The Smart Card has long been heralded as the next big
step forward in security and control, particularly in financial
transactions. Nevertheless, in the real world users have taken a rather
cautious approach, and progress has generally been slow and patchy. This
can partly be attributed to the costs and logistics involved, but there
are also some more strategic concerns. For example, companies fear that
by jumping on the wrong bandwagon, they may end up with a standard which
fails to catch on. By their nature, many smart card applications need to
operate across many different systems, perhaps located in entirely
separate organisations. No-one wants to adopt a standard which will be
out of step with others in their industry. There may also be anxieties
about the ability of a particular card or standard to cope with
requirements in the future.
In theory, these are all questions which should be easy
to research on the Internet. It should be possible to track down the
authors and supporters of the various standards, and to find out which
of them have actually been used in trials. Above all, the Internet
should be able to give the very latest and most up-to-date picture.
As ever, life is not quite that simple. This column
describes a number of sites that can provide useful information. Given
the huge number of sites that discuss smart cards in one way or another,
it makes no claim to be comprehensive.
In the United States, two of the main industry
organisations have recently merged. The Smart Card Industry Association
and the Smart Card Forum have joined forces to become the Smart Card
Alliance. The Alliance has a site at www.smartcardalliance.org.
The "Knowledge Base" at this site has a good collection of
articles, including some in a "Security" section, and lists
details of the main standards which apply to smart cards. Much of this
is available for anyone to browse, although some material is restricted
to subscribers only.
A much smaller site is provided by Card Europe, another
industry association. This can be found at www.cardeurope.demon.co.uk,
and offers very little in the way of information for the general
browser. The European ePayment Systems Observatory, on the other hand,
provides a good bibliography of articles relating to all aspects of
smart card implementations, at http://epso.jrc.es/purses.html
For those interested in financial applications, three
sites can be recommended, all of them part of the Mastercard virtual
empire. Probably the best known of these is at www.mondex.com.
This tries to cater for a number of different audiences, and so there
are some simple explanations of the principles of the Mondex card, aimed
at the general public, alongside the kind of technical and commercial
information that is more likely to interest business clients. The design
is tight and simple, and avoids the gimmicks and longwindedness to be
found on many web sites. However, this brevity can be a bit frustrating
at times, as can some of the signposting : (for example, "How
Mondex works" takes you to a description of the Mondex organisation,
not the technology). There are numerous descriptions of Mondex projects,
classified by location, and a brief overview of the system’s security
features. There are not many pointers to other sites, and trying to
follow one of them, to the Open Trading Protocol, lands you on the home
page of the Mastercard main site. Various searches for OTP from this
point on proved fruitless. Information on the OTP protocol is probably
best found from the "horse’s mouth", at the Internet
Engineering Task Force site at http://www.ietf.org
(look under the heading of "trade").
The two other sites with the Mastercard connection are www.multos.com
and www.interactiveloyalty.com.
The former of these promotes the MULTOS "open, high-security,
multi-application operating system" for smart cards. This site
lists the companies involved in the Consortium promoting MULTOS, and
features a number of case studies, predominantly in the banking
sector. Interactive Loyalty, on the other hand, promotes "the
next generation of loyalty cards". Again this features an
impressive list of business partners, and tries to be of interest to a
broad spectrum of readers. The next generation of loyalty cards, in case
you were unaware, will ".. deliver highly targeted, individual and
relevant offers to customers, make the most of cross-selling
opportunities, help migrate customers to higher margin products, and
provide an excellent way of helping to make customers feel special.
Interactive Loyalty is also particularly suited to strategic alliances
of organisations that wish to run joint loyalty programmes". If you
want some further reading on the kind of multi-function card systems
which all this implies, you can download a very readable report (Adobe
format) written by staff at the Bristol Business School, which includes
a couple of pages on security and fraud issues.
Meanwhile, details of a rival outfit can be found at the
Global Platform site (www.globalplatform.org).
Here, another association of well-known industry names can be found
promoting the set of Open Platform card standards. The
technically-minded can download these in full, provided they are willing
to enter into a licence agreement (free of charge). The tone of this
site is relentlessly businesslike, making little attempt at sweet talk
about the commercial benefits of multi-function cards. Anyone wanting to
see the selling points of smart cards set out more vigorously should
turn to one of the many vendors operating in this marketplace - for
example, at www.activcard.com,
www.cardlogix.com
or www.smartdynamics.com.
Andrew Hawker can be contacted at the University of
Birmingham on 0121 414 6675 or by email A.Hawker#bham.ac.uk |
