Technology and Investment
Vol.4 No.2(2013), Article ID:31860,7 pages DOI:10.4236/ti.2013.42008

Triggering the Smart Card Readers Supply Chain

Ali M. Al-Khouri

Emirates Identity Authority, Abu Dhabi, United Arab Emirates

Email: ali.alkhouri@emiratesid.ae

Copyright © 2013 Ali M. Al-Khouri. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Received October 22, 2012; revised May 7, 2013; accepted May 14, 2013

Keywords: identity management; electronic identity; eID; smart cards; card readers

ABSTRACT

In the last 12 years or so, many governments have launched modern identity management systems. These systems typically integrate a set of advanced and complex technologies to provide identification and authentication capabilities. The major output of such systems is smart identity cards that bind the cardholders’ identities to their biographical data and one or more biometric characteristics. The field of government practice has been focusing on the enrolment capabilities and infrastructure rollout, with little focus on smart card applications in the public domain. This article attempts to address this area in the body of knowledge from a government view point. It explores card reader adoption opportunities in both the public and private sectors, and attempts to outline the United Arab Emirates’ (UAE’s) government’s plans to disseminate card readers and promote their adoption in government and various industrial groups in the country.

1. Introduction

“There were 30 billion plastic cards issued in 2011 alone. If you were to line up the cards end-to-end, that amounts to nearly 1.6 million miles of plastic every year—enough to create a six-lane plastic highway between Earth and the Moon. Mobile wallets in the long run have the potential to replace billions of plastic cards that end up in landfills, while providing a secure and convenient user experience.” [1]

Obviously, the public and business sectors are showing greater interest in plastic card adoption. However, there is a shift towards a more sophisticated plastic card in the industry, namely smart plastic cards [2-4]. Smart cards provide more advanced capabilities in identification, authentication, data storage and application processing [5-8]. Smart cards contain electronic memory and, in some cases, an embedded integrated circuit. They basically come in two types, contact and contactless. Contactless smart cards only require close proximity to a reader to enable the transmission of identification data, commands and card status, hypothetically taking less time to authenticate versus contact smart cards that require insertion into a smart card reader [9]. Each reader and card has an internal antenna that securely communicates with the other.

Smart card authentication is considered to be the bestknown example of a proof by possession mechanism [10,11]. Other traditional classes of authentication mechanisms include proof by knowledge (e.g., passwords) and proof by property (e.g., fingerprints). When combined and used for user authentication, smart cards can help improve the security of a device as well as provide additional security services [12-14]. Figure 1 depicts a typical user logon and authentication process using a smart card.

A considerable number of governments around the world have launched modern identity management programs in an attempt to create a more accurate population register, and to develop identification and authentication capabilities [15]. Governments have been promoting their national identity schemes somewhat aggressively to gain public acceptance and secure necessary funding. Among the numerous benefits reported by governments

Figure 1. User authentication with smart cards.

is that the new smart identity cards may replace many of the existing identification cards, such as driving licences, health insurance cards, and so forth [16-18] and therefore have a high impact on lowering cost and minimising duplication in widely produced identity documents. Smart cards are also promoted on the basis of having the potential to become an innovative approach in addressing the e-government and e-commerce needs of strong authentication.

In reality and practice, however, governments have been paying significant attention to population enrolment and infrastructure rollout with little attention to widening the smart identity card applications in the public domain. It is interesting to refer here to the fact that it is estimated that governments around the world have issued hundreds of millions of smart cards in the last ten years in the form of national identity cards. Despite this gigantic number of smart cards issued by governments, the field of practice does not show any noteworthy government action that can truly justify such massive spending and show clear economic value.

On the other hand, market research shows that governments will still spend increasing and capacious financial budgets on smart card acquisition in the coming years [19-21]. A recent study by Frost and Sullivan argues that the field of smart cards and their adoption will remain strong and may exhibit renewed potential for all markets, given the growing concern for electronic security, and increasing overall system performance with contactless technology [22]. The study also anticipated that all the four primary markets which smart card readers address (i.e., government, banking and payment, transportation, and corporate security) will continue to grow. Our experience in the field strongly supports this finding. We envisage that smart card readers have huge market penetration and adoption opportunities, provided that the right strategies and business cases are put in place. In this article, we attempt to outline the United Arab Emirates’ (UAE’s) government’s plans to rollout smart card readers and promote their adoption in the public and private sectors.

This article is structured as follows: Section 2 provides a short overview of the UAE’s identity management infrastructure and the features of the smart identity card issued as part of the UAE’s scheme; Section 3 outlines how the demand for card reading by service providers may impact the supply of card readers; Section 4 provides an overview of the role of the UAE’s identity issuing authority in the card reader market; and finally, Section 5 concludes the article with some perspectives.

2. The UAE: A Regional Leader in Electronic Identity (eID)

The UAE is considered to be a regional leader in the field of digital identity management infrastructure [23]. Through its national identity issuing authority, setup in 2004, to date it has issued more than 8.5 million digital identities to its citizens and resident popultion. Digital identity is linked to the individual’s biographical data and his/her facial and fingerprint biometrics. The digital identity profile is represented by a set of digital certificates and strong authentication credentials, packaged in the form of a secure smart identity card.

The UAE’s identity card is essentially a Java-based smart card packed with features like contact and contactless, multi-factor authentication and a challenge response mechanism for determining the cardholder’s identity and whether or not the card is genuine. Built on open standards, the Java-based operating system card is secured by assymetric keys and specific protocols for communication. It uses both match-on-card and match-off-card features to provide various authentication capabilities.

In a short span of six years, the UAE has achieved a distinctive target of enrolling almost 98% of its citizens and resident population and issuing them with smart digital identity cards. The new smart identity card is currently a pre-requisit in order to access any services in the government and public sectors, and, in parts, in the the private sector as well.

The government has distributed around 10,000 smart card readers in the last five years to the public sector and some private sector organisations to allow them to electronically “read” the data stored on the smart identity card. Early adopters of smart card readers reported that they have succeeded in shortening over-the-counter customer handling cycles from 10 to 20 minutes on average [24,25].

It is envisaged that smart card readers and applications will be further cultivated in the UAE in the next few years and will become an integral part of enterprise architectures in both the public and private sectors due to their potential to improve service delivery systems and secure access to networks and online transactions. The simple “read” need of the smart card is also expected to evolve with the need to undertake stronger identification, verification and authentication procedures to confirm the identity of the service seeker. We explore this further in the next section.

3. The ID Card Readers and the Reader Supply Chain in the UAE

As indicated earlier, modern identity card programs have been launched by many governments with a strong belief that they will address many of the challenges and national development priorities [15]. However, no country has linked the use of smart card readers with identity verification needs as an imperative for delivering government and public sector services. Besides, some countries issue digital certificates on their identity cards but, since they are exportable, the card itself becomes redundant in certificate usage.

The government of the UAE has been working to develop secure authentication capabilities to support egovernment transformation and e-commerce initiatives. This transformation is sought as part of the UAE’s e-government strategy 2012-2014 which aims to develop innovative delivery systems and support the development of a digital economy [26,27]. The UAE’s new smart identity card is designed to support this particular objective of authentication as it contains digital credentials of the cardholder for use both in in-person and online environments.

Currently, the UAE mandates the physical “presence” of the new smart identity card to benefit from any service that is provided by government and public sector agencies. With increasing interest in reading data electronically from the chip, card reading capabilities are becoming a necessity, creating more demand for card readers. A quick look at smart card reader availability around the world seems to reveal that they are not commodity items that are available in electronics stores. So, one may wonder, why is it that one does not see the readers in retail stores? Why are readers not available like mobile phones? The reason is obvious when the supply chain for identity card readers is analysed. The use of the card reader is a direct function of the need to read the card data. Table 1 attempts to illustrate this.

As is evident from the table, the predominant user of the card reader is the service provider and the card reader ownership very much depends on the service delivery channels. Adoption of identity card readers by service providers thus becomes the key to the widespread availability of card readers. Figure 2 below depicts the ID card reader supply chain as seen in the UAE. Rows two, three and four of the supply chain diagram look like the conventional chains of the manufacturer, the supplier (distributor) and the retailer.

In general terms, the ID card reader supply chain is seen here to be driven by push and pull forces. The push and pull represents the need for identity services (i.e., verification, validation and authentication needs) to enable the delivery of services by various service providers. The electronic service channels dictate the integration of smart card readers that facilitate the use of the government issued smart ID card. Smart card adoption in retail and distribution is expected to further support growth opportunities in this critical industry.

Retailers and distributors in the UAE have placed increased importance on conducting business in a more cost effective and time efficient manner. Intensifying competition, cost/scarcity of retail space and growing customer expectations are driving retail and distribution businesses to establish collaborative business models— necessitating the formation and maintenance of new relationships. It is in this context that we can view the efforts of the UAE to popularise the use of the smart ID card and drive the ID card reader supply chain. The next section elaborates on this further.

4. The Role of the UAE’s Identity Authority in the UAE-ID Card Reader Market

Although the UAE smart identity cards have been made mandatory to access all government services, there is no clear and perceptible adoption of smart card readers among the service providers. There is much more reliance on the physical “eye look” rather than on the “electronic reading and processing” capabilities of the smart

Table 1. Application types and card reading needs.

Figure 2. Identity card reader supply chain.

card. Here is where the UAE government, through its Identity Authority1, is currently working to play a significant role in promoting and supporting card reader adoption in both the public and private sectors. The authority’s role and current activity is akin to the trigger mechanism used for thyristors to become conductors of current. See Figure 3.

A thyristor is a semi-conductor device with special characteristics. It is the equivalent of a mechanical switch and consists of two diodes. The special characteristic of a thyristor is that it acts as a non-conductor of current till it has such a voltage across its anode and cathode that the semi-conductor itself breaks down or with a small trigger current applied at its “gate” allows a large amount of current to be conducted almost instantaneously. This trigger current is called the gate current and is usually in milli amperes as against the thousands of amperes that the thyristor could allow to flow. The gate current can be withdrawn once the conduction starts and it does not switch the thyristor from conducting to non-conducting.

The similarity between the above current gate concept and that which the government of the UAE is trying to achieve is remarkable. We envisage the UAE’s Identity Authority to play a triggering role and, as mentioned above, in order to get the thyristor to turn “ON” we need to inject a pulse of current into the gate. Much as a gate current (a very small amount) is required for conduction of mighty current flows, a trigger is needed to set in flow identity card based services and the adoption of the card readers.

Government regulations may be seen here to act as the potential push to inject the pulse to trigger higher demand for smart card readers and widespread application and usage of the identity card and the card readers in various industries. Nonetheless, the inertia (e.g., lack of awareness, lack of applications etc.) will act as resisting elements to the roll out of services.

The UAE’s Identity Authority, as the trigger, has recently announced that it will distribute tens of thousands

Figure 3. Card readers and the gate current concept.

of card readers across the different government service providers. It is considered that this will set in motion the supply chain movement in the country. In other words, once such an amount of readers is available in the public domain and is used as a requirement to access government services, the public and financial sectors are expected to follow suit and create higher demand for card readers. As the identity card usage becomes more prevalent, it is expected to cascade to wider availability of services on web portals as e-services.

While the service providers themselves would act as institutional buyers in the supply chain, the vendors of the card readers are expected to become more visible in the retail industry. This would bring the retail buyer-that is, the individual buyer—to create the demand to procure the readers.

The healthcare sector is another subdivision that would gain immensely from the availability of identity card readers to enable identity-card-based healthcare transactions. The smaller players in the healthcare supply chain, like pharmacies, clinics and so forth, would act as individual buyers and would drive the retail market in identity card readers. Banks and other financial institutions would be major beneficiaries from fraud containment, while citizens and residents would be considered as direct beneficiaries of the convenience of economic transactions involving identity verification. This is expected to result in economic activity of millions of card readers in the country. At an average retail price of $13.50 per reader, this would translate into tens of millions of dollars just in terms of hardware sales.

Indeed, this is considered to be a new segment of economic activity that is currently absent in the country. The UAE’s Identity Authority’s small action of buying a few thousand readers and placing them with government service providers would trigger this economic activity in the space of the next two years. This is just a part of the whole. Along with the readers would come the services directly related to the hardware in terms of warranty and technical services. The software and application development of integrating the identity card and the card reader into applications is a supplementary economic activity. At a conservative estimate, this activity could be worth further tens of millions of dollars. In total, the UAE’s government gate trigger role would result in an economic activity worth hundreds of millions of dollars and would contribute directly to the overall GDP of the country. Besides, card readers are foreseen to be available in supermarkets and electronics stores as well. Digital literacy of the cardholders would be a direct result of using identity cards.

On the other hand, the impact of wider adoption of smart card readers in various industries in the UAE may well trigger more copious adoption in the Gulf Co-operation Council (GCC)2 countries and the region as a whole. Improving customer service and internal efficiency will be the key drivers for such adoption. The high tech and security features of the smart identity card would result in a secure environment which would contribute to containing fraud on account of identity theft. The economic activity stemming from smart card distribution in this case will then be a mulitplying factor in the calculation. Identity card reader manufacturers and distributors and electronics retailers would well be advised to gear up to this reality. The early players would have the benefit of being early movers in exploiting this niche market.

5. Conclusions

Smart cards are likely to become indispensable tools in the future in addressing the competitive interests of diverse groups of industries. Government issued identity cards are envisaged to play a critical role in this area. Their advanced authentication capabilities are likely to promote higher chances of acceptance by both service providers and the public. However, governments will need to put in place clear strategies as to how they intend to support the identification and authentication requirements both in the public and private sectors.

In this article, we attempted to outline and bring about some insights from a government’s field of practice. The UAE's government’s plans should provide some understandings of how a government views its role in promoting the use and application of its smart identity cards.

We envisage that governments, specifically those implementing modern identity card systems, will show increasing interest in card readers in the next few years. Many governments will work towards replacing existing identification documents with the new smart identity card. As smart card readers will naturally demonstrate stronger authentication capabilities, this in itself would support higher levels of trust and participation. This may also have a significant impact on the progress and development of e-government and e-commerce business models. To a great extent, identity theft and transaction fraud can be controlled too.

Besides, we also believe that governments will attempt to regulate the computer industries in their countries to integrate personal computers with smart card readers. This is likely to be seen either as part of a computer keyboard or driver or perhaps as an external peripheral [28]. Smart cards have the potential to reshape service delivery and the way in which services are provided, both in the government and public sectors as well as in the retail and distribution industries. The rapid technological pace in the smart identity card industry will not only revolutionize the future of identification and Authentication but will also open up new business opportunities and create new economy niches.

REFERENCES

  1. S. Narendra, “Connecting Identity and Mobility: A Secure, Scalable and Sustainable Mobile Wallet Approach,” IQT Quarterly, Vol. 4, No. 1, 2012, pp. 18-21. Http://tyfone.com/IQT_Quarterly_Summer2012_Tyfone_article.pdf
  2. U. Hansmann and M. S. Nicklous, “Smart Card Application Development Using Java,” Springer, Berlin, 2002.
  3. F. Morgner, D. Oepen, W. Müller and J. Redlich, “Mobile Smart Card Reader Using NFC-Enabled Smart Phones,” 2012. http://sar.informatik.hu-berlin.de/research/publications/SAR-PR-2012-07/SAR-PR-2012-07_.pdf
  4. D. Paret, “RFID and Contactless Smart Card Applications,” Wiley, New York, 2005.
  5. K. Mayes and K. Markantonakis, “Smart Cards, Tokens, Security and Applications,” Springer, Heidelberg, 2010.
  6. M. Pelletier, M. Trepanier and C. Morency, “Smart Card Data in Public Transit Planning: A Review,” 2009. Https://www.cirrelt.ca/DocumentsTravail/CIRRELT-2009-46.pdf
  7. S. A. M. Rizvi, H. S. Rizvi and Z. Al-Baghdadi, “Smart Cards: The Future Gate,” Proceedings of the World Congress on Engineering and Computer Science 2010, WCECS 2010, 20-22 October 2010, San Francisco, pp. 81-86. http://www.iaeng.org/publication/WCECS2010/WCECS2010_pp81-86.pdf
  8. H. Taherdoost, S. Sahibuddin and N. Jalaliyoon, “Smart Card Security; Technology and Adoption,” International Journal of Security (IJS), Vol. 5, No. 2, 2011 pp. 74-84. http://cscjournals.org/csc/manuscript/Journals/IJS/volume5/Issue2/IJS-84.pdf
  9. K. Finkenzeller, “RFID Handbook: Fundamentals and Applications in Contactless Smart Cards, Radio Frequency Identification and Near-Field Communication,” Wiley, New York, 2010.
  10. W. Jansen, S. Gavrila, C. Séveillac and V. Korolev, “Smart Cards and Mobile Device Authentication: An Overview and Implementation,” National Institute of Standards and Technology, 2005. Http://csrc.nist.gov/publications/nistir/nist-IR-7206.pdf
  11. R. Ramasamy and A. P. Muniyandi, “An Efficient Password Authentication Scheme for Smart Card,” International Journal of Network Security, Vol. 14, No. 3, 2012, pp. 180-186. http://ijns.femto.com.tw/contents/ijns-v14-n3/ijns-2012-v14-n3-p180-186.pdf
  12. S. S. Baboo and K. Gokulraj, “A Secure Dynamic Authentication Scheme for Smart Card Based Networks,” International Journal of Computer Applications, Vol. 11, No. 8, 2010, pp. 5-12. http://www.ijcaonline.org/volume11/number8/pxc3872157.pdf
  13. B. Bakker, “Mutual Authentication with Smart Cards,” 1999. http://static.usenix.org/events/smartcard99/full_papers/bakker/bakker.pdf
  14. J. T. Monk and H. N. Dreifus, “Smart Cards: A Guide to Building and Managing Smart Card Applications,” John Wiley& Sons, New York, 1997.
  15. A. M. Al-Khouri, “Population Growth and Government Modernisation Efforts: The Case of GCC Countries,” International Journal of Research in Management and Technology, Vol. 2, No. 1, 2012, pp. 1-8.
  16. J. Briggs and R. Beresford, “Smart Cards in Health,” 2009. http://www.chmi.port.ac.uk/pubs/smartcards/smartcard_report.pdf
  17. S. Chellappan and V. Paruchuri, “Integrating Smart Cards with Vehicular Networks: Architecture and Applications,” 2009. http://web.mst.edu/~cswebdb/Workshop-AFRL/paper22009751.pdf
  18. O. S. Choudary, “The Smart Card Detective: a Hand-Held EMV Interceptor,” Master’s Dissertation, University of Cambridge, Cambridge, 2010. http://www.cl.cam.ac.uk/~osc22/docs/mphil_acs_osc22.pdf
  19. A. Catherine and W. J. Barr, “Smart Cards: Seizing Strategic Business Opportunities,” McGraw-Hill, Boston, 1996.
  20. M. Hendry, “Multi-Application Smart Cards: Technology and Applications,” Cambridge University Press, Cambridge, 2007.
  21. Smart Card Alliance, “Smart Cards and Biometrics,” 2011. http://irisid.com/download/news/Smart_Cards_and_Biometrics_030111.pdf
  22. Frost and Sullivan, “World Smart Card Readers and Chipsets Market,” 2010. http://www.frost.com
  23. WRA, “Largest Biometric Database: Emirates Identity Authority Sets World Record,” World Record Academy, 2012. http://www.worldrecordacademy.com/technology/largest_biometric_database_Emirates_Identity_Authority_sets_world_record_113117.html
  24. Al-Bayan, “Identity Card Shortens the Time of Data Entry in the Dubai Courts to 7 Seconds,” Al Bayan Newspaper, UAE (Arabic Version), Dubai, 2009. http://www.albayan.ae/across-the-uae/1235654452291-2009-03-02-1.410704
  25. A. M. Al-Khouri, “Identity and Mobility in a Digital World,” Investment & Technology, Vol. 4. No. 1, 2012, pp. 7-12.
  26. A. M. Al-Khouri, “eGovernment Strategies: The Case of the United Arab Emirates (UAE),” European Journal of ePractice, No. 17, 2012, pp. 126-150.
  27. A. M. Al-Khouri, “Emerging Markets and Digital Economy: Building Trust in the Virtual World,” International Journal of Innovation in the Digital Economy, Vol. 3, No. 2, 2012, pp. 57-69.
  28. L. A. Mohammed, A. Ramli, V. Prakash and M. B. Daud, “Smart Card Technology: Past, Present, and Future,” 2004. http://www.journal.au.edu/ijcim/2004/jan04/jicimvol12n1_article2.pdf

NOTES

1The Emirates Identity Authority is a federal government entity in the UAE established in 2004 with the task of developing a modern national identity management infrastructure. The first phase in the scheme aimed to enrol all the population of the country, around 8.5 million, and issue them with biometric-based smart identity cards. Having completed the enrolment phase, the authority is currently working on maximising the reach and adoption of its identity cards both in the public and private sectors. The authority’s argument is that smart cards have significant potential to contribute towards creating value-added customer services and operational efficiency, while providing advanced authentication capabilities.

2The GCC is also referred to as the Co-operation Council for the Arab States of the Gulf (CCASG). It includes six countries namely, Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the United Arab Emirates. An estimated population of around 47 million people lives in the GCC countries.