On the semi-conductor side of the business,the supply agreement is described as a bid “tosimplify the business relationship betweenInfineon and MasterCard member banks byestablishing a cost structure enabling financialinstitutions of any size to purchase Infineonchips at volume pricing levels.”

Infineon’s current range of 66P micro-controllers supports both the MULTOS and theJava multi-application smart card operatingsystems.

On the card manufacturing side, Schlum-bergerSema has come to a multi-year agreementwith MasterCard International to supplymember banks with smart card manufacturingservices; the aim is to provide support “at acompetitive rate”, as banks speed up theirmigration to EMV standard technology fordebit/credit smart cards.

SchlumbergerSema will be offering a fullrange of EMV-compliant cards complete withthe M/Chip debit/credit application and withadditional space available for value-addedapplications.

Under the agreement, SchlumbergerSema willmanufacture the cards to a standard finish.Members will have their choice of chip capacity,ranging from 16KB to 64KB, and can selecteither the MULTOS or the Palmera Protect Java-based platform for their cards.

“As we continue to roll out our OneSMARTinitiative around the world, MasterCard ispleased to have the active support of a largecadre of technology providers,” said Dr ToniMerschen, senior vice president, Chip andMobile Commerce/Wireless, MasterCardInternational. “Supply agreements with leadingchip providers, such as Infineon, ensure that allof our member banks have competitive access topowerful and secure chip technologies.”

Contact Contact Christina Costa, MasterCardInternational, Tel: +1 914 249 4606, Email:christina_costamastercard.com

national id systems

“Goals must be clear before actionconsidered”The goals of a nationwide identity system mustbe clearly stated and a compelling case must bemade before any proposal can move forward,says a new report1 from the US National

Academies' National Research Council. Giventhe broad range of potential uses, securityneeds, and privacy concerns, no single systemmay suffice to meet the needs of all users, addsthe committee that wrote the report.

"The technical challenges, the expense, andthe strong potential for infringement on the civil liberties of ordinary citizens demand that any proposed identity system undergo strict public scrutiny and a thorough engin-eering review," said committee chairStephen Kent, chief scientist for informationsecurity, BBN Technologies. "Care must betaken to completely explore issues andramifications beforehand, because the socialand economic costs of fixing or redesigningsuch systems after deployment would beenormous."

In light of the September 11 terroristattacks, nationwide identity systems have beenproposed to, among other things, better trackthe movement of suspected terrorists.However, questions arise as to who would usethe system and how, if participation would bemandatory, the type of data that would becollected about individuals, and the legalstructures needed to protect privacy and due-process rights and to address the failure ormisuse of the system.

Contact Jennifer Burris at National Academies, Tel:+1 202 334 2138, Email: news@nas.edu

health cards

US states aim to puthealth records on theWebThe Western Governors’ Association(WGA), representing 21 states in the USA, isworking in partnership with the FederalGeneral Services Administration, withScrippsHealth (a private healthcareorganization) and the California WomenInfants and Children (WIC) programme, todemonstrate a health card that operates inconcert with Web-based health and benefitservices. The San Diego area is to be the siteof the demonstration.

The ‘card of the future’ project will build onthe Health Passport System that has been pilotedfor 18 months in three of the western states –Wyoming, Nevada and North Dakota (SeeFeature in this issue).

The aim of the demonstration is to provide aWeb-based application to view medical andfinancial records, while ensuring completeprivacy and security for the client.

Features of the project include a commonsecurity mechanism for multiple health andbenefit programmes and the secure exchange ofconfidential health records between privateproviders and state and federal agencies.

The smart card will be an identification andauthentication vehicle, an access vehicle toInternet-based services, a personal and portablerepository of critical information and a tool to helpmanage various health and benefit programmes.

The demonstration will feature twoapplications:

• Web-based Patient Account. The PatientAccount is a Web-based application thatprovides secure access through a Web browserto patient information held on a range ofexisting (‘legacy’) systems. This application isintended to test the concept of network-baseddata sharing. The card in this instance wouldcarry: a digital certificate that authenticates theidentity of the patient and/or provider seekingaccess to confidential records; a set of commondemographic information used acrossprogrammes; and information about theprogrammes in which a patient participates.The new Web-based application would firstverify the identity and access privileges of thecardholder by checking the status of the digitalcertificate on the card and the card-basedaccess privileges. Once the identity and accessprivileges of the cardholder had been verified,the Web-based application would read fromthe card the records for the programmes inwhich a cardholder already participates. Thenew application would then pull specifiedmedical data from these systems and displaythis data through a patient account. Up-to-date data from a variety of existing systemscould thus be securely shared across a network.

• Card-Based Patient Information/BenefitAccount. In addition to the data describedabove, the card would also carry informationnecessary for circumstances in whichnetwork-based access is impractical. Suchdata may include a limited amount ofemergency medical data or a WIC foodprescription. This data would be accessedoffline through card readers at retailers or atservice providers’ offices.

Contact Terry Williams at Western Governors’Association, www.westgov.org

Taiwan getsmanufacturingprogramme under wayInfineon and Hitachi are to supplymicrocontroller chips for the Taiwan NationalHealthcare Chip Card project.

4Card Technology Today June 2002

news

1IDS - Not That Easy: Questions AboutNationwide Identity Systems —(Detailed summaryin Features Section of this issue).

ctt june.qxd 6/7/02 5:02 PM Page 4

The smart cards are being supplied by Electric& Machinery Co (TECO) a leading Taiwaneseindustrial conglomerate. The JavaCard operatingsystem is being supplied by Giesecke &Devrient.

Under the agreement, Infineon Tech-nologies will supply TECO, with controllersin its 66Plus family, carrying 32 KB ofEEPROM memory. The microcontroller chips will be produced, using 0.22 micronprocess technology, in Taiwan by UnitedMicroelectronics Corp (UMC), a certifiedInfineon manufacturing partner in Taiwan.Hitachi will be supplying TECO with its AE-416-bit microcontrollers.

Under Taiwan’s National Healthcare ChipCard project, 22-24 million Taiwaneseresidents will be provided with a smart cardbetween July 2002 and the end of 2003. Thiscard will replace existing paper health cardsystems, and will store cardholder informationsuch as medical records, treatment and visitrecords, and administrative data.

Contact Teco at www.teco.com.tw

personal data

MasterCard opens upthe chip to consumersMasterCard has published specifications forMasterCard Open Data Storage (MODS), anapplication programming interface forstoring and retrieving the data held on smartcard chips.

This is a first step towards putting consumersin control of the data carried on their smartpayment cards.

The MODS specifications are to be licensedto technology vendors to enable them to developdata storage packages that banks can theninclude among the applications carried on theirpayment cards. Cardholders will be able to usethe MODS-based application (via smart cardreaders linked to PCs, mobile phones, PDAs andother devices) to store such information as ‘ship-to/bill-to’ addresses, phone numbers, passwordsand log-ins, frequently-used membershipnumbers, store discounts, receipts, clothing sizesand warranty records.

MasterCard claims that MODS will bringbenefits to each of the three parties involved in thepayment card chain — the bank, the cardholderand the merchant.

The bank will be able to:

• Provide support for both the Java and theMULTOS operating systems.

• Provide interoperability between differentapplications held on the one card.

• Issue cards with different data packages todifferent customers — with all cardsdrawing on the same underlying technology.

The cardholder will be able to:

• Create their own personal data profile on thechip.

• Access personal data at a PC, mobile phone,set-top box, interactive kiosk or retail point-of-sale device.

• Receive personalized notifications of specialoffers.

• Create their own password to secure cardand data.

• Control how much data is to be shared witha merchant.

The merchant will be able to:

• Offer customized services based on thecardholder’s history.

• Link online and offline retail locations — aconsumer could browse online, save theproduct ID on their card and then go to thephysical store to collect the purchase.

Contact Christina Costa, MasterCard International,Tel: +1 914 249 4606, Email:christina_costamastercard.com

point-of-sale

Dione gears up for theswitch to chip UK point-of-sale terminal manufacturerDione has moved smartly to launch a rangeof new card readers, now that the country’sretailers have agreed to accept chip cardswith PIN authentication by the end of2004.

Dione’s IC-Xpress EMV-compliant terminalcan be integrated with existing multi-lane EPOSsystems supplied by manufacturers such asWincor Nixdorf and IBM. The new terminalfeatures a patented ‘swipe and park’ mechanismthat reads and compares data held both on thecard’s magnetic stripe and on its chip, in a singleoperation.

This means that, during the run-up until chipcards are in universal use, till operators do notneed to distinguish between cards running ondifferent technologies. The reader will do thework for them. Also, the data from the magneticstripe can be compared with the data on thechip; this provides another check against fraud,by preventing acceptance of cards carryingmagnetic stripe data that has been illegally‘skimmed’ from another card. The IC-Xpressterminals can also incorporate PIN readers asand when required.

5Card Technology Today June 2002

news

CardBase and Welcome Real Time haveformed an alliance aimed at developing multi-application smart card systems. The deal willsee Welcome's XLS loyalty software added toCardBase's Mascot smart card managementsystem; first deployment of the joint solutionis expected to take place in Europe during thenext couple of months.

ActivCard is now making its smart cardissuance, authentication and identitymanagement system widely available on SunMicrosystems’ Open Net Environment (SunONE) platform. The Sun ONE platform hasbeen designed to enable organizations toestablish and control their own end-to-endnetwork identity system. The ActivCardapplication enables organizations using the SunONE platform to load applications, data, anduser credentials on to JavaCards. The USDepartment of Defense (DoD) is already usingthe ActivCard/Sun package for its CommonAccess Card (CAC); the DoD is now issuingmore than 5500 CAC badges per day at over500 locations around the world. SunMicrosystems is also using the ActivCardextensions to Sun ONE for its own internal JavaBadge rollout to its employees and partnersworldwide.

South Korea’s Hana bank is to issue acontactless mass transit card for the city ofDaejon. The card runs on the Global Platformstandard and will carry Visa (contact) paymentapplications — Visa Smart debit/credit andVisa Cash E-purse — which are pre-loaded inthe ROM memory. Additional space for otherapplications is available in EEPROM memory.Hana bank expects to issue one million cards inKorea by the end of 2003, half of which will becredit cards.

Atmel Corporation has announced theAT90SC6464C-USB, a smart card Flashmicrocontroller that combines a USBinterface with Atmel's AVR 8/16-bit RISCCore and cryptography. The new chip can beused for electronic signature, userauthentication, transfers of large amounts of secure data, high-security financialtransactions and access keys for securesoftware. The USB connection means thatthere is no need for a traditional smart cardreader on the user’s PC; an external ISO 7816interface is automatically configured oninsertion into a conventional reader. The newchip has 64KB of Flash memory and 64KB ofEEPROM. Engineering samples are alreadyavailable, while production quantities areexpected to sell at a unit price of US$4.50 in

quantities of 200 000 units.

in brief

ctt june.qxd 6/7/02 5:02 PM Page 5