Triggering the Smart Card Readers Supply Chain


Published on

In the last 12 years or so, many governments have launched modern identity management systems. These systems typi- cally integrate a set of advanced and complex technologies to provide identification and authentication capabilities. The major output of such systems is smart identity cards that bind the cardholders’ identities to their biographical data and one or more biometric characteristics. The field of government practice has been focusing on the enrolment capabilities and infrastructure rollout, with little focus on smart card applications in the public domain. This article attempts to ad- dress this area in the body of knowledge from a government view point. It explores card reader adoption opportunities in both the public and private sectors, and attempts to outline the United Arab Emirates’ (UAE’s) government’s plans to disseminate card readers and promote their adoption in government and various industrial groups in the country.

Published in: Technology, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Triggering the Smart Card Readers Supply Chain

  1. 1. Technology and Investment, 2013, 4, 69-75doi:10.4236/ti.2013.42008 Published Online May 2013 ( the Smart Card Readers Supply ChainAli M. Al-KhouriEmirates Identity Authority, Abu Dhabi, United Arab EmiratesEmail: ali.alkhouri@emiratesid.aeReceived October 22, 2012; revised May 7, 2013; accepted May 14, 2013Copyright © 2013 Ali M. Al-Khouri. This is an open access article distributed under the Creative Commons Attribution License,which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.ABSTRACTIn the last 12 years or so, many governments have launched modern identity management systems. These systems typi-cally integrate a set of advanced and complex technologies to provide identification and authentication capabilities. Themajor output of such systems is smart identity cards that bind the cardholders’ identities to their biographical data andone or more biometric characteristics. The field of government practice has been focusing on the enrolment capabilitiesand infrastructure rollout, with little focus on smart card applications in the public domain. This article attempts to ad-dress this area in the body of knowledge from a government view point. It explores card reader adoption opportunitiesin both the public and private sectors, and attempts to outline the United Arab Emirates’ (UAE’s) government’s plans todisseminate card readers and promote their adoption in government and various industrial groups in the country.Keywords: Identity Management; Electronic Identity; eID; Smart Cards; Card Readers1. Introduction“There were 30 billion plastic cards issued in 2011alone. If you were to line up the cards end-to-end,that amounts to nearly 1.6 million miles of plasticevery year—enough to create a six-lane plastic high-way between Earth and the Moon. Mobile wallets inthe long run have the potential to replace billions ofplastic cards that end up in landfills, while providinga secure and convenient user experience.” [1]Obviously, the public and business sectors are show-ing greater interest in plastic card adoption. However,there is a shift towards a more sophisticated plastic cardin the industry, namely smart plastic cards [2-4]. Smartcards provide more advanced capabilities in identifica-tion, authentication, data storage and application proc-essing [5-8]. Smart cards contain electronic memory and,in some cases, an embedded integrated circuit. They ba-sically come in two types, contact and contactless. Con-tactless smart cards only require close proximity to areader to enable the transmission of identification data,commands and card status, hypothetically taking lesstime to authenticate versus contact smart cards that re-quire insertion into a smart card reader [9]. Each readerand card has an internal antenna that securely communi-cates with the other.Smart card authentication is considered to be the best-known example of a proof by possession mechanism[10,11]. Other traditional classes of authentication me-chanisms include proof by knowledge (e.g., passwords)and proof by property (e.g., fingerprints). When com-bined and used for user authentication, smart cards canhelp improve the security of a device as well as provideadditional security services [12-14]. Figure 1 depicts atypical user logon and authentication process using asmart card.A considerable number of governments around theworld have launched modern identity management pro-grams in an attempt to create a more accurate populationregister, and to develop identification and authenticationcapabilities [15]. Governments have been promotingtheir national identity schemes somewhat aggressively togain public acceptance and secure necessary funding.Among the numerous benefits reported by governmentsFigure 1. User authentication with smart cards.Copyright © 2013 SciRes. TI
  2. 2. A. M. AL-KHOURI70is that the new smart identity cards may replace many ofthe existing identification cards, such as driving licences,health insurance cards, and so forth [16-18] and thereforehave a high impact on lowering cost and minimising du-plication in widely produced identity documents. Smartcards are also promoted on the basis of having the poten-tial to become an innovative approach in addressing thee-government and e-commerce needs of strong authenti-cation.In reality and practice, however, governments havebeen paying significant attention to population enrolmentand infrastructure rollout with little attention to wideningthe smart identity card applications in the public domain.It is interesting to refer here to the fact that it is estimatedthat governments around the world have issued hundredsof millions of smart cards in the last ten years in the formof national identity cards. Despite this gigantic number ofsmart cards issued by governments, the field of practicedoes not show any noteworthy government action thatcan truly justify such massive spending and show cleareconomic value.On the other hand, market research shows that gov-ernments will still spend increasing and capacious finan-cial budgets on smart card acquisition in the comingyears [19-21]. A recent study by Frost and Sullivan ar-gues that the field of smart cards and their adoption willremain strong and may exhibit renewed potential for allmarkets, given the growing concern for electronic secu-rity, and increasing overall system performance withcontactless technology [22]. The study also anticipatedthat all the four primary markets which smart card read-ers address (i.e., government, banking and payment,transportation, and corporate security) will continue togrow. Our experience in the field strongly supports thisfinding. We envisage that smart card readers have hugemarket penetration and adoption opportunities, providedthat the right strategies and business cases are put inplace. In this article, we attempt to outline the UnitedArab Emirates’ (UAE’s) government’s plans to rolloutsmart card readers and promote their adoption in thepublic and private sectors.This article is structured as follows: Section 2 providesa short overview of the UAE’s identity management in-frastructure and the features of the smart identity cardissued as part of the UAE’s scheme; Section 3 outlineshow the demand for card reading by service providersmay impact the supply of card readers; Section 4 pro-vides an overview of the role of the UAE’s identity issu-ing authority in the card reader market; and finally, Sec-tion 5 concludes the article with some perspectives.2. The UAE: A Regional Leader inElectronic Identity (eID)The UAE is considered to be a regional leader in the fieldof digital identity management infrastructure [23].Through its national identity issuing authority, setup in2004, to date it has issued more than 8.5 million digitalidentities to its citizens and resident popultion. Digitalidentity is linked to the individual’s biographical dataand his/her facial and fingerprint biometrics. The digitalidentity profile is represented by a set of digital certifi-cates and strong authentication credentials, packaged inthe form of a secure smart identity card.The UAE’s identity card is essentially a Java-basedsmart card packed with features like contact and contact-less, multi-factor authentication and a challenge responsemechanism for determining the cardholder’s identity andwhether or not the card is genuine. Built on open stan-dards, the Java-based operating system card is secured byassymetric keys and specific protocols for communica-tion. It uses both match-on-card and match-off-card fea-tures to provide various authentication capabilities.In a short span of six years, the UAE has achieved adistinctive target of enrolling almost 98% of its citizensand resident population and issuing them with smartdigital identity cards. The new smart identity card is cur-rently a pre-requisit in order to access any services in thegovernment and public sectors, and, in parts, in the theprivate sector as well.The government has distributed around 10,000 smartcard readers in the last five years to the public sector andsome private sector organisations to allow them to elec-tronically “read” the data stored on the smart identitycard. Early adopters of smart card readers reported thatthey have succeeded in shortening over-the-counter cus-tomer handling cycles from 10 to 20 minutes on average[24,25].It is envisaged that smart card readers and applicationswill be further cultivated in the UAE in the next fewyears and will become an integral part of enterprise ar-chitectures in both the public and private sectors due totheir potential to improve service delivery systems andsecure access to networks and online transactions. Thesimple “read” need of the smart card is also expected toevolve with the need to undertake stronger identification,verification and authentication procedures to confirm theidentity of the service seeker. We explore this further inthe next section.3. The ID Card Readers and the ReaderSupply Chain in the UAEAs indicated earlier, modern identity card programs havebeen launched by many governments with a strong beliefthat they will address many of the challenges and na-tional development priorities [15]. However, no countryhas linked the use of smart card readers with identityverification needs as an imperative for delivering gov-ernment and public sector services. Besides, some coun-Copyright © 2013 SciRes. TI
  3. 3. A. M. AL-KHOURICopyright © 2013 SciRes. TI71tries issue digital certificates on their identity cards but,since they are exportable, the card itself becomes redun-dant in certificate usage.The government of the UAE has been working to de-velop secure authentication capabilities to support e-government transformation and e-commerce initiatives.This transformation is sought as part of the UAE’se-government strategy 2012-2014 which aims to developinnovative delivery systems and support the develop-ment of a digital economy [26,27]. The UAE’s newsmart identity card is designed to support this particularobjective of authentication as it contains digital creden-tials of the cardholder for use both in in-person andonline environments.Currently, the UAE mandates the physical “presence”of the new smart identity card to benefit from any servicethat is provided by government and public sector agen-cies. With increasing interest in reading data electroni-cally from the chip, card reading capabilities are becom-ing a necessity, creating more demand for card readers. Aquick look at smart card reader availability around theworld seems to reveal that they are not commodity itemsthat are available in electronics stores. So, one maywonder, why is it that one does not see the readers inretail stores? Why are readers not available like mobilephones? The reason is obvious when the supply chain foridentity card readers is analysed. The use of the cardreader is a direct function of the need to read the carddata. Table 1 attempts to illustrate this.As is evident from the table, the predominant user ofthe card reader is the service provider and the card readerownership very much depends on the service deliverychannels. Adoption of identity card readers by serviceproviders thus becomes the key to the widespread avail-ability of card readers. Figure 2 below depicts the IDcard reader supply chain as seen in the UAE. Rows two,three and four of the supply chain diagram look like theconventional chains of the manufacturer, the supplier(distributor) and the retailer.In general terms, the ID card reader supply chain isseen here to be driven by push and pull forces. The pushand pull represents the need for identity services (i.e.,verification, validation and authentication needs) to en-able the delivery of services by various service providers.The electronic service channels dictate the integration ofsmart card readers that facilitate the use of the govern-ment issued smart ID card. Smart card adoption in retailand distribution is expected to further support growthopportunities in this critical industry.Retailers and distributors in the UAE have placed in-creased importance on conducting business in a morecost effective and time efficient manner. Intensifyingcompetition, cost/scarcity of retail space and growingcustomer expectations are driving retail and distributionbusinesses to establish collaborative business models—necessitating the formation and maintenance of new rela-tionships. It is in this context that we can view the effortsof the UAE to popularise the use of the smart ID cardand drive the ID card reader supply chain. The next sec-tion elaborates on this further.4. The Role of the UAE’s Identity Authorityin the UAE-ID Card Reader MarketAlthough the UAE smart identity cards have been mademandatory to access all government services, there is noclear and perceptible adoption of smart card readersamong the service providers. There is much more reli-ance on the physical “eye look” rather than on the “elec-tronic reading and processing” capabilities of the smartTable 1. Application types and card reading needs.Application Channel Need card reader Reader ownerSimple Identification—No need for data entry—Manual check of theID Card and manual reading of IDNPhysical NO NoneOTC YES Service providerKIOSK YES Service providerID Required to be entered as dataWEB PORTAL YES Card holderService to be delivered OTC (Over the Counter)—Ensure that it isbeing delivered to the correct personOTC YES Service providerService to be delivered OTC (Over the Counter)—Ensure that it isbeing delivered to the correct person and require confirmation ofservice delivery (signature of service beneficiary)OTC YES Service providerService being requested remotelyWEB PORTALKIOSKYES Card holderService to be delivered remotely—Ensure it is being delivered to thecorrect person and require confirmation of service deliveryWEB PORTALKIOSKYESCard holderService provider
  4. 4. A. M. AL-KHOURI72Figure 2. Identity card reader supply chain.card. Here is where the UAE government, through itsIdentity Authority1, is currently working to play a sig-nificant role in promoting and supporting card readeradoption in both the public and private sectors. The au-thority’s role and current activity is akin to the triggermechanism used for thyristors to become conductors ofcurrent. See Figure 3.A thyristor is a semi-conductor device with specialcharacteristics. It is the equivalent of a mechanical switchand consists of two diodes. The special characteristic of athyristor is that it acts as a non-conductor of current till ithas such a voltage across its anode and cathode that thesemi-conductor itself breaks down or with a small triggercurrent applied at its “gate” allows a large amount ofcurrent to be conducted almost instantaneously. Thistrigger current is called the gate current and is usually inmilli amperes as against the thousands of amperes thatthe thyristor could allow to flow. The gate current can bewithdrawn once the conduction starts and it does notswitch the thyristor from conducting to non-conducting.The similarity between the above current gate conceptand that which the government of the UAE is trying toachieve is remarkable. We envisage the UAE’s IdentityAuthority to play a triggering role and, as mentionedabove, in order to get the thyristor to turn “ON” we needto inject a pulse of current into the gate. Much as a gatecurrent (a very small amount) is required for conductionof mighty current flows, a trigger is needed to set in flowidentity card based services and the adoption of the cardreaders.Government regulations may be seen here to act as thepotential push to inject the pulse to trigger higher de-mand for smart card readers and widespread applicationand usage of the identity card and the card readers invarious industries. Nonetheless, the inertia (e.g., lack ofawareness, lack of applications etc.) will act as resistingelements to the roll out of services.1The Emirates Identity Authority is a federal government entity in theUAE established in 2004 with the task of developing a modern na-tional identity management infrastructure. The first phase in thescheme aimed to enrol all the population of the country, around 8.5million, and issue them with biometric-based smart identity cards.Having completed the enrolment phase, the authority is currentlyworking on maximising the reach and adoption of its identity cardsboth in the public and private sectors. The authority’s argument is thatsmart cards have significant potential to contribute towards creatingvalue-added customer services and operational efficiency, while pro-viding advanced authentication capabilities.The UAE’s Identity Authority, as the trigger, has re-cently announced that it will distribute tens of thousandsCopyright © 2013 SciRes. TI
  5. 5. A. M. AL-KHOURI 73Figure 3. Card readers and the gate current concept.of card readers across the different government serviceproviders. It is considered that this will set in motion thesupply chain movement in the country. In other words,once such an amount of readers is available in the publicdomain and is used as a requirement to access govern-ment services, the public and financial sectors are ex-pected to follow suit and create higher demand for cardreaders. As the identity card usage becomes more preva-lent, it is expected to cascade to wider availability of ser-vices on web portals as e-services.While the service providers themselves would act asinstitutional buyers in the supply chain, the vendors ofthe card readers are expected to become more visible inthe retail industry. This would bring the retail buyer-thatis, the individual buyer—to create the demand to procurethe readers.The healthcare sector is another subdivision that wouldgain immensely from the availability of identity cardreaders to enable identity-card-based healthcare transac-tions. The smaller players in the healthcare supply chain,like pharmacies, clinics and so forth, would act as indi-vidual buyers and would drive the retail market in iden-tity card readers. Banks and other financial institutionswould be major beneficiaries from fraud containment,while citizens and residents would be considered as di-rect beneficiaries of the convenience of economic trans-actions involving identity verification. This is expectedto result in economic activity of millions of card readersin the country. At an average retail price of $13.50 perreader, this would translate into tens of millions of dol-lars just in terms of hardware sales.Indeed, this is considered to be a new segment of eco-nomic activity that is currently absent in the country. TheUAE’s Identity Authority’s small action of buying a fewthousand readers and placing them with government ser-vice providers would trigger this economic activity in thespace of the next two years. This is just a part of thewhole. Along with the readers would come the servicesdirectly related to the hardware in terms of warranty andtechnical services. The software and application devel-opment of integrating the identity card and the cardreader into applications is a supplementary economicactivity. At a conservative estimate, this activity could beworth further tens of millions of dollars. In total, theUAE’s government gate trigger role would result in aneconomic activity worth hundreds of millions of dollarsand would contribute directly to the overall GDP of thecountry. Besides, card readers are foreseen to be avail-able in supermarkets and electronics stores as well. Digi-tal literacy of the cardholders would be a direct result ofusing identity cards.On the other hand, the impact of wider adoption ofsmart card readers in various industries in the UAE maywell trigger more copious adoption in the Gulf Co-op-eration Council (GCC)2countries and the region as awhole. Improving customer service and internal effi-ciency will be the key drivers for such adoption. Thehigh tech and security features of the smart identity cardwould result in a secure environment which would con-tribute to containing fraud on account of identity theft.The economic activity stemming from smart card distri-bution in this case will then be a mulitplying factor in thecalculation. Identity card reader manufacturers and dis-tributors and electronics retailers would well be advisedto gear up to this reality. The early players would havethe benefit of being early movers in exploiting this nichemarket.2The GCC is also referred to as the Co-operation Council for the ArabStates of the Gulf (CCASG). It includes six countries namely, Bahrain,Kuwait, Oman, Qatar, Saudi Arabia, and the United Arab Emirates. Anestimated population of around 47 million people lives in the GCCcountries.Copyright © 2013 SciRes. TI
  6. 6. A. M. AL-KHOURI745. ConclusionsSmart cards are likely to become indispensable tools inthe future in addressing the competitive interests of di-verse groups of industries. Government issued identitycards are envisaged to play a critical role in this area.Their advanced authentication capabilities are likely topromote higher chances of acceptance by both serviceproviders and the public. However, governments willneed to put in place clear strategies as to how they intendto support the identification and authentication require-ments both in the public and private sectors.In this article, we attempted to outline and bring aboutsome insights from a government’s field of practice. TheUAEs government’s plans should provide some under-standings of how a government views its role in promot-ing the use and application of its smart identity cards.We envisage that governments, specifically those im-plementing modern identity card systems, will show in-creasing interest in card readers in the next few years.Many governments will work towards replacing existingidentification documents with the new smart identity card.As smart card readers will naturally demonstrate strongerauthentication capabilities, this in itself would supporthigher levels of trust and participation. This may alsohave a significant impact on the progress and develop-ment of e-government and e-commerce business models.To a great extent, identity theft and transaction fraud canbe controlled too.Besides, we also believe that governments will attemptto regulate the computer industries in their countries tointegrate personal computers with smart card readers.This is likely to be seen either as part of a computerkeyboard or driver or perhaps as an external peripheral[28]. Smart cards have the potential to reshape servicedelivery and the way in which services are provided,both in the government and public sectors as well as inthe retail and distribution industries. The rapid techno-logical pace in the smart identity card industry will notonly revolutionize the future of identification and Au-thentication but will also open up new business opportu-nities and create new economy niches.REFERENCES[1] S. Narendra, “Connecting Identity and Mobility: A Se-cure, Scalable and Sustainable Mobile Wallet Approach,”IQT Quarterly, Vol. 4, No. 1, 2012, pp. 18-21.Http://[2] U. Hansmann and M. S. Nicklous, “Smart Card Applica-tion Development Using Java,” Springer, Berlin, 2002.[3] F. Morgner, D. Oepen, W. Müller and J. Redlich, “Mo-bile Smart Card Reader Using NFC-Enabled SmartPhones,” 2012.[4] D. Paret, “RFID and Contactless Smart Card Applica-tions,” Wiley, New York, 2005.[5] K. Mayes and K. Markantonakis, “Smart Cards, Tokens,Security and Applications,” Springer, Heidelberg, 2010.[6] M. Pelletier, M. Trepanier and C. Morency, “Smart CardData in Public Transit Planning: A Review,” 2009.Https://[7] S. A. M. Rizvi, H. S. Rizvi and Z. Al-Baghdadi, “SmartCards: The Future Gate,” Proceedings of the World Con-gress on Engineering and Computer Science 2010,WCECS 2010, 20-22 October 2010, San Francisco, pp.81-86.[8] H. Taherdoost, S. Sahibuddin and N. Jalaliyoon, “SmartCard Security; Technology and Adoption,” InternationalJournal of Security (IJS), Vol. 5, No. 2, 2011 pp. 74-84.[9] K. Finkenzeller, “RFID Handbook: Fundamentals andApplications in Contactless Smart Cards, Radio Fre-quency Identification and Near-Field Communication,”Wiley, New York, 2010.[10] W. Jansen, S. Gavrila, C. Séveillac and V. Korolev,“Smart Cards and Mobile Device Authentication: AnOverview and Implementation,” National Institute ofStandards and Technology, 2005.Http://[11] R. Ramasamy and A. P. Muniyandi, “An Efficient Pass-word Authentication Scheme for Smart Card,” Interna-tional Journal of Network Security, Vol. 14, No. 3, 2012,pp. 180-186.[12] S. S. Baboo and K. Gokulraj, “A Secure Dynamic Au-thentication Scheme for Smart Card Based Networks,”International Journal of Computer Applications, Vol. 11,No. 8, 2010, pp. 5-12.[13] B. Bakker, “Mutual Authentication with Smart Cards,”1999.[14] J. T. Monk and H. N. Dreifus, “Smart Cards: A Guide toBuilding and Managing Smart Card Applications,” JohnWiley & Sons, New York, 1997.[15] A. M. Al-Khouri, “Population Growth and GovernmentModernisation Efforts: The Case of GCC Countries,” In-ternational Journal of Research in Management andTechnology, Vol. 2, No. 1, 2012, pp. 1-8.[16] J. Briggs and R. Beresford, “Smart Cards in Health,”2009.[17] S. Chellappan and V. Paruchuri, “Integrating Smart CardsCopyright © 2013 SciRes. TI
  7. 7. A. M. AL-KHOURICopyright © 2013 SciRes. TI75with Vehicular Networks: Architecture and Applica-tions,” 2009.[18] O. S. Choudary, “The Smart Card Detective: a Hand-HeldEMV Interceptor,” Master’s Dissertation, University ofCambridge, Cambridge, 2010.[19] A. Catherine and W. J. Barr, “Smart Cards: Seizing Stra-tegic Business Opportunities,” McGraw-Hill, Boston, 1996.[20] M. Hendry, “Multi-Application Smart Cards: Technologyand Applications,” Cambridge University Press, Cam-bridge, 2007.[21] Smart Card Alliance, “Smart Cards and Biometrics,”2011.[22] Frost and Sullivan, “World Smart Card Readers andChipsets Market,” 2010.[23] WRA, “Largest Biometric Database: Emirates IdentityAuthority Sets World Record,” World Record Academy,2012.[24] Al-Bayan, “Identity Card Shortens the Time of Data En-try in the Dubai Courts to 7 Seconds,” Al Bayan News-paper, UAE (Arabic Version), Dubai, 2009.[25] A. M. Al-Khouri, “Identity and Mobility in a DigitalWorld,” Investment & Technology, Vol. 4. No. 1, 2012,pp. 7-12.[26] A. M. Al-Khouri, “eGovernment Strategies: The Case ofthe United Arab Emirates (UAE),” European Journal ofePractice, No. 17, 2012, pp. 126-150.[27] A. M. Al-Khouri, “Emerging Markets and Digital Econ-omy: Building Trust in the Virtual World,” InternationalJournal of Innovation in the Digital Economy, Vol. 3, No.2, 2012, pp. 57-69.[28] L. A. Mohammed, A. Ramli, V. Prakash and M. B. Daud,“Smart Card Technology: Past, Present, and Future,” 2004.