Major Stored Value Card Plan in Australia - France, Cardinal Network of Australia, Optus...

��1993 Smart Card News Ltd., Brighton, England. No part of this publication may bereproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic,mechanical, optical, recording or otherwise, without the prior permission of the publishers.

Major Stored Value CardPlan in AustraliaA major tender for a Stored Value Smart Card foruse in small cash transactions, has been announcedby the New South Wales Government in Australia.

Big name multinational companies are associatedwith the launch which indicates that the cardscheme is likely to be introduced in Victoria andother states and eventually adopted nationwide. Thetender is being advertised worldwide for a privatesector operator to develop, implement and marketthe scheme and the Government expects responsesfrom consortiums or financial institutions.

Continued on page 103

Secretary of State for Employment, The Rt. Hon. DavidHunt Launches the Merseyside TEC Card Scheme.

Smart Card News June 1993

102 �1993 Smart Card News Ltd

Smart Card News

Editor: Jack Smith

Technical Advisor: Dr David B Everett

Editorial Consultants:

Dr Donald W Davies, CBE FRSIndependent Security Consultant

Peter Hawkes,Principal ExecutiveElectronics & Information TechnologyDivisionBritish Technology Group Ltd

Chris JarmanManaging DirectorOrga Card Systems (UK) Ltd

Published monthly by:

Smart Card News LtdPO Box 1383, RottingdeanBrighton, BN2 8WX, EnglandTel: +44-(0)273-302503Fax: +44-(0)273-300991

ISSN: 0967-196X

Next Month

Smart Card Tutorial Part 11 - TheSmart Card Development Environment.

CONTENTS

Merseyside TEC Future Card 104

Banks in SA Agree on Standards 105

AFC Project in Oslo 106

Italian Moneta Card 108

New Card has FRAM Memory 109

GiroVend Contactless System 110

Mercury One-2-One 111

Harmonisation Move 112

Philips DX ETEBAC5 Approval 113

Smart Card Telephone Adaptor 114

Smart Card Tutorial - Part 10Security from the Bottom End 115

Smart Card Diary 118

Cryptography Update 118

Gemplus Fifth Anniversary 120

Australian Stored Value Card

Continued from page 101

Consumers will pay cash for the cardand then use it to pay for smallpurchases such as snacks, bus, trainand taxi fares etc. Trials are expectedto start early next year following a six tonine month evaluation of tenderdocuments.

Anne Cohen, NSW AdministrativeServices Minister, said: "We want toemphasise this is not a credit card or adebit card, it is a cash replacementcard." She added that it would not havea PIN number.

The pre-paid cards will be available inamounts of $20, �50 and $100 fromparticipating stores and other outlets,but Mrs Cohen said there was apossibility of introducing rechargeablecards later. "Based on internationalconsultations, Integrated Circuit Cardtechnology appears to be the mostsuitable and secure technology for thescheme," she said.

Consumer applications

The tender identifies essential consumerapplications for the card as follows:

Application Industry AverageTransaction Value

Fast food $5.60Tickets (rail, bus, ferry) $5.60Entertainment (cinema, video, rental)$5.60Parking $5.00Taxi $8.50Convenience store $3.50Payphones $2.60Vending $1.20Betting $7.00Toll payment $2.00Petrol $27.00

Government initiative

It is interesting that the initiative for thescheme comes from the Government. Mrs Cohen commented: "The

Government is the ideal body to initiatethe scheme as it can bring together thedifferent interests of many different -and often competing - businesses andservices. The Government is also in theposition to be able to deliver the criticalmass of consumers needed to start thescheme by providing access to publictransport. It is estimated that around1.2 million trips are conducted inSydney each working day on bus, railand ferry services."

Tons of coins are collected each weekfor the State transport ticketingoperations and savings to theGovernment in cash handling alone isestimated to exceed $10 million a year.

The Government has put a purchaseprice of $US10,000 on the tenderdocument which they say includescomprehensive marketing strategies,details of the involvement of both theGovernment and private sectors, andincludes relevant financial data.

Huge scheme

Indications are that it could be a hugescheme with major corporations whosebusinesses involve small cashtransactions, expressing the intention ofgrasping the benefits of Smart Cardtechnology. Interested companiesnamed by the Government includeMcDonald's, BP, Kentucky FriedChicken, Coca-Cola, Village Roadshow(Australia's leading cinema network),Optus Communications (the newtelecommunications carrier), Cabcharge(covering 12,000 taxis) as well as pubs,clubs and private bus operators.

Technology suppliers said to have beenbriefed on the tender are: NTTInternational Corporation, AOTC, BTAustralia, Horizon Telecommunications,Bull HN Information Systems, FujitsuAustralia, Gemplus Technologies Asia,Schlumberger/CMS - France, CardinalNetwork of Australia, OptusCommunications, Pacific StarCommunications, Security Magnetics,



AWA, GEC Plessey Telecommunications(Australia), IBM Australia, DigitalEquipment Corporation (Australia),Alcatel STC Australia, HutchinsonsTelecommunications, AT&T Australia,Thorne Secure Science International,Singapore Computer Systems, Toshiba -Japan, Motorola - Scotland, Mitsui -Japan, Solaic - France, Philips -Australia, Thyron UK, DatacraftAustralia, Landis & GyrCommunications - Switzerland,Singapore Telecom, Exicom, Motorola -Australia, Siemens - Australia.

Financial institutions

Financial institutions briefed areSakura Finance Australia, MitsubishiBank of Australia, The Fiji Bank,Westpac Banking Corporation, TheBank of Tokyo, Barclays BankAustralia, BNP Pacific (Australia),Australia and New Zealand BankingGroup, The Sumitomo Bank, Hong KongBank of Australia, Advance BankAustralia, IBJ Australia Bank, St.George Bank, The Dai-ichi KangyoBank, Bank of America Australia,Macquarie Bank, Commonwealth Bankof Australia, The Daiwa Bank, TheSanwa Bank, National Australia Bank,Bank of Singapore (Australia), Bankers'Trust Australia, The AMP Society,Cathay Finance International, DBSBank - Singapore, United OverseasBank Group - Singapore, and Citibank -USA.

Contact: Tony Overstead, Project Co-ordinator - Tel: +61 2 339 7276. Fax:+61 2 339 7700.

Merseyside TEC Future Card

Merseyside Training and EnterpriseCouncil (TEC) has ordered 6,500 SmartCards from DataCard for use as itsFuture card to pay for training benefits.

Most young people will join the Futurescheme straight from school. All 16 and

17-year-olds, and certain young peopleof 18 or over entering employment andtraining in the Merseyside TEC area areentitled to the Future card. It is sent tothe young person by the TEC after itreceives a personal training plan agreedbetween the young person and his orher training supplier or employer.

The Smart Card carries a record of theholder's personal details, training planand achievements. The information onthe card is checked and updated usinga Smart Card reader linked to acomputer. The TEC uses thisinformation to make payments to thesupplier for the training received, andalso for statistical purposes.

Card details:

Type ContactFabricator DataCardDimensions ISO ID1Contact location FrontChip manufacturer SGS-ThomsonMemory type EEPROMMemory capacity 2K bytesStandards ISO 7816-1-2-3Comms protocol T=OSecurity PINCryptography DES

Contact: Angela Hoare, Merseyside TEC,Liverpool, England - Tel: +44 (0)51 2360026. Adrian Cannon, Smart CardBusiness Manager, Datacard, England -Tel: +44 (0)81 570 6522.

Innovatron/Bull Patents Clash

The Innovatron Group, formed byRoland Moreno and which filed thepioneer patents on Smart Cardtechnologies in 1974 and 1975 is tooppose some of Bull CP8's patents inGermany.

In a statement released in Paris thismonth, Innovatron says it has grantedlicenses to more than 175 companiesworldwide including the giants of

June 1993 Smart Card News

�1993 Smart Card News Ltd 105

electronics and information technology. Bull CP8, was one of Innovatron's firstlicensees and filed a whole range ofpatents close to those of Innovatronsome years after Innovatron and someof them are still in the process of beinggranted particularly in Germany.

The statement said: "Now, Bull CP8 hasdecided to conduct an active licensingpolicy, separate from Innovatron's. Forthis reason, Innovatron feels bound toprotect its basic interests as inventorand creator of Smart Card technologiesand to oppose in Germany the grantingof those Bull CP8's patents which areclose to Innovatron's."

Schlumberger Appointment

Jacques Brault is to head TransactionsSystems, the new business groupingwith Schlumberger Technologiesbringing together the Smart Cards andSystems Division and the UrbanTerminals & Systems Divisions. Hewas previously General Manager ofUrban Terminals & Systems. GeorgeKayanakis, General Manager of theSmart Cards and Systems Division is tohead Schlumberger Technologies' RetailPetroleum Systems Division.

Banks in SA Agree on Standards

South Africa's four major banks - ABSA,First National Bank, Nedcor Bank andStandard Bank -announced early thismonth that they have agreed on thestandards required for the developmentof Smart Card applications for theSouth African financial industry.

It is envisaged that the large-scaleintroduction of Smart Cards, whichallow off-line PIN validation and somedegree of portability for terminals, willbring millions of South Africans into theformal banking net.

Smart Cards are already used in theUniversal Electronic Payment System

(UEPS) electronic wallet application(SCN December 1992) by the SA PermBuilding Society, a division of theNedcor banking group, and Megalink,the system operator and switchingsubsidiary. More than 100,000Gemplus cards are used at some 3,000points of sale. This developmentencouraged the banking groups to gettogether to develop a common standardwhich will conform to internationalstandards.

At a conference in Johannesburg earlythis month, Mike Jarvis, Chairman ofthe Inter Bank Standards Committeeand General Manager of InformationTechnology at First National Bank, said:"We ran the risk of each bankdeveloping its own systems at the costof allowing customers common accessto other banks' networks, ATMs, SmartCard readers and point of sale devices."

An inter-bank pilot project is currentlyin the planning stage and will belaunched within a defined community toenable monitoring and control from asystems perspective as well as from aclient/merchant point of view.

Major growth

Smart Cards will initially be targeted atthose who do not qualify for credit, or atthose who do qualify but do not wish toincur credit, as the technology isdesigned to replace cash, cheques anddebits but not credit card transactions.

The major growth in the card industry islikely to come from debit and prepaidcards, bringing millions of SouthAfricans into the formal banking net. Itis estimated that one in three SouthAfricans has a bank account and, ofthese, only 10% have credit cards. Thepromotion of Smart Cards has,therefore, significant opportunities forthe South African financial industry andit is likely that debit card use willovertake credit card use by 1995.



It is also estimated that 80% of alltransactions in South Africa are cashtransactions, the majority of whichcould be effectively carried out with arechargeable electronic wallet paymentcard or a throwaway prepaid card.

Mr Jarvis said: "With the myriad ofpossible applications, many of whichwill substantially improve the lot of themass market in particular we banksnow need to consult as widely aspossible with other business interestsand social organisations."

Benefits

Benefits of Smart Card technology asseen in South Africa are that it providessecurity for the customer with theconvenience of a single card to pay forsmall to medium value purchaseswithout the need to carry cash. Inaddition, unlike a normal purse, a newelectronic purse can be issued afterloss, theft or destruction, with theoriginal balance restored. This hasparticular relevance to the SouthAfrican mass market where theft ofweekly pay packets is described as"rampant," so it would be possible forcompanies to give loaded cards toworkers in place of weekly pay packets.

Benefits for the retailer includeguaranteed settlement, increasedturnover, and cash taken out of thesystem. There is also significantpotential benefit for merchants,especially those in remote locations,who do not have convenient access toon-line point of sale terminals. For thebanks there is the opportunity to extendcard payment products to a much widersection of the population while at thesame time controlling risk and reducingfraud - both major issues inconventional payment markets.

As South Africa has a significantnumber of electronic terminals in themarketplace, it is likely that SmartCards will also carry a magnetic stripe

for use in ATMs for the foreseeablefuture.

AFC Project in Oslo

One of the most comprehensive SmartCard Automatic Fare Collection (AFC)projects to be undertaken anywhere inthe world will involve buses, trams,subway, trains and ferries in the regionof Greater Oslo, Norway.

The region around the Capital city has apopulation of around 889,000, andpublic transport is the responsibility ofthree publicly owned transportauthorities: the Norwegian StateRailway, Greater Oslo Local Transportand Oslo City Transport which withabout 27 transport operators carry morethan 200 million passengers every year.

To implement a new integrated farecollection system, the three transportauthorities set up a joint venturecompany called BAS which spent fouryears on testing and looking at existingsystems, and a further four monthsevaluating 13 tenders for the project.

In November last year, ScanpointTechnology was selected as the turnkeysupplier responsible for the delivery,installation, maintenance and supportof the system.

Main objectives

BAS defined the main objectives of thenew fare collection system as:

* Handling of the different andindependent fare structures inthe region: flat fare, zonal fareand distance related fare.

* Handling of multi-modalticketing: bus, train, tram,subway and ferry.

* Distribution of revenues betweenall authorities, transportcompanies and operatorsinvolved.



* Minimising boarding times.

* Being user friendly to operatorsand users.

* Reducing the level of fraud.

* Integration with existing systems.

After examining the available cardtechnologies, BAS chose the contactlessSmart Card for reasons of security, itslarge capacity and long lifetime, plusthe advantage in connection with a citytransportation system of a transactionspeed of less than 0.3 of a seconddepending on the card type.

Pilot project

A pilot project will start in Novemberthis year involving buses, trains, tramsand on-station equipment, but not ferries at this stage.

Scanpoint has ordered 20,000 1K byteEEPROM microprocessor contactlessSmart Cards from GEC CardTechnology, England, for this trial. Thecard communicates with the card readerusing standard data communicationswithout any integral battery, andconforms with standard ISOdimensions.

Full implementation of the AFC systemis scheduled to start in August, 1994.

Although cash tickets will still beavailable it is hoped that the vastmajority of travellers will use SmartCards. When the system has been fullyimplemented, BAS will look atadditional uses for the card in providingother services.

System implementation

The budget for the AFC systemimplementation is 150 million

Norwegian kroner (approximately �15million).

The development involves a largeamount of hardware and software:

Fare Computers 1,757Portable Fare Computers 437Contactless Smart Card Readers 1,803Stand Along Contactless Card Readers

235Contactless Smart Card Verifier 78Passenger Operated Vending Machines

239Depot Equipments 106

In addition a major data transmissionsystem, and central and depot software,is to be installed. The number ofcontactless Smart Cards to be orderedfor implementation is not yet known.

Fare Computer

The Fare Computer is primarilyinstalled in buses, trams, trains,ticketing offices or similar places and isused for sales, updating and validationof tickets and cards. All prices andvalidity periods are calculatedautomatically according to the faredescription loaded in the FareComputer. When a ticket is issued or acard is used, all data such as route,destination, driver ID, date and time,ticket or card type is saved forprocessing.

Portable Fare Computer

The Portable Fare Computer is used ontrains and ferries and is meant for salesof tickets, and sales, updating andvalidation of cards. Like the FareComputer it saves data for processinglater.

Contactless Smart Card Reader

Most card readers are for buses, trams,trains, ticket offices or in connectionwith turnstiles on subway stations. Thereader automatically validates a



contactless card according to theattached Fare Computer. It allowspassengers to validate their cardswithout any staff involvement. Thepassenger presents the contactless cardwithin 10 cms of the reader and the unitgives a visual and acoustic accept/notaccept signal. At the same time relevantcard information, for example, residualvalue, is displayed.

Stand Alone Reader

This unit is designed for installationoutdoors on train and subway stationsand is resistant to climatic conditionsand vandalism. It is used for theautomatic validation of contactlesscards according to the fare descriptionloaded in the unit. The card reader isequipped with a keyboard which allowsthe passenger to select the requiredjourney before presenting the card tothe reader. When the passengerpresents his card the unit operates inthe same way as the reader above.

Contactless Smart Card Verifier

These are for use by the transportauthorities inspectors for checkingvalidity of passenger cards. All dataregistered from the cards can betransferred directly to a personalcomputer.

Passenger Operated Vending Machines

Five different types of vending machineswill be installed outdoors on train andsubways stations, ferry berths andsimilar places. They will accept coins,notes, bank cards and contactlessSmart Cards to enable passengers tobuy tickets, validate and update theircards. A number will be equipped withtouch screen and a special printer forissuing standard tickets. All dataregistered is saved for processing.

Depot equipment

Basically all drivers, ticket collectors etc

have their own personal staff cardwhich is used for transferring databetween the ticket machines and thedepot equipment and then to the centralcomputer system network.

Data Transmission System

The Data Transmission System handlesthe data flow to run the fare collectionsystem, for example, data betweenticket issuing units and companydepots or central computers.

Changes in the fare system and "blacklists" can be transferred to the farecomputers, or sales and transactiondata from the fare computers back tothe central computer.

Central and Depot Software

The three transport authorities haveBUSPOS, an extensive administrationand communication software packagefor handling the fare collection system,installed on their mainframe computerswhich are on-line to each other andform the central computer systemnetwork.

BUSPOS has several routines, forexample, administration of all ticketissuing units in the system, collection ofall transaction and financial data forprocessing, settling of accounts withstaff, operators etc. It also has a carddatabase with a status on all cardsused in the system making it possible tocreate blacklist or reissue lost ordamaged cards.

Contact: Hans Holmgren, ProjectManager, Scanpoint Technology A/S,Denmark - Tel: +45 43 43 39 99.



Italian Moneta Card

One million retailers throughout Italyare members of the ConfcommercioAssociation which, in 1989, formed anew company called SETEFI SpA todevelop the Moneta electronic paymentssystems for which they adopted SmartCard technology. The Moneta multicardEFT system uses a multi-servicemicrochip credit card.

Set up with capital of 5 billion lira,SETEFI is owned 30% by FINATERrepresenting the Association's members,and 35% each by the Italian banksCARIPLO and BANCA di ROMA.

Confcommercio wanted to create a cardproduct to overcome the problemsrestricting card utilisation in Italy whichwere identified as: Retailers unwillingto take cards because of high merchantcommissions, unwieldy mainly paper-based systems; unreliable supply ofterminals, connections and responsetimes; unacceptable delays in applyingtransactions to accounts; and highlevels of fraud due to stolen cards byorganised crime.

The Moneta Card offers the cardholdertwo different accounts - the Conto Breve(short account) settled by paying the fullbalance monthly by direct debit 15 daysafter receiving the statement; and theConto Lungo (Long Account) limited totransactions above a fixed limit atcertain shops only. Settlement is by 6,12 or 18 equal instalments includinginterest which is recalculated monthlyto take into account new purchases.

The Smart Card handles allauthorisations and purchases andsecurity is through a PIN code chosenby the user. The card decides when PINentry is required according to the saleamount, for example, all transactionsabove an agreed limit, or on a randombasis allowing several small purchasesto be made consecutively before PINentry is requested.

The Moneta card encompasses alltransaction types from newspaper andvending purchases to substantial itemsmore usually associated withcredit/debit cards.

Following pilot projects in 1990, thesystem is now established in severalregions - Lombardy, Tuscany andSardinia - and in important towns likeBari in the south east.

Growth statistics

In these areas the scheme has shownsubstantial growth. The followingfigures, given by Eugenio Casucci, ofFINATER Confcommercio, Milan, show:

The installed base of EFT terminals hasrisen from 4,746 in 1991 to 9,767 in1992, an increase of 105%

Payments accepted increased from336,582 in 1991 to 2,370,745 in 1992,an increase of 604%

The total value of payments increasedby 616% from 63,437 million lira in1991 to 454,314 million lira in 1992.

Moneta cardholders rose from 124,253in 1991 to 179,721 in 1992 - a 45%increase.

It is planned to extend the systemthroughout Italy, but this expansion hasbeen slower than anticipated when theMoneta Card was first launched.

Mr Casucci explains: "There is a realproblem of implementation of theproject because it is based on EFTterminals and we do not have EFTterminals to cover all over Italy." Eventually, he says, there will be amass distribution of terminals andcards when they can include all of theAssociation's one million members.

Benefits



Benefits to the retailers are that thesystem accepts all the most importantcredit cards - Visa, Master Card,American Express, Diners and Cartasi,and the Bancomat debit card. There isalso the opportunity to issue co-branded cards which has been takenup, for example, by severalhypermarkets and some retail chains. Other advantages include lesscommission on transactions, low or nocost EFT terminal lease, quickerpayment and paperless transactions.

Cardholders need only one card as acredit card, can arrange long termpayments, and withdraw money atATMs.

From the issuers' point of view there isgrowing multicard acceptance, anintegrated payment system withautomated payment collection. TheSmart Cards also offer high securityagainst fraud and can be used off-line,reducing costs.

Card details:

Type ContactFabricator GemplusContact location FrontChip type

microcontroller+memory

Memory type EPROMMemory capacity 4K bytesStandards ISO 7816-1-2-3Comms protocol T=0Security PINCryptography DES

Contact: Eugenio Casucci, FINATERConfcommercio, Milan, Italy - Tel: +39 2332 00411.

New Card has FRAM Memory

A new type of card, called the "In-Charge" card, allows money orinformation to be exchanged on-the-move without contact. It combines the

transaction card technology of RacomSystems, Inc., based on wireless datatransfer via radio waves, with a newtype of computer memory from RamtronInternational Corporation called FRAM(Ferroelectric Random Access Memory)able to store data in the absence ofpower.

It is designed to provide a ruggedcontactless, cost-effective alternative tocontact Smart Cards in low-valuefinancial transactions and/or to expandthe capabilities of read-only RF IDapplications by providing a writefunction with the same performance asthe read function.

The card contains a single chip radiofrequency transponder with 256 bits ofnon-volatile ferroelectric RAM (FRAM)with high-speed read/write capability ata range of up to 15 cms (six inches). Itconforms to ISO ID1 dimensions but isthicker at 1.65mm

In use, a cardholder would present thecard to a Racom RF CommunicationsController (connected via an RS-232Cinterface to an IBM compatible PC hostcomputer) within the system range of 15cms. The controller generates a 125kHz powering signal to power the cardtransponder. The card transponder andthe communications controller create anRF interface for reading and writing thecard's internal memory. The systemprocesses the requested transaction,records it, and updates the card'smemory.

Applications

The system, known as the DSS 1000 RFProximity Communications Subsystem,is seen as ideal for applications such aselectronic fare payment in mass transitsystems, ski resorts usage, or studentID campus cards.

Richard Horton, Racom President, says: "We designed the DSS 1000 system toreplace coins and tokens in low-value



(less than $20) prepaid financialtransactions such as fare collection onbuses and subways. But we are alsofinding significant demand inapplications ranging from electronic skilift tickets, to recording maintenanceand inspection records on containers ofhazardous waste."

Demonstration kit

A preprogrammed version of the DSS1000 intended for evaluation,applications development, anddemonstration is available directly fromRacom Systems at a price of $1,800.

The system includes four RFM 256 CCTransponder Cards, an RFC 100 AA 20Communications Controller withantenna and power supply, cables,instruction manual, carrying case, anda Windows-based menu-drivenoperating software package forinstallation on the user's IBM-compatible PC. Additional cards can bepurchased for $9.72 in orders of 1,000.

The kit can be ordered from RacomSystems, Inc., 4840 Pearl East Circle,#301E, Boulder, Colorado 80301, USA. Fax: +1 303 447 2033.

Contacts: Wayne Baker, Director ofBusiness Development, Racom - Tel: +1303 447 2474; Lee Brown, Manager ofCorporate Communications, RamtronInt. - Tel: +1 719 481 7011. In the UK,David Sherwood, Managing Director,AM&T Tel: +44 (0)272 237594.

GiroVend Contactless System

GiroVend's cashless vending systemusing contactless Smart Cards or keyshas been designed to also handle a widerange of in-house applications such assecurity access control, parking, timeattendance and personnel identificationall on one card.

Among the first customers for thecontactless vending system when it waslaunched last year was Lloyds Bank inthe UK.

Now Group Chairman Richard Smartsays the Group anticipates that the newsystem will attract 30 per cent ofGiroVend's business sales in 1993.Easy to upgrade

The system is designed to eliminate theexpense of on-site cash-handling. It isquick and easy to upgrade from GVmagnetic-based cashless equipment.The system's interchangeable mediareader is designed to accept either an iCcontactless "GiroCard" or, for morerobust working conditions, the"GiroKey" fob. System transactions areactivated through media proximity tothe reader. Other transactiontechnologies such as magnetic stripeand watermark, can also beincorporated with the GiroCard for usewith existing on-site systems.

Both the card and the key arerechargeable and the system softwareenables a wide range of userentitlements and special instructions tobe programmed on the card, fromdiscounts, subsidies and free vends, todifferential pricing, quantity restrictionsand even stock control.

The card used is a 1K byte EEPROM



Contactless Smart Card from GEC CardTechnology.

GiroVend chose contactless technologybecause, unlike magnetic stripe basedtransaction systems on the market, itdoes not need surface contacts forreading and processing data. Whereother card reader-write products arevulnerable to data corruption from dirtlodging in contacts or on exposedelectromechanical moving parts, datatransferred on the contactless card is byRF (radio frequency) induction.

The company says that as the card isprotected from wear and tear, it lastslonger than other data carriers, and thesystem readers, with no slots, contactsor exposed moving parts to go wrong,are not only more reliable and robustthan current transaction technologiesbut much faster and service efficient.

Contact: Richard Smart, GroupChairman, GiroVend Holdings, London,England - Tel: +44 (0)71 738 0616. Fax: +44 (0)71 738 0331.

Mercury One-2-One

Mercury One-2-One, owned by Cableand Wireless and US West, is currentlyBeta testing its PersonalCommunications Network (PCN) servicewith around 1,500 business customersbefore the commercial launch, later thisyear. Initial coverage will be the heavilypopulated London area bounded by theM25 motorway, with coverage extendedto around 24% of the UK population byApril 1994, and progressivelythroughout the country by the end ofthe decade. The Smart Card is the phone owner'spersonal key to the service and Mercuryhas ordered cards from two suppliers -Datacard Corporation and Orga CardSystems (UK).

The customer gains access to theservice by inserting a personal SmartCard into the phone and keying a PIN.

Using the card in another compatiblemobile phone means that any callsmade are charged to the owner of thecard, rather than the owner of thephone. Similarly, you can let businesscolleagues, family members or friendsuse their own Smart cards in yourphone and call costs will be billed totheir account.

The One-2-One service offers variouspricing options, a monthly call limit,itemised billing, and a VoiceMail servicethat records messages when thecustomer is unable or unwilling to takea call. Handsets will cost around �300and are compact enough to slip into apocket or handbag.

Security system

It is estimated that in the London areaalone, 10,000 mobile telephones werestolen in the last year, but the new One-2-One service security system identifiesboth individual customers, with theirPIN held on the Smart Card, andindividual phones with a unique



identification code burnt into thehandset. Either number can be"blacklisted" by the network renderingstolen phones or Smart Cards worthlessto thieves.

As an extra security measure, thesubscriber can programme anadditional PIN access number to beentered before calls can be made.

Alan Hadden, Head of Business Policy,says: "We can't stop our customers frommisplacing handsets or prevent peoplefrom stealing them, but what we can dois make the theft of those phones acompletely worthless exercise. That isprecisely what we have achieved bycombining Smart Card technology andsecure handset identification codes withan all new digital phone network."

Scandals

Scandals over the taping of Royalmobile phone conversations shouldnever happen again. It is almostimpossible to eavesdrop on digital calls,unlike the mobile networks which wereallegedly intercepted to give rise to the"Squidgy" and "Camillagate" tapes.

A Mercury One-2-One spokesman said: "Not only will the new system transmitsignals in a digital formatunrecognizable as a voice conversationto anybody tuning in, the transmissionsthemselves are encoded in a formmaking them virtually impossible foreavesdroppers to decipher."

To find out more about Mercury's One-2-One service, call on Freephone 0500500 121.

Harmonisation Move

A single Smart Card that can be usedinternationally for a wide variety ofpurposes is the aim of a working groupcomposed of representatives of many ofthe leading companies in the chip cardindustry.

At the second meeting of the OpenMulti-applications Card working groupin Cologne, Germany, last month theirview was that current contact cardtechnology was insufficient as a basisfor the development of a single card formulti-applications usage. The marketitself was divided over this questionwith various non-compatible cardspresently employed in different projects.

It is envisaged that the working groupwill start on a large-scale project withcontactless card as its basis (namedContactfree Multi-Application Card," (C-MAC) driven by an internationallystandardised operating system.

Representatives at the meeting includedBosch, Deutsche Bundersbahn,Eurocard, Giesecke & Devrient,Lufthana Airplus, Philips, Siemens,Deutsche Telekom, Visa and variousbanks.

ECCS Group

Later in the month, the European



Common Card Strategy group (ECCS),met in Caen, France, to review thepracticality of developing a joint strategyaimed at establishing a MAC for world-wide usage.

The meeting convened by Mr H D Kreft,Managing Director, ADE, Germany, feltthat the ISO standard 7816 (Part 4) wasinsufficient as it allows variations in theconstruction of card operating systemswhich can lead to the development ofdifferent ISO compatible cards. Whilstthese, by definition, are compatible with the relevant ISO standard, theyneed not be compatible with oneanother. Also it is highly unlikely that200 pages of standardisationdescription will lead to uniform resultsfrom hardware and software developers.

The harmonisation process requires, forexample, the establishment of areference system to ascertain whether aMAC or a MAC terminal behaves in anISO-compatible manner. This software,called the Reference of InternationalCard Harmonisation (RICH), ensuresthat programmes in both the card andthe card terminal conform to ISO 7816. It is envisaged that RICH will set theinternational standard for the MAC inthe same way IBM determined PCcompatibility standards in the computerindustry. The concept also proposes aRICH coupler device capable ofoperating both contact and contactfreecards through a single slot.

As no single international card producerclearly dominates the market at present,RICH can only be realised via the co-operation of various producers withmarket representation. This union ofcompanies, in conjunction withcontactfree chip card technology, isseen as providing the internationalbreakthrough which could make RICHthe world-wide standard for the MAC.

There were 21 delegates at the ECCSmeeting including representatives fromADE, Credit Lyonnais, GEC, Gemplus,

Motorola, Idesco, Amphenol-Tuchel,SEPT, and Schlumberger.

Contact: H D Kreft, ADE, Germany - Tel:+49 4151 8891-O. Fax: +49 41518891-29.

Dudley TEC Project Ends

Dudley Training and Enterprise Council(TEC) has ended its TECFUTURESSmart Card project (SCN, November1992). The cards were used to replacemoney vouchers given to unemployedpeople to receive professional adviceand guidance on job seeking andretraining.

Yvonne Peers, of Dudley TEC, said theTECFUTURES project was now finished. The idea was to test the technology andit worked very well with an off-the-shelfsystem which turned out to be cost-effective. It they had intended to gobeyond the project it would have meanthaving a system tailored to the TEC'sneeds, but the cost was prohibitive.

The Smart Card system was supplied byJerseyCard and used cards fromGemplus.

Contact: Yvonne Peers, Dudley TEC,England - Tel: +44 (0)384 485000.

Philips DX ETEBAC 5 Approval

The French Groupement des CartesBancaires CB has approved theETEBAC 5 security package presentedby Philips, using standard readers, thenew Philips DX microprocessor SmartCard operating the RSA public keyalgorithm, and software libraries of itscatalogue.

The package is aimed at beingintegrated into available EDI (ElectronicData Interchange) application packageshandling the ETEBAC 5 environment(Telematics Exchanges Between Banksand their Customers). Philips view this



package as a practical application thatmany companies will want to use withtheir banking partners and expect todeliver several hundreds of units thisyear and probably several thousands in1994.

It offers the full set of security functionsrequired in this environment: mutualauthentication of each party to theelectronic exchange, guarantee thatinformation content is not alteredduring transfer, guarantee of theconfidentiality of the exchange,irrefutable proofs to both parties of theexistence and proper execution of theexchange.

The solution is already integrated intothe ETEBAC application of CERGFinance, and has been qualified in thereal environment of the ETEBAC serverof Credit Lyonnais.

Other ETEBAC applications supplierslike SAARI, SYBEL, CONCEPT, andPLURIEL DCI are integrating the Philips'package into their offer, and will shortlybe ready with the corresponding fullETEBAC 5 solutions.

Philips say their DX Smart Card-basedpackage is in line with internationalstandards, and complies with the mostrecent recommendations of the securityworking group on EDIFACT (ElectronicData Interchange For Administration,Commerce and Trade). They see it as asound basis for further internationalstandardisation, since the core securitypart is separate from the ETEBACapplication software, and complies withEDIFACT recommendations on security.

Contact: A J Selezneff, InternationalMarketing Manager, Philips SmartCards & Systems, France - Tel:+33 1 4094 75 84. Fax:+33 1 40 94 79 68.

Advanced Card Association

Plans to set up an Advanced CardAssociation based in the UK are now

underway following an inauguralmeeting to produce a framework toformalise the Association. The meetingdiscussed an interim constitution, acommittee structure and invited electedrepresentatives.

It was announced that the Departmentof Trade and Industry will provide thevenue for the first full meeting forinterested industry members wishing tojoin and that their will be direct liaisonwith invited government representativesthrough a joint speaking form which willcover specific vertical markets.

Over 15 offers for countryrepresentation in Europe have beenreceived and discussed and it isplanned to utilise these representativesto set-up similar government and tradelinks within their own countries.

The Association has also receivedrequests to consider co-operation withthe US Smart Card Industry Association(SCIA) and the International CardManufacturers' Association (ICMA) toallow representations across a unitedfront.

Any interested parties who wish tobecome involved should contact ChrisStanford or Simon Reed, c/o ChartaAssociates, The Court, Freepost, PO Box301, Hemel Hempstead, Herts, HP11BR, England - Tel: +44 (0)442 231844.

Quality Certification for SOLAIC

SOLAIC, the Smart Card subsidiary ofSligos, has been awarded the ISO 9002certification and its Europeanequivalent, EN29002, for themanufacture of PVC integrated circuitmemory cards and Smart Cardmicromodules.

The certifications were awarded by theFrench Quality ImprovementAssociation (AFAQ) and the EuropeanNetwork for Quality System Assessment



and Certification, respectively.

SOLAIC's three core businesses - cardmanufacturing, card personalisationand memory card systems engineering -cover the entire Smart Card cycle fromengineering to final delivery.

Smart Card Telephone Adaptor

A new telephone adapter for AT&T'scontactless Smart Card, allows anytouch-tone telephone to be used forbanking transactions, ticket purchasesand other services from a home, office,hotel room or other location wherepreviously it would have required apersonal computer or similar product.

The prototype adaptor, which is aboutthe size of a small paperback book, wasdemonstrated at the American BankersAssociation National Operations andAutomation Conference in New Orleanslast month. Applications shownincluded the purchase of an airlineticket over the phone with thetransaction recorded electronically onthe card.

The adaptor contains a Smart Cardreader/writer and a modem. Whenplugged into a standard telephone line,it allows a Smart Card to be used toverify the user's identity and as astorage medium on which thetransaction can be securely recorded. Asingle telephone line is used for boththe voice connection and the data link.

A major concern with home banking hasbeen security, but AT&T says it hasdeveloped a verification system thatsubstantially reduces the possibility offraudulent access to a bank account. Although the user only has to provide asimple password, the Smart Card andthe bank's computer carry out asecurity check to make sure the card isvalid.

Diane Wetherington, President of AT&TSmart Cards, says: "Until now, many ofthe promises of the information age, like

home banking, have been a reality onlyfor people who can afford expensivehome computer systems and werewilling to learn how to use them. Thisdevice will let anyone performtransactions from anywhere, withoutthe need for expensive computerhardware as an interface."

AT&T's 3K byte EEPROM contactlessSmart Card can be used for multipleapplications such as banking, and alsoact as an "electronic ticket" for airlinetravel, sporting events etc.

Contact: Michael Jacobs, AT&T, USA -Tel: +1 908 582 4767.

De La Rue and TRT Joint Venture

De La Rue Card Technology, asubsidiary of De La Rue PLC, andPhilips Smart Cards & Systemssubsidiary, TRT, have set up a jointventure to sell their Smart Card systemsin the UK and Ireland.

Called Delphic Card Systems EEIG, ithas been formed through the EuropeanEconomical Interest Grouping (EEIG)structure and is headquartered atTewkesbury in England. It will provideSmart Cards (microprocessor andmemory cards) and associated readersand terminals, develop Smart Cardsolutions for business applications, andprovide Smart Card personalisationservices.

Delphic aims to be the leading paymentcard in industries such as banking,loyalty/leisure, utilities, pay TV andtelecoms. The range of masks offeredby Philips covers security cards, likeD1, D2, or DX, the first RSA Smart Cardon the market, or dedicated masks likeGSM or BO' (for French banks), orgeneral purpose masks like TB100.TB100 and BO' have been developed inco-operation with Bull CP8.

Contact: Darrell Barnes, GeneralManager, Delphic Card Systems,



England - Tel: +44 (0)684 290290. Fax:+44 (0)684 290111.

Chip Card Reader from Safeware

Cardman, the new and compact cardreader from Safeware AG, of Austria,can be used to read and write all chipcards compatible with ISO 7816.

Costing DM 240 (one-off price) thedevice can be connected to the serialport of a PC and can therefore be usedunder a variety of different operatingsystems.

Safeware says the open architecturepermits OEMs, system houses andapplications developers to offer the

inexpensive use of chip cards in theareas of electronic banking, accesscontrol to host systems and healthinsurance cards, amongst others.Evaluation kits are available.

Contact: Lars Sandell, Safeware AG,Linz, Austria - Tel: +43 732 301630-400. Fax: +43 732 301630-75.

Smart Card Tutorial - part 10

Security from the Bottom End.

Previously we took a look at the securityof the Smart Card from a top downpoint of view. In other words we lookedat the principles that we were trying toachieve without delving into thepracticalities. This month we are goingto start at the other end, looking atsome of the practicalities to see whatcan be achieved. This bottom upapproach should allow us to meetsomewhere in the middle. This is acompromise between what is requiredand what can be achieved.

In order to consider security further weneed to recap on the basic componentsof the chip in the Smart Card. Thisarchitecture is shown in fig. 1. Theprocessor has four peripherals,

- MASK ROM- EEPROM- RAM- SERIAL I/O PORT

The mask ROM contains the operatingsystem of the chip and is made as partof the chip fabrication process. Thismemory is read only and cannot bechanged once the chip is made. TheROM may contain programs and databut in both cases the code and data areconstant for all time. By the veryprocess that the chips are made it is notpractical to have any form of uniquecode or data in ROM. Thus the ROMmemory is constant for a batch of chips(thousands). Each wafer at the end ofthe manufacturing process results inthe die (apart from fabrication failures)looking identical.

The EEPROM memory is the non-



volatile storage area of the chip thatallows data to be written and readunder program control. This data ispreserved even after the power to thechip is switched off. By writing data intothe EEPROM we can give each chip aunique identity. The Smart Card chipsfrom most semiconductormanufacturers have the facility to makeparts of the EEPROM memory `writeonce only'. This is sometimes called OTP(One Time Programmable) oroccasionally as EPROM memory in thesense that it cannot be overwritten. Thelatter term is ambiguous in thatalthough EPROM memory requires ultraviolet light for erasure, in the generalsense the memory cells are alwayscapable of being set to the final state.Thus if the initial state is all `ones' thenany bit can be overwritten to `zero'. Ifthis situation is allowed to arise then insome circumstances you may be subjectto a security violation. Under theseconditions going from a `1' to a `0' mustincrease the security for every bit used.A reverse situation may allow anattacker to decrease the security by overwriting a `1' to a `0' which is aninherently possible process.

The random access memory (RAM)forms the memory working space to beused by the processor whilst executingprograms either in ROM or EEPROM.This memory is volatile and all data willbe lost (there are some securitysubtleties here that we will return to ina subsequent part ) when the power tothe chip is removed.

This RAM is no different in concept tothat contained in our PC. However thereis some difference in the amount ofmemory available. The modern PCusually starts at 1 million bytes andcommonly has 4MB or more. The lowlySmart Card chip rarely exceeds 256bytes. We mentioned previously thatthis is due to the square area of silicontaken by the RAM cells and the need tolimit the size of the die for both cost andreliability considerations. Clearly the

processor has total read/write control ofthe RAM. It is also important to notethat the total RAM space is unlikely tobe available to the application. At thevery best it is necessary to invoke a

stack memory area for the processor totransfer control between the varioussoftware modules and to handle theinterrupt structure of the processor.

The serial I/O port should beconsidered as just another peripheral tothe processor which may be read andwritten under software control. Themost important point to notice here isthat the hardware sophistication oftenfound on general purposemicroprocessors has been removed tooptimize the space available on thesilicon. Thus the ubiquitous UART(Universal Asynchronous ReceiverTransmission) which buffers bytes ofdata to and from the serial port isreplaced by a single register that theprogrammer must manage on a bit by



bit basis. Further more the timing ofdata transmission which is handled bythe UART must now be managed by theprogram in the Smart Card.

For the purpose of our security analysiswe will now consider two applicationscenarios. In the first case we will lookat the Smart Card as a file managementsystem as considered under ISO 7816-4. Then we will develop the situationfurther and look at the problems ofmanaging two application programs inthe IC.

In fig.2 we show the arrangement ofprograms and data for the Smart Cardused as a file management system. Wewill simplistically consider twoapplications each with a file of data. Wewill also assume that these applicationswish to control access to the data forauthorised users only. It is important tonote that the terminal acts as theapplication driver and completes thesecurity link. Let us now consider thatthe Smart Card is brought into contactwith a terminal containing theapplication as shown in fig. 3. In thisdiscussion we will ignore the electricaland communication protocol handlingand will assume it meets the ISOstandard.

From the terminal's point of view thereare four primary steps in the process ofexecuting the application,

- Select the application in the card- Prove the authorisation of the

terminal user- Read/write the application data- De select the application (e.g

power off)

In this very simple example we are onlyconsidering PINs as our security tooland the authorisation is therefore thatof the terminal user (which may bedelegated to the terminal by theapplication provider)

The application in the terminal thusproceeds to select the application usingthe commands of ISO 7816-4 asdiscussed previously (select file; verify;read/write).

Even in this simple example we run intoproblems straight away. Does eachapplication have a separate PIN? From asecurity point of view it is clear that thismust be the case and yet thiscontradicts the often held approach(with its obvious practicality) that thisshould be a single PIN for the card.There is a second problem even morefundamental than the first. How doesthe terminal know that the card isgenuine? Giving a yes/no to the verifycommand is totally inadequate andhence the need for the authenticationcommand. This allows the terminal tocheck the authenticity of the card butrequires both the terminal and card toshare the appropriate cryptographicmechanisms.

However it is clear that sufficientfunctionality exists to control theseapplications separately. Here theoperating system is in control and caneasily restrict access to the applicationdata to authorised users in the sensethat the correct PIN is provided). Theapplication program in the terminal hasno access to the data in the EEPROMdirectly and must invoke the commandsavailable in the MASK ROM.

Let us now consider the more



interesting case where there are twoapplication programs in the EEPROM asshown in fig. 4. Now the security gamechanges because the processoreffectively transfers control to a programrunning in EEPROM. In the generalcase (some IC chips can constrain thememory partitioning; see vol. 1, No 1)the processor can read and write anydata in the EEPROM whether it belongsto its own application or another. Whatthis means is that a particularapplication must be restricted fromreading and writing data in theEEPROM. All data accesses must bereferred to a program that executes fromthe operating system in the MASK ROM.By this means the operating system canassure the correct partitioning of thedata to its own application. Whetherthis is achieved by software (i.e aninterpreter type of approach) orhardware control of the memoryaccesses results in a more sophisticatedview of the architecture of the ICC.We have shown in this part of thetutorial that there is a fundamentalsecurity difference between a filemanagement structure (as envisaged inISO 7816-4) and the more general caseof a multi application environment. Wehave also made the point that a PINcheck (supplied by the terminal) by anIC card is a one way process which doesnot take account of the authenticationof the card itself. This is clearly notacceptable in the majority ofapplications and requires therefore theadditional process of the terminalauthenticating the card. This requiresan additional overhead of cryptographicmechanisms and the appropriate keymanagement hierarchy.

In a subsequent part we will explore thelife cycle of an IC card from a securitypoint of view including the implicationsof cryptographic key management. Wewill also attempt to answer that difficultquestion `Is a Smart Card secure?'

Next month. The Smart Card development environment.

David Everett



Smart Card Diary

a la CARD-Symposium '93Technology, Steigenberger Hotel,Hamburg, Germany, 16/17 June.

This 3rd international card conferencefocuses on recent developments in thecard industry. Contact Hopenstedt &Wolff - Tel: Germany +49 40 271 3323. Fax: +49 40 270 8066.

ESCAT 1993 (European Smart CardApplications & Technology)Conference, Hotel Kalastajatorppa,Helsinki, Finland, 1-3 September.

Topic areas includetelecommunications, financial(electronic payments), transportation(and multi-purpose cards), and healthapplications. Contact: Eija Ohrnberg -Tel: Finland +358-0-752 3611. Fax:358-0-752 0899.

The Role of Card Systems in HealthCare: Facts and the Future, PharoGardens, Marseilles, France, 22-24September.

A major international conference on theuse of card technology in health carefeaturing speakers from manycountries, the conference is beinghosted by the French Ministry andSocial Affairs, Ministry of Health, andthe International Institute of Roboticsand Artificial Intelligence. Contact: Charta Associates, England - Tel: +44(0)442 231844. Fax: +44 (0)442236604.

CarteS 93, Palais des Congres, Paris,France, 20-22 October.

International plastic card forum withconferences, lectures, workshops and amajor exhibition. Contact: CarteS 93 -

Tel: +33 1 49 68 51 00. Fax: +33 1 4737 74 56.

European Payments '93 (EFTPoS &Home Services), Sheraton Hotel,Edinburgh, Scotland, 16-18 November.

A tutorial on biometrics and cards willbe held before the conference whichincludes a day devoted to remoteservices. Contact: Paula Biagioni - Tel:+44 (0)41 553 1930.

Brewers Test Cashcards

Two major brewers, Allied Lyons andScottish & Newcastle, are to testcashcards in selected managed housesfollowing the successful introduction ofcashcards into a number of Whitbreadpubs last year. Allied Lyons subsidiary,Taylor Walker, is installing the systemin two of its Mr Q's specialist pool pubsin North London, while Scottish &Newcastle is introducing cashcards intothree pubs in Gosforth, Sunderland andWhickham in north east England.

The Schlumberger cards can be boughtat the bar and credited with thecustomer's choice of value. They canthen be used for food and drinkpurchases and on non-payoutamusement machines. Both brewersare tying rewards into card usage bywriting bonus points to the cardmemory.

Contact: John Kelly, Chief Executive,Cashcard Systems, England - Tel: +44(0)636 610022. Fax: +44 (0)636610122.

Cryptography Update

In April the President of the U.S.Aannounced a new initiative designed tobring together industry and the Federalgovernment to improve security oftelephone communication whilstmeeting the needs of law enforcement.



The U.S government engineers (NSA)have designed a new cryptographic chipcalled `CLIPPER'. This chip hasnominally been designed for attachmentto an ordinary telephone. This chip maybe used to protect both voice and datatransmissions. The chips (MYK-78) willbe supplied by MYKOTRONX ofCalifornia. The silicon is fabricated inone micron technology by VLSITechnology Inc.

A novel feature of this new scheme isthe establishment of an escrow system.Each chip will have two special keys,knowledge of which will allow the holderto decode messages generated by thechip. These keys will be stored inseparate escrow databases access towhich will be restricted to governmentofficials with legal authorisation.

The CLIPPER chip contains a classified64 bit block encipherment algorithmwith a single 80 bit key called`SKIPJACK'. Apparently the algorithmhas 32 rounds of scrambling (DES has16) and runs at 12 Mbits/second. Involume the chips are expected to costabout $30.

A successor to the CLIPPER chip called`CAPSTONE' has already beendeveloped. MYKOTRONX call this theMYK-80. This chip implements theSKIPJACK algorithm but also includesthe DSA (Digital Signature Algorithm)and SHA (Secure Hash Algorithm)proposed by NIST. The CAPSTONE chipwill not implement the RSA algorithm.These chips are expected to sell forabout $85.

The SKIPJACK algorithm is intended toreplace the DES algorithm which willcease to be certified in five years time.Some concerns have already beenraised concerning the classified natureof the SKIPJACK algorithm and theescrow arrangement. The mechanism bywhich authorised agents may obtain thekeys is still not clear whilst it wouldappear that once obtained then thesubject's communications becomeinsecure forever.

However it is clear that the USgovernment would prefer SKIPJACK tobe the new symmetric algorithm withDSA as the asymmetric algorithm.Whether the finanical industry willhappily give up DES remains to be seenwhilst the battle on RSA versus DSAcontinues. At the very least the patentposition on DSA would appear to givePublic Key Partners (PKP) and the RSAcamp a distinct advantage.

I wish to subscribe to Smart Card News for 1 year i.e. 12 monthly issues at:

� UK �375 � Please invoice my Company

� International �395 � Cheque enclosed

� Please charge my credit card

Visa/Mastercard/Eurocard/Access



Name______________________________________Name________________________

_______

Position____________________________________Address_____________________

________

Company___________________________________ ____________________________________

Address____________________________________ CardNo._____________________________

___________________________________________ Expirydate___________________________

Tel.________________________________________Signature____________________

_________

Fax.________________________________________

Please return to: Smart Card News Ltd. PO Box 1383 Rottingdean, Brighton BN28WX,United Kingdom, or facsimile to + 44(0)273 300991.

Smart Card News carries an unconditional refund guarantee. Should you wish tocancel your subscription at any time then we will refund all unmailed issues.

Gemplus Fifth Anniversary

Gemplus has marked five years ofsuccessful trading at its anniversarycelebrations in Gemenos, France. Thecompany, formed on 2 May, 1988,employed just 12 people working in an

old "garage" in Aix-en-Provence and hadone client, France Telecom, who wantedone million Gemplus pay phonecards incirculation before the end of the year!

Now the Gemplus Group employs 700people working at 13 locations in eightcountries -



France, USA, Singapore, UK, Germany,Italy, Spaine and Taiwan - and suppliesproducts to more than 50 countriesaround the world.

Smart Card production is now runningat 10.5 million cards per month and thegroup has a turnover of 700 millionFrench francs, 65% of which comesfrom exports.

The company has been able to growbecause of the attention it has given toresearch into new products, technologyand services, dedicating about 10% ofits turnover each year to research anddevelopment. It has filed some 98patents since it began operations.

From the original 300 sq.m in Aix-en-Provence in 1988, industrial facilitieshave been expanded to approximately10,000 sq.m at the Gemenos, La Ciotat,Saracelles and Stuttgart plants.

This year, Gemplus obtained ISO 9002quality certification making it anapproved supplier of several majorinternational clients.



Marc Lassus, Chief Executive Officer of Gemplus, (right) receiving the ISO 9002 qualitycertification from Charles Rozmaryn, General Manager of France Telecom

Major Stored Value Card Plan in Australia - France, Cardinal Network of Australia, Optus...

Documents

Transcript of Major Stored Value Card Plan in Australia - France, Cardinal Network of Australia, Optus...