Mifare, Oyster and ITSO Cards Hacked Smart Card & Identity News
Mifare, Oyster and ITSO Cards Hacked Smart Card & Identity News
Mifare, Oyster and ITSO Cards Hacked Smart Card & Identity News
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
dentity <strong>News</strong> • <strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • <strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • <strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • <strong>Smart</strong> Ca<br />
ews • <strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • <strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • <strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • <strong>Smart</strong> <strong>Card</strong> & Id<br />
mart <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • <strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • <strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • <strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> Ne<br />
rd & <strong>Identity</strong> <strong>News</strong> • <strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • <strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • <strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • Sm<br />
dentity <strong>News</strong> • <strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • <strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • <strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • <strong>Smart</strong> Ca<br />
January 2008 Volume 17 • Number 1<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong><br />
<strong>Smart</strong> <strong><strong>Card</strong>s</strong>, SIM, Biometrics, NFC <strong>and</strong> RFID<br />
www.smartcard.co.uk<br />
<strong>Mifare</strong>, <strong>Oyster</strong> <strong>and</strong> <strong>ITSO</strong><br />
<strong><strong>Card</strong>s</strong> <strong>Hacked</strong><br />
5 • Payzone To Target The<br />
'Unbanked' With Pre-paid <strong>Card</strong><br />
6 • Interview With Remy De Tonnac<br />
11 • Versatile Hardware Security With<br />
Cryptographic RF <strong>Smart</strong>cards<br />
<strong>Mifare</strong>: Little Security, Despite Obscurity was the title of the paper given at the<br />
24th Congress of the Chaos Communication Congress that took place in Berlin<br />
on the 28th December 2007. Given by Karsten Nohl (University of Virginia)<br />
<strong>and</strong> Henryk Plötz but also involving Starbug from the Chaos Computer Club<br />
the presentation gave a first h<strong>and</strong> account of reverse engineering the Crypto-1<br />
algorithm employed in the <strong>Mifare</strong> RFID chips. These chips are widely used<br />
particularly in the mass transit area such as the London transport <strong>Oyster</strong> card<br />
<strong>and</strong> the <strong>ITSO</strong> cards deployed across Scotl<strong>and</strong>.<br />
There have been various responses from the main adopters of the technology<br />
ranging from ‘it’s an alleged attack’ to it doesn’t really matter because we have<br />
other security techniques. Let there be no doubt this is not alleged, it really has<br />
happened <strong>and</strong> although the full details have not been published in the paper it<br />
seems clear that the authors know what they are doing. We underst<strong>and</strong> from<br />
Karsten Nohl that they have agreed with NXP (nee Philips Semiconductors<br />
who bought the original technology from Mikron in 1998) not to publish any<br />
further details before March. As Karsten points out they are not in the business<br />
of creating a manual for free riding. The original source of their interest was OV<br />
Chipcard, the new public transport scheme due to be released in the<br />
Netherl<strong>and</strong>s next year <strong>and</strong> which also uses the <strong>Mifare</strong> technology.<br />
As to the question of it doesn’t matter then you have to immediately ask why<br />
you are using a smart card in the first place, here is the latest <strong>ITSO</strong> press release,<br />
14 • <strong>Mifare</strong> (In)security Update<br />
January 2008<br />
Alleged <strong>Mifare</strong> Crypto "hack"<br />
<strong>ITSO</strong> is aware of the recently reported alleged hacking of the <strong>Mifare</strong>® classic<br />
security system used in many commercial transport smartcard systems around<br />
the world.<br />
Continued on page 4….<br />
©2008 <strong>Smart</strong> <strong>Card</strong> <strong>News</strong> Ltd., Worthing, Engl<strong>and</strong>. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in<br />
any form or by any means, electronic, mechanical, optical, recording or otherwise, without the prior permission of the publishers.
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong><br />
Is published monthly by<br />
<strong>Smart</strong> <strong>Card</strong> <strong>News</strong> Ltd<br />
Head Office: <strong>Smart</strong> <strong>Card</strong> Group,<br />
Columbia House, Columbia Drive,<br />
Worthing, BN13 3HD, UK.<br />
Telephone: +44 (0) 1903 691779<br />
Fax: +44 (0) 1903 692616<br />
Website: www.smartcard.co.uk<br />
Email: info@smartcard.co.uk<br />
Managing Director – Patsy Everett<br />
Subscriptions & Administrator –<br />
Lesley Dann<br />
Editor –John Owen<br />
Contributors to this Issue – Tom<br />
Tainton, Remy De Tonnac, Carl-Otto<br />
Künnecke, David Everett, Eustace<br />
Asanghanwa, Legic<br />
Printers – Hastings Printing Company<br />
Limited, UK<br />
ISSN – 1755-1021<br />
Editorial<br />
Disclaimer<br />
<strong>Smart</strong> <strong>Card</strong> <strong>News</strong> Ltd shall not be liable<br />
for inaccuracies in its published text.<br />
We would like to make it clear that<br />
views expressed in the articles are those<br />
of the individual authors <strong>and</strong> in no way<br />
reflect our views on a particular issue.<br />
All rights reserved. No part of this<br />
publication may be reproduced or<br />
transmitted in any form or by any<br />
means – including photocopying –<br />
without prior written permission from<br />
<strong>Smart</strong> <strong>Card</strong> <strong>News</strong> Ltd.<br />
© <strong>Smart</strong> <strong>Card</strong> <strong>News</strong> Ltd<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • January 2008<br />
Well the Xmas holiday season is well <strong>and</strong> truly<br />
over but not without a flurry of activity at the<br />
Chaos Communication Congress held in Berlin<br />
at the end of December. Researchers Karsten<br />
Nohl (University of Virginia), Starbug <strong>and</strong><br />
Henryk Plötz from the Chaos Computer Club<br />
Patsy Everett reported their reverse engineering attacks on the<br />
<strong>Mifare</strong> Crypto-1 security algorithm. It looks to<br />
be just a matter of time before they prove their<br />
results with a practical demonstration. I leave the more technical<br />
discussions to others which you will find reported in our lead story<br />
<strong>and</strong> also with an update on <strong>Mifare</strong> security from David Everett which<br />
we originally reported in 2004.<br />
So what does all this mean to you <strong>and</strong> me? Should we stop<br />
using our <strong>Oyster</strong> card or write to the Major of London, Ken<br />
Livingstone, to warn him of the dangers? Well we don’t need to stop<br />
using our cards because the loser here is the service provider who has<br />
the risk of providing the service to hackers for free. This was also my<br />
differentiation between a hacker <strong>and</strong> a researcher, the former sets out<br />
to abuse the commercial service upon which the technology is<br />
unraveled by the researcher. Clumsy perhaps but one just seems<br />
much nicer than the other.<br />
The problem for the user would be if the <strong>Mifare</strong> card is used<br />
as any form of identifier to an account such as an epurse or what<br />
have you, then you st<strong>and</strong> to lose by having the hacker empty your<br />
account. It’s a bit like payment cards today, the banks usually try to<br />
make you prove that you didn’t use the card rather than them prove<br />
you did. That’s not so good in a scenario full of copied or emulated<br />
cards.<br />
However significant as this may be, my memory of 2007 is<br />
all about data loss. This culminated in the HMRC’s loss of CDs<br />
containing the records of 25 million people. It’s a classic example of<br />
the failure of government departments to manage people’s privacy a<br />
point made by many security experts in their concerns about the<br />
National ID register. Worse still concerns have also been raised<br />
about the NHS national records service <strong>and</strong> other large scale public<br />
data bases. Just before Xmas we also heard about the Post Office<br />
sending out account records to the wrong people.<br />
Stolen laptops were also high on the list of data loss in 2007<br />
<strong>and</strong> it just seems inconceivable to me that this data is not encrypted.<br />
There must be hundreds of commercial products available to protect<br />
this sort of data, why isn’t it being used? Encryption of data <strong>and</strong><br />
smart cards for access control are fundamental security controls yet<br />
the organisations you would most expect to be using such techniques<br />
are seemingly falling down on the most basic principles.<br />
The banks through Mastercard <strong>and</strong> Visa have been<br />
progressively enhancing the security of cardholder data most recently<br />
with the Payment <strong>Card</strong> Industry (PCI) Data Security St<strong>and</strong>ard (DSS)<br />
that must be adopted by all organisations storing or processing card<br />
holder data. Is the government really that far behind? Let’s hope that<br />
in 2008 we see evidence of a more credible security approach.<br />
Patsy.<br />
Our Comments<br />
Dear Subscribers,<br />
2
Contents<br />
Regular Features<br />
Lead Story - <strong>Mifare</strong>, <strong>Oyster</strong> <strong>and</strong> <strong>ITSO</strong> <strong><strong>Card</strong>s</strong> <strong>Hacked</strong> …...……………..1<br />
Events Diary …………………………………………………………3<br />
World <strong>News</strong> In Brief .…………………………………...…………. 4,7<br />
Industry Articles<br />
Interview with Remy De Tonnac – CEO of Inside Contactless ……… 6<br />
Growing market for PIN applications ..………………………………. 9<br />
Versatile Hardware Security With Cryptographic RF <strong>Smart</strong>cards …….. 11<br />
<strong>Mifare</strong> (In)security Update January 2008….………………………….. 14<br />
LEGIC embeds badge <strong>and</strong> purse into NFC mobile phones ...………... 17<br />
Buying into Contactless Payment …………………………………….. 19<br />
Events Diary<br />
January 2008<br />
16-18 Omnicard 2008 - Berlin, Germany<br />
13-15 Intersec Middle East - Dubai, UAE<br />
22-23 Global Payments Strategies - Brussels, Belgium<br />
22-23 Nordic <strong>Card</strong> Markets - Stockholm, Sweden<br />
29-30 Global RFID ROI 2008 - Munich, Germany<br />
29-30 2nd Annual <strong>Card</strong> & Payment Developments in CEE - Vienna, Austria<br />
February 2008<br />
5-6 <strong><strong>Card</strong>s</strong> & Payments Innovation Summit 2008 - Barcelona, Spain<br />
11-14 GMSA MobileWorld Congress 2008 - Barcelona, Spain<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • January 2008<br />
3
…. Continued from page 1<br />
Although smart cards of the same type may be used in the <strong>ITSO</strong> environment, the risk of this kind of attack has<br />
been recognised throughout the development of the <strong>ITSO</strong> environment <strong>and</strong> <strong>ITSO</strong> uses an internationally<br />
recognised security system which sits over <strong>and</strong> above the proprietary security algorithm that has reportedly been<br />
cracked.<br />
Schemes using Customer Media of this type within the <strong>ITSO</strong> environment can be assured that, even if an<br />
individual card can be cracked (<strong>and</strong> it reportedly took the alleged hackers a week to do so), their transport<br />
products in the card still remain secure when the security seal is verified by the <strong>ITSO</strong> Secure Application<br />
Module (ISAM).<br />
<strong>ITSO</strong>, being a multi-platform Specification <strong>and</strong> environment, also offers its members the opportunity to use<br />
other, more secure, alternative Customer Media types, should they be required.<br />
Now maybe <strong>ITSO</strong> has come up with something revolutionary but it seems to us that if you have cracked the<br />
crypto algorithm then you are capable of copying, emulating or counterfeiting commercial <strong>Mifare</strong> cards <strong>and</strong><br />
their contents without detection by the terminal. In other words you could produce a copy of a card containing<br />
perhaps an annual first class rail ticket. No matter what cryptography has been applied to that electronic ticket if<br />
it’s not an integral part of an authentic <strong>and</strong> verifiable smart card instrument then the terminal can’t tell one from<br />
another. Of course you may become aware of multiple copies of such a ticket but again it’s not obvious how<br />
you can effectively manage that process.<br />
Just for the avoidance of doubt neither can you protect against replays but please read an updated version of<br />
our original article on <strong>Mifare</strong> (In)security published in this month’s newsletter.<br />
David Everett, Technical Editor.<br />
<strong>News</strong> In Brief<br />
US Passport <strong>Card</strong> Criticized By<br />
Privacy Advocates<br />
Passport cards for Americans who travel to Canada,<br />
Mexico, Bermuda <strong>and</strong> the Caribbean will be<br />
equipped with technology that allows information on<br />
the card to be read from a distance. The technology<br />
was approved Monday by the State Department <strong>and</strong><br />
privacy advocates were quick to criticize the<br />
department for not doing more to protect<br />
information on the card, which can be used by U.S.<br />
citizens instead of a passport when travelling to other<br />
countries in the western hemisphere.<br />
The technology would allow the cards to be read<br />
from up to 20 feet (6 meters) away. This process only<br />
takes one or two seconds, said Ann Barrett, deputy<br />
assistant secretary for passport services at the State<br />
Department. The card would not have to be<br />
physically swiped through a reader, as is the current<br />
process with passports.<br />
The technology is inherently insecure <strong>and</strong> poses<br />
threats to personal privacy, including identity theft.<br />
Ari Schwartz, of the Center for Democracy <strong>and</strong><br />
Technology, said in a statement. Schwartz said this<br />
specific technology, called 'vicinity read', is better<br />
suited for tracking inventory, not people.<br />
The State Department said privacy protections would<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • January 2008<br />
be built into the card. The chip on the card will not<br />
contain biographical information, Barrett said. And<br />
the card vendor, which has yet to be decided will also<br />
provide sleeves for the cards that will prevent them<br />
from being read from afar, she said.<br />
A 2004 law to strengthen border security called for a<br />
passport card that frequent border crossers could use<br />
that would be smaller <strong>and</strong> more convenient than the<br />
traditional passport. Currently, officials must swipe<br />
travellers' passports through an electronic reader at<br />
entry points.<br />
The technology change for passport cards was<br />
initially proposed in October 2006, <strong>and</strong> public<br />
comments closed on Jan. 7, 2007. The State<br />
Department received more than 4,000 comments,<br />
<strong>and</strong> most were about the security of the technology.<br />
To relieve a backlog at U.S. passport offices, the<br />
Bush administration recently delayed a requirement<br />
that Americans present passports when crossing the<br />
U.S. border by l<strong>and</strong> or sea. The administration<br />
wanted to begin requiring passports or passport cards<br />
in mid-2008, but Congress m<strong>and</strong>ates that the rule not<br />
go into effect until mid-2009.<br />
4
Payzone To Target The 'Unbanked'<br />
With Pre-paid <strong>Card</strong><br />
A joint venture between the Luxembourg-based<br />
Bank Invik <strong>and</strong> Payzone plc, announced the launch<br />
of a new pre-paid debit card, "payzone worldwide<br />
money". The new card was being trailed in London<br />
<strong>and</strong> the South East in the run-up to Christmas <strong>and</strong><br />
will be rolled-out nationwide in Q1 2008.<br />
The card is targeted at the estimated 3 million people<br />
in the UK that do not have a bank account <strong>and</strong> who<br />
are at increasing risk of being excluded from<br />
engaging in an increasingly card-based economy. As<br />
banks tighten up on sub-prime lending a record 3.27<br />
million credit card applications were turned down in<br />
the UK between April <strong>and</strong> September last year, <strong>and</strong><br />
the numbers of the 'unbanked' in the UK have been<br />
further swollen by the estimated 1.9 million<br />
immigrants now working in the UK, many of whom<br />
are from the new EU states such as Pol<strong>and</strong> <strong>and</strong><br />
Romania <strong>and</strong> who find it difficult to access<br />
traditional banking services.<br />
A Mastercard-br<strong>and</strong>ed product, the payzone<br />
worldwide money card can be loaded with up to<br />
£350 in cash per transaction, with no credit checks.<br />
The re-usable card will cost £6.99 with loading costs<br />
of £4 for up to £100 <strong>and</strong> £8 for up to the maximum<br />
of £350.<br />
Egyptian ID <strong><strong>Card</strong>s</strong> Proposed<br />
The Egyptian Government has finally decided on<br />
issuing two <strong>Identity</strong> <strong><strong>Card</strong>s</strong> for each of its nations<br />
50 Million applicants.<br />
The first card is for Ministry of interior applications<br />
such as ID, Driving license, E-passport, etc, while the<br />
second <strong>Card</strong> will be for all the other government<br />
services such as Health cards, Family cards, Tax<br />
cards, etc.<br />
Dr.Ahmad Darwish the Egyptian minister of<br />
administrative development <strong>and</strong> the National ID<br />
committee chairman will give a key note speech at<br />
<strong>Card</strong>ex conference during the 25th – 27th May 2008<br />
informing the industry about the details of this mega<br />
project which is expected to be the biggest project in<br />
the region for many years to come.<br />
Gemalto To Provide Yemen's<br />
National Electronic ID System<br />
Gemalto, announced that it has been selected to<br />
deliver the electronic ID cards solution<br />
commissioned by the Ministry of Interior of Yemen<br />
for the next national elections. Under the contract,<br />
Gemalto will implement the whole solution including<br />
enrolment processes, creation of a secure biometric<br />
national registry, maintenance, local support, training<br />
<strong>and</strong> integration services, as well as provide the 10<br />
million <strong>Smart</strong> ID cards that will see Yemen step in<br />
the digital security era. The first cards will be<br />
delivered to the Yemeni citizens during first half of<br />
2008, <strong>and</strong> the program will reach completion by 2009<br />
when the population is to vote for the new<br />
Parliament.<br />
<strong>Smart</strong> <strong>Card</strong> Communication To Be<br />
Based On HTTP<br />
Sagem Orga GmbH <strong>and</strong> the Software Quality Lab (slab)<br />
at the University of Paderborn have extended<br />
their research cooperation by a further two years<br />
following one year of successful project work.<br />
Next Generation Java <strong>Card</strong> is the new specification<br />
for Java on <strong>Smart</strong> <strong><strong>Card</strong>s</strong> from Sun Microsystems<br />
GmbH. Among other things, this new st<strong>and</strong>ard<br />
envisages integration of a Web server <strong>and</strong> support of<br />
servlets. A servlet is an object that dynamically<br />
generates responses to queries. Servlets allow<br />
dynamic content to be added to a Java-based Web<br />
server.<br />
The cooperation with s-lab relates to the current<br />
issue of servlets on <strong>Smart</strong> <strong><strong>Card</strong>s</strong>. It builds on the first<br />
successfully completed project "Secure <strong>and</strong> highperformance<br />
st<strong>and</strong>ard Java implementation on a<br />
<strong>Smart</strong> <strong>Card</strong> platform", in which the prototype of a<br />
Java Virtual Machine for the Next Generation Java<br />
<strong>Card</strong> was implemented.<br />
"The card of the future will be Web-enabled, i.e.<br />
communication with the card will preferentially be<br />
based on HTTP," says Carsten Rust, Project Manager<br />
at Sagem Orga. "Development of card applications<br />
will thus move closer to Web application<br />
development <strong>and</strong> so be possible for a larger number<br />
of developers. We aim to create the conditions for<br />
that as part of the project. Basic services on the card<br />
can be developed as servlets <strong>and</strong> so can be integrated<br />
simply by application developers in more extensive<br />
systems."<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • January 2008<br />
5
Interview with Remy De Tonnac – CEO of<br />
Inside Contactless<br />
By Tom Tainton, <strong>Smart</strong> <strong>Card</strong> <strong>News</strong><br />
Tom Tainton<br />
SCN<br />
On the 7 th of January 2008 Motorola announced a strategic investment in Inside<br />
Contactless, bringing the potential of NFC technologies <strong>and</strong> contactless payments closer<br />
to the consumer than ever before. This capped off a successful year for Inside<br />
Contactless which included recognition at the Sesames <strong>and</strong> Remy De Tonnac, the CEO<br />
of Inside Contactless earning the ID trail blazer award for his efforts. I spoke to De<br />
Tonnac to gauge just how important the deal was for the smartcard market <strong>and</strong> the<br />
future of NFC.<br />
Congratulations on Motorola’s investment, does this signal the progress that Inside<br />
Contactless has made in recent years?<br />
Thank you very much. I would say absolutely, yes. The interest from global br<strong>and</strong>s is a reflection of our<br />
progress, <strong>and</strong> how far Inside Contactless has come from a small start up to where we are today. We have been<br />
in the woods so to speak for many years, <strong>and</strong> now we are venturing out of the woods.<br />
How will the investment benefit your company, <strong>and</strong> in particular how will this affect the<br />
consumer market?<br />
The investment is crucial to us in that we have strong assurance that someone is helping us to push NFC. It is a<br />
strong indication of our potential, Motorola have backed us <strong>and</strong> believe in our aims <strong>and</strong> the technology to we<br />
have worked so hard to deliver. Our credibility has been enhanced, a factor that we feel is as important as any<br />
financial gain. Of course, it is a strategic investment from their perspective. Motorola will expect a return for<br />
the investment, <strong>and</strong> we are confident we can deliver that. Over the next 2-3 years we aim to have the NFC<br />
application within 50% of commercial phones.<br />
Is there an expected date that we will see NFC being introduced on a large scale, <strong>and</strong> in<br />
which country do you envisage this being trialled?<br />
Everyone in the industry agrees players such as Nokia, Motorola <strong>and</strong> of course competitors like NXP that 2010<br />
will be the year of mass deployment. In 2009 we are already likely to see over 100 million devices on the market<br />
with NFC capabilities. Currently we have successful trials here in France, Orange is utilizing NFC in Bordeaux<br />
<strong>and</strong> of course London has had successful trials with the <strong>Oyster</strong> card. We believe mass deployment will focus<br />
initially on Asia <strong>and</strong> we are very confident that it is a case of ‘when’ <strong>and</strong> not ‘if’.<br />
Does the US Market interest you as a potential pathway for NFC introduction?<br />
Absolutely, but whereas the UK adopts a dual interspace technology with regards to Visa, Master<strong>Card</strong> <strong>and</strong> the<br />
London Underground, the US payment system emulates magnetic stripe applications. It is a misconception that<br />
Inside Contactless are two separate business units with one kind of chip specific to finance <strong>and</strong> credit cards, <strong>and</strong><br />
another specific to applications used by the likes of Nokia <strong>and</strong> Motorola. We do in fact utilise the same IP<br />
block <strong>and</strong> low power consumption in all our products. We are currently paving the way to deploying the<br />
appropriate infrastructure within the US to accept our technology.<br />
How will you strive to eradicate any concerns with the NFC technology?<br />
I believe that we have passed this point. A few years ago issues were raised but today we have a reliable<br />
platform <strong>and</strong> tested technology to support NFC which has been proven to be just as reliable as contactless<br />
cards. There are certainly no additional concerns. Today’s is a different business model which crucially is more<br />
flexible than previously. For example, it is unlikely that credit card or personal information will be stored in the<br />
SIM card. Instead, it will be stored in a separate secure unit.<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • January 2008<br />
6
What are the changes or differences you see in market dem<strong>and</strong> today as opposed to five years<br />
ago?<br />
I don’t know if you are aware but five years ago I was working as a venture capitalist <strong>and</strong> looking at the<br />
emerging markets, so I feel very qualified to answer this particular question. 2002 was the year after the<br />
technology ‘bubble’ had burst, <strong>and</strong> the market had begun to slow down. There are no major differences in<br />
dem<strong>and</strong> to note, although it was around the time that Bluetooth was adopted with a very similar appetite to the<br />
enthusiasm that surrounds NFC today.<br />
Do you think your impressive financial pedigree as well as international recognition (De<br />
Tonnac was awarded the ID trail blazer award) attracted Motorola <strong>and</strong> other major players to<br />
invest?<br />
Excuse my lack of modesty, but definitely, yes. Inside Contactless were rewarded with an innovation award at<br />
the Sesames 2007. In the same way that an employer looks at a resume, investors look at how successful our<br />
company is. We have an annual turnover of 200 million US dollars <strong>and</strong> employ over 500 people worldwide. In<br />
my experience, an investor considers three factors. First, an interest in the NFC market which Motorola<br />
certainly has. Secondly, satisfaction with the technology <strong>and</strong> intellectual property which I believe we provide<br />
<strong>and</strong> finally, the right people <strong>and</strong> appropriate management for the task.<br />
So what are the critical factors in Inside Contactless’ success?<br />
Consistency. We have had the same people working for us for 12 years <strong>and</strong> we all share the same goals. Our<br />
technicians are experts in their fields who live, breathe, eat, sleep <strong>and</strong> drink contactless cards. We are engaging a<br />
crusade to introduce NFC to the world! We have 60 patents <strong>and</strong> a healthy bottom-line profit; the company<br />
really has come a long way. We hold 70% of the market share because of our assets such as our microprocessor.<br />
In an innovative market we have continued to make breakthroughs, <strong>and</strong> we are a forerunner in the industry<br />
because of this.<br />
Finally in light of the Motorola investment, what are your long <strong>and</strong> short term goals?<br />
In the short term, over the next 12 months we want to gain a strong position within the US <strong>and</strong> develop some<br />
revenue streams. We will tap into new markets such as the UK, <strong>and</strong> Canada which is moving towards dual<br />
interface technology. We also aim to capitalise on Motorola’s investment by speeding up the NFC adoption<br />
process. In the long term, we will massively invest in software <strong>and</strong> increase our chip sales. We must be willing<br />
to go public <strong>and</strong> primarily make some money!<br />
De Tonnac predicts a bright future for NFC, <strong>and</strong> is confident that he <strong>and</strong> his staff can lead the explosion of<br />
contactless applications. With continued high performance, <strong>and</strong> financial injection from major players, Inside<br />
Contactless seems to have all the ingredients for success. De Tonnac’s latest coup in signing Motorola to the<br />
cause will only serve to enhance his company’s already lofty reputations in the industry.<br />
<strong>News</strong> In Brief<br />
Australian Go <strong>Card</strong> Transport<br />
Systems Crash<br />
Queensl<strong>and</strong> news have reported the new Go <strong>Card</strong><br />
smartcard system has suffered another devastating<br />
credibility blow - only a day after the Bligh<br />
Government boasted the long-overdue project was<br />
"going well" <strong>and</strong> nearing completion.<br />
Thous<strong>and</strong>s of morning peak-hour train commuters<br />
struggled to buy a ticket on the 15 th January when<br />
all 179 high-tech TransLink smartcard machines<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • January 2008<br />
across the CityTrain network went into meltdown<br />
for nine hours.<br />
Besieged contractor Cubic Transportation Systems<br />
was supposed to be installing new software on a<br />
few machines overnight but instead crashed the<br />
whole system. Some machines even began spitting<br />
out Japanese to frustrated patrons.<br />
The lack of purchase points forced Queensl<strong>and</strong><br />
Rail into an embarrassing backdown of a new fareevasion<br />
campaign as commuters travelled free or<br />
7
attled queues at old machines <strong>and</strong> station<br />
windows.<br />
Liberal transport spokesman Tim Nicholls said the<br />
card was now facing credibility issues.<br />
Trial commuters had already told him they were<br />
not receiving discounts while encountering<br />
problems topping up the card.<br />
"We hope it is fine, but none of this bodes well for<br />
the future of smartcard," Mr Nicholls said.<br />
L-1 to Provide Fingerprinting For<br />
South Carolina Law Enforcement<br />
L-1 <strong>Identity</strong> Solutions, a supplier of identity<br />
management solutions <strong>and</strong> services, received a<br />
contract from the State of South Carolina, South<br />
Carolina Law Enforcement Division, to provide<br />
digital fingerprinting services for civil applicants<br />
statewide through the South Carolina EasyPath<br />
network. The three-year indefinite<br />
delivery/indefinite quantity contract has four<br />
possible one-year renewals <strong>and</strong> a potential value of<br />
$30 million if all options are exercised.<br />
Integrated Biometrics Technology, will provide the<br />
fingerprinting services <strong>and</strong> initially open five<br />
enrollment centers in Columbia, Greenville,<br />
Charleston, Myrtle Beach <strong>and</strong> Rock Hill, with plans<br />
to increase service to more than 30 locations<br />
throughout the State. State-of-the-art L-1<br />
Enhanced Definition TouchPrint live scan systems<br />
will be used to collect fingerprints. It is expected<br />
that approximately 500,000 applicants will be<br />
processed through the new system, which is<br />
expected to be fully operational by early 2008.<br />
website: www.l1id.com<br />
INSIDE Contactless Receives $38m<br />
Funding For NFC<br />
INSIDE Contactless, a provider of contactless<br />
payment chips <strong>and</strong> NFC technologies, announced<br />
a new round of investment led by Nokia Growth<br />
Partners, the global private equity <strong>and</strong> venture<br />
capital management arm of Nokia.<br />
This new investment round of €25m ($38m), will<br />
allow the company to accelerate its international<br />
presence <strong>and</strong> broaden its product portfolio.<br />
"This is more than a financial investment, this is<br />
about a strategic partnership with key players who<br />
are committed to building <strong>and</strong> driving the NFC<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • January 2008<br />
eco-system", says Rémy de Tonnac, CEO of<br />
INSIDE Contactless. "Three years ago a similar<br />
strategic investment was made with Visa which<br />
brought the company to a leading position in the<br />
field of Contactless payment. We hope that this<br />
new development for INSIDE will lead to a similar<br />
success in the NFC market."<br />
website: www.insidecontactless.com<br />
Near Field Communication<br />
Forecasts Revised Downward<br />
The worldwide market for contactless technology<br />
in transportation ticketing <strong>and</strong> contactless<br />
payments grew more than 15 percent in 2007. The<br />
market now st<strong>and</strong>s at a value of more than $200<br />
million but will reach more than $820 million by<br />
2013, according to the latest market analysis from<br />
ABI Research.<br />
Positive growth in contactless card rollouts took<br />
place during the last half of 2007, while the uptake<br />
of contactless capabilities in mobile h<strong>and</strong>sets -<br />
dubbed NFC (Near Field Communication) -<br />
continued to be stymied by difficulties in bringing<br />
the technology to the consumer market.<br />
Accordingly, NFC h<strong>and</strong>sets did not ship in any<br />
volume toward the end of 2007 <strong>and</strong> the market will<br />
remain limited for the first half of 2008.<br />
ABI Research now believes there will be longer<br />
than anticipated delays to NFC deployments <strong>and</strong><br />
has again adjusted its latest quarter <strong>and</strong> next annual<br />
figures accordingly: the previous forecasts for total<br />
NFC device shipments stood at 1.1 million for<br />
2007, <strong>and</strong> 9.81 million for 2008. The revised<br />
forecast st<strong>and</strong>s at 0.65 million <strong>and</strong> 6.52 million<br />
respectively. However, says Collins, "Given the<br />
strength <strong>and</strong> interest among carriers around the<br />
world for NFC, our long-term forecasts remain<br />
unchanged."<br />
The bulk of the growth of contactless dem<strong>and</strong> over<br />
the next five years will stem from the uptake of<br />
contactless payments from cards <strong>and</strong> mobile<br />
h<strong>and</strong>sets. Europe took its first real steps toward<br />
contactless payment adoption in 2007. The initial<br />
UK contactless rollout in London that began in the<br />
second half of the year will prove a bellwether for<br />
the technology in Europe, especially given the scale<br />
of the initial rollout <strong>and</strong> the integration of<br />
contactless with the established EMV smartcard<br />
payment system.<br />
website: www.abiresearch.com<br />
8
Carl-Otto Künnecke<br />
Growing market for PIN applications<br />
By Carl-Otto Künnecke Managing Director, OK systems<br />
Personal Identification Numbers (PINs) are very versatile <strong>and</strong> can be used for<br />
manifold applications. They are not only utilized in the banking sector (mostly for<br />
debit <strong>and</strong> with an increasing number also for credit cards), but also become more <strong>and</strong><br />
more important for health insurance funds, where secure data are protected with a<br />
password on the chip of a health card. PINs are also employed for ID cards as for<br />
example the new German ID card. In this case PIN <strong>and</strong> chip form a digital signature<br />
which can be applied in the field of e-government, signing of contracts or secure entry<br />
into public facilities.<br />
In general, the PIN consists mostly of four characters (like they are used to access ATMs). However, some<br />
applications require PINs with more characters. The PIN is generated via an encryption procedure using<br />
different algorithms such as DES (symmetric Data Encryption St<strong>and</strong>ard), RSA (asymmetric encryption<br />
system) or ISO 9564-1.<br />
The entire PIN h<strong>and</strong>ling is situated in rooms with highest security levels. If PINs <strong>and</strong> cards are personalized<br />
in the same building, the processes must be physically disconnected from each other. Due to this risk, PIN<br />
personalization is mostly completely separated from card personalization. The outsourcing trend visible in the<br />
card personalization sector does not have the same momentum for the PIN personalization process.<br />
Even though PINs have become indispensable in bank applications, there is no Visa/ Mastercard<br />
certification for PINs. This affects the products itself as well as PIN generation <strong>and</strong> transportation to the end<br />
customer. More than ever, transportation is an extremely insecure element when PINs are forwarded to the<br />
end customer or bank agency. In countries where bank cards are sent directly to the customers the PIN is<br />
dispatched delayed by a few days or sent prior to the card mailing. The common underst<strong>and</strong>ing is that PIN<br />
<strong>and</strong> card should never meet in the same post box on the same day. In cases of indirect distribution where the<br />
card holders have to fetch their card <strong>and</strong> PIN at the local branch office packages of cards <strong>and</strong> PINs are often<br />
sent by separate courier to the branch. In just a few cases cards <strong>and</strong> PINs go together with the same carrier<br />
<strong>and</strong> in the same envelope. What seems to be a high risk can be discounted when PIN <strong>and</strong> card are not<br />
activated yet. In case of stolen or opened envelopes the cards <strong>and</strong> PINs are of no use at all. Either by<br />
activating the package at the bank office or by special telephone verification the issuer activates PIN <strong>and</strong> card<br />
<strong>and</strong> the customer can use it. The reason for financial institutes to use this approach is reducing dispatch costs<br />
because postage is the biggest portion of the whole product in most cases. By sending only one product the<br />
banks save production costs as well as costs for dispatch <strong>and</strong> courier services. And the costumer will get one<br />
product instead of two.<br />
Besides this classic process where a printed PIN is used with paper, there are some cases where electronic<br />
transmission is employed like in China. Or – like in Korea – the PIN is generated through the application<br />
form when a card holder applies for a new card. However, due to high security risks these are only<br />
exceptions. Traditionally, PIN letters have been generated on 3-layered carbon copy paper, <strong>and</strong> have been<br />
labelled with address <strong>and</strong> PIN on needle printers. Due to visual aspects <strong>and</strong> security risks this process is not<br />
contemporary any more for many banks. <strong>Card</strong> carriers <strong>and</strong> enclosures convey the marketing ideas of the<br />
financial institute <strong>and</strong> the PIN stills looks like in the beginning of the computerized era. So the change in<br />
dem<strong>and</strong>s for a new product which fits the overall corporate design of a financial institute is mostly based on<br />
new marketing needs, but also on the fact that in many countries banks issue several PINs for each customer:<br />
one for ATM, one for electronic banking <strong>and</strong> sometimes even a third one for ATMs abroad. The oldfashioned<br />
“dot.matrix” makes this impossible <strong>and</strong> thus application <strong>and</strong> layout have to be changed.<br />
Therefore, some new processes have been established on the market. All these processes use laser printers to<br />
print the information on the PIN letter. The advantage is that significantly more information can be<br />
forwarded to the end customer. As another benefit the issuers can also use their own color logos <strong>and</strong> thus<br />
make the PIN letter a means of advertising.<br />
The foundation for all processes currently available on the market is the issuers’ need for corporate design,<br />
secure products <strong>and</strong> production processes as well as costs for the consumables.<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • January 2008<br />
9
In Germany, almost all banks <strong>and</strong> bank organisations have converted to modern PIN production methods.<br />
Here the following techniques are used:<br />
1. Thermo Sealing® - The single form is printed on special paper,<br />
folded <strong>and</strong> thermo sealed <strong>and</strong> therewith becomes a casing ready for<br />
dispatch, but which can also be put in envelopes. This method<br />
means up to 60% less paper, no elaborate h<strong>and</strong>ling, <strong>and</strong> no<br />
outdated technology, significantly less time, effort <strong>and</strong> waste. Data<br />
security is provided through a perfect thermo lock which cannot be<br />
opened without visible damage.<br />
2. Single label – The back side of the printed paper has a special<br />
matrix making the PIN invisible. One or more security labels can<br />
be attached to the letter. These labels can have special security<br />
features like void effects or holograms <strong>and</strong> can either be peel-off<br />
labels or special scratch labels where the customer uses his<br />
fingernail or a coin to visualize his PIN. All these labels are<br />
designed to show attempts of manipulation. The final product<br />
could be either in the same size of the old fashioned “Dot.Matrix”<br />
solution or an A4 letter size which is folded.<br />
Scratch label with<br />
void effect Peel-off label Double label with<br />
hologram<br />
3. Double label – The letter is printed <strong>and</strong> the first label is applied. Then the<br />
PIN is printed on the label. Immediately after printing the PIN the<br />
second label is applied so that the PIN becomes invisible. This s<strong>and</strong>wich<br />
technology has the highest security level of all processes used today.<br />
4. Combination of Thermo Sealing® <strong>and</strong> label – In this case the PIN is<br />
hidden by a security label <strong>and</strong> then the product is sealed. This<br />
solution offers double protection of the PIN <strong>and</strong> is the most<br />
widespread form of PIN protection in Germany.<br />
A key point in using such systems is the security of the process. All described systems were supplied by Otto<br />
Künnecke – specialists for card mailing <strong>and</strong> high security systems.<br />
The machines use special black covers <strong>and</strong> a special security lock which does not enable the operator to open<br />
any cover. In case of machine problems the covers can only be opened by an operator <strong>and</strong> a supervisor. The<br />
machines can be integrated in existing HSM surroundings or could be equipped with special encryption <strong>and</strong><br />
decryption hard <strong>and</strong> software. When designing a PIN mailer one key point is that the file sent to the printer<br />
encrypts, the PIN at the latest stage <strong>and</strong> that these PINs are not visible in any software, audit files or at any<br />
device in this process.<br />
OK offers modularly extendable systems in different security levels. Due to high dem<strong>and</strong> <strong>and</strong> the excellent<br />
cost-benefit-ratio these applications are marketed worldwide. Several banks from all parts of the world want<br />
to follow the German example <strong>and</strong> use more modern, secure <strong>and</strong> economic PIN letters. The OK systems are<br />
available with <strong>and</strong> without security software like HSM.<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • January 2008<br />
10
Versatile Hardware Security With<br />
Cryptographic RF <strong>Smart</strong>cards<br />
By Eustace Asanghanwa, Atmel<br />
Affordable True Hardware Security for Mutual Authentication <strong>and</strong> Data Security<br />
Cryptographic RF smartcards offer true hardware-based security for applications that<br />
need authentication, value storage, identification, <strong>and</strong> secure access control. It bridges<br />
the complexity <strong>and</strong> affordability gap between high-end secure microcontroller-based<br />
smartcards used in banking, <strong>and</strong> low-end cards used for loyalty tracking <strong>and</strong> access<br />
control, without giving up security.<br />
Eustace Asanghanwa<br />
Developers <strong>and</strong> service providers can now apply the desired amount of security to their applications without<br />
the complexity <strong>and</strong> unit costs associated with high-end smartcards. Additionally, there is no tradeoff in<br />
security for low-end smartcards. Example applications include:<br />
‣ Subscription management including cable <strong>and</strong> satellite TV.<br />
‣ Electronic purses used in Laundromats, energy meters, internet café resources <strong>and</strong><br />
transportation.<br />
‣ Information cards including ID cards <strong>and</strong> driver licenses.<br />
‣ Multi-application cards, for example, a single card that combines multiple functions like hotel<br />
access, mini-bar purchases, movie purchases, <strong>and</strong> secure access to [high-value] in-room hotel<br />
safes.<br />
<strong>Smart</strong>cards are available today for a wide range of applications <strong>and</strong> are classifiable under two broad<br />
categories: Microprocessor-based <strong>and</strong> memory-based smartcards. Microprocessor-based smartcards embed a<br />
microprocessor, volatile <strong>and</strong> non-volatile memories, <strong>and</strong> communication circuitry such as Analog Front-End<br />
(AFE) in an integrated circuit that eventually embeds inside the st<strong>and</strong>ard smartcard. They contain<br />
cryptographic routines either in firmware or hardware accelerators to service high-end security applications<br />
like banking <strong>and</strong> passports. They require special software or operating system developed by security experts<br />
for effective security. Their complex nature allows them to comm<strong>and</strong> premium prices in the market. In<br />
addition, these smartcards require external power to support the energy requirements of the microprocessor,<br />
the memories <strong>and</strong> the cryptographic routines. For this reason, their connectivity to the outside world is<br />
usually contacted in nature, at least for power sourcing. Contacted connectivity dem<strong>and</strong>s periodical card<br />
replacement due to worn out contacts. In the rare cases where connectivity is not contacted, as in RFID<br />
cards, power limitations translate into long transaction times making them less practical for mainstream<br />
security applications.<br />
Figure 1: A high level block diagram of a microprocessor smartcard<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • January 2008<br />
11
On the other h<strong>and</strong>, memory-based smartcards are just non-volatile memories, typically EEPROM, with<br />
external connectivity in a smartcard form factor. Some provide simple password protection for specific data<br />
contained within the smartcard, while others allow free access to all the data. Their simplicity makes them<br />
affordable <strong>and</strong> their modest power requirement makes them easy to use not only in contacted form but also<br />
in non-contacted form as RFID cards.<br />
Figure 2: A high-level block diagram of a memory smartcard<br />
The Right <strong>Card</strong> for Each Application<br />
Product developers <strong>and</strong> service provides never want to overpay for security. They want adequate security to<br />
protect the value at stake, but not too much because it may erode profit margins. High-end applications like<br />
banking have immense value at stake <strong>and</strong> so require the highest level of security. These high-end applications<br />
are well suited for microcontroller-based smartcards. Applications with lower-end security dem<strong>and</strong>s, like<br />
plain loyalty cards, are well suited for memory smartcards. However, there are many applications that require<br />
more security than memory smartcards offer, but do not comm<strong>and</strong> enough profit margins to cover the costs<br />
associated with microprocessor-based smartcards. These applications need an alternative type of smartcard –<br />
the cryptographic RF smartcard.<br />
Cryptographic RF <strong>Smart</strong>cards<br />
Cryptographic RF smartcards innovatively capture the security offering of microprocessor smartcards <strong>and</strong><br />
implement that security in pure hardware logic. This eliminates the need to develop complex operating<br />
systems. The innovative logic-only implementation lowers power requirements for the smartcard enabling<br />
full-performance as non-contacted RF smartcards, which eliminates the need for periodic replacement.<br />
Figure 3: A high Level Diagram of a cryptographic RF smartcard<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • January 2008<br />
12
True Hardware-based Security<br />
Cryptographic RF smartcards offer true hardware-based security for authentication, encryption, <strong>and</strong> secure<br />
data storage. They contain a 64-bit hardware-based cryptographic engine embedded in the silicon, with up to<br />
four sets of non-readable 64-bit authentication keys, four sets of non-readable 64-bit session encryption keys,<br />
<strong>and</strong> 2K bits of configuration memory. The configuration memory provides application developers with true<br />
flexibility for customizing security <strong>and</strong> data protection options <strong>and</strong> then blowing fuses to permanently lock in<br />
the configuration <strong>and</strong> custom security keys in the hardware.<br />
Secure Dynamic Mutual Authentication Capability<br />
Up to now, when there was a need to prove authenticity, as in trying to gain access (TV subscription program<br />
access or secure building access) or to claim value (cash registers, laundry machines, pay-per-use copier<br />
machines), only high-end microprocessor based smartcards were able to provide true authentication.<br />
Cryptographic RF smartcards can establish authenticity securely through a cryptographic dynamic mutual<br />
authentication process using the non-readable keys. They use the authentication keys, session encryption<br />
keys <strong>and</strong> a r<strong>and</strong>om number to generate a unique identity, or “cryptogram”, for each transaction. Both the RF<br />
smartcard reader <strong>and</strong> the RF smartcard must be able to duplicate each other’s cryptograms before any data<br />
can be accessed or written. The keys are completely inaccessible, even to the owner of the device or original<br />
silicon manufacturer. A unique cryptogram is generated for each transaction, so a cryptogram, intercepted<br />
during a transaction, cannot be used to effect a second transaction. In the extremely unlikely event that the<br />
non-readable key(s) from one smartcard becomes known, they cannot be used with any other smartcard<br />
because each cryptographic RF smartcard has its own unique set of authentication keys. Fuse bits are blown<br />
to permanently lock the security information in the smartcard such that even the card silicon manufacturer<br />
cannot access it.<br />
Dual Authentication Supports Cash-equivalent <strong><strong>Card</strong>s</strong><br />
Uniquely, cryptographic RF smartcards allow two completely independent users to access the same section of<br />
the memory, using completely separate authentication keys with different access levels for adding <strong>and</strong><br />
deducting cash. As an example, energy meter applications that happen to be very popular in developing<br />
countries using pre-pay models, the energy company will use a higher privilege access key to add energy<br />
credits to the card from its offices. The energy meter at the purchaser’s home is then equipped with a less<br />
privileged key that can only allow for reduction of energy credits <strong>and</strong> never vice-versa.<br />
Multiple Sectors with Configurable Access<br />
Cryptographic RF smartcards are available as a complete family in densities from 1 Kbit to 64 Kbits of<br />
completely usable memory to accommodate a wide range of information storage <strong>and</strong> cost requirements. The<br />
user memory itself may be divided into as many as 16 separate sections, each of which can independently<br />
customized to allow different levels of read <strong>and</strong> write access. For example, a smartcard that contains health<br />
records might keep the patient’s ID <strong>and</strong> billing address in a portion that is accessible by the billing<br />
department <strong>and</strong> insurance company, while diagnostic information is stored in another area that is accessible<br />
only by the doctor, <strong>and</strong> prescription information is stored in yet another section that can be written to by the<br />
doctor <strong>and</strong> only read by the insurance company <strong>and</strong> the pharmacist.<br />
Multitude of Data Protection Options<br />
Be it cash credits or private health records, cryptographic RF smartcards provide many protection options<br />
customizable by the application developer at deployment time. These include one-time-program (OTP)<br />
modes, read-only modes <strong>and</strong> program-only modes. In addition to protection by pre-authentication<br />
requirements, cryptographic RF smartcards can fully encrypt data during transmission to protect<br />
confidentiality <strong>and</strong> dynamically generate Message Authentication Codes (MAC) to verify message source <strong>and</strong><br />
integrity. To top off, cryptographic RF smartcards are implemented in hardened silicon using secure product<br />
strategies that include content scrambling, tamper monitors for environmental factors, <strong>and</strong> detection<br />
capabilities for physical <strong>and</strong> systematic security attacks.<br />
Cryptographic RF smartcards are innovative in their approach to true hardware security <strong>and</strong> bridge the<br />
complexity <strong>and</strong> affordability gaps between microprocessor <strong>and</strong> memory based smartcards. Laden with usable<br />
memory <strong>and</strong> security options, cryptographic RF smartcards offer an unrivaled level of flexibility for<br />
application developers, allowing full customization to enable adaptability to virtually any application in the<br />
smartcard space.<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • January 2008<br />
13
<strong>Mifare</strong> (In)security Update January 2008<br />
By Dr David Everett, CEO, <strong>Smart</strong> <strong>Card</strong> Group<br />
David Everett<br />
<strong>Mifare</strong>: Little Security, Despite Obscurity was the title of the paper given at the 24th<br />
Congress of the Chaos Communication Congress that took place in Berlin on the 28th<br />
December 2007. Given by Karsten Nohl (University of Virginia) <strong>and</strong> Henryk Plötz<br />
but also involving Starbug from the Chaos Computer Club the presentation gave a<br />
first h<strong>and</strong> account of reverse engineering the Crypto-1 algorithm employed in the<br />
<strong>Mifare</strong> RFID chips. These chips are widely used particularly in the mass transit area<br />
such as the London transport <strong>Oyster</strong> card <strong>and</strong> the <strong>ITSO</strong> cards deployed across<br />
Scotl<strong>and</strong> <strong>and</strong> as also proposed for the new Dutch National public transport smart card<br />
scheme (OV chipcard).<br />
There have been lots of discussions over the security of the <strong>Mifare</strong> card particularly because of the extended<br />
business applications such as an ePurse being proposed for this platform. Expressions such as low security<br />
are thrown around in a way that could confuse or even misrepresent the platform. In any scheme it is the<br />
overall security that matters not the individual components. It is also fundamental to ensure that the<br />
components are used in the right way, in most high visibility failures it has been a protocol or procedure<br />
failure that has resulted in the end disaster. However memory cards such as <strong>Mifare</strong> do have restricted security<br />
functionality <strong>and</strong> when the cryptographic security relies on keeping the algorithm secret that is an additional<br />
risk that has now exploded. It should be noted that the researchers have not published their findings in detail<br />
(<strong>and</strong> may never do so) but they have publicly demonstrated not only that it is possible with limited equipment<br />
to reverse engineer the r<strong>and</strong>om number generator <strong>and</strong> the algorithm but also to point out many weaknesses<br />
in the actual Crypto-1 implementation.<br />
The <strong>Mifare</strong> chip technology is based on a simple contactless memory device with discrete logic to provide<br />
some security functionality across the air gap with the reader (i.e. at the radio frequency level). This<br />
technology is proprietary to Philips Semiconductors <strong>and</strong> requires their IPR to be available in both the <strong>Smart</strong><br />
<strong>Card</strong> chip <strong>and</strong> the <strong>Mifare</strong> reader. In practice this means that both the smart card <strong>and</strong> the reader need to have<br />
a Philips (or a <strong>Mifare</strong> licensed chip, e.g. Infineon) chip embedded within them. The original <strong>Mifare</strong> 1K<br />
memory was introduced in 1994 <strong>and</strong> there are now 6 chips in the <strong>Mifare</strong> range from NXP (previously Philips<br />
Semiconductors);<br />
• <strong>Mifare</strong> Classic (1 Kbytes of EEPROM non-volatile memory),<br />
• <strong>Mifare</strong> 4K (4 Kbytes of EEPROM),<br />
• <strong>Mifare</strong> DESFire (4 Kbytes of EEPROM),<br />
• <strong>Mifare</strong> Ultralite (64 bytes of EEPROM),<br />
• <strong>Mifare</strong> ProX (1 Kbytes or 4 Kbytes <strong>Mifare</strong> emulation in a micro controller chip. Total chip<br />
EEPROM including <strong>Mifare</strong> emulation memory is 16 Kbytes)<br />
• <strong>Smart</strong> MX (a more advanced <strong>Mifare</strong> ProX replacement series with up to 72 Kbytes of<br />
EEPROM).<br />
The <strong>Mifare</strong> ProX <strong>and</strong> the <strong>Smart</strong> MX are micro controller based chips <strong>and</strong> provide the <strong>Mifare</strong> functionality as<br />
an emulation in the chip. These chips are used for example by the IBM JCOP30 <strong>and</strong> JCOP40 Java <strong><strong>Card</strong>s</strong><br />
respectively. The discussion that follows relates to the Classic 1k <strong>Mifare</strong> but the arguments would hold for<br />
most other memory cards.<br />
<strong>Mifare</strong> <strong>Card</strong> Operation: The <strong>Mifare</strong> 1K card has its 1 Kbyte memory arranged as 16 sectors, each with 4<br />
blocks of 16 bytes. The last block in each sector stores two keys, A <strong>and</strong> B, which are used to access<br />
(depending on the access conditions also set in this block) the other data blocks. The <strong>Mifare</strong> reader interacts<br />
with the card as follows; 1) Select card (ISO 14443 allows multiple cards in its field), 2) Log-in to a sector (by<br />
providing key A or key B) <strong>and</strong> 3) Read, Write, Increment, or Decrement a block (must conform to the access<br />
conditions). The Increment <strong>and</strong> Decrement operations allow the block to be treated as an electronic purse.<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • January 2008<br />
14
It is important to note that the cryptographic interchange takes place between the reader <strong>and</strong> the card <strong>and</strong><br />
more precisely between the <strong>Mifare</strong> chip in the reader <strong>and</strong> the <strong>Mifare</strong> chip in the card. The terminal has to<br />
present the appropriate key to the reader <strong>and</strong> normally this key would be derived from a Master key stored in<br />
a Secure Access Module (SAM) at the terminal. The card ID <strong>and</strong> parameters, which are unique to each card,<br />
can act as the derivation factor. This means that each card is using a different key set to protect a particular<br />
sector. Breaking an individual card will not reveal the Master keys. The Login process referred to above<br />
implements a mutual authentication process (a challenge/response mechanism) which then sets up an<br />
encrypted channel between the card <strong>and</strong> the reader using Philips proprietary Crypto-1 algorithm. These<br />
security services operate at the RF (Radio Frequency) level <strong>and</strong> cannot provide any cryptographic audit trail.<br />
In essence this means that you must trust the terminal but more particularly you have no evidence if it<br />
misbehaves.<br />
<strong>Mifare</strong> Vulnerabilities: The threats to the <strong>Mifare</strong> scheme are in three areas;<br />
1) Attacker breaks the cryptographic algorithm,<br />
2) Attacker implements a key exhaustion attack<br />
3) Attacker obtains the cryptographic keys.<br />
The scheme opens up an additional vulnerability in that <strong>Mifare</strong> cannot provide secure messaging. In other<br />
words because the <strong>Mifare</strong> chip doesn't have a CPU it can't cryptographically protect transactions for<br />
confidentiality, data integrity, or authentication on any form of end to end basis. This also means that<br />
message replays <strong>and</strong> deletions cannot be detected which is fundamental to most security schemes.<br />
Strength of the Cryptographic Algorithm: The <strong>Mifare</strong> Crypto-1 algorithm is proprietary <strong>and</strong> has not been<br />
published. However the work undertaken by Karsten Nohl (University of Virginia), Starbug <strong>and</strong> Henryk<br />
Plötz in so far as they have released their results is very informative giving the block diagram below<br />
reproduced from their presentation,<br />
15<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • January 2008
In addition to this drawing they have also released further information about the RNG which is a 16 bit<br />
LFSR with characteristic polynomial,<br />
X 16 + X 14 + X 13 + X 11 + 1<br />
The RNG is seeded by the time delay between power on <strong>and</strong> the reception of message data from the<br />
contactless card reader. As they point out this is rather easy to control but they also noticed by intercepting<br />
messages between the card <strong>and</strong> reader that there were already repeats of the r<strong>and</strong>om number used as part of<br />
the authentication protocol <strong>and</strong> which is also input to the main 48 bit LFSR. This main LFSR has 16<br />
feedback taps defined by its characteristic polynomial <strong>and</strong> apparently 20 taps are used for the key stream<br />
output function. <br />
In subsequent discussion the authors have also commented that the exclusive OR input with the secret key<br />
<strong>and</strong> tag ID is not quite as simple as shown in the slide.<br />
When a cryptographic algorithm is widely available one suspects it is only a matter of time before it gets into<br />
the public domain either due to a malevolent employee or by a reverse engineering attack on the chip. This<br />
has happened in many other cases such as in the GSM world <strong>and</strong> the DVD protection algorithm. Public<br />
attacks on the Internet swiftly followed. It is believed that counterfeit <strong>Mifare</strong> chips are already available from<br />
China, the companies concerned would need to have reverse engineered the chip in order to produce such<br />
copies.<br />
Key Exhaustion Attack: The design of cryptographic algorithms is normally based on the assumption that<br />
knowledge of the algorithm is assumed. In other words the algorithm itself is adequately strong <strong>and</strong> that the<br />
security depends on obtaining the secret cryptographic keys. Assuming there is no flaw in the algorithm or its<br />
implementation then the security of the scheme falls down to key exhaustion. Key exhaustion would require<br />
an emulation of the algorithm where all the keys in the key space are tested one by one using matching plain<br />
text <strong>and</strong> cipher text. Alternatively the keys in the key space can be tested one by one against a valid<br />
implementation of the algorithm (e.g. an authentic card). The first condition requires the algorithm to be<br />
known as per the above comments <strong>and</strong> for the key space to be practically realisable.<br />
The <strong>Mifare</strong> algorithm uses a 48 bit key, this gives a total key space of 2^48 or approximately 3 with fourteen<br />
noughts. With today's processing power this would not be deemed adequate by experts in the field. The single<br />
DES algorithm with its 56 bit key has long since been dismissed (it has been practically exhausted in 10<br />
hours) in favour of triple DES with an effective key length of 112 bits (in practice it can be attacked with<br />
slightly less effort but still insurmountable). Today anything much less than a 96 bit key would not be deemed<br />
secure against such an exhaustion attack. An alternative approach would be to take a valid card <strong>and</strong> literally<br />
try each key in turn from the key space. This would require a card select followed by a login process. Just<br />
assuming this could be done in say 10 mS then an attack would take, 2^48 X 10 mS = 89194 years. This<br />
attack is clearly not viable.<br />
Key Vulnerability: The vulnerability of the keys arise from these considerations; 1) An exposure in key<br />
management (including the terminal <strong>and</strong> reader) <strong>and</strong> 2) An exposure to an attack on the card. As mentioned<br />
previously because the keys have to be transmitted to the reader there is an assumption that the terminal can<br />
be trusted. This may be reasonable in some closed schemes such as a mass transit application but in the more<br />
general case this would not be an acceptable assumption. Apart from the obvious invasive attacks on the<br />
chip, we have in recent years, seen very successful attacks on <strong>Smart</strong> <strong><strong>Card</strong>s</strong> by intercepting the power<br />
consumed by the chip whilst undertaking cryptographic operations. Called Differential Power Analysis (DPA)<br />
by their inventor Paul Kocher these techniques were originally applied against the RSA secret keys but later<br />
used against symmetric algorithms such as DES. Such forms of attacks may well be applicable to the Philips<br />
<strong>Mifare</strong> algorithm.<br />
Secure Messaging: In a transaction-based scheme it is st<strong>and</strong>ard practice to protect the messages with some<br />
Cryptographic Check Value (CCV) or digital signature. This ensures the authenticity of the source of the<br />
message <strong>and</strong> that the message has been unchanged in transit from source to destination. This requires that<br />
the <strong>Smart</strong> <strong>Card</strong> is able to both create <strong>and</strong> check such CCVs or digital signatures. Without such security<br />
services being applied it is not easy to resolve disputes <strong>and</strong> the scheme is vulnerable to a wide range of<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • January 2008<br />
16
attacks. The <strong>Mifare</strong> card because it hasn't got a CPU is not capable of creating or checking such<br />
cryptographic messages. Consider the operation of a CPU <strong>Card</strong> as shown.<br />
Both the card <strong>and</strong> SAM can encipher messages or create <strong>and</strong> check cryptographic checksums as necessary<br />
<strong>and</strong> appropriate<br />
In this case the transactions operate between the SAM (Secure Access Module) <strong>and</strong> the card. Cryptographic<br />
protection operates between these end points. Consider for example the case where you want to increment<br />
the value of a purse stored on the card. The card is set up so that the comm<strong>and</strong> to increment the purse has a<br />
CCV attached, the chip checks this CCV before it effects the value load process. This cryptographic CCV is<br />
created by the Secure Access Module (SAM) attached to the terminal. Nowhere in this scenario are the<br />
cryptographic keys available in plain text. Even if the terminal is attacked with some Trojan software, the<br />
transaction records can be subsequently checked for authenticity. It is not possible for the Trojan operation<br />
to fool this process. In addition sequencing controls can be incorporated in the messages which are checked<br />
by the CPU to stop replays.<br />
User Authentication: The <strong>Mifare</strong> card has no facility for checking user PINs or passwords. This means that<br />
you cannot adequately bind a user to the card which is necessary in any form of <strong>Identity</strong> management<br />
scenario.<br />
Summary: Memory cards with discrete security logic such as <strong>Mifare</strong> can offer adequate security for some<br />
closed business scenarios. In the more open transaction model the increased security functionality offered by<br />
a CPU chip with cryptographic capability is highly desirable. In the light of the latest public attack on the<br />
Crypto-1 algorithm system integrators would be advised to upgrade to a more resilient algorithm. The NXP<br />
DESFire memory RFID product for example uses Triple DES but we see little advantage in a memory only<br />
device given the small overhead of a CPU micro-controller.<br />
LEGIC embeds badge <strong>and</strong> purse into NFC<br />
mobile phones<br />
Mobile telephony is already something we can’t imagine being without. New NFC (Near Field<br />
Communication) technology will revolutionise our daily transactions further still <strong>and</strong> make many deeds even<br />
easier. Buying a bus ticket, paying at a machine or kiosk, opening a door or accessing information services: in<br />
the future, the mobile telephone will be able to do all.<br />
NFC pilot project with <strong>and</strong> at Swisscom<br />
LEGIC, Swisscom <strong>and</strong> Selecta are pursuing new paths with this NFC pilot project. In the Swisscom’s<br />
modern buildings in Bern, Switzerl<strong>and</strong>, Swisscom staff use their mobile phones to get chilled drinks <strong>and</strong><br />
snacks from Selecta vending machines. The ability to connect a mobile phone to contactless applications,<br />
such as to make cashless payments using electronic purses, is opening up endless possibilities thanks to<br />
LEGIC’s new card-in-card solutions. For a long time these two worlds, with their different technologies,<br />
were not compatible. Buying drinks using an electronic purse was only possible with the contactless staff<br />
badge, while the mobile phone was used for st<strong>and</strong>ard communication purposes.<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • January 2008<br />
17
NFC technology enables mobile phones to behave as conventional contactless cards <strong>and</strong> to connect to the<br />
network via mobile technology. Contactless applications can also work when the phone battery is empty or<br />
no network is available. The new solutions therefore combine the advantages of both technologies, providing<br />
more security, ease-of-use <strong>and</strong> availability.<br />
The partners of this pilot project intend to convert the project into a real business model. Additional<br />
applications, such as the integration of Adasoft secure entry applications used in all Swisscom buildings, will<br />
also be discussed.<br />
Swisscom provides greater comfort for end users thanks to NFC<br />
For Swisscom, NFC is not only a trend-setting technology, but the key to greater comfort for end users, who<br />
will be able to access everyday cashless services with their mobile phone. This includes buying everyday items<br />
such as snacks <strong>and</strong> drinks, booking tickets, <strong>and</strong> more. Thanks to contactless NFC technology, end users will<br />
simply have to present their mobile phone <strong>and</strong> they will be able to buy easily, without cash.<br />
Swisscom is supporting the further development of SIM cards as hosts for the new NFC applications. It is<br />
actively engaged in the development of new services <strong>and</strong> working closely with leading mobile phone<br />
manufacturers to bring a wide variety of NFC phones quickly to the market. Customers will only be able to<br />
benefit from these new services if relevant appliances are available <strong>and</strong> if all network operators cooperate.<br />
Swisscom believes that an agreement between mobile phone companies is vital in order to avoid individual<br />
solutions.<br />
Thomas Kummernuss, Product Manager <strong>and</strong> responsible for NFC development at Swisscom, is delighted<br />
with the success of the pilot project: “Swisscom believes in the potential of NFC technology in Switzerl<strong>and</strong>:<br />
cashless payments, public transport ticketing, access control, etc. will be more secure, comfortable <strong>and</strong><br />
customer-friendly with a mobile phone. We are also discussing the possibility of a single service offer <strong>and</strong> a<br />
B2B business model. The success of this project is helping us to convince our partners <strong>and</strong> customers of the<br />
advantages <strong>and</strong> possibilities of the new contactless technology in mobile phones.”<br />
Vending machines by market leader, Selecta<br />
Selecta is an international trendsetter for easy, safe <strong>and</strong> fast purchases from vending machines, in private or<br />
public areas. The Swiss market leader endeavours to offer its customers up-to-date <strong>and</strong> trend-setting products<br />
<strong>and</strong> solutions. Contactless technologies like NFC set new priorities in the development of such solutions.<br />
Cashless payments at vending machines are a good starting point. Selecta is giving NFC solutions the chance<br />
to be accepted on the market, in particular in public <strong>and</strong> semi-public areas. Pilot projects like the one with<br />
Swisscom underpin <strong>and</strong> strengthen acceptance by consumers. They contribute, through communication, to<br />
the creation of further applications <strong>and</strong> card acceptors, such as in the public transport field or with<br />
wholesalers.<br />
A union of different worlds thanks to LEGIC’s card-in-card solutions<br />
LEGIC’s contactless smart card technology has been world leader for several years. LEGIC is pursuing new<br />
directions with its card-in-card solutions. In the form of a virtual card, LEGIC functionality will be applied to<br />
dual interface cards or third party NFC mobile phones via the new software solution for smart card<br />
platforms.<br />
This enables the connection of public transport applications, PC access via PKI or credit cards with LEGIC<br />
applications such as access control or cashless payments. Thanks to further extensions of the LEGIC<br />
technology – there are already over 50,000 facilities with more than one million LEGIC readers in service –<br />
<strong>and</strong> to a worldwide licence partner network, the possibilities for building on existing <strong>and</strong> developing new,<br />
even more comfortable solutions, are endless.<br />
“We’re expecting a lot from the NFC technology in connection with our LEGIC card-in-card solutions. We<br />
are world leader in contactless smart card technology for personal identification applications. The fact that<br />
the LEGIC all-in-one area can be integrated into third party cards <strong>and</strong> NFC mobile phones widens the scope<br />
of our technology <strong>and</strong> also makes way for new solutions for our partners, as well as providing advantages <strong>and</strong><br />
comfort to the end user. In the future, it will be possible to go to work just with a mobile phone <strong>and</strong> to do<br />
without all the different cards”, explained Urs A. Lampe, Vice President Product Marketing & New Business<br />
of LEGIC Identsystems Ltd.<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • January 2008<br />
18
Buying into Contactless Payment<br />
By Debbie Mitchell, Head of Regional Marketing, VeriFone EMEA<br />
Debbie Mitchell<br />
Contactless payment solutions represent one of the most important card payment<br />
innovations of the last decade, <strong>and</strong> are currently transforming payment at the point of<br />
service. Today’s ever more sophisticated consumers expect speed, convenience <strong>and</strong><br />
simplicity when paying for goods. What’s more, they’re embracing contactless payment<br />
<strong>and</strong> demonstrating that self-service pays dividends in terms of expediency, ease of use<br />
<strong>and</strong> the freedom to chose the time <strong>and</strong> place best suited to them to make a purchasing<br />
decision.<br />
Contactless in unattended card payment environments is similarly emerging as a fast growing global<br />
development in a variety of scenarios — including ticketing, car parking, self-service kiosks <strong>and</strong> vending<br />
machines — <strong>and</strong> engendering a monumental change in consumer attitudes <strong>and</strong> behaviours.<br />
Indeed, the days of consumers viewing ‘cash as king’ may well be numbered. A recent report from APACS, the<br />
UK’s association for payment clearing services, The Way We Pay 2007: UK Plastic <strong><strong>Card</strong>s</strong>, showed that in 2005<br />
card payments in retail exceeded cash for the first time, <strong>and</strong> that this gap further increased in 2006. This trend<br />
looks set to accelerate further, hastening the demise of hard cash especially for low value payment transactions.<br />
The contactless transaction<br />
Contactless technology is ideal for speeding up small-value payments that are typically below US$25 where,<br />
until now, cash has been the predominant form of payment. Since cash still accounts for a significant<br />
proportion of total consumer payments, even in the most developed card markets, this market represents a<br />
significant opportunity for contactless payment technologies. Indeed, figures from Datamonitor's Consumer<br />
Payments Model show that in 2003 cash still accounted for around 20.4 per cent of the total value of consumer<br />
payments in France, Germany, Italy, Spain, UK <strong>and</strong> the US.<br />
Market research firm Tower Group estimates contactless payment can reduce individual transaction times by<br />
between 10 to 15 seconds; an assertion that is borne out by the findings of the <strong>Smart</strong> <strong>Card</strong> Alliance’s recent<br />
investigation of contactless payments in the US. As well as confirming contactless payment technologies<br />
enabled faster transactions than EMV, its investigation also reported merchants experienced increased<br />
cardholder transaction volumes <strong>and</strong> average transaction size.<br />
Similarly, unattended payment terminals generate enhanced self-service options for consumers <strong>and</strong> offer an<br />
additional convenience that’s helping to propel contactless payment into low value cash-based transactions.<br />
Contactless payment certainly effectively delivers against consumer expectations in relation to expediency <strong>and</strong><br />
rapidity. Rather than inserting a payment card into an EFTPoS device, or swiping it through a magnetic stripe<br />
reader, a cardholder simply waves a card — or other contactless token, such as a key fob — within 10cm of a<br />
contactless reader.<br />
Underpinned by the same advanced technology that secures chip <strong>and</strong> PIN transactions, consumers have been<br />
quick to accept contactless payment as a safe, convenient <strong>and</strong> fast way to complete low value purchases. For<br />
retailers, contactless payments similarly generate significant advantages in terms of reduced cash h<strong>and</strong>ling,<br />
improved operational efficiencies <strong>and</strong> in busy retail environments, like quick service restaurants, faster service<br />
throughput <strong>and</strong> reduced queuing.<br />
Charting the progress<br />
Contactless payment first made the transition from niche technology to a mainstream payment option when, in<br />
August 2004, McDonald’s announced an agreement to accept Master<strong>Card</strong> PayPass at selected McDonald’s<br />
restaurants. By early 2006, industry analyst Datamonitor reported there were over 10 million contactless devices<br />
in circulation in the US, with 160,000 acceptance terminals in 30,000 merchant locations. Contactless payment<br />
was launched, <strong>and</strong> today the US represents the world’s largest contactless payment market.<br />
In the US, usage of unattended payment terminals is growing between 17 per cent <strong>and</strong> 20 per cent each year<br />
<strong>and</strong> millions of consumers are now accustomed to contactless payment technologies through electronic toll<br />
collection systems — such as EZPass <strong>and</strong> FasTrack — or through using ExxonMobil’s SpeedPass to make gas<br />
<strong>and</strong> convenience store purchases.<br />
This meteoric growth is being replicated elsewhere around the world. In just five years, the contactless Octopus<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • January 2008<br />
19
card in Hong Kong has gained over 11 million cardholders, is used in nearly nine million transactions a day <strong>and</strong>,<br />
in addition to transport <strong>and</strong> parking, is accepted in payment for groceries. In the UK, Transport for London<br />
has already issued over 10 million <strong>Oyster</strong> cards <strong>and</strong> currently reports that just three per cent of payments on<br />
London Underground <strong>and</strong> buses are made in cash.<br />
Changing user behaviours<br />
The use of contactless cards in mass transit environments has become almost ubiquitous; transit system<br />
contactless smart cards are now in use in major cities worldwide — including Hong Kong, Tokyo, Seoul,<br />
Washington DC <strong>and</strong> Shanghai — <strong>and</strong> the majority of planned new transit fare payment systems are electing to<br />
use contactless smart cards as the primary ticket media. From a user perspective, the simplicity <strong>and</strong> familiarity<br />
of the ‘tap-<strong>and</strong>-go’ transit payment systems are proving to be key to wider scale acceptance <strong>and</strong> adoption in<br />
other payment or usage scenarios.<br />
As a result contactless smart cards are now making the transition into retail environments as transit agencies<br />
<strong>and</strong> card associations work together to extend the use of contactless payment devices. Transport for London<br />
(TfL), in partnership with Barclaycard, recently launched its co-br<strong>and</strong>ed multiple application card for both<br />
transit <strong>and</strong> retail payment, OnePulse. The 3-in-1 card combines <strong>Oyster</strong>, credit <strong>and</strong> cashless facilities <strong>and</strong> aims to<br />
effortlessly extend <strong>Oyster</strong>’s functionality to existing customers. Retailers already signed up to the new<br />
technology include Books Etc, Chop’d, Coffee Republic, EAT, Krispy Kreme, Threshers <strong>and</strong> Yo! Sushi.<br />
In the UK, an initial 2,000-strong retailer roll-out of contactless payment in London in autumn 2007 will<br />
dovetail into a series of full scale national implementation programmes throughout 2008. London commuters,<br />
who are already familiar with contactless technology through TfL’s <strong>Oyster</strong> card, will be able to take advantage<br />
of improved customer experience in new retail payment environments, while the planned point-of-sale<br />
deployments across the rest of the UK are expected to widely establish contactless payment. By the end of<br />
2008, the UK payments association APACS estimates that over five million contactless cards will have been<br />
issued <strong>and</strong> will be accepted in at least 100,000 merchants across the country.<br />
Making the leap<br />
The UK contactless payment initiatives aim to capitalise on the benefits of simplicity, convenience <strong>and</strong> speed,<br />
combined with existing consumer familiarity with a proven <strong>and</strong> well-established EMV structure.<br />
In terms of deployment, a key advantage of implementing contactless solutions is that the technology can be<br />
readily adapted to current payment systems. Existing EFTPoS terminals can be easily modified with an interface<br />
to a contactless RF (radio frequency) reader, enabling retailers to leverage their existing payment structure <strong>and</strong><br />
providing a future proofed solution to support full-scale contactless rollouts.<br />
The contactless interface can also be deployed with EMV chip-based cards, or in magnetic stripe card<br />
environments. In EMV scenarios, PIN data entry can be used to verify contactless transactions, while in non-<br />
EMV transactions, data derived from Track 2 magnetic stripe-related information <strong>and</strong> secret data is transmitted<br />
by the contactless chip in response to a signal from an EFTPoS device; in some instances this data undergoes<br />
authorisation in a manner similar to a magnetic stripe transaction.<br />
Securing the transaction<br />
In the self-service applications that today’s consumers now dem<strong>and</strong>, ensuring the highest security at the point<br />
of payment is a critical challenge. Contactless payments use the international ISO/IEC14443 st<strong>and</strong>ard for<br />
contactless reader-card communication, <strong>and</strong> leverage the existing payments infrastructure, which has supported<br />
card payments for the past 40 years.<br />
Although the use of a contactless interface does not routinely require the consumer to enter a PIN, the card’s<br />
chip tracks activity, <strong>and</strong> after a consecutive number of transactions may prompt the user to enter a PIN.<br />
This security feature provides options that re-affirm card possession <strong>and</strong> deter potential fraudulent use, should<br />
the card be lost or stolen. Additional security features include a unique in-build 128-bit encrypted key on each<br />
contactless card for verification. At a system level, payment networks can automatically detect <strong>and</strong> reject any<br />
attempt to use the same transaction information more than once.<br />
Contactless payments are fast approach the tipping point of adoption within retail environments. In the UK,<br />
the collaboration between TfL <strong>and</strong> Barclaycard signals the first mass deployment of a bank-controlled<br />
contactless payment application with an operational transit application, <strong>and</strong> may well prove transformational for<br />
contactless payment adoption in many countries.<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • January 2008<br />
20