by June 10, 2004 0 comments

Smart cards, RFID and biometrics are some technologies used for managing identities: in our examples on the left they have been identities of clothes, people, vehicles and cattle. Though some of them have been used for years: RFID, for example, was used in World War II by the Allied forces to identify friendly aircraft: they have mostly remained in research labs. Now, they are beginning to find real-life applications.  

Though these technologies, especially smart cards and RFID, are becoming prevalent in Europe, in India their use is still quite limited. The action that is happening in India is on the development and design fronts.  

How do these technologies work? What are their limitations? Do they have a common technology architecture? Read on to find out.

Smart Card
ICICI Bank and Venture Infotek have launched the MAHE (Manipal Academy of Higher Education) campus card. The card is a smart card that enables the students of MAHE to make electronic payment for all purposes within and around the campus, both in Manipal and Mangalore. The Infosys campus uses a similar smart card. A reloadable smart-card solution is being implemented at the DND Flyway in Delhi-Noida for automated toll collection. There are numerous other examples, too, such as the petro card from BPCL and the smart cards that have been issued to about 2,00,000 victims of the Bhopal gas tragedy.  

The smart card is quite similar in shape and size to the ubiquitous credit card. But, the similarity ends there. A smart card can very well be defined as a miniature computer, minus the keyboard and screen. It consists of a memory to store data, a crypto processor to process data and an interface to interact with the machine or card reader. It is this crypto processor that makes the card really ‘smart’. It is smart in the sense that it can itself make a decision by taking into account a variety of factors than just a PIN number, before finalizing the electronic transaction. These interfacing technologies can be anything from magnetic stripe, bar code, contact-less radio frequency transmitter to biometric information and photo identification.

Smart cards can be classified into types based on parameters like card components, card interface or even the OS used.

Based on components, they can be divided into two parts: memory card and chip card. The memory card is the simplest kind of smart card and is also more secure than the magnetic stripe card. It consists only of memory and some hard-wired security logic embedded into it. This security logic simply controls the access to memory and enables read-write to the card. The logic ensures that the memory locations are accessible only after a secret code is provided. The memory card consists of ROM, which is used to store permanent data such as the card number and cardholder’s identity. The EEPROM stores the data that changes with time, such as credit transactions.  

The microprocessor or chip card is the true ‘smart’ card; it is the one with the brains. Other than the memory, it consists of a secure crypto processor or, simply, a general-purpose CPU located underneath a gold contact pad located on one side of the card. Today, the CPU of smart cards vary from 8 bits to 32 bits. A secure crypto processor chip would have its OS stored in ROM and the OS would respond to different commands (such as read, write and verifying PIN) sent to the card by a terminal or reader. Card numbers, balance and other changeable information are stored in the EEPROM. The CPU is the central body that performs all the processing such as encryption. The RAM serves as the temporary register or scratchpad for storing information. During PIN verification, the PIN is temporarily stored in the RAM. Since the RAM is volatile, as soon as a card is powered off, all the information stored in the RAM is lost.  

On the basis of the interface, smart cards can be divided into three categories. Contact cards are the ones that are to be brought into contact with the card reader to complete the communication process. A contact card receives its power from the reader via the golden contacts it has. The best example of a contact card is the SIM card in your cellphone. The second type are contact-less cards. These need to come in close proximity (say around 10 cms) of the reader. Contact-less cards use the principles of magnetic induction to power a chip laminated into the core of a plastic card. Both the card and the reader have radio-frequency antenna in them. As they are brought near each other, the electromagnetic field produces the electromagnetic alternating field, which produces the EMF. As a result, electrons in the antenna coil get propelled and this current is sufficient to charge the chip in the card to establish a two-way communication between the card and the reader. The third type are the hybrid cards, which could be used in both situations. Hybrid cards find their use in multi application cards: one card used for many purposes, such as credit card, campus card and ID card.

On the basis of the OS, smart cards can be classified as Basic, Java, StarCOS and Cyberflex cards. These cards are reprogrammable; the code in them is not frozen.

Where are they used?  
Smart cards find varied applications. In fact, a smart card is an all-in-one solution for many applications.

Secure access-control tool
A smart card can be used as an ID card in a company. It may bear a unique employee ID, digital photo, name and all other details necessary to identify the employee. As an ID card, it can work as a physical access-control tool for high-security areas. It can also be used for logical access to multiple applications, which removes the need for multiple tools, multiple usernames and passwords and multiple ID cards.

Information management
Depending upon the size of memory in the card, a smart card can be used to store a variety of data for different applications, such as medical records that can be accessed by authorized medical professionals.

Payment tool
A smart card can also serve as a credit, debit or stored value card and can be used for toll, fare collection, e-commerce application, etc.

Telephony is the most prevalent application of smart cards, the reloadable prepaid telephone card being the most common example. Other than this, the SIM card used in cellphones is a kind of a contact smart card.

Smart card vs magnetic carD
Present day magnetic cards represent only a record; they are not the record in themselves. Let’s take an example. Every time you draw cash from the ATM or make any transaction from your credit or debit card, the ATM or reader needs to be online to verify the authenticity of the card (that is, the PIN and hostname are not on the card) through a central database kept miles away. Going online means slow transaction, which is why you see long queues outside ATM centers.  

The smart card has its own memory and microprocessor to hold the record on the card itself so it enables faster offline transactions. If need be, it can also be linked with the central database to update the information stored on it. Magnetic cards can hold around 1000 bits of data while the highest capacity of a smart card today is greater than 1 MB.  

A smart card is more robust than a magnetic card and lasts longer. Magnetic cards store data in the form of tiny magnet bars, which can easily be read or written by any electromagnetic reader, but smart cards have some hard-wired logic that can’t be read or re-written. These areas are used to store the delicate information. Smart cards can be made more secure by implementing biometrics in them.  

Although the smart card is a comprehensive and secure solution for identity management, the use of smart cards is recommended for applications that need higher security and where the cost of the application is higher than the smart-card solution with no cheaper alternatives available. Note that the total smart-card solution should include the cost of the smart
card, smart-card reader and implementation cost.

Another limitation of the smart card system is that it is really difficult to implement it effectively. A good smart-card implementation is one that makes sure that the smart card can talk with other applications of an organization. Today, cards are used for single applications such as attendance cards in a company will only be used for attendance. Proper implementation will make sure that the card is integrated with the payroll database and other identity-related applications such as physical and logical access and e-purse. That is to say that one card should be enough to identify the cardholder anytime and anywhere in the company.

Though RFID (Radio Frequency Identification) has been around since World War II, it has been too expensive and limited to be feasible for large-scale commercial acceptance. If it can be made available cheaply, it can solve many problems associated with supply-chain management, warehousing, logistics and manufacturing assembly lines.

Rail companies use RFID to identify and monitor railcars as a train passes a ‘reading point’. This not only helps to avoid accidents but also provides sorting capabilities in the train yard.

RFID is also commonly used for automobile security. Transponders are embedded into the car’s key and a reader in the vehicle’s ignition system transmits a signal to the transponder that answers with a unique code allowing the vehicle to start. More than 16 million vehicles around the world have this feature today.

Another application of RFID is to identify livestock. For example, ear tags with transponders encased in a tough plastic allow farmers to identify and track their farm animals quickly and easily. It can also be used for labeling household pets, in which case an  

RFID tag is embedded under the animal’s skin.

RFID is also attracting attention as a technology complementing or even replacing barcode because of the significant range, speed and extra memory advantages it provides.  

But, what exactly is RFID? RFID is a term for technologies that use radio waves to automatically identify individual items. An RFID system can be divided into two components: a tag and a reader. The tag consists of a microchip with an antenna coiled around it. The microchip is used to store a unique identity and perhaps some other information about the product as well. The antenna enables the chip to transmit the identification information to a reader. The reader converts the radio waves returned from the RFID tag into a form that can then be passed on to computers that can make use of it.

RFID tags are of two types: active and passive. An active tag has a power source of its own, which may be a small battery inside the tag itself. A passive tag, on the other hand, derives its power from a magnetic field generated when the electromagnetic waves sent out by the reader’s antenna combine with the antenna on the RFID tag. Once the tag is active, it modulates the waves that the tag sends back to the reader and the reader converts the new waves into digital data.

The reading range of active RFID tags is much more than the passive ones. An active tag can be read from 100 feet or more, whereas a passive tag cannot be read from a distance of more than 10 feet. Active tags are useful for tracking high-value goods that need to be scanned over long ranges, such as railway cars on a track. The reason for using passive tags on inexpensive items is that they cost much less as compared to the active tags.

Just as your radio tunes in to different frequencies to hear different channels, RFID tags and readers have to be tuned to the same frequency to communicate. RFID systems use many different frequencies, but generally the most common are low (around 125 KHz), high (13.56 MHz) and ultra-high frequency or UHF (850-900 MHz). Microwave (2.45 GHz) is also used in some applications. Radio waves behave differently at different frequencyies, so one has to choose the right frequency for the right application.

Where is it used?
Some widespread and commonly known uses of RFID are identification, tracking and real-time monitoring. RFID can help in providing real-time feeds on location and status of goods. The ability to identify and track assets is critical, whether you are a retail store, wholesale distributor, manufacturer or a hospital.

An RFID tag attached to any object contains a unique serial number that is used to identify the object. This application can be used in supply-chain management or logistics where each item can be identified as and when it enters or leaves the warehouse.  
RFID can also be used to track the exact location of people or equipment and record events associated with their location.

This can be made possible by planting an RFID reader en-route the path that the object will take. So, the reader recognizes the tag and crates a log in the backend about the movement of the objects. International secure shipments make it mandatory to have the ability to track the source of origin of an individual product if there are problems with it. Real-time monitoring, with the help of RFID tags, can be employed for having a point in time status of what is happening in the organization.  

Delhi-based AVAANA has solutions that enable an organization to monitor the movement of its employees and assets in real
time. All the assets, fitted with RFID tags, can be monitored whenever they are moved in or out of the building.

Even Infineon Ident Solutions provides services ranging from supply, installation and integration to maintenance for deployment of RFID infrastructure. A good example of real-time monitoring and tracking using RFID is the US Department of Defense (DoD) during Operation Iraqi Freedom. The one big challenge for the army was to keep track of the rapidly moving forces. The army used data from RFID tags that were attached to all inbound material and other sources to track the movement of troops in real time. This real-time information from the logistics management systems about the troops gave a holistic picture to the army.  

Barcode vs RFID
Conventional barcodes can hold only a small amount of information and can’t be reprogrammed. Also, barcodes use line-of-sight technology. This means that the barcode has to be brought very near to the scanner for it to be read. On the other hand, RFID does not require line of sight. RFID tags can be read as long as they are within the range of a reader. Barcodes have other shortcomings as well. If a label is ripped, soiled or falls off, there is no way to scan the item. And, standard barcodes identify only the manufacturer and product, not the unique item. The barcode on one milk carton is the same as every other, making it impossible to identify which one might pass its expiry date first.

Hindering factors  
Cost is a major factor hampering the widespread use of RFID tags. An RFID will always be more expensive than barcodes. One has to make sure that the value of the RFID tag is less than the value of the product itself.

The other factor that causes a hindrance in the path of RFID usage is the lack of standards. This means that there is no
standard protocol used for communication between a tag and a reader. So, a reader might pick up data from a different tag than it is supposed to, leading to a lot of confusion. International standards have been adopted for some very specific applications, such as tracking animals. Many other standards initiatives are underway.  

RFIDs and barcodes are co-existing as of now, and it would be incorrect to say that RFID tags will completely replace barcodes; they will continue to co-exist. The reason for this is that there will be goods that will be lower in value to put RFID tags to track or identify them, which is where barcodes will fit into the cost factor.  

Security mechanism has long been based on a combination of two concepts: what you have and what you know. The basic credit-card security is based upon what you have (the credit card) and what you know (the PIN). In situations requiring higher security, this type of security is considered insufficient since credit cards and PINs can be recorded, lost or stolen. A more secure method of security could be based on ‘what you are’.  

Biometric technology involves the measurement of a distinctive biological feature to verify the claimed identity of an individual through automated means.  

An RFID System
RFID tag Server RFID reader Real-time client

The distinctive traits could be physical as well as behavioral and one that can be practically used to establish identity. Common physical biometrics include fingerprints, hand and palm geometry, retina, iris, facial characteristics and now voice recognition. Behavioral characteristics include
signature, voice (which also has a physical component), keystroke pattern and gait. Within this list, technologies for signature and voice are the most developed. In general, physical biometrics is more accurate than behavioral.

Unlike a PIN or password, biometric characteristics can’t be cracked, lost, borrowed or stolen like an identification card,
making it very secure and convenient to use.

Where is it used?
Let’s see how the various biometric characteristics can be used for identification.

Fingerprints and hand geometry
A fingerprint-scanning device looks at the patterns found on a fingertip. Methods include matching minutiae (involves mapping the complete print), straight pattern matching, moir © fringe patterns, ultrasonic and correlation-based approach (works on gray-scale information of the print). It’s low on cost and easy to integrate, which makes it apt for in-house systems and workstation access application areas. The approach of hand geometry involves analyzing the shape and size of the hand. It’s more apt in cases where the number of users is large, such as attendance points.

Retina and iris
A retina-scanning device uses a low-intensity light source through an optical coupler to scan the unique patterns of the retina, that is, the layer of blood vessels. The technology works well but not if you wear glasses or contact lenses. It is also little intrusive.  

A retina-scanning device uses a low-intensity light source through an optical coupler to scan the unique patterns of the retina

Iris scanning analyzes the colored ring of tissue surrounding the pupil. It works with a monochrome camera, which records the unique colored streaks and lines and then converts them into an iris code. It’s considered to be more accurate than retina scan but is not very easy to use and also lacks on ease of integration. However, it works well with glasses and contact lenses.

As the name suggests, face recognition analyzes facial characteristics and works with a digital camera to develop a facial image. This method is less expensive than others as it requires a standard digital camera with a resolution of at least 320X240 and a frame rate of minimum 3–5 fps, a video card, a processor having a decent speed and the requisite software. There are several techniques: ‘Eigenfaces’ or PCA (Principle Component Analysis), LFA (Local Feature Analysis), neural networks and AFP (Automatic Face Processing).  

PCA makes a database of millions of faces, which can be compared for any common feature. The database comprises 2D, grayscale and global images, each having unique patterns of light and dark areas.  

During recognition, the closest result is flashed from the database. It gives skewed result, when there is a change in facial expression. LFA is based on individual features, their relative distances from each other and change caused in other features as a result of change in one feature.  

The voice-recognition procedure involves transforming voice into text using a voice-recognition algorithm. The voice of an individual is recognized based on his pronunciation of phonemes, which is unique for all

This system is easy to develop because most PCs have microphones these days. However, ambient noise can affect quality and thus verification. The procedure of recording and verification is comparatively complex and thus is not so user friendly.
The methods of providing biometric security are many, but the right method for you depends upon your requirements. The choice has to be made taking into consideration factors such as error of incidence, accuracy, ease of use, cost, user acceptance, stability and security level required.

How is it useful?
Quite predictably, biometrics-based security is useful in restricting unauthorized physical entries into secure environments. It can also be used for providing logical security to things such as databases, applications and networks. Other than that, biometrics is very suitable for e-commerce applications particularly for online banking or other transactions. Visa Card is working with a manufacturer of voice-recognition software to develop security tools for e-commerce.

In India, Hughes Escorts Communications is providing a service called Direct Way Global Communication, which uses fingerprint scanning for security. They have set up their studios in institutes such as XLRI, NIIMS, and IIM-K where faculties come in for distance-learning interactive programs. In their nationwide classrooms, students are permitted attendance and entry based on their thumbprints. Axis, an Indian technology company, is also coming up with biometric solutions for various sectors.

There is unlimited scope for the application of biometrics in practically every area. It is a perfect fit in organizations, which need to secure data, check entries and verify attendance, etc. But cost is a major factor while deploying a biometric solution, as it is still an expensive venture.

Identity Management integration  
Till now we have talked about technologies such as smart card, RFID and biometric as part of the identity-management solution. These technologies drive devices that form the frontend interface for an identity-management solution. If these technologies form the frontend then there should be something at the other end as well. At the other end are applications running on host systems that provide the various functions of the identity-management solution. These applications could be for basic object identification, secure authentication, digital signature encryption, financial payments using an electronic purse, physical access to controlled buildings and logical access to computer systems and storage of data records for various purposes. For these applications to be possible, the frontend devices should capture data from smart cards, RFID tags, user biometrics and pass it to the host system in a form understood by the applications running on the host. In many cases, the devices should be able to communicate with multiple applications, which is a big challenge. In most organizations the existing applications themselves don’t talk to each other, leave aside a device talking to all of them in the language understood by them all. No wonder, application integration is the hottest topic today.  

A fingerprint-scanning device looks at the patterns on a fingertip

We will talk about the integration of hardware and software at all levels. The hardware device purchased by the company may work well with the supplied software for a particular function, say physical access to buildings, but can the same hardware be used for logical access to the company’s wireless networks, for example? The chances are, no. This brings us to the question of how closely integrated your entire identity-management system is. Each of the above-listed applications has a different hardware and software requirement, making integration tougher if not easy.

The most basic application of an identity-management system is identification. Identification can be provided by a unique code put into a smart card or RFID tag that differentiates one object from others. In such a system, no authentication to any host application is done but only the unique code is read as a measure of identity of an object. In a retail store, the RFID tags pasted on, say shirts, contain only a unique number identifying the particular shirt. No authentication is required to ensure that the shirt is indeed what the tag on it says. An employee-attendance system may have a unique employee ID on each employee’s smart card, which is used to mark his or her attendance. But if the same card has to be used for secure physical and logical access, then the card should also contain an encrypted PIN or password for authentication to the system. This is required because the unique ID can be forged by a fake smart card whereas the encrypted PIN cannot be. Going a step further, if the same card has to be used to digitally sign documents or to fill secure online forms, then the smart card should also contain the public and private keys of the user. The chances of card theft or loss are always present. This may become a problem as the card contains the users’ encrypted passwords and digital keys, both of which can be misused by the other person. To prevent from such misuse, the card can contain a biometric footprint of the rightful user of the card. The footprint could be a digital photograph, user fingerprints, retina scan, etc. The stored biometric footprint is compared against the footprint of the user operating the card before performing any further transaction. This way only the intended person can operate the card, making the entire system more secure. Not only for identification, secure authentication and digital signatures, the card can also be used for recording cash or value, which can be used for financial payments making the card a sort of e-purse for electronic transactions. Another application is for storing user history on the card such as medical records, credit statements and loyalty points. These records can be retrieved by the appropriate application whenever required.  

Swap your smart ID card in front of the reader, and get the permission to move in!

If you look carefully, you’ll see that we started with a simple system, which used only a unique code for identification purposes. From there we went up to things such as biometric footprints, financial records, cash value being stored on user cards. The same card is used for multiple purposes for which it needs to talk to multiple applications communicating different information to each of these applications. Add to this the complexity that you may not require all these functions right from the beginning but may add features over time. Initially the system may contain ID, PIN and public keys, all of which require less memory on the chip. But, as you add the capability to add biometric footprints, records and cash value on the card, the memory requirements on the chip increases. The system should have a modular design in which memory could be added or removed from the card or tag as and when required without compromising on security. Most systems available today don’t let you do so. As we noted above, a single card might be used for multiple applications. Compatibility is required at two levels.

First, at the hardware level, where the card and the reader should be able to communicate the desired information as required by the application in question at the moment. The data that has to read from or written to the card should be governed by the application and should not be a hard-wired logic in the card and the reader. For example, it should not be that the reader always reads the ID and PIN from the card by default, instead, the data that has to be read should be controlled by the host application and not by the reader or the card. The second level of compatibility is required at the software level. The identity-management solution should be able to pass on the information that is read from the cards to all applications that require this system. This is a tough task as an organization may be having totally disparate applications with some home developed, some purchased off the shelf and some purchased and customized according to needs. The applications may be developed on different architectures and running on different platforms and may not even have support for the above identity-management frontend technologies. The application that comes with the device works for that application only for a single purpose. For another function you may require another device with another application. This sounds strange as no organization would be using separate cards or tags for separate functions. The solution is standardization. While, there are enough standards on the hardware front (regarding the type of hardware to be used, signaling), facilitating multi-vendor hardware solutions to work with each other, there is no standardization on the compatibility of hardware and software. Unless standardization takes place at this level and at the level of software applications, identity-management system utilizing a single identity token for multiple applications will remain a distant dream.  

By Anoop Mangla, Ankit Kawatra, Juhi Bhambal, Siddharth Sharma and
Sudarshana Mishra

Prada’s retail outlet: Manhattan, New York

You could walk into Italian designer Prada’s Manhattan outlet, pick up a suit and take it to the trial room, where a touch-screen LCD will give you information related to the suit that you’ve chosen: other colors that the suit is available in, accessories that will match your suit and pictures of models wearing your suit. This concept of Prada’s retailing reeks of technology. In this case, it is RFID.  

The clothes at the outlet have RFID tags, while the trial rooms are fitted with RFID readers. Each trial room has two readers fitted with RFID
antennae. One looks like a small square box and is used for scanning accessories such as shoes and purses, while the other is like a long closet wherein you hang your clothes. The tags and reader do their magic and come up with all sorts of information about the item that you’ve chosen.  

But, Prada is not what it is for nothing. It could end up with   dissatisfied customers if the touch screen tells the customer that he can get the particular suit he has chosen even in gray color, but the sales person discovers that gray is out of stock! Prada has taken care of this by having a real-time
inventory system on the backend, such that you are shown only the options that are in stock.  

You’ll find another use of   technology by Prada interesting, though it doesn’t have anything to do with identity management. The trial rooms at the outlet are made of clear glass that become opaque only when you step on a black
button on the floor!  

Cadbury’s chocolate vending machines, Mumbai

In need of instant energy? Find a chocolate vending machine and use your cellphone to buy some chocolates.  

Cadbury has set up 30 vending machines in congregation points in Mumbai where impulse purchase would be high. You can walk up to any of these machines and send an SMS to a given number. The machine will display your mobile number on  
its screen and give you the chocolates that you want. If you have a pre-paid card, the SMS and chocolates’ cost will be debited from your available balance, and if you have a post-paid card the amount will show up in your bill.  

This is India’s first SMS-based vending machine, but the facility is available only to BPL mobile users in

Toll collection Delhi-Noida Flyway 

If you regularly use the DND Flyway
(Delhi-Noida-Delhi toll road) you can opt for a pre-paid smart card instead of paying each time you use the road. The reader recognizes your card, debits the toll amount from it and lets you through the tollgate when you touch it with your card. Another option that the Flyway gives is installing a unit in your vehicle, which a reader recognizes from a
distance and then debits the amount from your pre-paid account. 

Amusement park Billund, Denmark

You may want to skip Disney Land for
Legoland, Denmark, if not for anything else but to check out how one of Europe’s largest amusement parks has implemented an
RFID-based system to locate missing children. Knowing that every season approximately 1,600 children get
separated from their parents, the park introduced a system wherein parents can rent wireless tags that their children can wear as wristbands when in the park. And, if a child is separated, the parents can send an SMS to receive a message that tells them the location of their child. This implementation is different from traditional RFID deployments because it is implemented over a WiFi network (802.11b). 

Milk collection Naila village, Rajasthan 

The Dhoblai Milk Cooperative Society of Naila village uses smart cards for recording everything from the amount, quality and fat content of milk to the cost at which milk is sold to milk distributors. By replacing the traditional paper-based record system, which was
susceptible to manipulation and misappropriation, the smart-card based system helps maintain authentic and accurate milk-supply records. For members of the cooperative, the card also serves as a bankbook, wherein it records payment transactions.

SMART CARD: Development in India

In Asia, after China and Japan, India has a lot of potential for smart-card usage. The International Consortium: which consists of giants such as Compaq, Proton World,
Gemplus, Schlumberger, Infineon and Datacard: is establishing its development centers in India. The stress is on applications and software development for smart cards, such as e-purse applications, campus and ID cards, development of security algorithms and SCOS (Smart Card Operating System). Intel is planning to introduce research in chip development and designing in India. Also, a lot of offshore development is happening in India, some of the names of the companies involved are Brick Red in
Noida, e-Zest Solutions and Eximsoft. TCS, TCIL, HCL and Polaris are also into development work catering to Indian and foreign clients.

History of Smart Cards

The smart card is not a recent invention. In 1974, a French journalist, Roland Moreno, devised a revolutionary payment system in which value was stored electronically in a ring. Later, in 1977, Paris-based Bull CP8, a Schlumberger subsidiary, came out with a smart-card technology. Then, in 2000 again, Bull claimed to have introduced the first 32 bit OS for the smart card. Today, the majority of research on smart cards is done in Europe, which is among the largest user of smart cards.

The oldest smart card The first epoxy card  The processor card
first card in credit-card format
smart card of today

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.