The Future of PKI
by Elite158
Public-Key Infrastructure, or PKI, is a new system (well, new to the public) created by the government to electronically identify yourself. Here I will explain the basic structure of PKI.
The government uses what's called "High Assurance Smart Cards," a system known as FORTEZZA. These smart cards are electronic cards made especially for the government. The cards workers hold contain their personal information. It has, of course, your name, your address, credit card info, SSN, and the whole works. The government uses this system to have authorized workers identify themselves to access classified material. Basically, electronically identifying yourself is an easy and fast way to prove you are who you say you are.
Now FORTEZZA is coming out to the public, but will be known as PKI or smart cards. Even though they're still called smart cards, the information will be kept on a more abundant media: the floppy disk. Along with the floppy disk is the laptop PCMCIA card, and possibly even mini-CD. These cards, however, aren't High Assurance. Instead it's a Medium/Low Assurance, meaning that the most abundant information is used, instead of putting in every meticulous detail.
PKI will be used mostly in banks and online. In fact, there is a very high chance that by the next election in 2004, people will be able to vote through government servers online, using their smart cards. It should work just by sticking in the disk while on their site. The server will gather the information needed, it will do the hand shake if approved, and your vote will be counted.
These cards (remember that these cards are either the floppy disks or laptop cards) are given to you by the government. Now I'm not sure what kind of files the information is stored on, but it has to be some sort of executable program. When you open it up, it'll prompt you for a password. Once typed in and authorized, you have assured yourself that you own that card. You can now use it freely throughout the Internet or wherever the card is applicable. The application will most likely be run in the background. There is, according to the government, no way of tampering with or editing the information on the smart card. In fact, to update the information (say you moved or changed your phone number), you would have to take it to a facility like a bank. You would give them what you want to update and they would change it.
These cards are already starting to appear. Visa has got a smart credit card out now. It's a credit card with a microchip on it that contains your personal information, just as I explained. It comes with its own external port that's plugged into your computer. You just stick it in and it acquires the data. This sort of stuff will be seen more often as time passes by.
For right now and not many years ahead, PKI will be voluntary for people to use. But it's likely that in the far future, PKI will become mandatory to everyone 18 and older. It'll basically be a new form of ID, the electronic ID.
This whole system may sound unreal because, just how hard does the government think it would take for a hacker to break the system? There are possibilities now that could make any hacker become well known. The potential of people password cracking their own cards and running around claiming to be someone they're not, or hacking the online voting servers and getting Nader elected, or even making copies with different identities and going wherever they want as whoever they want to be online is remarkable.
In my opinion, this new decade is going to be known as the techno-happy years, where our everyday lives will involve personal usage of technology. Hell, if you think about it, we can already buy our groceries without getting off our asses except to go to the door and pick up the food.
But besides that, PKI is still forming and is still changing.
This article was written to give you an idea of what we're in for. Hopefully this new system won't be stupid, but I have high doubts about that. I hope it leaves opportunities for hackers to learn the structure of it, and even manipulation on it.
All in all, I hope more people learn about PKI. I will be trying to get more information on it as it progresses.