Alliance: Really smart cards guard privacy

Individual privacy should rank as high as building security in smart-card authentication policies and procedures, the Smart Card Alliance says. 'Both privacy and security must be considered fundamental design goals for any personal ID system' based on smart cards, the alliance said in a white paper released last week at its winter meeting in Salt Lake City.

The level of privacy protection depends on when and how smart-card data is accessed, distributed and destroyed. When authenticating a person's identity, a smart-card system should automatically prevent copying, spoofing and unauthorized sharing of the information, and it should access only as much data as is necessary for the immediate task, the alliance said.

It suggested that each smart card should incorporate a safety measure such as a personal firewall, public-key cryptography or biometrics'especially when one card serves several functions. The additional safeguards would not only boost protection but also boost user confidence, it said.

The alliance made these privacy recommendations:

  • Smart card-related databases of personal information should be encrypted and should transmit only encrypted information.


  • Transactions between smart card and reader should be offline only, and any information captured by a reader or other intermediate system should be deleted as soon as a transaction is complete.


  • Organizations should set up checklists to show who is authorized to see or change information in each data field.


  • Cardholders should be required to authorize, via password, personal identification number or biometric permission, the extraction of any data from their smart cards.


  • Applications should be structured so that transaction records can't be used as surveillance tools.




Featured

  • senior center (vuqarali/Shutterstock.com)

    Bmore Responsive: Home-grown emergency response coordination

    Working with the local Code for America brigade, Baltimore’s Health Department built a new contact management system that saves hundreds of hours when checking in on senior care centers during emergencies.

  • man checking phone in the dark (Maridav/Shutterstock.com)

    AI-based ‘listening’ helps VA monitor vets’ mental health

    To better monitor veterans’ mental health, especially during the pandemic, the Department of Veterans Affairs is relying on data and artificial intelligence-based analytics.

Stay Connected