Standards Australia is seeking comments on the latest version of its Protocol for Lightweight Authentication of Identity (PLAID) logical smart card application.
PLAID defines a standardized authentication protocol resolving some of the issues with poor cryptography, privacy, speed and other issues with contactless smart cards. The standard is capable of transitioning older Weigand-based solutions to modern solutions without relying on re-cabling, PKI, or anything other than commercial off-the-shelf smart cards, readers and public domain cryptographic libraries.
The intellectual property for PLAID is freely available to any manufacturer, government or other party under an irrevocable license from the Australian Commonwealth. The full specifications, licence reference, source code and testing tools are available here. Steps are underway to standardize PLAID for Australian and International standards at which point the intellectual property will be assigned to those bodies.
PLAID was developed within an Australian Government smart card project operated by Centrelink, an agency responsible for the broad provision of social services in Australia. Centrelink has a very large footprint with more than 300 offices and 30,000 desktops needing secure, private, smart card based authentication for both logical and physical access using contactless protocols.
Centrelink implemented a centralized, role-based ID management system some nine-years ago and is transitioning this system to support contactless smart cards which gave rise to the PLAID project.
The draft and incoming comments can be viewed here.
Additional information on the specification is available here.