Smart Card Technologies

Title: 2001: A Smart Card Odyssey: Part 1 of 2
Source: Card Technology, 2 (1): 34, January 2001. ISSN: 1093-1279
Publisher: Thomson Financial Media
Document Type: Journal; Cover Story; Industry Overview
Record Type: Fulltext Word Count: 2487
Publication Country: United States, Language: English
Text:

By Donald Davis

The boom in mobile phones that use smart cards for identification guarantees that 2001 will be a big year for smart cards. But the industry could really take off if key credit card, government and transit projects register successes.

Predicting the future should always be this easy. Will the smart card market grow in 2001? It is close to a sure thing, say industry executives, because of the explosive growth in demand for GSM mobile phones that carry smart cards inside each handset to identify consumers to their mobile phone operators.

The seemingly insatiable demand from telcos for those subscriber identity module smart cards will be the primary reason unit demand for smart cards will surge an estimated 22% to 23% in 2001, agree analysts from market research firms Dataquest and Frost & Sullivan. Even better for vendors, because SIM cards are among the priciest of smart cards, chip card revenue will grow even faster. San Jose, Calif.-based Frost & Sullivan predicts the worldwide smart card market will generate nearly $2.8 billion in revenue this year, up 34% from $2 billion in 2000.

Not surprisingly, card and chip vendors are upbeat. "We believe it's going to be a great year for sure," says Maurizio Felici, general manager of the smart card division at Swiss-French semiconductor manufacturer STMicroelectronics.

But the GSM-fueled boom is only part of the story. The coming year will see important projects in such areas as financial services, government, transit and computer network security that-while not necessarily having a huge impact on volumes-will showcase a new generation of more powerful and feature-rich chip cards. If these projects fulfill their promise, they could pave the way for large-scale adoption of smart cards over the next few years.

The most-cited example is the push from U.S. credit card issuers to introduce chip-based credit cards in the world's largest payment card market. Unlike such European countries as France and Britain, where banks introduced smart cards to cut fraud, the U.S. issuers see the added power offered by a computer chip as a way to woo the most desirable, technologically savvy consumers.

"For the first time we'll have smart cards deployed in the financial services field for the right reason," says Remy De Tonnac, executive vice president, business development, for Gemenos, France-based smart card vendor Gemplus International SA. "I believe 2001 will be the year that we'll see how the smart card is really bringing a strong, sound, appealing value proposition to banks and their customers, which has not been the case so far."

2001 also will see groundbreaking projects in government and transit, with several projects featuring the latest in smart card technology. Here is a look at important developments in key market segments.

Telecommunications: Most discussions of the smart card outlook start with the boom in GSM mobile phones. "GSM has been the driving force of the smart card industry for the past four or five years, and it definitely will be next year also," says Lutz Martiny, a Paderborn, Germany-based consultant and chairman of the Eurosmart smart card industry trade association.

Industry forecasts bear out that assertion. The demand for SIM cards will grow from 317 million in 2000 to 417 million cards this year, a 31.5% jump, predicts Andrew Phillips of Dataquest, a unit of Stamford, Conn.-based GartnerGroup.

He estimates SIM cards will represent nearly 53% of the demand for the sophisticated microprocessor smart cards that not only store data, as do memory cards, but also can manipulate data. That would allow, for instance, a SIM card to direct a handset to search for the nearest Italian restaurant, or to apply a digital signature to a stock transaction.

With mobile operators desperately competing for market share, cost is little object, and smart card vendors can charge relatively high prices for SIM cards. Phillips estimates the average price of a SIM card at around $4.50, compared with $2.78 for banking chip cards and 40 cents for memory cards, which mostly are used at pay telephones.

As a result, SIM cards are a cash cow for smart card vendors, particularly since the operators' demand for the most sophisticated services allows card vendors to bundle software development and services along with the SIM cards.

"SIM cards represent 20% to 25% of the volume, but they represent close to two-thirds of the revenue of the smart card manufacturers, because typically those are high-end cards and they are sold with a lot of services," says Olivier Piou, president of the smart card unit of Schlumberger Ltd., based in Montrouge, France, and New York City.

By contrast, Piou notes that prepaid phone cards represent half of the smart card volume, but less than 20% of the revenue. Dataquest's Phillips estimates there will be nearly 1.6 billion memory cards sold in 2001, up 18% from 1.3 billion memory cards in 2000. Most of the memory cards are used as prepaid cards at pay phones in such markets as China, Mexico, France, Germany and Indonesia.

While SIM cards already are at the high end of the smart card pricing chart, mobile phone operators will order even more expensive cards this year to hold more applications, predicts Felici of STMicroelectronics.

In 2000, he says, about 50% of the SIM cards carried 8 kilobytes of application memory, 30% had 16K and 20% had 32K. This year, he predicts, 8K and 32K cards will each take 35% to 40% of the market, as operators either offer low-end prepaid cards or the most powerful cards available. By late 2001, he says, SIM cards carrying 64 kilobytes of memory will begin appearing.

Higher memory means higher prices, says Phillips. He estimates 8K cards cost under $4, compared with around $5 for 32K cards.

Chip Shortage Continues

Also keeping prices high is the worldwide shortage of computer chips, which continues in 2001.

But it could get a little easier to find chips later this year, as new semiconductor capacity comes online and the growth in demand slows, says Karsten Ottenberg, vice president and general manager of the identification business line at Philips Semiconductors NV, Eindhoven, the Netherlands.

He predicts overall semiconductor demand will increase 20% to 25% in 2001, compared to 40% in 2000, "so the high imbalance in demand and supply will have some softening." Smart cards represent only about $1 billion of the $200 billion global semiconductor market, he says.

New Fees Needed

The shortage of SIM card chips is but one of the problems for mobile phone operators. Even more pressing is their need to find new revenue sources to pay for the billions they are investing in licenses to provide the next generation of high-bandwidth mobile phone service. European operators alone have committed $100 billion for the so-called "third-generation" licenses, and are expected to spend a comparable sum building the 3G networks.

Given that massive investment, operators will have to generate between $5,000 and $15,000 per customer over several years to recoup those license fees. That has set off a desperate search by telcos for new services they can offer consumers to generate new user fees. That search puts operators on a collision course with banks, which want to play the central role in handling the flood of transactions consumers are expected to make through cell phones.

Smart cards are at the center of this battle because they are the tokens that identify the consumer. If the mobile phone operator controls the identification application on a SIM card, then the operator can charge a fee for handling that transaction. On the other hand, if the operator merely is passing the transaction on to a bank, the operator's role and revenue will be reduced.

Banks have made clear they prefer to control the authentication service, and are reluctant to use the operator's SIM card as the ID token. "It is a question of who is controlling the identity of the consumer," says Bo Harald, executive vice president of the north European banking conglomerate Nordea, formerly MeritaNordbanken. "For us, it is very important from a security point of view that is the bank."

Nordea is preparing to launch a pilot this year along with Visa International and handset manufacturer Nokia that would put a second chip card into the mobile phone-a Nordea-issued Visa credit card as small as a SIM card.

In France and Spain, meanwhile, banks and telcos are cooperating in tests of mobile phones with a clip-on card reader that allows consumers to make payments with full-size, bank-issued smart cards.

Signing By Phone

Mobile phone operators, however, have plans of their own to use highly sophisticated SIM cards to offer new services.

At least three European operators are preparing to issue "mass quantities" of SIM cards that will allow consumers to use their mobile phones to electronically sign documents, says Thomas Koelzer, chief operating officer of the Secartis AG unit of Munich-based smart card manufacturer Giesecke & Devrient.

The cards will carry key pairs tied to digital certificates stored on the Internet. This is an application of public key infrastructure, or PKI, a technology that encrypts data and identifies the individual making a transaction. PKI is highly touted as a way to prevent consumers from ordering products or placing an order to buy or sell stock and then denying that they are responsible for the transaction.

While Koelzer would not identify the operators, he says their services will be tested early this year and launched soon afterwards. With the aid of a PKI-enabled SIM card, Koelzer says, telcos will be able to offer valuable services to subscribers and content providers.

He says Secartis also is working with a German mail-order house that will take orders via the Internet so long as the consumer digitally signs the order with the handset, responding to a confirmation sent by the retailer. Government agencies plan to allow citizens to sign documents electronically through their PCs using PKI, and some of those services also are likely to be offered through GSM phones, he says.

Electronic Signature Laws

More and more countries are recognizing electronic signatures as legally valid, and that will spur more use of PKI with smart cards, both SIM cards in mobile phones and full-size chip cards. For instance, the United States enacted an electronic signature law last year and the 15 members of the European Union are obliged to pass similar laws, as well.

These laws will spur the use of PKI as a secure way to authenticate individuals conducting business via the Internet or through such devices as mobile phones or handheld computers. "If you want to do serious business, you must be able to do serious contracts," says Pekka Honkanen, senior vice president of Sonera SmartTrust, a spinoff of Finnish telco Sonera that specializes in securing electronic transactions. "And you need laws to protect you so that the customer signature and ID cannot be repudiated by the customer."

One SmartTrust customer trying out PKI and SIM cards is the Finnish online securities broker, EVLI Securities PLC. The company began testing last year a service that allows consumers identified with digital credentials to access their stock portfolios and to make trades. The company says it will roll out the service during the first quarter.

And PKI is not the only new technology showing up in SIM cards this year. Japan's NTT DoCoMo, which has more than 10 million mobile phone users accessing the Web through its groundbreaking i-mode service, will introduce some of the first 32-bit smart cards to hit the market. These cards process four times as much data at a time as standard 8-bit cards, processing power that will come in handy when DoCoMo begins downloading more data, and even sound and video, to customers' cell phones.

The 32-bit chips also will make possible more sophisticated smart card applications in many arenas, and represent an important milestone, says David Levy, CEO of Bull Smart Cards, Louveciennes, France. "In 2005 you will say there was a big breakthrough in 2001, because this was really the start of the 32-bit platform," Levy says.

But Philips' Ottenberg says the 16-bit chips his company offers are adequate for now. He says it will be 2003 before smart cards require 32-bit chips.

While vendors debate that point, some of the SIM cards NTT will roll out from Dai Nippon Printing of Japan will use software from Bull and 32-bit chips from STMicroelectronics.

Not Just GSM

NTT DoCoMo will also be among the first non-GSM operators to introduce SIM cards into their phones. Korea Telecom Freetel, which uses CDMA mobile phone technology that does not require smart cards for subscriber identification, introduced SIM cards late last year.

That allows a Freetel subscriber to pop the SIM card out of a handset and to insert it into a GSM handset when traveling to countries where GSM is predominant. Besides allowing customers to retain their phone number lists and preferences, that ensures that their phone calls are routed to Freetel, which then bills for the calls, and not to the GSM operator in the customer's location.

A third digital mobile phone technology, TDMA, is converging with GSM, and will use SIM cards in future phones. Part of the reason is that SIM cards make it easier for operators to develop and distribute new applications for their customers. "Where can you buy application development tools for a Nokia phone?" asks Mike Dusche, Windows for Smart Cards product manager at Microsoft Corp. "The answer is you can't."

But smart card vendors offer such development tools for their SIM cards, making it easier for mobile phone companies to introduce new features, regardless of the handsets used by their customers. While Sun Microsystems' Java Card has established a clear lead in the SIM card market, Microsoft is paying a lot of attention to SIM cards, as is the MAOSCO consortium that promotes Multos, the third competitor among the smart card operating platforms that can be licensed by multiple card vendors.

For now, SIM cards are where the money is. And there is little doubt 2001 will see smart card players introducing their most sophisticated technologies into this segment of the chip card market.

Financial services: Smart card players will be watching this sector closely this year, more for the quality of smart card programs on tap than for the quantity of cards issued.

Nonetheless, the numbers will be quite healthy. Dataquest's Phillips. says shipments of chip-based payment cards will grow 35% from 176 million cards last year to 238 million cards in 2001, he says. Fueling the numerical growth will be the ongoing conversion of magnetic-stripe credit and debit cards to chip in such countries as the United Kingdom and Brazil.

Some 20 countries, two-thirds of them in Europe, have committed to moving their bankcards to chip over the next five years, and that will fuel even greater growth in the financial sector. Phillips predicts by 2004 there will be 459 million bank-issued smart cards in circulation.

But all eyes this year will be on the United States, where issuers have made no commitment to chip cards, because the world's largest payment card market has developed sophisticated technology to deter the fraud that is moving other countries to abandon mag-stripe cards in favor of smart cards.

Copyright 2001 Thomson Financial Media

Title: Motorola technology could replace product bar codes
Source: RCR Wireless News, 20 : 41, September 10, 2001. ISSN: 0744-0618
Publisher: Crain Communications Inc.
Document Type: Journal
Record Type: Fulltext Word Count: 520
Publication Country: United States, Language: English
Text:

By: Mike Dano

A new technology from Motorola Inc. could potentially replace product bar codes-the series of lines printed on product packaging that identifies everything from toothbrushes to new TVs-with a tiny, disposable wireless transponder.

That's the vision rattling around in the head of Rich Krueger, director of business development for Motorola's smart cards division. Krueger is the head of a five-year effort to create a credit card-sized label that sports a tiny computer chip and can wirelessly connect to a computer scanner. The technology is called BiStatix, and Motorola is gearing up to release it into the marketplace later this year.

``We believe we will see a number of installations by the end of this year and early next year,'' he said. ``The very first products popped out a few months ago.''

BiStatix technology got a trial run in March in the Chicago Museum of Science and Industry's Networld attraction. Museum visitors were able to purchase a Netpass card with an embedded BiStatix radio-frequency identification chip. Users could wave the card over RF readers to call up museum information.

The possibilities of expanding on this simple function are virtually boundless, Krueger said. And one such application-replacing product bar codes with BiStatix-based Electronic Product Codes-is now being discussed by the Auto ID Center, a group of retailers and manufacturers looking to improve supply chain efficiency with RF technology.

Most RF transponders use a metal antenna to communicate with an RF reader, which makes them too large and expensive for mass-quantity use. BiStatix technology replaces the metal antenna with conductive ink, which can simply be printed onto regular office paper. This allows BiStatix RF transponders to fit on anything from an address label to an identification card, and produced in huge quantities with little cost.

``That's really the principle innovation here,'' Krueger said. ``When that tag is brought into proximity of a reader ... the signal itself energizes the reader.''

When the RF reader gets within about a foot from the BiStatix transponder, it charges the label's conductive carbon ink, which then activates the computer chip. The chip can store up to 100 characters, and the reader can modify the information on the chip.

Krueger said there are a variety of products and services that could be enhanced using the new technology.

Tickets for sports event or concerts could be printed with the buyer's personal information embedded on them so pickpockets couldn't use the pilfered tickets. Airlines could print off BiStatix tags for passengers' luggage with embedded travel destinations so the bags would be harder to lose (maybe). This would also help bag checkers because they would only need to wave the RF reader around the bag instead of having to line the reader up with a crumpled bar code. Finally, amusement parks or public transportation companies could use BiStatix cards to determine which customers paid for which services, and then could wirelessly change the card's information depending on its use.

Krueger said Motorola has spent the past two years getting various parts of the industry in line with BiStatix technology. Companies from label makers to original equipment manufacturers to systems integrators are getting set to begin offering BiStatix-based products, he said.

Copyright 2001 Crain Communications Inc.

Title: INSIDE TRACK: Your fingerprint is the password: SECURITY SYSTEMS: Biometric ID systems are effective and can help cut costs, says Geoffrey Wheelright:
Source: Financial Times London Edition: 12, August 21, 2001. ISSN: 0307-1766
Publisher: Financial Times Ltd.
Document Type: Business Newspaper
Record Type: Fulltext Word Count: 874
Publication Country: United Kingdom, Language: English
Text:

Biometric technology is rapidly becoming a crucial element of business security solutions. Long the province of spy films and popular fiction, devices that can identify people by scanning their fingerprints, retinas, or even the shape of their faces, are now being used to do something much more mundane: to cut costs.

Maintaining appropriate levels of security for a broad variety of business applications within a large corporation or financial institution is expensive. Strict rules are put in place to ensure that security is not compromised - particularly where identification and passwords are concerned. Users are often required to maintain separate ID and password combinations for different applications, as well as being required to change passwords regularly.

These requirements can lead to problems for users - and those who develop and maintain security applications. For example, if users are required to remember a lot of passwords they are tempted to stick with a fairly standard collection of words that usually includes a user's own name, the name of a child or a pet - or even the word "password".

Such passwords are easy to guess for anyone who has even a little personal information about the user. If users try to maintain secure and random passwords and IDs, they are prone to forget or lose them. If this happens, they often end up contacting their company's help desk - thereby increasing support costs.

One financial institution in Canada recently decided to use biometrics as a way to achieve higher security while reducing security support costs. The Credit Union Central of British Columbia has a range of web-based applications that allow member branches to access crucial financial services functions.

According to Oscar van der Meer, associate vice-president of technology services at Credit Union Central, the number of ID/password combinations that employees were having to remember to access those applications was creating problems. Mr van der Meer says something like 60 per cent of all support calls from staff at its network of 70 independent credit unions - which hold combined assets of almost C$24bn (GBP10.8bn) and employ 7,000 people - were to do with ID and password problems.

So Mr van der Meer and his staff set about finding a new way of verifying the identity of staff members when they were accessing crucial business applications, (such as the application controlling wire transfers of money.

"When people walk into a room you can use voice ID but for remote applications [such as those being accessed on the web] you need to know that people are really there," he explains. "We looked at a number of other different options - including comparing smart card certificates and using face recognition, fingerprint recognition, voice recognition and retinal scanning.

"But, in addition to improving security, cost was also very important. Each retinal scanner would have cost about C$1,000. Face recognition was not secure enough. Nor did we want the biometric system to be too invasive, so we concluded that since a fingerprint is a well understood method of identifying people, it would reduce the risk [of users not accepting it] and be cost-effective."

Mr van der Meer also says that while smart cards are less expensive than fingerprint recognition systems to implement, the smart card identifies only the card - not the person using it. "It needs procedures around it - a card is not supposed to be shared between employees, for example."

The company eventually chose the EyeD Hamster system - a small, plastic box (about half the size of a cigarette lighter) tethered to each desktop computer. The device contains a small glass window on to which a user places a thumb or finger - which allows scanning software to verify the user's fingerprint. Mr van der Meer says this solution has allowed the company to eliminate the use of passwords for many of its applications. So far, it has installed 1,200 of the devices.

It appears that Credit Union Central is not the only company demanding the use of biometric technology. International Data Corporation, a Massachusetts-based research organisation, believes that the market for fingerprint-scanning technology, the most common form of biometric technology, will grow to $991.3m (GBP686m) by 2004.

But implementing a biometric system is about more than just adding biometric devices to corporate security systems. According to Armgaard Von Reden, International Business Machines' chief privacy officer for Europe, Middle East and Asia, anyone installing a biometric system needs also to be concerned about legislative restrictions on the storage and use of personal data - such as the European Data Protection Directive.

Ms Von Reden says, for example, that this legislation may prevent some biometric data (such as a person's fingerprints) from being stored on a company's network. And, where regulations do permit corporations to store such data about their employees (and employees have agreed to the storage of such data), there may be further regulations about the security systems that need to be installed to protect that information.

Some companies, such as SecuGen, try to get round this problem by storing a mathematical model of a person's fingerprint - which is solely designed to ensure that the model can be matched against a scan of the fingerprint. The goal is to provide high levels of security but prevent anyone from reconstructing the fingerprint from the stored mathematical model of it.

Information may not be copied or redistributed.
Copyright 2001 Financial Times Ltd

Copyright or other proprietary statement goes here.
For problems or questions regarding this web contact [ProjectEmail].
Last updated: October 25, 2001.