SA eID smart cards privacy and security explained

I'm not sure I understand the part about it not being clone-able.
Who cares what is running on it, surely you can clone it with the right hardware regardless?
 
roguemat said:
I'm not sure I understand the part about it not being clone-able.
Who cares what is running on it, surely you can clone it with the right hardware regardless?
Click to expand...
What are you referring to? The card?

The card contains a private key which is encrypted.
This key is unique to you
The server contains everybody's public keys
When it see's its you connecting to it (your card being scanned somewhere)
The server then responds with a challenge
Only your card knows how to respond to this, ie only your private key can unlock this message
Thus only your card can respond correctly.

Don't know if this answers your question, and apologies if it was not what you asked :p
 
YingYang said:
What are you referring to? The card?

The card contains a private key which is encrypted.
This key is unique to you
The server contains everybody's public keys
When it see's its you connecting to it (your card being scanned somewhere)
The server then responds with a challenge
Only your card knows how to respond to this, ie only your private key can unlock this message
Thus only your card can respond correctly.

Don't know if this answers your question, and apologies if it was not what you asked :p
Click to expand...

Not really what I was asking :P
I was referring to this line "Fouladi said that cloning these cards is almost impossible.". And I was saying that surely they can be cloned.
As a simple example, a PC hard drive can have all the encryption you want, but can still be cloned/ghosted.
 
roguemat said:
Not really what I was asking :P
I was referring to this line "Fouladi said that cloning these cards is almost impossible.". And I was saying that surely they can be cloned.
As a simple example, a PC hard drive can have all the encryption you want, but can still be cloned/ghosted.
Click to expand...

Also it sound like you will truly need authentic equipment to read the data on the card as the card will not allow devices access to data on the card if it cannot authenticate with the card. So you can't just use a simple mag-tape reader like with credit cards. This is a huge barrier to entry for the fraudsters as you would need to steal/buy one from home affairs. Not infallible, but not very easy either.
 
Last edited:
YingYang said:
What are you referring to? The card?

The card contains a private key which is encrypted.
This key is unique to you
The server contains everybody's public keys
When it see's its you connecting to it (your card being scanned somewhere)
The server then responds with a challenge
Only your card knows how to respond to this, ie only your private key can unlock this message
Thus only your card can respond correctly.

Don't know if this answers your question, and apologies if it was not what you asked :p
Click to expand...

I hope this is true, but if it is why has the banks not started using this? Seems like the banks are currently battling a cloning war with all the cards getting cloned. I just cannot see how these ID's can be 'more' secure than the bank cards with a chip and a pin etc.....
 
roguemat said:
Not really what I was asking :P
I was referring to this line "Fouladi said that cloning these cards is almost impossible.". And I was saying that surely they can be cloned.
As a simple example, a PC hard drive can have all the encryption you want, but can still be cloned/ghosted.
Click to expand...
Oh, sorry.

From what I've read (and I can't find a source now :( ) these cards store the physical characteristics of the card (exact number number of pixels of the picture + other physical details) hashed with other data as well.

So its extremely difficult to copy
 
In most EU countries they already use almost the exact same eID systems (I'm receiving my German one in a few weeks time) so I would assume it is quite safe. I don't think any of these systems will ever be 100% foolproof but it makes it a lot harder and more technological advanced to forge these, as apposed to a simple ID book that should be so easy by now.
Anyways, here in Germany and also in Denmark they have some really interesting high tech uses for these electronic ID cards, making it possible to use it as your online identity for things like banking, e-contracts, etc and in Denmark they are basing all their e-Government logins on this single sign on service using the eIDs.
 
MKFrost said:
I hope this is true, but if it is why has the banks not started using this? Seems like the banks are currently battling a cloning war with all the cards getting cloned. I just cannot see how these ID's can be 'more' secure than the bank cards with a chip and a pin etc.....
Click to expand...

Banks are... thats what the chip is for on the new Credit and Debit cards... checkout EMV
 
MKFrost said:
I hope this is true, but if it is why has the banks not started using this? Seems like the banks are currently battling a cloning war with all the cards getting cloned. I just cannot see how these ID's can be 'more' secure than the bank cards with a chip and a pin etc.....
Click to expand...

To my knowledge (well, understanding), the banks use cards that have both the chip and the magnetic strip. Where a POS does not support a chip, the retailer can still use the magnetic strip to make the transaction. So my point becomes, that when a bank card gets cloned, it is the legacy strip that is compromised, and not necessarily the chip. Again this is my own layman analysis. If anybody tells me that the chip also gets compromised, I will not disagree with them, but will rather want to hear their explanation.
 
Vice said:
To my knowledge (well, understanding), the banks use cards that have both the chip and the magnetic strip. Where a POS does not support a chip, the retailer can still use the magnetic strip to make the transaction. So my point becomes, that when a bank card gets cloned, it is the legacy strip that is compromised, and not necessarily the chip. Again this is my own layman analysis. If anybody tells me that the chip also gets compromised, I will not disagree with them, but will rather want to hear their explanation.
Click to expand...

It's possible to clone those cards, see http://www.theregister.co.uk/2012/09/13/chip_and_pin_security_flaw_research/
There's a whole list on the Wikipedia: http://en.wikipedia.org/wiki/EMV#Vulnerabilities

As for cloning an ID card, it's probably possible if you throw enough money at it. Basically it won't be cloned because of the expense, it'd be cheaper to go down to Home Affairs and bribe someone.
 
t123 said:
It's possible to clone those cards, see http://www.theregister.co.uk/2012/09/13/chip_and_pin_security_flaw_research/
There's a whole list on the Wikipedia: http://en.wikipedia.org/wiki/EMV#Vulnerabilities

As for cloning an ID card, it's probably possible if you throw enough money at it. Basically it won't be cloned because of the expense, it'd be cheaper to go down to Home Affairs and bribe someone.
Click to expand...

Does the eID cards use the same system as the electronic payment cards?
 
Will the cards have to be renewed every 10 years or so? Without regular replacement the photo ID will become totally useless.
 
marine1 said:
Is the first card for free?
Click to expand...

Yes and no. For a first issue its free i.e. the first time you ever apply for a ID. If you already have a green ID book then no, you will pay for the issue of the new ID card.

Wanted to add on, I think, just like in the past, everybody will have to pay for it for the first three or so years. After that government will have big drives to get everybody converted and give it all away for free.
 
markings said:
Will the cards have to be renewed every 10 years or so? Without regular replacement the photo ID will become totally useless.
Click to expand...
Highly likely.

However, the central database also stores the photo. So once they've scanned the card they'll get a picture of your ugly face on their screen anyway :p
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X