netsignia 210



netsignia 210
Subscribe to our News On Line service:
y 2000
Winners and No Winners
at Advanced Card Awards
There was surprise, if not shock, at the announcement of the
Advanced Card Awards 2000 at a gala dinner at the London Hilton
earlier this month when the judges declined to make awards in both
the Best Loyalty Application and the Best Payments Application
categories. Members of the audience booed and hissed when “no
winner” was announced in these two sections.
Judges later said that the entries did not meet the criteria laid down
and were therefore not entitled to an award. Reaction from conference delegates and exhibitors at the Smart Card 2000 show the
following morning supported the decision of the judges, and one
award winner said, “this makes our award even more valuable.”
Subscribers will receive either incard’s ‘Mokard’ (top)
or ‘electronic purse card’ (above) free with this issue
of Smart Card News.
Continued on page 23
© 2000 Smart Card News Ltd., Brighton, England. No part of this publication may be reproduced, stored in a retrieval
system, or transmitted in any form or by any means, electronic, mechanical, optical, recording or otherwise, without the
prior permission of the publishers.
February 2000
023 - 029
Proton for Croatian Banks
London Pass Launched
Gemplus/Telefnica Mviles Team
Schlumberger Visa Certification
F-Secure Adds iD2 Authentication
Internet Smart Card Applications
G&D Acquires NatWest Centre
032 - 035
National Express Buys Into PCL
OTI and Credencial Alliance
Schlumberger Acquires telweb
New Electronic Services in Finland
Cards on the Cover
incard’s phase 2+ GSM SIM card
Front cover
incard’s electronic purse card
Front cover
Oberthur's ConnectIC
Page 025
London Pass Card
Page 024
Special Feature
030 - 032
Main Photograph
The award winners at the Advanced Card Awards
Smart Card 2000 Show
If you wish to subscribe to Smart Card News
please complete the form on page 039
Smart Card Tutorial
036 - 039
Briefing notes on Multi-Application
Smart Cards Part 3
NB: This set of tutorials will be available to purchase
online in spring 2000
Smart Card News is published monthly by Smart Card News Ltd PO BOX 1383 Rottingdean Brighton East Sussex BN2 8WX England
Telephone : + 44 (0) 1273 236677 / 626677 • Facsimile : + 44 (0) 1273 624433 / 300991 • General Enquiries : [email protected] ISSN 0967 196X
Managing Director Patsy Everett [email protected] • Editor Jack Smith • Technical Advisor Dr David B Everett
General Manager Tara Lavelle [email protected] • Marketing Manager Albert Andoh [email protected]
Graphic Designer David Lavelle [email protected] • Customer Support Amanda Pearce [email protected]
North American Sales Office : Richard T Hauge 256 El Portal Way San Jose CA 95119-1413 USA
Telephone : +1 408 225 8074 • e-mail : [email protected]
Russian Agent : Alex Grizov Recon Company “Sport Hotel” 5th Floor Leninsky Prosp., 90/2 Moscow 117415 Russia
Telephone : +007 095 131 92 92 • Facsimile : +007 095 131 92 65 • e-mail : [email protected]
Asian Agent : J Clark Telephone : +852 2987 8737 • Facsimile : +852 2987 8732 • e-mail : [email protected]
India Correspondent : Shailaja V.R. e-mail : [email protected]
Editorial Consultants Dr Donald W Davies CBE FRS • Peter Hawkes • Simon Reed • Robin Townend
Printed by Design and Print (Sussex) Ltd. Telephone : +44 (0) 1273 430430
Don’t Forget!
Our On-Line Website, containing On-Line News, a Library of Smart Cards and information about the full range
of SCN services, can be found at the following address:
The ORGA Advanced Card Hall of Fame award
Michel Ugon, Vice President Advanced Research
and Security, Bull Smart Cards and Terminals
Advanced Card Awards
Continued from page 21
The judges comprised a distinguished panel of card
industry journalists, analysts and consultants, whose
cumulative experience has embraced the Smart Card
industry from its earliest days.
Their decisions in the 12 award categories were:
BT most innovative product announcement
Jointly: ConnectIC from Oberthur Card Systems, and
the world’s first WIM enabled Smart Card SmartX
from Gemplus, a new software technology that
simplifies Smart Card applications development.
Bull best transport or travel application
KEB Technology’s MIFARE Pro based Pager from
KEB Technology, a pager which acts as a contactless
Smart Card for ticketing
Best communications application
StarSIM Browser from Giesecke & Devrient, a
browser which allows mobile users to access the Web
via a SIM Toolkit mobile phone
Best loyalty application
No winner
STMicroelectronics best new security product
Biometric Cardholder Verification from Proton
World International and Keyware Technologies,
using Keyware’s layered biometrics protecting a
Proton application on a JavaCard
Card Technology best new chip
SmartJ from STMicroelectronics, a 32 bit Smart Card
chip offering direct Java processing
Best new product marketing campaign
Virgin Xtras from Virgin Mobile, a 32K SIM Tool
Kit application which provides access to the Virgin
Walled Garden of Services, Virgin Trains, Virgin
Atlantic, Virgin Radio and shortly Internet Browsing
Best payments application
No winner
Best new peripheral
Precise 100 SC from Precise Biometrics AB, a
combined fingerprint and Smart Card reader
RNIB usability award
Gujerat Smart Card Driving Licence from ORGA
Card Systems (UK), the biometrics and Smart Card
driving licence system for the State of Gujerat, India
The judges’ award
GSM Standard from ETSI and the GSM Association
“The results of this year’s Awards show just how
significant a role Smart Cards play in the new
electronic revolution,” said Jane Adams, Director,
Advanced Card Awards. “Products like ConnectIC
and the StarSIM Browser will be key components in
taking access to the Internet and mobile commerce
to the next level. The Advanced Card Awards help
to highlight the products that drive our industry and
vertical markets forward.”
Proton for Croatian Banks
MBU, a consortium of 27 Croatian banks, has become the Proton licensee for Croatia. Existing POS
terminals will be replaced starting this month, by new
Java-based C-ZAM/SMASH multi-applications
terminals from Banksys which will handle EMVcompliant credit/debit cards and the “domestic”
Proton e-purse and the CEPS Proton e-purse. Later
this year, the banks will replace existing magnetic
stripe cards with Smart Cards containing both the
EMV-compliant credit/debit applications and the
Proton e-purse application.
$ Ms Dominique Hautain Proton World
% +32 2 724 5111
! [email protected]
$ Sergio Uran MBU
% +358 1309 1555
! [email protected]
Gemplus and Sonera SIM Card
Sonera SmartTrust, a provider of Public Key Infrastructure (PKI) based security solutions, and
Gemplus, have announced that they will enter the
market with a GSM Subscriber Identity Module
(SIM) card featuring digital signature and Public Key
encryption enabled by Sonera SmartTrust technology
embedded in the Gemplus SIM card. “Sonera SmartTrust technology enables the use of tamper-proof
digital signatures and 1024 bit RSA-algorithm for
data encryption, which is vital for doing business in
the wireless environment,” said Harri Vatanen,
Sonera’s CEO and President.
$ Ms. Sari Laitinen Sonera SmartTrust
% +358 40 511 8108
! [email protected]
$ Tim Baker Gemplus
% +33 442 36 51 41
! [email protected]
USER NAME openup • PASSWORD scnbest
London Pass Launched
SIMalliance Formed
London has launched a new pre-paid Smart Card for
tourists called the London Pass which offers
unlimited travel in London and discounted entry to
over 40 leading leisure attractions, including
museums, art galleries, cinemas and zoos. Tourists
can purchase 1, 3 or 6 day adult or child passes. The
London Pass also includes a 100-page colour guide
and £5 worth of telephone calls.
Four leading global Smart Card manufacturers Gemplus, Giesecke & Devrient (G&D), ORGA
Kartensysteme and Schlumberger - have formed a
consortium called the SIMalliance to maximize the
GSM Operator benefits from SIM Card and SIM
Application Toolkit usage in the growth of valueadded-services.
The card offers unlimited access over one, three or
six days for £18, £42 or £74 for adults. Children pay
£11, £22 or £38 for the same durations. Passes can
be booked over the Web ( or
by phone (0870 2429988) and picked up at the Britain
Visitor Centre in Regent Street.
Andrew Grahame, Director of The London Pass,
said: “This is a ground-breaking way for people to
see London. It is the first time we have had such a
pass and the range of attractions mean that there is
something of value to entertain everyone.”
Applied Card Technologies (ACT) designed the
London Pass solution for Arrival Marketing. The
card itself is a memory card with a Siemens chip.
Tourists benefit from discounted entry to attractions
and no queuing, while operators can extend their
marketing reach, adopt paperless ticketing and start
employing Web-based e-business techniques without changing their existing IT infrastructure.
Attraction operators only need to install a card reader
terminal at the entry gate which automatically collects
information as tourists enter, including details of
where the card was bought, nationality of the user
and details of the transaction. The terminal will supply
operators with reports such as visitor totals, or
breakdowns of the type of pass.
Collected data is also uploaded each night to a secure
Web-enabled Oracle database run by ACT. This
database can be accessed using a standard web
browser, to allow operators to analyse the information
to improve their marketing.
$ Andrew Grahame Arrival Marketing
% +44 (0)171 287 6020
! [email protected]
$ Gary Watts Applied Card Technologies
% +44 (0) 1249 751 006
! [email protected]
The SIMalliance explained that their move comes at
a time when the major concerns and challenges in
mobile communications are the raft of proprietary
operating systems that are inevitably created,
competing against each other not always in the
interests of end users, or the interoperability that will
drive the industry as a whole.
Dr Klaus Vedder, Executive Vice President Telecommunications at G&D, said: “SIMalliance is a
natural progression. Within ETSI, SIMalliance
members have been driving GSM standardisation
forward for over 10 years.”
While in the real world proprietary systems will
always exist, the aim of SIMalliance is to produce
open and global specifications for facilitating massmarket penetration of new SIM-based applications
and services. It aims to accelerate the introduction
of services designed for WAP, by exploiting existing
GSM handsets and infrastructure. As the concept of
the mobile Internet becomes reality, software rather
than hardware interoperability will be the key concern
for issuers and users, creating the need for good
Virtual Machines (VMs) and interpreters.
Eric Tholomé, Product Line Manager for Mobile
Communications Servers and Applications at
Schlumberger pointed out: “The Air technology,
although a commercial success for operators, has so
far not reached its full potential because of interoperability reasons. Therefore, the aim of SIMalliance is to get it right from the start and get it right
At the SIMalliance headquarters in Brussels, two
groups of representatives from each member company meet on a regular basis. It is the responsibility
of the Technical Development Group (TDG) to draw
up the new specifications, while the Business Development Group (BDG) will handle the marketing,
promotional and industry communications requirements.
The SIMalliance has announced its first open global
specification - [email protected] (SIM @lliance Toolbox), the
new specification for interoperable systems and
products for the mediation of WML-based (WAP)
services to SIM Toolkit enabled phase2+ handsets.
The consortium says it welcomes new members who
are able to contribute to its stated objectives, especially experts in the SIM and SIM Application Toolkit
fields, as well as operators and service providers who
want to maximize the implementation of SIM-based
applications and solutions.
The SIMalliance Chairman (a rotating position) is
Vincent Biraud, Product Marketing Manager at
$ Vincent Biraud
! [email protected]
Gemplus/Telefnica Mviles Team
Gemplus and Telefnica Mviles, the leading mobile
phone operator in Spain, have announced a collaboration in which the GSM operator will receive the
largest single shipment of GemXplore ‘Xpresso SIM
cards to offer a Java Card 2.1 based prepaid service
to its subscribers.
The SIM card will be integrated into MoviStar Activa,
Telefnica Mviles’ GSM prepaid service, already
using Gemplus GemXplore98 SIM cards.
With Java Card technology provided by Gemplus
the mobile phone user will now be able to roam. In
addition, Telefnica Moviles will introduce information-on-demand (IOD) services and STK-based
value added services.
“Telefnica Mviles is setting the trend for the future
of the European GSM market with extensive use of
STK services on an advanced SIM card platform
such as Java Card SIM,” said Michel Canitrot, Vice
President of GSM and Payphone, Gemplus.
Telefnica Mviles is Spain’s leading mobile phone
operator with more than nine million customers,
including more than five million prepaid users.
$ Severine Percetti Gemplus
% Telephone: + 33 (0)4 42 36 67 67
! [email protected]
Secure Mobile Commerce Plan
MasterCard International and Oberthur Card
Systems have announced a joint marketing and
development agreement to provide a variety of secure
ways to pay for goods and services using mobile
phones and will support mobile commerce pilots in
more than seven countries to demonstrate the ease,
flexibility and security of mobile transactions.
Under the terms of the agreement, Oberthur will
support the entire family of MasterCard payment
products, including MasterCard credit and debit,
Maestro, Mondex, and M/Chip, MasterCard’s chipbased integrated credit/debit application in mcommerce.
Specifically, Oberthur will enhance its SIMphonIC
SIM Application Toolkit card and ConnectIC
Wireless Application Protocol (WAP) enabled Smart
Card products to enable acceptance of MasterCard
payment products. These developments will allow
MasterCard’s member financial institutions to offer
their customers secure mobile banking and the option
to pay for goods and services when they are on the
It was only last November that MasterCard announced the formation of its Global Mobile Commerce
Team to focus on the convergence of the card
payments and mobile telephony industries. This
agreement is one of the first results.
“Through our relationship with MasterCard,
Oberthur will be making mobile commerce a reality
for the millions of MasterCard holders around the
globe,” said Amedeo D’Angelo, Corporate Vice
President Smart Card Development, Oberthur Card
Oberthur has also announced plans to become a
member of the Chip Vendor Services Program
(CVSP) launched last year by MasterCard and its
European partner, Europay International, to develop
a pool of companies trained and experienced in
providing chip implementation services for chip
products linked to MasterCard/Europay brands.
$ Christina Costa MasterCard International
% +1 914 249 4606
! [email protected]
$ Stephanie de Labriolle Oberthur Card Systems
% +33 (0)1 41 25 28 42
! [email protected]
USER NAME openup • PASSWORD scnbest
Schlumberger Visa Certification
Thyron Acquires LD Consulting
Schlumberger has received Visa’s highest product
security rating and certification and has begun
shipping its new Visa Cash 1.6.1 stored value cards
for distribution in Asia and the US.
Thyron, now specialising in secure e- and mcommerce solutions, has acquired London-based
HR (Human Resources) and change management
specialist, LD Consulting, as part of its global
The new card provides multiple application features
and simplified customisation for the user. In addition
to the Visa Cash e-purse application, it also contains
the Visa Smart debit/credit facility and provides
support for up to 12 loyalty programs.
The company says the acquisition will allow it to
offer its customers a range of consultancy services,
including change management, training and development, to help them adapt to e-commerce technology.
LD Consulting’s client list includes BT, National Car
Rental, Southern Water, Nokia and One2One, and
its team of consultants will operate within Thyron’s
existing HR Division. Managing Director, Dr Ellen
Balke, joins Thyron as Senior Vice President of HR
and Consultancy Services.
$ Dirk Hinze Schlumberger
% +33 (0)1 47 46 79 50
! [email protected]
Mexican Banks Select Mondex
Banco Nacional de Mexico, Bancomer and Banco
Internacional, the three largest credit card issuers in
Mexico, have purchased exclusive franchise rights
to develop Mondex in Mexico and have joined forces
to promote a new national Smart Card infrastructure
incorporating Mondex electronic cash. The trio have
invited the rest of the Mexican commercial financial
institutions to join them in the use of Mondex as the
national e-cash system.
Mondex electronic cash, developed by Londonbased Mondex International is currently under
development in over 75 countries around the world.
Chandra Patni, Thyron’s CEO, explained: “This
acquisition is a further example of how we are
continually strengthening our service offering. In
order to develop long lasting partnerships with our
customers, we must do more than install a workable
system; we must become a one-stop shop for all their
e- and m-commerce needs.”
$ Norrie Blackeby Thyron
% +44 (0)1923 236050
! [email protected]
Mini-Browser for Mobile Phones
$ Robin O’Kelly Mondex International
% +44 171 557 5036
! [email protected]
Oberthur Card Systems has launched Version 2 of
its SIMphonIC Mini-Browser enabling GSM mobile
users to access interactive Web applications via their
phone’s display.
Guido Mangiagalli, Oberthur’s GSM Applications
Product Manager, said: “With the Mini-Browser,
mobile handset users will be able to make electronic
payments, reserve and purchase tickets and undertake
any number of transactions.
Collector’s Corner
Cards in our Collector’s Corner come this month
from incard, Italy’s leading Smart Card manufacturer.
You will either receive the Mokard, a phase 2+ GSM
SIM card which has a Java Virtual Machine fully
compliant with the Java Card 2.1 specification and
can be accessed Over The Air (OTA); or incard’s
electronic purse card, the IMP multi-application and
EMV compliant card which ranges from a low
memory capacity up to 16K bytes EEPROM.
“The real breakthrough with V2,” he added, “is the
ability to add, remove and list the card status with
no interruption to normal GSM operation.”
$ Stéphanie de Labriolle Oberthur
% +33 (0)1 41 25 29 79
! [email protected]
F-Secure Adds iD2 Authentication
Smart Cards for China’s Tollways
F-Secure Corporation (formerly Data Fellows) is to
add iD2 Technologies’ Smart Card-based user
authentication technology to its integrated security
China is forging ahead with the introduction of a
contactless Smart Card automatic payment system
for its tollways. In the first quarter of this year,
Chongqing city, the fourth principal city of China,
will start using the one-card multi-application Smart
Card payment system developed by Sydney, Australia-based VFJ Technology (VFJ), a subsidiary of
Omnitech Holdings.
In a first step, F-Secure will integrate iD2 Personal
software into its F-Secure VPN+ product suite for
quarter one availability.
“More and more people now work remotely and
depend on their company’s VPN to access their files,”
explained Bjorn Gustavsson, President of iD2
“However, unsecured VPNs run the risk of exposing
intellectual property to persons outside of the
organisation. Now, with added user authentication
technology, network managers can be sure that the
person requesting access to the network is who they
say they are.”
Topi Hautanen, F-Secure’s Product Manager, said:
“Smart Cards are not only unique in combining high
security and ease of use, but they are extremely
manageable. This is perfect for large organisations
with many hundreds of remote network users. A
network administrator has central control over access
privileges and can quickly revoke expired cards.”
$ Karin Kronborg iD2 Technologies
% +46 8 775 5200
! [email protected]
$ Topi Hautanen F-Secure Corporation
% +358 9 859 900
! [email protected]
Six major tollway projects utilising the VFJ
Technology system are already in operation in the
Guangxi, Yunan, Guangdong and Shanxi provinces
and there are plans to extend all of these tollway
In Sichuan province, with the tollway system already
in operation, there are some 2,600 kilometres planned
for completion by the year 2004, with implementation
of the one card system in the year 2000. VFJ says it
has been approved as a preferred supplier for this
The company adds that plans for the implementation
of its one card system have also been developed for
the Shandong province with 2,800 kilometres of
highways near completion.
ActivPack for Novell Security
ActivCard SA has announced ActivPack to deliver
an integrated identity and Smart Card management
solution for Novell Directory Services.
ActivPack enables administrators to streamline user
access controls and update them as appropriate at the
server. Users insert their Smart Card, enter a PIN and
are then transparently authenticated using the PKI
credentials on the card.
$ Frederic Engel ActivCard
% +33 (0)1 42 04 84 00
! [email protected]
In the Chinese capital, Beijing, the massive highway
system is in the process of upgrading from magnetic
stripe cards to a contactless Smart Card automatic
payment system. VFJ Technology says it has
presented plans for the Beijing to Tianjin project and
expects this project to proceed in the first half of
The VFJ proprietary contactless Smart Card system,
VFJ ASSET, allows tollway users to travel, intracity or inter-city within major provinces in China,
using a uniform card.
Peter Au, Managing Director of Omnitech Holdings,
said: “The Chinese Government has publicly announced an infrastructure budget of US$1 Trillion,
with a major focus on tollway construction.”
VFJ has offices in Hong Kong, Guangzhou, Beijing,
Shanghai, with its head office in Sydney, Australia.
$ Esmond Tsang VFJ Technology
% +61 2 8853 8000
& +61 2 8853 8088
USER NAME openup • PASSWORD scnbest
Internet Smart Card Applications
Privalink Receives FDA Clearance
Digital Courier Technologies, an electronic commerce payments company specialising in fraud and
risk control, and National Australia Group Europe
Limited, an international financial services group,
have announced an agreement to distribute multiple
application Smart Cards for select merchants and
Lifestream Technologies has announced clearance
by the US Food and Drug Administration of its
proprietary Internet software accessory Privalink
which combines a regulated medical device and
patient information through an Internet portal using
SmartCards and high-level encryption. The Privalink System, developed by Secured Inter-active
Technologies which was recently acquired by Lifestream, enables healthcare professionals to perform
a total cholesterol test, add additional patient health
information, perform health risk analysis with the
Lifestream Technologies’ Cholesterol Monitor, and
then return a personalised patient evaluation booklet
through the Internet in less than 10 minutes.
Digital Courier’s Internet Payment Gateway will be
integrated with the National Australia Group’s global
payment services. The announcement follows Digital
Courier’s recent agreement with Mondex International to develop an Internet gateway to enable
Mondex electronic cash.
National Australia Group will combine its Value
Management Server for Mondex electronic cash with
Digital Courier’s Payment Gateway and Server Side
Wallet to facilitate the development of a Smart Card
program and to enable acquiring and payment
processing services for electronic cash, and Smart
debit and credit.
Peter Thomas, Group General Manager of Global
Payments, National Australia Bank, said: “We expect
our joint Smart Card program to offer our customers
a solution that lowers payment costs, reduces charge
back exposure and creates an affinity relationship
between merchant and consumer.”
Free Cards for NetCityzens
CardBASE and Visa Collaboration
“The country and Congress are concerned about the
privacy of medical records and their transmission via
the INTERNET. Privalink answers those concerns,”
said Ken Clegg Director of Information Technology,
for Lifestream. “Privalink is a proprietary method to
ensure that a patient’s personal information is
separated from his or her medical record in the
database. Patients carry a ‘key’ to that record on their
Personal Health Card, which is a personal Smart
Card,” he said.
$ Marie Hirsch Lifestream Technologies
% +1 208 457 9409, ext. 1209
$ Eileen Iguchi Digital Courier
% +1 435 655 3617
! [email protected]
$ Julie McBeth National Australia Group
% +61 3 8641 3270
! [email protected]
Christopher Maus, Chairman and CEO of Lifestream
said: “Privalink is the world’s first system connecting
a regulated.
CardBASE Technologies (formerly CSI) and Visa
International have announced their collaboration in
the development of software solutions that will enable
Visa member banks to issue multi-application chip
cards. The system, based on the recently announced
Common Electronic Purse Specifications (CEPS),
will support the Visa Cash electronic purse product.
$ Aileen Carmody CardBASE Technologies
% +353 1 284 3233
! [email protected]
Litronic has been selected by, an online village, to provide the electronic security infrastructure for its members and internal operations. members, or NetCityzens, will be able
to shop, bank and e-mail in the first personalised
Internet and e-commerce environment secured by
Smart Cards and public key infrastructure (PKI)
technology. is also breaking new ground by giving
away Microsoft’s Windows Powered Smart Cards
and Litronic’s Smart Card reader and PKI security
software to every NetCityzen.
Litronic has received an initial order to supply with 100,000 NetSignia 210 Smart
Card readers and NetSign software that Smart Cardenables leading Web browsers.
NEWS will also be using ProFile Manager,
Litronic’s premier management tool for deployment
of Smart Card and PKI technology.
Gary Brooks, founder of said: “We
already have 100,000 NetCityzens in our virtual
community that will be using Litronic’s technology,
and expect to have one million by the end of this
year. Litronic’s infrastructure is significant to our
anticipated membership growth.”
In the future, members will be able to take their Smart Cards and use them off-line with
ATM terminals, PDAs, GSM cellular phones, or at
businesses that accept them, offering a simple and
secure means of transacting and communicating
Bill Holmes, Vice President of Sales and Marketing
at Litronic, said: “By giving away Smart Cards and
readers, is making a major commitment to the consumer and accelerating the introduction of secure e-commerce, which will be
demanded by every user on the Internet very soon.”
$ Gina Ray • Jackie Zerbst (T&O PR)
% +1 949 833 8006
! [email protected] or [email protected]
First MIFARE Certification
Schlumbeger’s Easyflow M8K contactless memory
card is the first contactless Smart Card to receive
certification from Arsenal Research, the independent
MIFARE Certification Institute.
“The certification of Easyflow M8K is an important
stage in our development of standardised Smart Card
products that conform to specific international
norms,” commented Lucas Witkam, Schlumberger’s
Product Line Manger Prepaid Cards and Tools.
$ Dirk Hinze Schlumberger
% +33 (0)1 47 46 79 50
! [email protected]
GlobalPlatform Elects Board
GlobalPlatform, the cross industry Smart Card
group formed to advance a standardised infrastructure for multiple application Smart Cards, has
announced the appointment of Steve Brown,
Business Development Manager for Smart Cards,
British Telecomm-unications, as Chairman; and
Philip Yen, Senior Vice President of Internet and
Access Channels at Visa International, as Vice
Also appointed to the Board were Seiichi Ido,
Associate Senior Vice President, Information
Sharing Platform Laboratories at NTT Corporation;
Masanori Maeda, Senior Vice President Electronic
Commerce Department at JCB Co.; Vince Pizzica,
National General Manager of Personalised Solutions at Telstra; Dr Chung Wook Suh, Chairman
of TTA, South Korea; and Glenn Weiner, Vice
President Smart Card Technologies at American
Express Company.
The new Board defined four working committees
and selected their respective chairs. Dominique
Hautain, Executive Vice President at Proton World,
is chair of the Business Committee; Nicole Moyal,
Director at American Express. chairs the Systems
Infrastructure Committee; Jim Lee, Senior Vice
President at Visa International, chairs the Card
Infrastructure Committee; and Michel Dargent,
architect and New Product Manager at Ingenico,
chairs the Terminal Infrastructure Committee.
Global Platform announced in October 1999 that it
was established to reduce the barriers hindering the
growth of cross industry, multiple application Smart
Cards and currently has 33 members representing
the payments, communications, government and
vendor communities.
$ Caroline Love MS&L
% +1 415 364 3827
! [email protected]
Gemplus and Sonera SIM Card
Sonera SmartTrust, a provider of Public Key Infrastructure (PKI) based security solutions, and
Gemplus, have announced that they will enter the
market with a GSM Subscriber Identity Module
(SIM) card featuring digital signature and Public Key
encryption enabled by Sonera SmartTrust technology
embedded in the Gemplus SIM card.
“Sonera SmartTrust technology enables the use of
tamper-proof digital signatures and 1024 bit RSAalgorithm for data encryption, which is vital for doing
business in the wireless environment,” said Harri
Vatanen, Sonera’s CEO and President.
$ Ms. Sari Laitinen Sonera SmartTrust
% +358 40 511 8108
! [email protected]
$ Tim Baker Gemplus
% +33 442 36 51 41
! [email protected]
USER NAME openup • PASSWORD scnbest
Smart Card 2000 Show
Mondex International and FutureTV annnounced
a partnership to provide electronic cash for
personalised television services. At the show,
FutureTV demonstrated how Mondex electronic cash
operates on its MiTV service - the first “pay-as-youuse” digital TV model in the market. The technology
from FutureTV uses a Mondex-enabled settop box
which allows visitors to pay only for the time they
spend watching their chosen programmes.
Four members of the MAOSCO Consortium
announced that they will establish an Association in
Japan to promote MULTOS on 1 April. They are:
Dai Nippon Printing Co, Hitachi, Fujitsu and
MasterCard International.
Cardis Enterprises International BV (Cardis)
announced the signing of an exclusive licensing
agreement with Wellington-based EFTPOS New
Zealand to commercialise the deployment of Cardis’
Ultimus Smart Card based payment system into the
Australian and New Zealand markets. Ultimus
enables the extension of the EMV (Europay,
MasterCard, Visa) credit and debit card products into
mircropayment. The same card can be used for
transactions of $10,000 or one cent and can be
managed by the existing clearing and settlement
infrastructure. The cards can be accepted in attended,
unattended, mobile (for example GSM phones) and
Internet point of sale.
Israeli company Power Paper announced the
development of a new technology for integrating a
battery into Smart Cards and RFIDs. The company
says the technology is ultra-thin and flexible, can be
made in almost any shape and size, is low cost and
simple to produce using a printing process. Inventor
of the patented concept, Z Nizan, explained:
“Designers of new electronic devices are increasingly
demanding thin and flexible, custom-tailored
batteries for their applications.”
French Groupe SAGEM was showing its new
mobile dualband GSM phone integrating a fingerprint
reader on the back of the battery. Called the SAGEM
MC 959 ID GSM terminal, it uses fingerprint
recognition to replace the PIN code to customise the
phone and prevent fraudulent use if it is lost or stolen.
SAGEM was also showing its latest Smart Cardenabled EFTPOS terminals.
Dione was showing its new dual technology card
reader that reads both magnetic stripe and Smart Cards
concurrently. It can operate either as a standalone
device or integrated into a full EPOS platform.
Another new product was its PC-Xtra, a low cost PC
peripheral to facilitate secure Smart Card e-payment
transactions over the Internet. The device supports
all EMV cards and electronic purses, including
Mondex and Visa Cash.
Inside Technologies announced a new chip called
IC-Link (Integrated Contactless Link) for integrating
a micro antenna for short range contactless applications. The technology, developed in partnership
with another French company P.H.S, involves
deposing a micro machined copper coil directly on
the surface of a silicon chip during fabrication and
connecting the coil as an antenna. The company says
samples will be available early this year.
UK-based Datastrip introduced a new handheld
terminal to support high security ID schemes. The
terminal can handle fingerprint recognition,
barcodes, Smart Cards and other portable storage
mechanisms. Called DSVERIFY, it comes with two
code readers as standard, a fingerprint pad and a
contact reader for 2D barcodes. Other decode options
include Smart Cards.
CPS Europe introduced its FinSafe secure Smart
Card readers based on KeySmart technology to enable
secure Internet transactions. The company also
announced a strategic cooperation with General
Information Systems (GIS) in which GIS will adapt
CPS Smart phones for Mondex compatibility.
Proton World announced that its electronic purse
Smart Cards can now be equipped with Keyware
Technologies’ layered biometric verification, enabling users to store bio prints such as fingerprints, face,
voice etc on their cards. The system was demonstrated
at the show, marking the entry of Proton World into
the field of biometrics.
A new Smart PINpad, the MagIC 100 was announced
by Schlumberger. Small enough to be held in the
hand, it has been designed specifically for customeractivated Smart Card payments, including credit/
debit transactions, loyalty applications and electronic
purse functionality. Also on show was Schlumberger’s new Java Smart Card, the CyberflexPalmera,
which is supplied with a range of applets for credit/
debit, e-purse, loyalty and authentication.
Cherry Electrical Productswas displaying its range
of Smart Card keyboard products including its latest
biometric (fingerprint recognition) keyboard.
Vein and face recognition technologies were being
shown by neusciences. These and other biometrics
can be combined into end-to-end Smart Card-based
security solutions.
Europay International announced that STB-Card
and United Settlement System - the Russian non-
banking credit organisation - has chosen the Maestro
debit system for Russia’s first EMV-chip migration
project later this year. In the pilot in Moscow, 100,000
STB-Maestro cards will be accepted at 10 ATMs and
200 retailers in the city. The pilot will be followed
by the roll-out of more than 700,000 cards over the
next two years.
Mondex Internationaldemonstrated its Smart Cardbased Interactive Loyalty programme, showing new
ways to exploit business opportunities through digital
channels such as the Web, digital TV, interactive
kiosks and mobile telephony. The application allows
different types of points to be collected and redeemed
In another announcement, Europay said that MUZO
a.s., the company providing transaction processing
services to member banks in the Czech Republic, has
successfully completed its EMV-chip infrastructure
which will enable all Czech banks using MUZO’s
services to process EMV-chip cards by March of this
year. Europay and ACI Worldwide worked together
on the project with Europay providing EMV-chip
expertise and ACI its e-payment solutions.
Keyware Technologies, supported by Microsoft,
announced it has agreed to develop tools to enable
biometric authentication on Microsoft’s Windows for
Smart Cards operating system.
Keyware will adopt Microsoft’s operating system as
a platform on which to deliver Smart Card-based
applications for network, telephony and physical
access security. The aim is to offer an additional
security and convenience layer on top of the
customary PIN code. Francis Declercq, Keyware’s
President and CEO, explained: “Our alliance with
Microsoft is of major importance to Keyware and to
the biometric industry in general. Smart Cards
represent an essential convergence point for
biometrics because they provide tamper-resistant
storage and portability of multiple biometric data.”
A new card issuance system from NBS Technologies
that incorporates advanced card embossing
techniques made its debut at the show. NBS Medallion
combines security, quality and personalisation
versatility in a compact desktop ‘tower design’.
Medallion can emboss up to 120 cards per hour.
A new flexible Smart Card reader from Omron, for
Windows PCs, was unveiled at the show. Called the
V4HFOJ, it is aimed at the system integrator and
OEM markets.
Algorithmic Research introduced its MiniKey new
generation security token combining Smart Card and
Smart Card reader functionality in a small package.
Visa International announced that for the first time
mobile phone users in the UK will be able to use a
WAP mobile phone to pinpoint the location of their
closest Visa ATM following an agreement with BT
Cellnet. Users simply type their current postcode
into the phone and the locator guide provides the
location details of the nearest three ATMs.
$ ACI Worldwide Gene Hinkle
% +1 402 390 8906
! [email protected]
$ Advanced Card Awards Jane Callaghan
% +44 (0)1733 245841
$ Cardis Ms Batya Pilcer
% +972 9 764 4888
! [email protected]
$ Cherry Electrical Products
% +44 (0)1582 763100
$ CPS Europe Sandra van den Hof
% +31 73 684 8499
! [email protected]
$ Datastrip Sue Coutin
% +44 (0)1844 215668
! [email protected]
$ Dione Pascale Smith
% +44 (0)1494 429618
! [email protected]
$ EFTPOS New Zealand Peter Marshall
% +64 4 916 2444
! [email protected]
$ Power Paper Lori Levett
% +972 3 900 7500
! [email protected]
$ Europay International Charlotte O’Connor
% +32 75 575309
! [email protected]
$ FutureTV Lynne McMinn
% +44 (0)20 7563 9860
$ General Information Systems Christopher Curry
% +44 (0)1223 462200
! [email protected]
$ Inside Technologies Jean-Jacques Beauventre
LBBA Conseil
% +33 (0)1 34 89 77 00
! [email protected]
USER NAME openup • PASSWORD scnbest
$ Keyware Technologies Ann Lambrechts
% +32 2 721 4574
! [email protected]
Taiwan AFC Contract for VFJ
A major contract to supply a one-card AFC (Automatic Fare Collection) system for over 8,000 buses
in Taiwan has been awarded to VFJ Technology, the
Smart Card subsidiary of Omnitech Holdings, along
with its local system integration partner, the Baoruh
Electronic Co.
$ Mondex International Veronika Clough
% +44 (0)171 557 5019
! [email protected]
$ MUZO Milan Laitl
% +420 2 667 12087
! [email protected]
The project involves buses operating in the TaiChung, Kaohsiung, Tai-Nan city areas and other
smaller cities within Taiwan. VFJ will provide the
bus validators, card issuing machines and recharge
terminals with implementation over a period of three
$ NBS Technologies Philip Barton
% +44 (0)1932 351531
! [email protected]
$ neusciences John Davies
% +44 (0)1703 664011
! [email protected]
VFJ and Baoruh successfully installed the first
contactless Smart Card fare collection bus system in
Kinmen, Taiwan, in November last year with full
operation in January 2000.
$ Proton World Ms Dominique Hautain
% +32 2 724 5111
! [email protected]
David Samways, Managing Director of VFJ Technology, said: “The implementation of VFJ’s newly
developed bus system in Taiwan is indicative of the
considerable interest already being displayed by
operators in many countrie who are upgrading their
automatic far collection transportation systems.”
$ SAGEM Marc Ferrant
% +33 (0)1 40 70 69 75
! [email protected]
$ Schlumberger Dirk Hinze
% +33 (0)1 47 46 79 50
! [email protected]
National Express Buys Into PCL
National Express, the UK coach company, is taking
a 10 per cent stake in Prepayment Cards Limited
(PCL) at a cost of £4 million.
Shareholders in PCL include bus rivals Stagecoach
and FirstGroup, plus ERG and Sema Group. The
group aims to produce a system which will allow
passengers to use the same ticket for journeys
throughout the country, meeting government policy
on integrated transport. The cards will also enable
National Express to keep track of its customers. A
company spokesman said: “We will be able to see
where and how people travel at what times.”
He added that the new Smart Card will be contactless
and will reduce queues. National Express plans to
pilot the scheme in Coventry by the end of the year.
$ Paul Henry PCL
% +44 (0)207 830 5328
! [email protected]
$ Esmond Tsang VFJ Technology
% +61 2 8853 8000
& +61 2 8853 8088
G&D Acquires NatWest Centre
Giesecke & Devrient has acquired the National
Westminster Bank’s London based personalisation
centre for financial cards and also plans to set up
card production facilities.
Jürgen Nehls, Managing Director of G&D’s Cards
and payment and Security Systems, explained: “The
migration from traditional magnetic stripe cards to
chip based technology will make the UK a major
player in the worldwide card market.”
G&D said its new subsidiary will personalise magnetic stripe and chip cards and plans to upgrade the
existing technology to introduce the personalisation
of SIM cards for the UK market.
$ Christian Treinies Giesecke & Devrient
% +49 89 4119-2125
On Track Innovations (OTI), specialists in contactless Smart Cards, and Credencial Argentina, a
provider of credit cards and transaction processing
network in Argentina, have announced a marketing
alliance to introduce products based on Carta
Credencial’s financial platform and OTI’s products.
In terms of geographic regions, China remains the
undisputed leader, accounting for a massive share
of 61.2 per cent of total revenues in 1999. Meanwhile, the payphone phonecards sector emerges as
the strongest performing product market in the same
year, representing 73 per cent of total sales. This is
followed by SIM cards (12 per cent), transportation/
automatic fare collection and the institutional sector.
They will introduce a Smart Card for retail, fuel,
financial, health and logtrack applications utilising
the Credencial Argentina’s network and role as an
issuer of banking cards in the Argentinean market.
Frost & Sullivan industry analyst Alyxia Do
predicted: “Revenues for digital wireless telecommunication SIM cards (for both GSM and CDMA)
will increase dramatically over the forecast period.”
$ Ohad Bashan President, OTI America
% +1 408 919 5525
! [email protected]
The study analyses Smart Card markets in Australia/
New Zealand, China, Hong Kong, India, Japan,
Korea, Malaysia, The Philippines, Singapore, Taiwan
and Thailand.
OTI and Credencial Alliance
ABC Contract From Chase
American Biometric Company (ABC) has been
awarded a contract by Chase Manhattan Bank
(Chase) to provide hardware and software for a
computer access control pilot.
The pilot project utilises ABC’s new software
product, Trinity, which will be deployed to various
desktops at Chase’s global locations. Trinity is a
single sign-on package that reduces helpdesk costs
and increases user convenience by eliminating the
large number of passwords a user must remember.
Security can be enhanced through Trinity’s support
for hardware authentication using Smart Cards and/
or fingerprint recognition. Chase has initially opted
to provide all pilot users with ABC’s BioMouse Plus
integrated fingerprint scanner and Smart Card
$ Marshall Sangster ABC
% +1 613 736 5100, ext. 139
Pan Asia Opportunities
According to new Frost & Sullivan research, Pan
Asian Smart Cards, total revenues are up from
$233.0 million in 1998 to $263.0 million in 1999.
Driven by increasing demand for multi-application
Smart Cards, revenues should continue to increase
at a strong pace, reaching $830.0 million by the end
of the forecast period in 2005.
Pan Asian Smart Card Markets Report is priced at
US $3,450.
$ Public Relations Dept Frost & Sullivan
% +44 (0)171 915 7824
& +44 (0)171 730 3343
! [email protected]
First Mondex Origination System
ACI Worldwide and Mondex Australia have announced the introduction of the world’s first fullfunction Mondex Originator system to support
Smart Card electronic cash. The Originator Territory
Management System was developed by ACI
The management and control of Mondex e-cash in
circulation in any particular currency territory is the
responsibility of an ‘Originator’ set up by the local
Mondex franchisee. The Mondex Originator in each
currency territory plays a role similar to that of a
central bank in relation to traditional cash, by
creating and distributing Mondex electronic value
and ensuring the integrity of the system.
$ Gene Hinkle ACI Worldwide
% +1 402 390 8906
! [email protected]
$ Rod Amos Mondex Australia
% + 00 61 3 9655 2414
! [email protected]
USER NAME openup • PASSWORD scnbest
Schlumberger Acquires telweb
TPG $300-$500m for Gemplus
Schlumberger Test & Transactions has acquired
100% of the capital stock of telweb, inc., a Canadian
start-up, in a move to position itself in the fastgrowing domain of Web-based e-commerce and
information networking.
Gemplus has announced that Texas Pacific Group,
an international private equity firm, has agreed to
invest between $300 and $500 million in equity into
the company. The Group will join Founder and
Chairman Marc Lassus, Gemplus employees and
members of the Quandt Family of Germany, as one
of the major shareholders of Gemplus. Terms of the
transaction were not disclosed.
Headquartered in Quebec, Canada, telweb is a
pioneer of Internet accessibility with its WebPayphone Network and has already secured several
major public Internet portal installations. Deployment of its system has begun in the City of Calgary
and at Schiphol Airport, Amsterdam.
Public Internet portals provide a resource that allows
users, such as business traveller and daily commuters,
to quickly conduct secure transactions and communications without a PC. Real time merchandising
is enabled via credit and Smart Card transactions in
a secure network environment. Target environments
include airports, hotels, business communities and
$ Michele Bernhardt Schlumberger
% +1 408 501 7145
! [email protected]
iD2 Technologies has appointed Huw HampsonJones, former Senior Vice President of Siemens
Business Services, as Executive Vice President, for
Mike Herman has been appointed Vice President
of Mobile Commerce at Thyron. Currently he is
acting chairman of the Global Mobile Commerce
Forum (GMCF). Prior to joining Thyron he was a
business development manager at BT Cellnet.
“We are honored to welcome Texas Pacific Group
as a major investor in Gemplus,” said Dr Marc Lassus,
Gemplus’s founder and Chairman. “In addition to
capital, Texas Pacific Group brings a dynamic understanding of our market. This investment and strategic
partnership will accelerate our already rapid growth
in the evolving e-commerce and wireless environments. With the support of TPG, we believe we can
lead the transformation of the US market, primarily
through the deployment of our leading-edge
computing security applications.”
“This investment signals a powerful vote of confidence in the sustained leadership of Gemplus and the
vision of Marc Lassus,” said Abel Halpern, Managing
Director of Texas Pacific Group Europe.
People on the Move
Gemplus says it will use the new capital to expand
its presence in the wireless communications, ecommerce, and Internet security markets.
Thyron has also announced the appointment of
Martin Whitworth as Vice President, Development
- Public Key Infrastructures. Previously he was a
senior e-business consultant at iGroup Consultancy.
Domain Dynamics has appointed Martin George
as Sales Manager for e-commerce applications of its
signal processing, speaker verification and word
recognition technology, TESPAR. A graduate of the
Engineering Department of Cambridge University,
he joins the company from Camtech Marketing.
“Lassus and his management team have positioned
themselves at the point of the convergence of wireless
communications and the Internet. Gemplus Smart
Card solutions will be the key enabling technology
in 3rd Generation wireless networks. In addition,
Gemplus’ security software solutions provide a
powerful defense against Internet fraud and cyber
crime. They have the potential to become the ubiquitous security standard in the on-line world.”
Halpern added: “Gemplus are innovators and technology pioneers, always looking for the next wave
of Smart Card growth. At the same time, they have
a real business that generates real profit. This is a
landmark investment for Texas Pacific Group.”
$ Owen Blicksilver Gemplus (US)
% +1 212 419 4283
$ Severine Percetti Gemplus (Europe)
% +33 (0)4 42 36 67 67
New Electronic Services in Finland
Certall, a Finnish consortium, has selected CyberTrust to deliver new electronic services that will
enable Finnish citizens to conduct a wide variety of
secure transactions over the Internet including bank
and stock transactions.
“CyberTrust’s Global Certification Authority (CA)
product will allow us to issue digital certificates
(electronic credentials) that will efficiently serve the
growing needs of our citizens as well as enable us to
enter the certificate management marketplace by
securing electronic transactions for other organisations,” said Jukka Koskinen, President of Certall.
Finnish citizens will be able to conduct a wide variety
of secure transactions streamlining many everyday
activities. For example, Certall member Leonia Bank
will allow customers to securely conduct bank
transactions over its mobile network while other
partner companies will enable customers to trade
stock electronically and securely over the Internet
using their mobile phones. Certall is jointly owned
by Merita Nordbanken, one of the biggest banks in
Scandinavia, Sonera, Leonia Bank, Tieto Enator, the
Finland Post and Osuus-pankki.
services. It is envisaged that the card will be used
with PCs, wireless devices and Digital TV as well
as in the high street.
A beenz counter Smart Card application is currently
being developed by Mondex International and both
parties are in discussions with technology and manufacturing partners to create the necessary devices and
systems to support the new card. In addition to
technical development, the companies will recruit
merchants and service providers to enable real/virtual
world use of the applications.
Commenting on the deal, Philip Letts, Chairman and
CEO of, said: “Mondex and beenz are a
perfect fit, offering consumers and merchants the
winning combination of electronic cash and electronic currency.”
Consumers can earn beenz at Web sites and can spend
their beenz on DVDs, sporting goods, vacations,
books, downloadable music, clothing, gift certificates and thousands of other products and services
at participating traders. There are 450 million beenz
in circulation and inc has just completed
its 14 millionth transaction.
$ Bill McIntyre
% +44 (0)171 419 7000
! [email protected]
$ Robin O’Kelly Mondex International
% +44 (0)171 557 5036
! [email protected]
$ Michael Yaffe CyberTrust
% +1 781 455 4536
! [email protected]
Java set-top box
Philips Semiconductors, and TCPConnect AG have
announced the world’s first implementation of Sun
Microsystems’ Java Media Framework and Java
Smart Card on a set-top box. The new Java technology
software runs on the TCPConnect [email protected] Box digital
set-top box, powered by Philips Semiconductors’
TriMedia Very Long Instruction Word (VLIW)
processor. Sun’s Java Media Framework is an
application programming interface (API) that
enables the [email protected] Box set-top box to offer television
content in a wide variety of formats, while Sun’s Java
Smart Card allows the set-top box to support secure
electronic fund transactions including e-commerce
and pay-TV applications.
FirstGroup Joins PCL
FirstGroup, one of the largest UK and international
bus operators, has agreed to acquire a 20 per cent
interest in Prepayment Cards Limited (PCL) from
ERG Limited.
PCL is the joint venture company set up by ERG,
Stagecoach Holdings and Sema Group UK to provide
a Smart Card issuing and clearing system for UKwide transport operators to meet the UK Government’s policy on integrated transport.
Mondex e-cash and beenz
FirstGroup will roll-out Smart Cards across its bus
fleet in Greater Manchester and has already started
installation of ERG’s bus ticketing equipment. As
part of its investment in PCL, FirstGroup intends to
introduce Smart Card technology progressively
across its bus and rail fleets throughout the UK over
the next few years., creator of the Web’s currency beenz, and
Mondex International have announced an agreement
to develop a Smart Card capable of carrying Mondex
e-cash, beenz and complementary e-commerce
$ Paul Henry PCL
% +44 (0)207 830 5328
! [email protected]
$ Paul Morrison Philips Semiconductors
% +1 408 474 5065
! [email protected]
USER NAME openup • PASSWORD scnbest
Briefing notes on Multi-application
Smart Cards – Part 4
We have continuously stressed the importance of
the application provider having to trust the security
of the platform onto which he loads his application.
By default this means that he also has to trust the
platform cryptographic keys. At this stage in the
process we are trying to find a way of installing
secret data such as application cryptographic keys
into the card in a secure fashion. From an architectural point of view the simplest approach would
be for the application provider to encrypt the
sensitive data with the platform key. Clearly it is
not practical from a security point of view for the
platform issuer to provide the application provider
with the secret key of the platform. However if the
platform already has its own unique public key/
secret key pair installed then the application provider
could obtain a certified copy of the public key either
from the card or from the platform provider. The
necessary steps are shown in figure 8.
The application provider initially obtains the
certified public key of the card. This could be
obtained from the card by direct interrogation or by
reading the unique ID of the card and obtaining the
certified public key from the platform issuer. The
application provider can check the authenticity of
this public key by validating the certificate provided
with this key. In general this certificate would have
been created by the platform issuer and again the
application provider would have to trust the platform
issuer in this process. The application provider then
enciphers the necessary application data using the
validated public key. When the card receives this
enciphered data it uses its secret key to recover the
plain text data.
This all seems so simple and secure why would you
do it any other way? Well in the first instance it is
possible that the card is not capable of effecting
public key cryptographic operations. Whilst this
may have been common a few years ago it seems
an unlikely scenario for any modern multi-application card . The main objection to this process
which we alluded to previously is the problem of
efficiency. Because we assume that each card has
its own unique public/secret key pair then the
application load module must be prepared
individually for each card. From a security point of
view this is or course an advantage but from an
operational stand point it might be desirable to
prepare a single application unit that could be loaded
onto a batch of cards. The second and perhaps over
riding objection is the work function necessary in
the card to decrypt the enciphered data. A single
block of say 64 or 128 bytes would be fine but if
the application provider wanted to encipher the total
application data and perhaps even the application
code we might be faced with the problem of
deciphering 4 or 8 Kbytes of data. With a public key
operation such as RSA this would be a significant
performance overhead.
The next best alternative is to establish a load session
key for enciphering and deciphering the application
data. This approach is shown in figure 9. The application provider enciphers the sensitive application
data using a symmetric algorithm such as DES with
a key chosen by him (X). As in the previous case
the application provider then obtains the certified
public key of the card either directly from the card
or from the platform issuer. The application provider enciphers the key X used previously with the
public key validated from the card certificate. This
enciphered key is then provided to the card. Using
the card secret key the symmetric key X is recovered. When the card receives the application and
enciphered data it is then able to use the key X to
decipher the relevant data.
We should note that in both the methods described
so far all the data can be pre-prepared. Since the
platform issuer knows all the public keys of his cards
he could provide the personalisation unit with a file
of certified public keys indexed against the card’s
unique ID. At the point of loading the application
all that is required is to request the card’s ID and
then the prepared load unit can be provided to the
Although not recommended we will just have a look
at how you would manage the application load
process using only symmetric keys. In this case we
will assume that the platform issuer has installed a
unique secret key Zi in each card . The process is
shown in figure 10. There are many weird and
wonderful ways of using symmetric keys but the
basic principles are the same. The platform issuer
needs to provide the application provider with a key
X to encipher his data and an enciphered version of
this key using the particular key Zi installed in the
card. It is of course unacceptable in general for the
platform provider to give the secret key of the card
to the application provider.
Application Provider
Request Certified Public Key
Card Public Key Certificate
- Check Certificate
- Encipher Data with Card Public Key
Application + Enciphered Data
- Decipher Data with Card Secret Key
Figure 8
A Simple Public Key Approach
Application Provider
- Encipher Data with Secret Key X
Request Certified Public Key
- Check Certificate
- Encipher Key X with Card Public Key
Enciphered Key X
- Decipher with Card Secret Key to Recover X
Application + Enciphered Data
- Decipher Data with Key X
Figure 9
A Load Session Key Method
USER NAME openup • PASSWORD scnbest
Application Provider
Platform Issuer
Request Card ID
Card ID
Request Key for Card ID
Key X; Key X Enciphered with Card Key -Z- (ID)
- Encipher Data with Key X
Application + Enciphered Data
+ Key X Enciphered by -Z- (ID)
- Decipher Using -Z- (ID) to Recover Key X
- Decipher Data with Key X
Figure 10
A Symmetric Key Method
Above, and inset:
Jon Barber and Dr David Everett
Whether the application provider uses a unique key
X for each card or a common key for a batch of
cards is an operational / security trade off. It is clear
that this exchange of keys between the platform
issuer and the application provider needs to be
implemented in a secure fashion which in itself
suggests the establishment of a secure cryptographic
channel between the two parties.
When the card receives the application load module
it first recovers the key X by deciphering with its
particular key Zi. The card then uses the key X to
recover the enciphered data. We can see from this
process that the key management interchange
between the application provider and the platform
issuer is a non trivial problem. These problems can
not be avoided by letting the platform issuer prepare
the complete application load module since the
application provider would then have to securely
get his application secret data into the security
domain of the platform issuer.
We have so far carefully assumed that the platform
issuer has managed to securely load some secret
cryptographic keys into the card. Now how did he
do that?
Subscribe to Smart Card News
" UK : £375
" International : £395 / €631.58 / $640.57
[ includes free News On Line access and Directory CD ]
" Printed Papers
" PDF (Adobe Acrobat via e-mail)
" Both Formats £450 / €719.52 / $729.85
# Shipping : Inclusive
" I wish to receive a free one week trial to the News
On Line service. Here is my e-mail address:
" Please send me ________ copies of the
International Smart Card Industry Directory CD
" subscriber : £25 per copy / €40 / $40.55
" non-subscriber : £100 per copy / €151
# Shipping : Inclusive
" Please send me ________ copies of the
Smart Card Tutorials CD : £150 / €239.85 /
$243.28 per copy in the following format:
" Word 6 " PDF (Adobe Acrobat)
[Updates December - December upon request]
# Shipping: £2 UK, £4 Europe, £7 Rest of World
These products may be purchased directly by visiting our
on line store:
To be continued next month.
Dr. David B Everett
In the forthcoming articles in this series we are going
to show you how to prepare a simple application
for a multi-application Smart Card. In particular we
will demonstrate the loading, installation and operation of the application. In order to enable our readers
to follow this process we are going to make available
a development kit with a number of different multiapplication cards. The first development kit will be
available in April and will consist of a Schlumberger
Java card, a GIS Smart Card reader and a CD ROM
containing the necessary software to manage the
card application life cycle. This software has been
developed by Jon Barber from our associated
company MicroExpert Ltd. Jon has had considerable
experience in the management of multi-application
Smart Cards and we will be working together to
help guide you through this part of the multiapplication briefing. We also intend to set up a help
desk operating through our web site.
" Please invoice my company
" Cheque enclosed
" Visa/Mastercard/Eurocard/Access/Amex
Card No.
Expiry Date
Please return to:
Smart Card News Ltd. PO BOX 1383, Rottingdean,
Brighton, East Sussex BN2 8WX United Kingdom
or facsimile : + 44 (0) 1273 624433 / 300991
This kit will cost £250 + VAT where applicable. We
invite readers to e-mail us if they are interested in
purchasing this development kit.
or e-mail : [email protected]
Smart Card News carries an unconditional refund guarantee. Should you wish
to cancel your subscription at any time then we will refund all unmailed issues.
USER NAME openup • PASSWORD scnbest

Similar documents