“It’s like handing out Chip-and-PIN payment cards without a PIN. We’re not quite into chocolate teapot territory in terms of failed effectiveness here, but we’re pretty close.”
-- Jeff Hudson, Venafi CEO
London: Reacting to a technical glitch that left foreign residents in Japan with ID cards that lacked the necessary electronic signature key for secure authentication and access highlights the need for better key management processes when dealing with large key volumes, says Venafi.
Jeff Hudson CEO of the Enterprise Key and Certificate Management (EKCM) solutions specialist – says this incident is almost certainly the result of a poor management system implementation hitting the buffers.
“Issuing a smart card without its related digital signature is like handing out Chip-and-PIN payment cards without a PIN. We’re not quite into chocolate teapot territory in terms of failed effectiveness here, but we’re pretty close,” he said.
“More seriously, however, this shows us what happens when organisations – even public sector agencies – implement an authentication platform without an effective set of back office and key management systems to support that platform,” he added.
“The the bottom line here is that the Japanese immigration ministry should have implemented a better security and key management system to avoid this egg-on-face situation with consequent negative publicity.”
ZDNet news story summary
The system used to imprint justice minister's digital signature on new foreign residence card suffers a glitch causing foreign residents in Japan to receive their new residence cards - without the electronic signature authorised by the country's justice minister.