Ngiam Shih Tung December 22, 2003 Fun with numbers Breaking the NRIC check digit algorithm.

Slides:



Advertisements
Similar presentations
Numbers in Our Pockets GCNU 1025 Numbers Save the Day.
Advertisements

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Chapter 10 Intellectual Property. Objectives Different forms of intellectual property Value of trademarks, copyrights, and patents. How to obtain a copyright.
Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 4: Intellectual Property.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
1 CENG 707 Data Structures and Algorithms Nihan Kesim Çiçekli Department of Computer Engineering Middle East Technical University Fall 2010.
Database Design Concepts INFO1408 Term 2 week 1 Data validation and Referential integrity.
Chapter 5 Intellectual Property & Internet Law
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
Chapter 16: Identification Numbers Lesson Plan
More to Learn Check digit –It is used to check whether a number is valid. –Both ISBN and Hong Kong Identity Card numbers contain a check digit for data.
CS1101: Programming Methodology Aaron Tan.
L. Padmasree Vamshi Ambati J. Anand Chandulal J. Anand Chandulal M. Sreenivasa Rao M. Sreenivasa Rao Signature Based Duplicate Detection in Digital Libraries.
1 3 Computing System Fundamentals 3.4 Networked Computer Systems.
I DENTIFYING AND P ROTECTING I NTELLECTUAL P ROPERTY Tyson Benson
Wong Wai Ling, Lam Pui Ki Identification number  clearly identify a person or a thing Check digit  an extra digit for the purpose of error.
1 CSC 427: Data Structures and Algorithm Analysis Fall 2011 See online syllabus (also available through BlueLine): Course goals:
WHO COURSE FOR THE CARs MONITORING AND AUDITING OF FOOD LAW COMPLIANCE AND ENFORCEMENT.
Where are all the Gas Stations? 2008 Hurricane Season Lessons Learned Workshop Louisiana’s Geospatial Response to Hurricanes Gustav and Ike January 29,
1 JavaScript 4 User Input Validation. 2 Input Validation One of the most useful applications of JavaScript is input validation Scripts in the page can.
Richard Siegersma General Manager Thorpe-Bowker Australian ISBN agency since 1997.
Company: Account Requests FMCSA Portal Prioritization Phase I Release, December 2010 v1.4.
New Form Approval Process. Background New Process is effective April 1, 2014 Changes Chapter 4 in the Library Manual (the reissued 2014 manual will be.
Fault Tolerance CDA 5140 Spring 06 Everyday FT. Background Use of check digits for error detection on everyday applications used extensively but most.
Lecture 12.  The ISBN 10-digit uses a reverse weighting system: multiply the first digit by 10, the second by 9, the third by 8 and so on until the check.
Objectives of Control The objectives of control are:  To ensure that all data are processed  To preserve the integrity of maintained data  To detect,
Spring 2015 Mathematics in Management Science Identification Numbers Data Security Check Digits UPCs, Routing Nos, Bar Codes Personal Data.
Section 2.1: Shift Ciphers and Modular Arithmetic Practice HW from Barr Textbook (not to hand in) p.66 # 1, 2, 3-6, 9-12, 13, 15.
EXAMPLE 3 Find the inverse of a 3 × 3 matrix Use a graphing calculator to find the inverse of A. Then use the calculator to verify your result. 2 1 – 2.
System Development Lifecycle Verification and Validation.
ETheses at the University of Sheffield Vic Grant Faculty Librarian for Medicine, Dentistry and Health University Library Sept 2010.
CS1101: Programming Methodology Aaron Tan.
COMMUNICATION WITH CREDITORS AND DEBTORS IN ACCORDANCE WITH THE NEW CIVIL CODE OF PROCEDURE (NCCP) USING TECHNOLOGY INFORMATION AND COMMUNICATIONS André.
Social and Ethical Issues. Social & Ethical Issues Social and ethical issues arise from the processing of data into information. There are many issues.
MAT 105 Spring  An identification number is a sequence of letters and/or numbers that identifies an object, person, place, or concept  The number.
CIT PowerPoint presentation Group 4. Unit 1, Chapter 2 Basic Concept on Data DATA AND INFORMATION What is data? Data consists of all sorts of unorganised.
1. Click here for the members section. 1. Type in your HDL 2. Type in your password (if you get this wrong three times you will be locked out)
Chapter 3: Classes and Objects Java Programming FROM THE BEGINNING Copyright © 2000 W. W. Norton & Company. All rights reserved Java’s String Class.
© 2010 Pearson Education, Inc., publishing as Prentice-Hall 1 INTERNET LAW AND E-COMMERCE © 2010 Pearson Education, Inc., publishing as Prentice-Hall CHAPTER.
Data Management Data Verification Data Validation.
Chapter 3 Data Control Ensure the Accurate and Complete data is entering into the data processing system.
Math for Liberal Studies. What is an identification number?  An identification number is a sequence of digits and/or numbers that identifies an object,
Check Digits Tanli Su. Introduction -identification numbers are used to easily identify people, products, books, accounts, credit cards, driver's licenses,
First Class In-Service Warren/Reeve/Duchac Accounting, 22e.
0 SAT Online - Student Registration What You Will Need In order to register, you must have: –A working account –Several possible user names* –A unique.
How to apply for a Tier 4 visa Student Immigration Team.
1 A Statistical Matching Method in Wavelet Domain for Handwritten Character Recognition Presented by Te-Wei Chiang July, 2005.
Patent Review Overview Summary of different types of Intellectual Property What is a patent? Why would you want one? What are the requirements for patentability?
Course Pack Production at HKIEd HKIEd Library 20 Jun 2013.
CollegeBoard SAT Online Course Student Registration.
ORIGINAL AGENT/BROKER LICENSING IN NEW YORK ON-LINE NOT IN-LINE GO TO.
How to validate ISBN/ISSN Available in cataloging, circulation and acquisitions.
An introduction to Intellectual property protection TG © Copyright by Stevens Institute of Technology.
Public Key Encryption Major topics The RSA scheme was devised in 1978
CSC 321: Data Structures Fall 2016
A Gift of Fire Third edition Sara Baase
CSC 321: Data Structures Fall 2015
Chapter 16: Identification Numbers Lesson Plan
Options to Protect an Invention: the Patent Cooperation Treaty (PCT) and Trade Secrets Hanoi October 24, 2017 Peter Willimott Senior Program Officer WIPO.
Mobility And IP Addressing
Chapter 1 Number Systems, Number Representations, and Codes
Chapter 16: Introduction
Statistical Optimal Hash-based Longest Prefix Match
IT Applications Theory Slideshows
How St Richard’s processes Subject Access Requests (SARs)
Fundamentals of Data Representation
Chapter 16: Identification Numbers Lesson Plan
Pacific Regional Workshop on Legal Identity and Identity Security 8-10th July 2019 PALAU Efrecia R. Kazuma.
1) Application of Cybersecurity Regulation for new registrations
Presentation transcript:

Ngiam Shih Tung December 22, 2003 Fun with numbers Breaking the NRIC check digit algorithm

Introduction The algorithm for computing the check digit for Singapore identity card numbers is unpublished Algorithm is partially described in various open sources Objective of this exercise is to elucidate the complete algorithm from internet resources and “virtual experimentation”

UIN/FIN structure The National Registration Identity Card (NRIC) number is the Unique Identification Number (UIN) or Foreigner Identification Number (FIN) Century prefix S, T - 19th and 20th letters of alphabet for UINs issued in 19xx and 20xx respectively F, G - Foreigners (not 7th and 8th century !) Check digit (official reference) –Computed from first eight characters of UIN/FIN –Detects data entry errors Century Prefix 7 digit number Check Digit How do we calculate this ?

UIN/FIN algorithm Government will release UIN/FIN algorithm for computing check digit, BUT –“Application is open ONLY to Singapore-based organisations with the legitimate need for the UIN/FIN validation. ” –“ Your application is subject to our final approval and our decision shall be final” –License agreement requires: “The Licensee agrees to take all reasonable steps to protect the Licensed Material from unauthorised copying, adaptation or use.” –License fee Algorithm$200 Sample code$400 Source: ICA website ( website (

IP Analysis Can the government really prohibit unauthorised use ? Copyright –Source code is subject to copyright –Algorithms are not subject to copyright Patent –Algorithms are patentable, but Patent must be published Prior art probably exists in this case Patent, if any is long expired (> 20 yrs) Trade Secret –May be protectable under the license agreement –BUT, no secret if the information is already publicly available or obtained via a different route

Modulo 11 checksum Algorithm for S-series (old-style) NRIC numbers is well-known* d= [ (d 1 d 2 d 3 d 4 d 5 d 6 d 7 ) ( ) ] mod 11 = ( 2d 1 + 7d 2 + 6d 3 + 5d 4 + 4d 5 + 3d 6 + 2d 7 ) mod 11 Lookup d: Weights 7-digit NRIC number Does this work for F, G, T-prefix UIN/FINs ? * e.g. soc.culture.singapore newgroup postings (1995)soc.culture.singapore newgroup postings (1995) 1

Reverse Engineering the FIN algorithm Find a large set of FINs then reverse engineer the check digits to determine weights and mapping of checksum to letters MOM publishes a list of Registered Safety Officers on its websiteRegistered Safety Officerswebsite 48 out of 1,287 Safety officers are foreigners with FINs By inspection, same algorithm and same weights are used but with different check letters: FINs extracted from MOM website Checksums calculated using formula 1

21st century UINs - T & G prefix Difficult to obtain large list of T-and G-series UINs –Children born and foreigners registered during or after 2000 Solution: Use a brute force approach and rely on the National Library web interface to check accuracy of guess

Virtual Experiment Verifying UIN/FIN check digits Enter Test UIN/FIN Guess check digit (letter) corresponding to IC number Guess incorrect Guess correct ! Enter any name / birth month Error 2 1 NLB Online Services or

21st century UIN/FIN check digit By exhaustive search, we conclude for T-prefix UINs – Same weighting factors and modulo 11 algorithm is used but – Mapping of check digits is shifted 4 places Similar shift is observed for G-prefix FINs Shift 4 places

Universal UIN/FIN Check Digit Algorithm For any UIN/FIN of format P d 1 d 2 d 3 d 4 d 5 d 6 d 7 C where P = Century prefix {S, T, F or G} d i = Number, i = 1..7 C = Check Digit (letter) d = { d 0 + [ (d 1 d 2 d 3 d 4 d 5 d 6 d 7 ) ( ) ] } mod 11 d 0 =0 for P = S or F =4 for P = T or G Check digit is determined by prefix and value of d

References UIN algorithm described in chapter 3 of course notes for NUS Coding Theory course ( –S & T prefix algorithm confirmed No known public references to F, G-prefix FIN algorithm Other checksum implementations Hong Kong Identity Card –HKID uses numerical check digit, e.g. B255241(3) –Check digit given by modulo 11 checksum with weights (8, 7, 6, 5, 4, 3, 2) where letter prefix is converted to number A=1, B=2, etc.checksum –Use X if remainder is 10 International Standard Book Number (ISBN) –ISBN is 9 digit number with check digit given by modulo 11 checksum –Weights (1, 2, 3, 4, 5, 6, 7, 8, 9) –Use X if remainder is

Points to Ponder Why modulo 11 ? –For numerical check digit, using modulo 11 allows checksum to be written as single digit (10 = X) –For alphabetic check digit, modulo 26 is more likely to detect errors Why weights (2, 7, 6, 5, 4, 3, 2) ? –Is there an optimal weighting scheme (compare to HKID, ISBN weighting factors) ? Why ABCDEFGHIZJ for S-prefix UINs ? Will there be U-series UINs in 2200 ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.