents are limited by the type of memory on the IC. The primary memory technologies used on these chips are electrically erasable programmable read-only memory (EEPROM) or Flash.
Like FRAM, both EEPROM and Flash are nonvolatile memory technologies, which mean their data is not lost when power is removed. Unlike FRAM, EEPROM and Flash employ a floating gate charge storage design approach. Using floating gate EEPROM and Flash technologies, passive contactless ICs have relatively long transaction times to write data. More power-efficient memory technologies can decrease transaction times while adhering to the RF passive sourceˇs limited power capacity.
In terms of data security, EEPROM and Flash are susceptible to unauthorized observation. An example of EEPROM vulnerability is when the memory is in static mode, or no energy is coming in or out of the floating gate. In this state, nanoprobes can scan the memory in the floating gate. If someone is close enough, he or she could read the data. This could reveal sensitive data, encryption keys, or privileges and access rights.
Advanced FRAM : Attributes and Benefits for Government ID
FRAM is a nonvolatile memory technology like EEPROM. However the similarities end here. It takes less time to write to FRAM devices than to EEPROM or Flash. FRAM also has longer data retention, retaining data for more than 10 years, even at high temperatures (85 degrees Celsius). FRAM can be accessed for more than 100 trillion write/read cycles, virtually an inexhaustible amount of times.
FRAM can use as little as 1.5 volts to write data, while EEPROM requires 10-14 volts. Because only a small amount of energy is required, the power for FRAM can be front-loaded at the beginning of a write cycle. This avoids ¨data-tearing,〃 a partial write of the data when the smart IC is removed from the RF field power source during a write cycle. EEPROM and Flash are more prone to data tearing. Therefore, low voltage and power usage of smart ICs with embedded FRAM offer enhanced data integrity and an improved user experience.
Advantages of FRAM include protection against direct data security probe attacks and radiation hardness. As a response to anthrax threats, gamma radiation is used at some U.S. Postal Service locations. Compared to traditional nonvolatile memories, FRAM is less susceptible to gamma radiation. Thus, special handling would not be required when shipping FRAM-based electronic documents, such as e-passports.
FRAMˇs Impact on Government ID Production Processes
The creation of a government-issued electronic ID document adds a level of complexity to the production process of the credential. Not only are electronic components integrated into the document, data must be written to the smart IC. There are two primary steps in the writing process: prepersonalization and personalization.
Prepersonalization is the process by which the smart ICˇs on-board memory and/or operating system (OS) are formatted for the application, similar to formatting a computer disk. In a typical process to create a government electronic ID document, the prepersonalization step is done by contactlessly writing the formatting information to several credentials on a sheet of substrate material simultaneously. Slow chip write times, along with chip performance variability, can affect how a chip is formatted. If any one of the smart ICs is improperly formatted during prepersonalization, the ¨bad〃 chip will continue in the process until all of the credentials are made into finished products.
Poor RF chip sensitivity can also increase yield problems. A less sensitive chip does not perform well when RF signals between the reader and chip are weak or are affected by an external source. Even a small percentage of improperly prepersonalized chips can have an effect on production cost, because some products will be scrapped when production ends.
Once the document has been assembled, formatted and manufactured into individual credentials, then personalization of the chip takes place. During personalization, the credential holderˇs personal data is loaded onto the smart IC.
Using EEPROM and Flash memory, the transaction time to write all the data to the smart IC during both prepersonalization and personalization can slow the production process. A smart IC with robust RF sensitivity and fast memory write speeds, such as those with FRAM, can make an impact on the production time, cost and quality level of electronic government-issued IDs.
The Dawning of Next Generation Government Electronic IDs:PartII