netsignia 210
Transcription
netsignia 210
www.smartcard.co.uk Subscribe to our News On Line service: store.smartcard.co.uk T R A M S CAR D S W E N y 2000 Februar Volume Number Winners and No Winners at Advanced Card Awards There was surprise, if not shock, at the announcement of the Advanced Card Awards 2000 at a gala dinner at the London Hilton earlier this month when the judges declined to make awards in both the Best Loyalty Application and the Best Payments Application categories. Members of the audience booed and hissed when “no winner” was announced in these two sections. Judges later said that the entries did not meet the criteria laid down and were therefore not entitled to an award. Reaction from conference delegates and exhibitors at the Smart Card 2000 show the following morning supported the decision of the judges, and one award winner said, “this makes our award even more valuable.” Subscribers will receive either incard’s ‘Mokard’ (top) or ‘electronic purse card’ (above) free with this issue of Smart Card News. Continued on page 23 © 2000 Smart Card News Ltd., Brighton, England. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, optical, recording or otherwise, without the prior permission of the publishers. 9 2 CONTENTS February 2000 News 023 - 029 Proton for Croatian Banks London Pass Launched Gemplus/Telefnica Mviles Team Schlumberger Visa Certification F-Secure Adds iD2 Authentication Internet Smart Card Applications G&D Acquires NatWest Centre 032 - 035 National Express Buys Into PCL OTI and Credencial Alliance Schlumberger Acquires telweb New Electronic Services in Finland Cards on the Cover incard’s phase 2+ GSM SIM card Front cover incard’s electronic purse card Front cover Oberthur's ConnectIC Page 025 London Pass Card Page 024 Special Feature 030 - 032 Main Photograph The award winners at the Advanced Card Awards Smart Card 2000 Show If you wish to subscribe to Smart Card News please complete the form on page 039 Smart Card Tutorial 036 - 039 Briefing notes on Multi-Application Smart Cards Part 3 NB: This set of tutorials will be available to purchase online in spring 2000 Smart Card News is published monthly by Smart Card News Ltd PO BOX 1383 Rottingdean Brighton East Sussex BN2 8WX England Telephone : + 44 (0) 1273 236677 / 626677 • Facsimile : + 44 (0) 1273 624433 / 300991 • General Enquiries : scn@pavilion.co.uk ISSN 0967 196X Managing Director Patsy Everett patsy@smartcard.co.uk • Editor Jack Smith • Technical Advisor Dr David B Everett 022 General Manager Tara Lavelle tara@smartcard.co.uk • Marketing Manager Albert Andoh albert@smartcard.co.uk Graphic Designer David Lavelle david@smartcard.co.uk • Customer Support Amanda Pearce amanda@smartcard.co.uk North American Sales Office : Richard T Hauge 256 El Portal Way San Jose CA 95119-1413 USA Telephone : +1 408 225 8074 • e-mail : richard_hauge@msn.com 022 Russian Agent : Alex Grizov Recon Company “Sport Hotel” 5th Floor Leninsky Prosp., 90/2 Moscow 117415 Russia Telephone : +007 095 131 92 92 • Facsimile : +007 095 131 92 65 • e-mail : recon@ropnet.ru Asian Agent : J Clark Telephone : +852 2987 8737 • Facsimile : +852 2987 8732 • e-mail : jvclark@asiaonline.net India Correspondent : Shailaja V.R. e-mail : uipai@md2.vsnl.net.in 022 Editorial Consultants Dr Donald W Davies CBE FRS • Peter Hawkes • Simon Reed • Robin Townend Printed by Design and Print (Sussex) Ltd. Telephone : +44 (0) 1273 430430 ! 022 Don’t Forget! Our On-Line Website, containing On-Line News, a Library of Smart Cards and information about the full range of SCN services, can be found at the following address: www.smartcard.co.uk SMART CARD NEWS • FEBRUARY 2000 NEWS The ORGA Advanced Card Hall of Fame award Michel Ugon, Vice President Advanced Research and Security, Bull Smart Cards and Terminals Advanced Card Awards Continued from page 21 The judges comprised a distinguished panel of card industry journalists, analysts and consultants, whose cumulative experience has embraced the Smart Card industry from its earliest days. Their decisions in the 12 award categories were: BT most innovative product announcement Jointly: ConnectIC from Oberthur Card Systems, and the world’s first WIM enabled Smart Card SmartX from Gemplus, a new software technology that simplifies Smart Card applications development. Bull best transport or travel application KEB Technology’s MIFARE Pro based Pager from KEB Technology, a pager which acts as a contactless Smart Card for ticketing Best communications application StarSIM Browser from Giesecke & Devrient, a browser which allows mobile users to access the Web via a SIM Toolkit mobile phone Best loyalty application No winner STMicroelectronics best new security product Biometric Cardholder Verification from Proton World International and Keyware Technologies, using Keyware’s layered biometrics protecting a Proton application on a JavaCard Card Technology best new chip SmartJ from STMicroelectronics, a 32 bit Smart Card chip offering direct Java processing Best new product marketing campaign Virgin Xtras from Virgin Mobile, a 32K SIM Tool Kit application which provides access to the Virgin Walled Garden of Services, Virgin Trains, Virgin Atlantic, Virgin Radio and shortly Internet Browsing Best payments application No winner Best new peripheral Precise 100 SC from Precise Biometrics AB, a combined fingerprint and Smart Card reader RNIB usability award Gujerat Smart Card Driving Licence from ORGA Card Systems (UK), the biometrics and Smart Card driving licence system for the State of Gujerat, India The judges’ award GSM Standard from ETSI and the GSM Association “The results of this year’s Awards show just how significant a role Smart Cards play in the new electronic revolution,” said Jane Adams, Director, Advanced Card Awards. “Products like ConnectIC and the StarSIM Browser will be key components in taking access to the Internet and mobile commerce to the next level. The Advanced Card Awards help to highlight the products that drive our industry and vertical markets forward.” Proton for Croatian Banks MBU, a consortium of 27 Croatian banks, has become the Proton licensee for Croatia. Existing POS terminals will be replaced starting this month, by new Java-based C-ZAM/SMASH multi-applications terminals from Banksys which will handle EMVcompliant credit/debit cards and the “domestic” Proton e-purse and the CEPS Proton e-purse. Later this year, the banks will replace existing magnetic stripe cards with Smart Cards containing both the EMV-compliant credit/debit applications and the Proton e-purse application. Contacts $ Ms Dominique Hautain Proton World % +32 2 724 5111 ! info@protonworld.com $ Sergio Uran MBU % +358 1309 1555 ! serio.uran@mbu.hr Gemplus and Sonera SIM Card Sonera SmartTrust, a provider of Public Key Infrastructure (PKI) based security solutions, and Gemplus, have announced that they will enter the market with a GSM Subscriber Identity Module (SIM) card featuring digital signature and Public Key encryption enabled by Sonera SmartTrust technology embedded in the Gemplus SIM card. “Sonera SmartTrust technology enables the use of tamper-proof digital signatures and 1024 bit RSA-algorithm for data encryption, which is vital for doing business in the wireless environment,” said Harri Vatanen, Sonera’s CEO and President. Contacts $ Ms. Sari Laitinen Sonera SmartTrust % +358 40 511 8108 ! sari.laitinen@sonera.com $ Tim Baker Gemplus % +33 442 36 51 41 ! tim.baker@gemplus.com USER NAME openup • PASSWORD scnbest 023 023 023 023 NEWS London Pass Launched SIMalliance Formed London has launched a new pre-paid Smart Card for tourists called the London Pass which offers unlimited travel in London and discounted entry to over 40 leading leisure attractions, including museums, art galleries, cinemas and zoos. Tourists can purchase 1, 3 or 6 day adult or child passes. The London Pass also includes a 100-page colour guide and £5 worth of telephone calls. Four leading global Smart Card manufacturers Gemplus, Giesecke & Devrient (G&D), ORGA Kartensysteme and Schlumberger - have formed a consortium called the SIMalliance to maximize the GSM Operator benefits from SIM Card and SIM Application Toolkit usage in the growth of valueadded-services. The card offers unlimited access over one, three or six days for £18, £42 or £74 for adults. Children pay £11, £22 or £38 for the same durations. Passes can be booked over the Web (www.londonpass.com) or by phone (0870 2429988) and picked up at the Britain Visitor Centre in Regent Street. Andrew Grahame, Director of The London Pass, said: “This is a ground-breaking way for people to see London. It is the first time we have had such a pass and the range of attractions mean that there is something of value to entertain everyone.” Applied Card Technologies (ACT) designed the London Pass solution for Arrival Marketing. The card itself is a memory card with a Siemens chip. Tourists benefit from discounted entry to attractions and no queuing, while operators can extend their marketing reach, adopt paperless ticketing and start employing Web-based e-business techniques without changing their existing IT infrastructure. Attraction operators only need to install a card reader terminal at the entry gate which automatically collects information as tourists enter, including details of where the card was bought, nationality of the user and details of the transaction. The terminal will supply operators with reports such as visitor totals, or breakdowns of the type of pass. 024 024 024 024 Collected data is also uploaded each night to a secure Web-enabled Oracle database run by ACT. This database can be accessed using a standard web browser, to allow operators to analyse the information to improve their marketing. Contacts $ Andrew Grahame Arrival Marketing % +44 (0)171 287 6020 ! andrew@londonpass.com $ Gary Watts Applied Card Technologies % +44 (0) 1249 751 006 ! smart@card.co.uk The SIMalliance explained that their move comes at a time when the major concerns and challenges in mobile communications are the raft of proprietary operating systems that are inevitably created, competing against each other not always in the interests of end users, or the interoperability that will drive the industry as a whole. Dr Klaus Vedder, Executive Vice President Telecommunications at G&D, said: “SIMalliance is a natural progression. Within ETSI, SIMalliance members have been driving GSM standardisation forward for over 10 years.” While in the real world proprietary systems will always exist, the aim of SIMalliance is to produce open and global specifications for facilitating massmarket penetration of new SIM-based applications and services. It aims to accelerate the introduction of services designed for WAP, by exploiting existing GSM handsets and infrastructure. As the concept of the mobile Internet becomes reality, software rather than hardware interoperability will be the key concern for issuers and users, creating the need for good Virtual Machines (VMs) and interpreters. Eric Tholomé, Product Line Manager for Mobile Communications Servers and Applications at Schlumberger pointed out: “The Air technology, although a commercial success for operators, has so far not reached its full potential because of interoperability reasons. Therefore, the aim of SIMalliance is to get it right from the start and get it right quickly.” At the SIMalliance headquarters in Brussels, two groups of representatives from each member company meet on a regular basis. It is the responsibility of the Technical Development Group (TDG) to draw up the new specifications, while the Business Development Group (BDG) will handle the marketing, promotional and industry communications requirements. SMART CARD NEWS • FEBRUARY 2000 NEWS The SIMalliance has announced its first open global specification - S@T (SIM @lliance Toolbox), the new specification for interoperable systems and products for the mediation of WML-based (WAP) services to SIM Toolkit enabled phase2+ handsets. The consortium says it welcomes new members who are able to contribute to its stated objectives, especially experts in the SIM and SIM Application Toolkit fields, as well as operators and service providers who want to maximize the implementation of SIM-based applications and solutions. The SIMalliance Chairman (a rotating position) is Vincent Biraud, Product Marketing Manager at Schlumberger. Contact $ Vincent Biraud ! info@simalliance.org Gemplus/Telefnica Mviles Team Gemplus and Telefnica Mviles, the leading mobile phone operator in Spain, have announced a collaboration in which the GSM operator will receive the largest single shipment of GemXplore ‘Xpresso SIM cards to offer a Java Card 2.1 based prepaid service to its subscribers. The SIM card will be integrated into MoviStar Activa, Telefnica Mviles’ GSM prepaid service, already using Gemplus GemXplore98 SIM cards. With Java Card technology provided by Gemplus the mobile phone user will now be able to roam. In addition, Telefnica Moviles will introduce information-on-demand (IOD) services and STK-based value added services. “Telefnica Mviles is setting the trend for the future of the European GSM market with extensive use of STK services on an advanced SIM card platform such as Java Card SIM,” said Michel Canitrot, Vice President of GSM and Payphone, Gemplus. Telefnica Mviles is Spain’s leading mobile phone operator with more than nine million customers, including more than five million prepaid users. Contact $ Severine Percetti Gemplus % Telephone: + 33 (0)4 42 36 67 67 ! severine.percetti@gemplus.com Secure Mobile Commerce Plan MasterCard International and Oberthur Card Systems have announced a joint marketing and development agreement to provide a variety of secure ways to pay for goods and services using mobile phones and will support mobile commerce pilots in more than seven countries to demonstrate the ease, flexibility and security of mobile transactions. Under the terms of the agreement, Oberthur will support the entire family of MasterCard payment products, including MasterCard credit and debit, Maestro, Mondex, and M/Chip, MasterCard’s chipbased integrated credit/debit application in mcommerce. Specifically, Oberthur will enhance its SIMphonIC SIM Application Toolkit card and ConnectIC Wireless Application Protocol (WAP) enabled Smart Card products to enable acceptance of MasterCard payment products. These developments will allow MasterCard’s member financial institutions to offer their customers secure mobile banking and the option to pay for goods and services when they are on the go. It was only last November that MasterCard announced the formation of its Global Mobile Commerce Team to focus on the convergence of the card payments and mobile telephony industries. This agreement is one of the first results. “Through our relationship with MasterCard, Oberthur will be making mobile commerce a reality for the millions of MasterCard holders around the globe,” said Amedeo D’Angelo, Corporate Vice President Smart Card Development, Oberthur Card Systems. Oberthur has also announced plans to become a member of the Chip Vendor Services Program (CVSP) launched last year by MasterCard and its European partner, Europay International, to develop a pool of companies trained and experienced in providing chip implementation services for chip products linked to MasterCard/Europay brands. Contacts $ Christina Costa MasterCard International % +1 914 249 4606 ! christina_costa@mastercard.com $ Stephanie de Labriolle Oberthur Card Systems % +33 (0)1 41 25 28 42 ! s.delabriolle@oberthursc.com USER NAME openup • PASSWORD scnbest 025 025 025 025 NEWS Schlumberger Visa Certification Thyron Acquires LD Consulting Schlumberger has received Visa’s highest product security rating and certification and has begun shipping its new Visa Cash 1.6.1 stored value cards for distribution in Asia and the US. Thyron, now specialising in secure e- and mcommerce solutions, has acquired London-based HR (Human Resources) and change management specialist, LD Consulting, as part of its global expansion. The new card provides multiple application features and simplified customisation for the user. In addition to the Visa Cash e-purse application, it also contains the Visa Smart debit/credit facility and provides support for up to 12 loyalty programs. The company says the acquisition will allow it to offer its customers a range of consultancy services, including change management, training and development, to help them adapt to e-commerce technology. LD Consulting’s client list includes BT, National Car Rental, Southern Water, Nokia and One2One, and its team of consultants will operate within Thyron’s existing HR Division. Managing Director, Dr Ellen Balke, joins Thyron as Senior Vice President of HR and Consultancy Services. Contact $ Dirk Hinze Schlumberger % +33 (0)1 47 46 79 50 ! hinze@montrouge.tt.slb.com Mexican Banks Select Mondex Banco Nacional de Mexico, Bancomer and Banco Internacional, the three largest credit card issuers in Mexico, have purchased exclusive franchise rights to develop Mondex in Mexico and have joined forces to promote a new national Smart Card infrastructure incorporating Mondex electronic cash. The trio have invited the rest of the Mexican commercial financial institutions to join them in the use of Mondex as the national e-cash system. Mondex electronic cash, developed by Londonbased Mondex International is currently under development in over 75 countries around the world. Chandra Patni, Thyron’s CEO, explained: “This acquisition is a further example of how we are continually strengthening our service offering. In order to develop long lasting partnerships with our customers, we must do more than install a workable system; we must become a one-stop shop for all their e- and m-commerce needs.” Contact $ Norrie Blackeby Thyron % +44 (0)1923 236050 ! norrie.blackeby@thyron.com Mini-Browser for Mobile Phones Contact $ Robin O’Kelly Mondex International % +44 171 557 5036 ! Robin.okelly@mondex.com ! www.banamex.com ! www.bancomer.com.mx ! www.bital.com.mx 026 026 026 026 Oberthur Card Systems has launched Version 2 of its SIMphonIC Mini-Browser enabling GSM mobile users to access interactive Web applications via their phone’s display. Guido Mangiagalli, Oberthur’s GSM Applications Product Manager, said: “With the Mini-Browser, mobile handset users will be able to make electronic payments, reserve and purchase tickets and undertake any number of transactions. Collector’s Corner Cards in our Collector’s Corner come this month from incard, Italy’s leading Smart Card manufacturer. You will either receive the Mokard, a phase 2+ GSM SIM card which has a Java Virtual Machine fully compliant with the Java Card 2.1 specification and can be accessed Over The Air (OTA); or incard’s electronic purse card, the IMP multi-application and EMV compliant card which ranges from a low memory capacity up to 16K bytes EEPROM. “The real breakthrough with V2,” he added, “is the ability to add, remove and list the card status with no interruption to normal GSM operation.” Contact $ Stéphanie de Labriolle Oberthur % +33 (0)1 41 25 29 79 ! s.delabriolle@oberthurcs.com SMART CARD NEWS • FEBRUARY 2000 NEWS F-Secure Adds iD2 Authentication Smart Cards for China’s Tollways F-Secure Corporation (formerly Data Fellows) is to add iD2 Technologies’ Smart Card-based user authentication technology to its integrated security solutions. China is forging ahead with the introduction of a contactless Smart Card automatic payment system for its tollways. In the first quarter of this year, Chongqing city, the fourth principal city of China, will start using the one-card multi-application Smart Card payment system developed by Sydney, Australia-based VFJ Technology (VFJ), a subsidiary of Omnitech Holdings. In a first step, F-Secure will integrate iD2 Personal software into its F-Secure VPN+ product suite for quarter one availability. “More and more people now work remotely and depend on their company’s VPN to access their files,” explained Bjorn Gustavsson, President of iD2 Technologies. “However, unsecured VPNs run the risk of exposing intellectual property to persons outside of the organisation. Now, with added user authentication technology, network managers can be sure that the person requesting access to the network is who they say they are.” Topi Hautanen, F-Secure’s Product Manager, said: “Smart Cards are not only unique in combining high security and ease of use, but they are extremely manageable. This is perfect for large organisations with many hundreds of remote network users. A network administrator has central control over access privileges and can quickly revoke expired cards.” Contact $ Karin Kronborg iD2 Technologies % +46 8 775 5200 ! karin.kronborg@id2tech.com $ Topi Hautanen F-Secure Corporation % +358 9 859 900 ! topi.hautanen@F-Secure.com Six major tollway projects utilising the VFJ Technology system are already in operation in the Guangxi, Yunan, Guangdong and Shanxi provinces and there are plans to extend all of these tollway systems. In Sichuan province, with the tollway system already in operation, there are some 2,600 kilometres planned for completion by the year 2004, with implementation of the one card system in the year 2000. VFJ says it has been approved as a preferred supplier for this project. The company adds that plans for the implementation of its one card system have also been developed for the Shandong province with 2,800 kilometres of highways near completion. ActivPack for Novell Security ActivCard SA has announced ActivPack to deliver an integrated identity and Smart Card management solution for Novell Directory Services. ActivPack enables administrators to streamline user access controls and update them as appropriate at the server. Users insert their Smart Card, enter a PIN and are then transparently authenticated using the PKI credentials on the card. Contact $ Frederic Engel ActivCard % +33 (0)1 42 04 84 00 ! Frederic.Engel@activcard.fr In the Chinese capital, Beijing, the massive highway system is in the process of upgrading from magnetic stripe cards to a contactless Smart Card automatic payment system. VFJ Technology says it has presented plans for the Beijing to Tianjin project and expects this project to proceed in the first half of 2000. The VFJ proprietary contactless Smart Card system, VFJ ASSET, allows tollway users to travel, intracity or inter-city within major provinces in China, using a uniform card. Peter Au, Managing Director of Omnitech Holdings, said: “The Chinese Government has publicly announced an infrastructure budget of US$1 Trillion, with a major focus on tollway construction.” 027 027 VFJ has offices in Hong Kong, Guangzhou, Beijing, Shanghai, with its head office in Sydney, Australia. 027 Contact $ Esmond Tsang VFJ Technology % +61 2 8853 8000 & +61 2 8853 8088 USER NAME openup • PASSWORD scnbest 027 NEWS Internet Smart Card Applications Privalink Receives FDA Clearance Digital Courier Technologies, an electronic commerce payments company specialising in fraud and risk control, and National Australia Group Europe Limited, an international financial services group, have announced an agreement to distribute multiple application Smart Cards for select merchants and clients. Lifestream Technologies has announced clearance by the US Food and Drug Administration of its proprietary Internet software accessory Privalink which combines a regulated medical device and patient information through an Internet portal using SmartCards and high-level encryption. The Privalink System, developed by Secured Inter-active Technologies which was recently acquired by Lifestream, enables healthcare professionals to perform a total cholesterol test, add additional patient health information, perform health risk analysis with the Lifestream Technologies’ Cholesterol Monitor, and then return a personalised patient evaluation booklet through the Internet in less than 10 minutes. Digital Courier’s Internet Payment Gateway will be integrated with the National Australia Group’s global payment services. The announcement follows Digital Courier’s recent agreement with Mondex International to develop an Internet gateway to enable Mondex electronic cash. National Australia Group will combine its Value Management Server for Mondex electronic cash with Digital Courier’s Payment Gateway and Server Side Wallet to facilitate the development of a Smart Card program and to enable acquiring and payment processing services for electronic cash, and Smart debit and credit. Peter Thomas, Group General Manager of Global Payments, National Australia Bank, said: “We expect our joint Smart Card program to offer our customers a solution that lowers payment costs, reduces charge back exposure and creates an affinity relationship between merchant and consumer.” Free Cards for NetCityzens CardBASE and Visa Collaboration 028 028 028 “The country and Congress are concerned about the privacy of medical records and their transmission via the INTERNET. Privalink answers those concerns,” said Ken Clegg Director of Information Technology, for Lifestream. “Privalink is a proprietary method to ensure that a patient’s personal information is separated from his or her medical record in the database. Patients carry a ‘key’ to that record on their Personal Health Card, which is a personal Smart Card,” he said. Contact $ Marie Hirsch Lifestream Technologies % +1 208 457 9409, ext. 1209 ! www.lifestreamtech.com Contacts $ Eileen Iguchi Digital Courier % +1 435 655 3617 ! eiguchi@dcourier.com $ Julie McBeth National Australia Group % +61 3 8641 3270 ! julie_mcbeth@nag.national.com.au 028 Christopher Maus, Chairman and CEO of Lifestream said: “Privalink is the world’s first system connecting a regulated. CardBASE Technologies (formerly CSI) and Visa International have announced their collaboration in the development of software solutions that will enable Visa member banks to issue multi-application chip cards. The system, based on the recently announced Common Electronic Purse Specifications (CEPS), will support the Visa Cash electronic purse product. Contact $ Aileen Carmody CardBASE Technologies % +353 1 284 3233 ! info@cardbase.com Litronic has been selected by NetCity.com, an online village, to provide the electronic security infrastructure for its members and internal operations. NetCity.com members, or NetCityzens, will be able to shop, bank and e-mail in the first personalised Internet and e-commerce environment secured by Smart Cards and public key infrastructure (PKI) technology. NetCity.com is also breaking new ground by giving away Microsoft’s Windows Powered Smart Cards and Litronic’s Smart Card reader and PKI security software to every NetCityzen. Litronic has received an initial order to supply NetCity.com with 100,000 NetSignia 210 Smart Card readers and NetSign software that Smart Cardenables leading Web browsers. SMART CARD NEWS • FEBRUARY 2000 NEWS NetCity.com will also be using ProFile Manager, Litronic’s premier management tool for deployment of Smart Card and PKI technology. Gary Brooks, founder of NetCity.com said: “We already have 100,000 NetCityzens in our virtual community that will be using Litronic’s technology, and expect to have one million by the end of this year. Litronic’s infrastructure is significant to our anticipated membership growth.” In the future, members will be able to take their NetCity.com Smart Cards and use them off-line with ATM terminals, PDAs, GSM cellular phones, or at businesses that accept them, offering a simple and secure means of transacting and communicating electronically. Bill Holmes, Vice President of Sales and Marketing at Litronic, said: “By giving away Smart Cards and readers, NetCity.com is making a major commitment to the consumer and accelerating the introduction of secure e-commerce, which will be demanded by every user on the Internet very soon.” Contact $ Gina Ray • Jackie Zerbst (T&O PR) % +1 949 833 8006 ! gray@topr.com or jzerbst@topr.com First MIFARE Certification Schlumbeger’s Easyflow M8K contactless memory card is the first contactless Smart Card to receive certification from Arsenal Research, the independent MIFARE Certification Institute. “The certification of Easyflow M8K is an important stage in our development of standardised Smart Card products that conform to specific international norms,” commented Lucas Witkam, Schlumberger’s Product Line Manger Prepaid Cards and Tools. Contact $ Dirk Hinze Schlumberger % +33 (0)1 47 46 79 50 ! hinze@montrouge.tt.slb.com GlobalPlatform Elects Board GlobalPlatform, the cross industry Smart Card group formed to advance a standardised infrastructure for multiple application Smart Cards, has announced the appointment of Steve Brown, Business Development Manager for Smart Cards, British Telecomm-unications, as Chairman; and Philip Yen, Senior Vice President of Internet and Access Channels at Visa International, as Vice Chairman. Also appointed to the Board were Seiichi Ido, Associate Senior Vice President, Information Sharing Platform Laboratories at NTT Corporation; Masanori Maeda, Senior Vice President Electronic Commerce Department at JCB Co.; Vince Pizzica, National General Manager of Personalised Solutions at Telstra; Dr Chung Wook Suh, Chairman of TTA, South Korea; and Glenn Weiner, Vice President Smart Card Technologies at American Express Company. The new Board defined four working committees and selected their respective chairs. Dominique Hautain, Executive Vice President at Proton World, is chair of the Business Committee; Nicole Moyal, Director at American Express. chairs the Systems Infrastructure Committee; Jim Lee, Senior Vice President at Visa International, chairs the Card Infrastructure Committee; and Michel Dargent, architect and New Product Manager at Ingenico, chairs the Terminal Infrastructure Committee. Global Platform announced in October 1999 that it was established to reduce the barriers hindering the growth of cross industry, multiple application Smart Cards and currently has 33 members representing the payments, communications, government and vendor communities. Contact $ Caroline Love MS&L % +1 415 364 3827 ! clove@mslpr.com Gemplus and Sonera SIM Card Sonera SmartTrust, a provider of Public Key Infrastructure (PKI) based security solutions, and Gemplus, have announced that they will enter the market with a GSM Subscriber Identity Module (SIM) card featuring digital signature and Public Key encryption enabled by Sonera SmartTrust technology embedded in the Gemplus SIM card. “Sonera SmartTrust technology enables the use of tamper-proof digital signatures and 1024 bit RSAalgorithm for data encryption, which is vital for doing business in the wireless environment,” said Harri Vatanen, Sonera’s CEO and President. Contacts $ Ms. Sari Laitinen Sonera SmartTrust % +358 40 511 8108 ! sari.laitinen@sonera.com $ Tim Baker Gemplus % +33 442 36 51 41 ! tim.baker@gemplus.com USER NAME openup • PASSWORD scnbest 029 029 029 029 SPECIAL FEATURE Smart Card 2000 Show Mondex International and FutureTV annnounced a partnership to provide electronic cash for personalised television services. At the show, FutureTV demonstrated how Mondex electronic cash operates on its MiTV service - the first “pay-as-youuse” digital TV model in the market. The technology from FutureTV uses a Mondex-enabled settop box which allows visitors to pay only for the time they spend watching their chosen programmes. Four members of the MAOSCO Consortium announced that they will establish an Association in Japan to promote MULTOS on 1 April. They are: Dai Nippon Printing Co, Hitachi, Fujitsu and MasterCard International. Cardis Enterprises International BV (Cardis) announced the signing of an exclusive licensing agreement with Wellington-based EFTPOS New Zealand to commercialise the deployment of Cardis’ Ultimus Smart Card based payment system into the Australian and New Zealand markets. Ultimus enables the extension of the EMV (Europay, MasterCard, Visa) credit and debit card products into mircropayment. The same card can be used for transactions of $10,000 or one cent and can be managed by the existing clearing and settlement infrastructure. The cards can be accepted in attended, unattended, mobile (for example GSM phones) and Internet point of sale. Israeli company Power Paper announced the development of a new technology for integrating a battery into Smart Cards and RFIDs. The company says the technology is ultra-thin and flexible, can be made in almost any shape and size, is low cost and simple to produce using a printing process. Inventor of the patented concept, Z Nizan, explained: “Designers of new electronic devices are increasingly demanding thin and flexible, custom-tailored batteries for their applications.” 030 030 030 030 French Groupe SAGEM was showing its new mobile dualband GSM phone integrating a fingerprint reader on the back of the battery. Called the SAGEM MC 959 ID GSM terminal, it uses fingerprint recognition to replace the PIN code to customise the phone and prevent fraudulent use if it is lost or stolen. SAGEM was also showing its latest Smart Cardenabled EFTPOS terminals. Dione was showing its new dual technology card reader that reads both magnetic stripe and Smart Cards concurrently. It can operate either as a standalone device or integrated into a full EPOS platform. Another new product was its PC-Xtra, a low cost PC peripheral to facilitate secure Smart Card e-payment transactions over the Internet. The device supports all EMV cards and electronic purses, including Mondex and Visa Cash. Inside Technologies announced a new chip called IC-Link (Integrated Contactless Link) for integrating a micro antenna for short range contactless applications. The technology, developed in partnership with another French company P.H.S, involves deposing a micro machined copper coil directly on the surface of a silicon chip during fabrication and connecting the coil as an antenna. The company says samples will be available early this year. UK-based Datastrip introduced a new handheld terminal to support high security ID schemes. The terminal can handle fingerprint recognition, barcodes, Smart Cards and other portable storage mechanisms. Called DSVERIFY, it comes with two code readers as standard, a fingerprint pad and a contact reader for 2D barcodes. Other decode options include Smart Cards. CPS Europe introduced its FinSafe secure Smart Card readers based on KeySmart technology to enable secure Internet transactions. The company also announced a strategic cooperation with General Information Systems (GIS) in which GIS will adapt CPS Smart phones for Mondex compatibility. Proton World announced that its electronic purse Smart Cards can now be equipped with Keyware Technologies’ layered biometric verification, enabling users to store bio prints such as fingerprints, face, voice etc on their cards. The system was demonstrated at the show, marking the entry of Proton World into the field of biometrics. A new Smart PINpad, the MagIC 100 was announced by Schlumberger. Small enough to be held in the hand, it has been designed specifically for customeractivated Smart Card payments, including credit/ debit transactions, loyalty applications and electronic purse functionality. Also on show was Schlumberger’s new Java Smart Card, the CyberflexPalmera, which is supplied with a range of applets for credit/ debit, e-purse, loyalty and authentication. Cherry Electrical Productswas displaying its range of Smart Card keyboard products including its latest biometric (fingerprint recognition) keyboard. Vein and face recognition technologies were being shown by neusciences. These and other biometrics can be combined into end-to-end Smart Card-based security solutions. Europay International announced that STB-Card and United Settlement System - the Russian non- SMART CARD NEWS • FEBRUARY 2000 SPECIAL FEATURE banking credit organisation - has chosen the Maestro debit system for Russia’s first EMV-chip migration project later this year. In the pilot in Moscow, 100,000 STB-Maestro cards will be accepted at 10 ATMs and 200 retailers in the city. The pilot will be followed by the roll-out of more than 700,000 cards over the next two years. Mondex Internationaldemonstrated its Smart Cardbased Interactive Loyalty programme, showing new ways to exploit business opportunities through digital channels such as the Web, digital TV, interactive kiosks and mobile telephony. The application allows different types of points to be collected and redeemed on-line. In another announcement, Europay said that MUZO a.s., the company providing transaction processing services to member banks in the Czech Republic, has successfully completed its EMV-chip infrastructure which will enable all Czech banks using MUZO’s services to process EMV-chip cards by March of this year. Europay and ACI Worldwide worked together on the project with Europay providing EMV-chip expertise and ACI its e-payment solutions. Contacts Keyware Technologies, supported by Microsoft, announced it has agreed to develop tools to enable biometric authentication on Microsoft’s Windows for Smart Cards operating system. Keyware will adopt Microsoft’s operating system as a platform on which to deliver Smart Card-based applications for network, telephony and physical access security. The aim is to offer an additional security and convenience layer on top of the customary PIN code. Francis Declercq, Keyware’s President and CEO, explained: “Our alliance with Microsoft is of major importance to Keyware and to the biometric industry in general. Smart Cards represent an essential convergence point for biometrics because they provide tamper-resistant storage and portability of multiple biometric data.” A new card issuance system from NBS Technologies that incorporates advanced card embossing techniques made its debut at the show. NBS Medallion combines security, quality and personalisation versatility in a compact desktop ‘tower design’. Medallion can emboss up to 120 cards per hour. A new flexible Smart Card reader from Omron, for Windows PCs, was unveiled at the show. Called the V4HFOJ, it is aimed at the system integrator and OEM markets. Algorithmic Research introduced its MiniKey new generation security token combining Smart Card and Smart Card reader functionality in a small package. Visa International announced that for the first time mobile phone users in the UK will be able to use a WAP mobile phone to pinpoint the location of their closest Visa ATM following an agreement with BT Cellnet. Users simply type their current postcode into the phone and the locator guide provides the location details of the nearest three ATMs. $ ACI Worldwide Gene Hinkle % +1 402 390 8906 ! hinkleg@tsainc.com $ Advanced Card Awards Jane Callaghan % +44 (0)1733 245841 $ Cardis Ms Batya Pilcer % +972 9 764 4888 ! info@sidrac.com $ Cherry Electrical Products % +44 (0)1582 763100 $ CPS Europe Sandra van den Hof % +31 73 684 8499 ! s.v.d.hof@pijnenburg.nl $ Datastrip Sue Coutin % +44 (0)1844 215668 ! sue.coutin@dstrip.demon.co.uk $ Dione Pascale Smith % +44 (0)1494 429618 ! smithp@dionecorp.com $ EFTPOS New Zealand Peter Marshall % +64 4 916 2444 ! info@eftpos.co.nz $ Power Paper Lori Levett % +972 3 900 7500 ! info@powerpaper.com $ Europay International Charlotte O’Connor % +32 75 575309 ! coc@europay.com 031 $ FutureTV Lynne McMinn % +44 (0)20 7563 9860 031 $ General Information Systems Christopher Curry % +44 (0)1223 462200 ! christopher@gis.co.uk $ Inside Technologies Jean-Jacques Beauventre LBBA Conseil % +33 (0)1 34 89 77 00 ! lbba@worldnet.fr USER NAME openup • PASSWORD scnbest 031 031 NEWS $ Keyware Technologies Ann Lambrechts % +32 2 721 4574 ! alambrechts@keyware.com Taiwan AFC Contract for VFJ A major contract to supply a one-card AFC (Automatic Fare Collection) system for over 8,000 buses in Taiwan has been awarded to VFJ Technology, the Smart Card subsidiary of Omnitech Holdings, along with its local system integration partner, the Baoruh Electronic Co. $ Mondex International Veronika Clough % +44 (0)171 557 5019 ! Veronika.clough@mondex.com $ MUZO Milan Laitl % +420 2 667 12087 ! mlaitl@muzo.com The project involves buses operating in the TaiChung, Kaohsiung, Tai-Nan city areas and other smaller cities within Taiwan. VFJ will provide the bus validators, card issuing machines and recharge terminals with implementation over a period of three years. $ NBS Technologies Philip Barton % +44 (0)1932 351531 ! philip.barton@nbstech.co.uk $ neusciences John Davies % +44 (0)1703 664011 ! biometrics@neusciences.com VFJ and Baoruh successfully installed the first contactless Smart Card fare collection bus system in Kinmen, Taiwan, in November last year with full operation in January 2000. $ Proton World Ms Dominique Hautain % +32 2 724 5111 ! info@protonworld.com David Samways, Managing Director of VFJ Technology, said: “The implementation of VFJ’s newly developed bus system in Taiwan is indicative of the considerable interest already being displayed by operators in many countrie who are upgrading their automatic far collection transportation systems.” $ SAGEM Marc Ferrant % +33 (0)1 40 70 69 75 ! marc.ferrant@sagem.com $ Schlumberger Dirk Hinze % +33 (0)1 47 46 79 50 ! hinze@montrouge.tt.slb.com National Express Buys Into PCL National Express, the UK coach company, is taking a 10 per cent stake in Prepayment Cards Limited (PCL) at a cost of £4 million. 032 032 032 032 Shareholders in PCL include bus rivals Stagecoach and FirstGroup, plus ERG and Sema Group. The group aims to produce a system which will allow passengers to use the same ticket for journeys throughout the country, meeting government policy on integrated transport. The cards will also enable National Express to keep track of its customers. A company spokesman said: “We will be able to see where and how people travel at what times.” He added that the new Smart Card will be contactless and will reduce queues. National Express plans to pilot the scheme in Coventry by the end of the year. Contact $ Paul Henry PCL % +44 (0)207 830 5328 ! phenry1062@aol.com ! www.nationalexpress.co.uk Contact $ Esmond Tsang VFJ Technology % +61 2 8853 8000 & +61 2 8853 8088 G&D Acquires NatWest Centre Giesecke & Devrient has acquired the National Westminster Bank’s London based personalisation centre for financial cards and also plans to set up card production facilities. Jürgen Nehls, Managing Director of G&D’s Cards and payment and Security Systems, explained: “The migration from traditional magnetic stripe cards to chip based technology will make the UK a major player in the worldwide card market.” G&D said its new subsidiary will personalise magnetic stripe and chip cards and plans to upgrade the existing technology to introduce the personalisation of SIM cards for the UK market. Contact $ Christian Treinies Giesecke & Devrient % +49 89 4119-2125 SMART CARD NEWS • FEBRUARY 2000 NEWS On Track Innovations (OTI), specialists in contactless Smart Cards, and Credencial Argentina, a provider of credit cards and transaction processing network in Argentina, have announced a marketing alliance to introduce products based on Carta Credencial’s financial platform and OTI’s products. In terms of geographic regions, China remains the undisputed leader, accounting for a massive share of 61.2 per cent of total revenues in 1999. Meanwhile, the payphone phonecards sector emerges as the strongest performing product market in the same year, representing 73 per cent of total sales. This is followed by SIM cards (12 per cent), transportation/ automatic fare collection and the institutional sector. They will introduce a Smart Card for retail, fuel, financial, health and logtrack applications utilising the Credencial Argentina’s network and role as an issuer of banking cards in the Argentinean market. Frost & Sullivan industry analyst Alyxia Do predicted: “Revenues for digital wireless telecommunication SIM cards (for both GSM and CDMA) will increase dramatically over the forecast period.” Contact $ Ohad Bashan President, OTI America % +1 408 919 5525 ! ohad.bashan@otiamerica.com The study analyses Smart Card markets in Australia/ New Zealand, China, Hong Kong, India, Japan, Korea, Malaysia, The Philippines, Singapore, Taiwan and Thailand. OTI and Credencial Alliance ABC Contract From Chase American Biometric Company (ABC) has been awarded a contract by Chase Manhattan Bank (Chase) to provide hardware and software for a computer access control pilot. The pilot project utilises ABC’s new software product, Trinity, which will be deployed to various desktops at Chase’s global locations. Trinity is a single sign-on package that reduces helpdesk costs and increases user convenience by eliminating the large number of passwords a user must remember. Security can be enhanced through Trinity’s support for hardware authentication using Smart Cards and/ or fingerprint recognition. Chase has initially opted to provide all pilot users with ABC’s BioMouse Plus integrated fingerprint scanner and Smart Card reader. Contact $ Marshall Sangster ABC % +1 613 736 5100, ext. 139 ! www.biomouse.com Pan Asia Opportunities According to new Frost & Sullivan research, Pan Asian Smart Cards, total revenues are up from $233.0 million in 1998 to $263.0 million in 1999. Driven by increasing demand for multi-application Smart Cards, revenues should continue to increase at a strong pace, reaching $830.0 million by the end of the forecast period in 2005. Pan Asian Smart Card Markets Report is priced at US $3,450. Contact $ Public Relations Dept Frost & Sullivan % +44 (0)171 915 7824 & +44 (0)171 730 3343 ! kristina.menzefricke@fs-europe.com First Mondex Origination System ACI Worldwide and Mondex Australia have announced the introduction of the world’s first fullfunction Mondex Originator system to support Smart Card electronic cash. The Originator Territory Management System was developed by ACI Worldwide. The management and control of Mondex e-cash in circulation in any particular currency territory is the responsibility of an ‘Originator’ set up by the local Mondex franchisee. The Mondex Originator in each currency territory plays a role similar to that of a central bank in relation to traditional cash, by creating and distributing Mondex electronic value and ensuring the integrity of the system. Contacts $ Gene Hinkle ACI Worldwide % +1 402 390 8906 ! hinkleg@tsainc.com $ Rod Amos Mondex Australia % + 00 61 3 9655 2414 ! ramos@mondex.com.au USER NAME openup • PASSWORD scnbest 033 033 033 033 NEWS Schlumberger Acquires telweb TPG $300-$500m for Gemplus Schlumberger Test & Transactions has acquired 100% of the capital stock of telweb, inc., a Canadian start-up, in a move to position itself in the fastgrowing domain of Web-based e-commerce and information networking. Gemplus has announced that Texas Pacific Group, an international private equity firm, has agreed to invest between $300 and $500 million in equity into the company. The Group will join Founder and Chairman Marc Lassus, Gemplus employees and members of the Quandt Family of Germany, as one of the major shareholders of Gemplus. Terms of the transaction were not disclosed. Headquartered in Quebec, Canada, telweb is a pioneer of Internet accessibility with its WebPayphone Network and has already secured several major public Internet portal installations. Deployment of its system has begun in the City of Calgary and at Schiphol Airport, Amsterdam. Public Internet portals provide a resource that allows users, such as business traveller and daily commuters, to quickly conduct secure transactions and communications without a PC. Real time merchandising is enabled via credit and Smart Card transactions in a secure network environment. Target environments include airports, hotels, business communities and municipalities. Contact $ Michele Bernhardt Schlumberger % +1 408 501 7145 ! michele@san-jose.tt.slb.com iD2 Technologies has appointed Huw HampsonJones, former Senior Vice President of Siemens Business Services, as Executive Vice President, for Sales. Mike Herman has been appointed Vice President of Mobile Commerce at Thyron. Currently he is acting chairman of the Global Mobile Commerce Forum (GMCF). Prior to joining Thyron he was a business development manager at BT Cellnet. 034 034 034 “We are honored to welcome Texas Pacific Group as a major investor in Gemplus,” said Dr Marc Lassus, Gemplus’s founder and Chairman. “In addition to capital, Texas Pacific Group brings a dynamic understanding of our market. This investment and strategic partnership will accelerate our already rapid growth in the evolving e-commerce and wireless environments. With the support of TPG, we believe we can lead the transformation of the US market, primarily through the deployment of our leading-edge computing security applications.” “This investment signals a powerful vote of confidence in the sustained leadership of Gemplus and the vision of Marc Lassus,” said Abel Halpern, Managing Director of Texas Pacific Group Europe. People on the Move 034 Gemplus says it will use the new capital to expand its presence in the wireless communications, ecommerce, and Internet security markets. Thyron has also announced the appointment of Martin Whitworth as Vice President, Development - Public Key Infrastructures. Previously he was a senior e-business consultant at iGroup Consultancy. Domain Dynamics has appointed Martin George as Sales Manager for e-commerce applications of its signal processing, speaker verification and word recognition technology, TESPAR. A graduate of the Engineering Department of Cambridge University, he joins the company from Camtech Marketing. “Lassus and his management team have positioned themselves at the point of the convergence of wireless communications and the Internet. Gemplus Smart Card solutions will be the key enabling technology in 3rd Generation wireless networks. In addition, Gemplus’ security software solutions provide a powerful defense against Internet fraud and cyber crime. They have the potential to become the ubiquitous security standard in the on-line world.” Halpern added: “Gemplus are innovators and technology pioneers, always looking for the next wave of Smart Card growth. At the same time, they have a real business that generates real profit. This is a landmark investment for Texas Pacific Group.” Contact $ Owen Blicksilver Gemplus (US) % +1 212 419 4283 $ Severine Percetti Gemplus (Europe) % +33 (0)4 42 36 67 67 SMART CARD NEWS • FEBRUARY 2000 NEWS New Electronic Services in Finland Certall, a Finnish consortium, has selected CyberTrust to deliver new electronic services that will enable Finnish citizens to conduct a wide variety of secure transactions over the Internet including bank and stock transactions. “CyberTrust’s Global Certification Authority (CA) product will allow us to issue digital certificates (electronic credentials) that will efficiently serve the growing needs of our citizens as well as enable us to enter the certificate management marketplace by securing electronic transactions for other organisations,” said Jukka Koskinen, President of Certall. Finnish citizens will be able to conduct a wide variety of secure transactions streamlining many everyday activities. For example, Certall member Leonia Bank will allow customers to securely conduct bank transactions over its mobile network while other partner companies will enable customers to trade stock electronically and securely over the Internet using their mobile phones. Certall is jointly owned by Merita Nordbanken, one of the biggest banks in Scandinavia, Sonera, Leonia Bank, Tieto Enator, the Finland Post and Osuus-pankki. services. It is envisaged that the card will be used with PCs, wireless devices and Digital TV as well as in the high street. A beenz counter Smart Card application is currently being developed by Mondex International and both parties are in discussions with technology and manufacturing partners to create the necessary devices and systems to support the new card. In addition to technical development, the companies will recruit merchants and service providers to enable real/virtual world use of the applications. Commenting on the deal, Philip Letts, Chairman and CEO of beenz.com, said: “Mondex and beenz are a perfect fit, offering consumers and merchants the winning combination of electronic cash and electronic currency.” Consumers can earn beenz at Web sites and can spend their beenz on DVDs, sporting goods, vacations, books, downloadable music, clothing, gift certificates and thousands of other products and services at participating traders. There are 450 million beenz in circulation and beenz.com inc has just completed its 14 millionth transaction. Contact $ Bill McIntyre beenz.com % +44 (0)171 419 7000 ! bill@bbpr.com $ Robin O’Kelly Mondex International % +44 (0)171 557 5036 ! robin.okelly@mondex.com Contact $ Michael Yaffe CyberTrust % +1 781 455 4536 ! michael.yaffe@cybertrust.gte.com Java set-top box Philips Semiconductors, and TCPConnect AG have announced the world’s first implementation of Sun Microsystems’ Java Media Framework and Java Smart Card on a set-top box. The new Java technology software runs on the TCPConnect M@gic Box digital set-top box, powered by Philips Semiconductors’ TriMedia Very Long Instruction Word (VLIW) processor. Sun’s Java Media Framework is an application programming interface (API) that enables the M@gic Box set-top box to offer television content in a wide variety of formats, while Sun’s Java Smart Card allows the set-top box to support secure electronic fund transactions including e-commerce and pay-TV applications. FirstGroup Joins PCL FirstGroup, one of the largest UK and international bus operators, has agreed to acquire a 20 per cent interest in Prepayment Cards Limited (PCL) from ERG Limited. PCL is the joint venture company set up by ERG, Stagecoach Holdings and Sema Group UK to provide a Smart Card issuing and clearing system for UKwide transport operators to meet the UK Government’s policy on integrated transport. Mondex e-cash and beenz FirstGroup will roll-out Smart Cards across its bus fleet in Greater Manchester and has already started installation of ERG’s bus ticketing equipment. As part of its investment in PCL, FirstGroup intends to introduce Smart Card technology progressively across its bus and rail fleets throughout the UK over the next few years. beenz.com, creator of the Web’s currency beenz, and Mondex International have announced an agreement to develop a Smart Card capable of carrying Mondex e-cash, beenz and complementary e-commerce Contact $ Paul Henry PCL % +44 (0)207 830 5328 ! phenry1062@aol.com Contact $ Paul Morrison Philips Semiconductors % +1 408 474 5065 ! paul.morrison@vlsi.com USER NAME openup • PASSWORD scnbest 035 035 035 035 SMART CARD TUTORIAL Briefing notes on Multi-application Smart Cards – Part 4 We have continuously stressed the importance of the application provider having to trust the security of the platform onto which he loads his application. By default this means that he also has to trust the platform cryptographic keys. At this stage in the process we are trying to find a way of installing secret data such as application cryptographic keys into the card in a secure fashion. From an architectural point of view the simplest approach would be for the application provider to encrypt the sensitive data with the platform key. Clearly it is not practical from a security point of view for the platform issuer to provide the application provider with the secret key of the platform. However if the platform already has its own unique public key/ secret key pair installed then the application provider could obtain a certified copy of the public key either from the card or from the platform provider. The necessary steps are shown in figure 8. The application provider initially obtains the certified public key of the card. This could be obtained from the card by direct interrogation or by reading the unique ID of the card and obtaining the certified public key from the platform issuer. The application provider can check the authenticity of this public key by validating the certificate provided with this key. In general this certificate would have been created by the platform issuer and again the application provider would have to trust the platform issuer in this process. The application provider then enciphers the necessary application data using the validated public key. When the card receives this enciphered data it uses its secret key to recover the plain text data. 036 036 036 036 This all seems so simple and secure why would you do it any other way? Well in the first instance it is possible that the card is not capable of effecting public key cryptographic operations. Whilst this may have been common a few years ago it seems an unlikely scenario for any modern multi-application card . The main objection to this process which we alluded to previously is the problem of efficiency. Because we assume that each card has its own unique public/secret key pair then the application load module must be prepared individually for each card. From a security point of view this is or course an advantage but from an operational stand point it might be desirable to prepare a single application unit that could be loaded onto a batch of cards. The second and perhaps over riding objection is the work function necessary in the card to decrypt the enciphered data. A single block of say 64 or 128 bytes would be fine but if the application provider wanted to encipher the total application data and perhaps even the application code we might be faced with the problem of deciphering 4 or 8 Kbytes of data. With a public key operation such as RSA this would be a significant performance overhead. The next best alternative is to establish a load session key for enciphering and deciphering the application data. This approach is shown in figure 9. The application provider enciphers the sensitive application data using a symmetric algorithm such as DES with a key chosen by him (X). As in the previous case the application provider then obtains the certified public key of the card either directly from the card or from the platform issuer. The application provider enciphers the key X used previously with the public key validated from the card certificate. This enciphered key is then provided to the card. Using the card secret key the symmetric key X is recovered. When the card receives the application and enciphered data it is then able to use the key X to decipher the relevant data. We should note that in both the methods described so far all the data can be pre-prepared. Since the platform issuer knows all the public keys of his cards he could provide the personalisation unit with a file of certified public keys indexed against the card’s unique ID. At the point of loading the application all that is required is to request the card’s ID and then the prepared load unit can be provided to the card. Although not recommended we will just have a look at how you would manage the application load process using only symmetric keys. In this case we will assume that the platform issuer has installed a unique secret key Zi in each card . The process is shown in figure 10. There are many weird and wonderful ways of using symmetric keys but the basic principles are the same. The platform issuer needs to provide the application provider with a key X to encipher his data and an enciphered version of this key using the particular key Zi installed in the card. It is of course unacceptable in general for the platform provider to give the secret key of the card to the application provider. SMART CARD NEWS • FEBRUARY 2000 SMART CARD TUTORIAL Card Application Provider Request Certified Public Key Card Public Key Certificate - Check Certificate - Encipher Data with Card Public Key Application + Enciphered Data - Decipher Data with Card Secret Key Figure 8 A Simple Public Key Approach Card Application Provider - Encipher Data with Secret Key X Request Certified Public Key Certifier - Check Certificate - Encipher Key X with Card Public Key Enciphered Key X 037 - Decipher with Card Secret Key to Recover X Application + Enciphered Data 037 - Decipher Data with Key X 037 Figure 9 A Load Session Key Method 037 USER NAME openup • PASSWORD scnbest SMART CARD TUTORIAL Card Application Provider Platform Issuer Request Card ID Card ID Request Key for Card ID Key X; Key X Enciphered with Card Key -Z- (ID) - Encipher Data with Key X Application + Enciphered Data + Key X Enciphered by -Z- (ID) - Decipher Using -Z- (ID) to Recover Key X - Decipher Data with Key X Figure 10 A Symmetric Key Method 038 038 038 038 Above, and inset: Jon Barber and Dr David Everett SMART CARD NEWS • FEBRUARY 2000 SUBSCRIPTION FORM Whether the application provider uses a unique key X for each card or a common key for a batch of cards is an operational / security trade off. It is clear that this exchange of keys between the platform issuer and the application provider needs to be implemented in a secure fashion which in itself suggests the establishment of a secure cryptographic channel between the two parties. When the card receives the application load module it first recovers the key X by deciphering with its particular key Zi. The card then uses the key X to recover the enciphered data. We can see from this process that the key management interchange between the application provider and the platform issuer is a non trivial problem. These problems can not be avoided by letting the platform issuer prepare the complete application load module since the application provider would then have to securely get his application secret data into the security domain of the platform issuer. We have so far carefully assumed that the platform issuer has managed to securely load some secret cryptographic keys into the card. Now how did he do that? Subscribe to Smart Card News " UK : £375 " International : £395 / €631.58 / $640.57 [ includes free News On Line access and Directory CD ] " Printed Papers " PDF (Adobe Acrobat via e-mail) " Both Formats £450 / €719.52 / $729.85 # Shipping : Inclusive " I wish to receive a free one week trial to the News On Line service. Here is my e-mail address: " Please send me ________ copies of the International Smart Card Industry Directory CD " subscriber : £25 per copy / €40 / $40.55 " non-subscriber : £100 per copy / €151 # Shipping : Inclusive " Please send me ________ copies of the Smart Card Tutorials CD : £150 / €239.85 / $243.28 per copy in the following format: " Word 6 " PDF (Adobe Acrobat) [Updates December - December upon request] # Shipping: £2 UK, £4 Europe, £7 Rest of World These products may be purchased directly by visiting our on line store: store.smartcard.co.uk Name To be continued next month. Dr. David B Everett Position Company Postscript In the forthcoming articles in this series we are going to show you how to prepare a simple application for a multi-application Smart Card. In particular we will demonstrate the loading, installation and operation of the application. In order to enable our readers to follow this process we are going to make available a development kit with a number of different multiapplication cards. The first development kit will be available in April and will consist of a Schlumberger Java card, a GIS Smart Card reader and a CD ROM containing the necessary software to manage the card application life cycle. This software has been developed by Jon Barber from our associated company MicroExpert Ltd. Jon has had considerable experience in the management of multi-application Smart Cards and we will be working together to help guide you through this part of the multiapplication briefing. We also intend to set up a help desk operating through our web site. Address Telephone Facsimile e-mail " Please invoice my company " Cheque enclosed " Visa/Mastercard/Eurocard/Access/Amex Card No. Expiry Date Signature 039 039 Please return to: Smart Card News Ltd. PO BOX 1383, Rottingdean, Brighton, East Sussex BN2 8WX United Kingdom 039 or facsimile : + 44 (0) 1273 624433 / 300991 This kit will cost £250 + VAT where applicable. We invite readers to e-mail us if they are interested in purchasing this development kit. or e-mail : scn@pavilion.co.uk Smart Card News carries an unconditional refund guarantee. Should you wish to cancel your subscription at any time then we will refund all unmailed issues. USER NAME openup • PASSWORD scnbest 039