Automating the process of identification of users is a necessity and is becoming increasingly popular among organizations around the world. IIT Kanpur has initiated a project on Smart card based ID system for this purpose. Smart cards provide an optimal technology platform for a secure ID system that can meet an organization's requirements for secure and accurate identity verification. The project Smart card based ID system at IIT Kanpur, provides a complete solution for automated identification of users. The smart ID cards issued by IIT Kanpur to its students and staff are built on the nation-wide SCOSTA standards for the card operating system. The SCOSTA standards, originally designed by IIT Kanpur, are open inter-operable standards compliant to ISO/IEC-7816 standards.
Visual layout of the Smart ID card
The Smart ID cards contain relevant information about the card holder. The memory size of the chip inside the smart card is about 4 KB which contains minimum of 8 files of different sizes named as EF1 to EF8. User information is stored in these files and can be categorized as private or public. Public information (e.g. name, photograph, department, card expiry date etc.) is stored in files and is also some of them are printed on the Smart ID Card. Data of private nature, such as salary, PF number, PAN number, and account information etc., can be read/updated only by appropriate authority. The data is also password protected.
|
|
Front of the Smart ID Card |
Back of the Smart ID Card |
Smart ID cards are issued by the top authority (ID Cell) to the students and employees when they join the institute.There is provision to issue cards to dependants of students and staff as well. Each card has an expiry date and a valid till date. Although the expiry date is till the end of the program of a student, the valid till date is only till the end of semester. After registering for the next semester, the student needs to update the card to make it functional. The students who are terminated, cannot update their cards. So, though they are allowed to retain their ID cards, they cannot use it anywhere as it is expired. Incase of an employee, the expiry date of the card is the full tenure of the services of the employee.
Smart card-based ID systems offer significant benefits to the institute and the card holders. Even with the increase in the number of students, the process of issuing cards is now completed in just 2 days. The ID card is a multipurpose card. There is no need to issue different cards for library, swimming pool memberships etc.
All authentication and authorization mechanism are implemented using symmetric key cryptography. An interesting application of the Smart ID is that it can be used as an electronic purse in vending machines. Smart ID card can be loaded with prepaid cash, which can be used to dispense beverages and snacks at vending machines. To know more about the applications currently created on SmartId applications click on Applications.
There are four levels of hierarchy in the smart card based ID system of IIT Kanpur. The ID Cell is at the highest level and has all the privileges. It creates and issues Smart ID cards to all users. The second in hierarchy is Application creation authority followed by verification authority and lastly the user card. The different levels of authority have different and varied access to the user cards. They are granted privileges with the help of various cryptographic keys.
Application creation authority can create different applications in the user card, for example, swimming pool application, vending application etc. Verification authority is only authorized to read certain data based on the permissions. For example, the office bearer at the Dean of Student's affairs may be allowed to see all the details of a student but not that of a staff whereas, the accounts section has access to the bank account number. They may have permission to just read data or also update it.
ID cell authority card can upgrade a user card to verification authority and then to ACA if needed. This ACA can even be upgraded to ID cell authority card.
|