alt.technology.smartcards FAQ
Scott Guthery
Subject: alt.technology.smartcards FAQ
Followup-To: alt.technology.smartcards
Approved: news-answe...@MIT.EDU
X-Disclaimer: Approval for *.answers is based on form, not content
From: sgut...@mobile-mind.com
Archive-name: technology/smartcards/faq
Disclaimer: Approval for *.answers is based on form, not content.
Posting-Frequency: monthly to alt.technology.smartcards
Last-modified: 2003/09/01
Expires: 2003/10/15
Version: 2.0
URL: http://www.mobile-mind.com/htm/scfaq.htm
Maintainer: Scott Guthery <sgut...@mobile-mind.com>
Frequently Asked Questions (FAQ) for news:alt.technology.smartcards
Comments and suggestions for improvement of the a.t.s. FAQ should be sent to
Scott Guthery at sgut...@mobile-mind.com. The current edition of the FAQ
is
always available at www.scdk.com/atsfaq.htm.
CONTENTS
1. Purpose of alt.technology.smartcards
2. General Questions About Smart Cards
3. Standards, Specifications and Patents
4. Smart Card Hardware
5. Smart Card Operating Systems
6. Fixed-Command Smart Cards, Readers and Tools
7. Programmable and Multi-Application Smart Cards
8. Card and Application Management Systems
9. Resources
1. Purpose of alt.technology.smartcards
The purpose of alt.technology.smartcards is to provide an unmoderated forum
for the discussion of technology, applications and issues associated with
smart cards. It will serve as a resource for people to:
Engage in discussion and debate about technical and public policy issues
including the security, privacy, legal, regulatory and economic impact of
smart card applications.
Educate and inform others about the strength, weaknesses and general use of
smart cards; share ideas, information and specific experience about smart
cards, both in technology:
Find information and have questions answered by people in the smart card
community.
2. General Questions About Smart Cards
2.1. What is a smart card?
A Smart Card is a credit-card-sized plastic card that contains an
Integrated Circuit with memory, and circuitry controlling the access rules
to the memory. Common Smart Cards use 5 to 8 golden contacts on one side of
the card as a communication mean with a Smart Card Reader, and the
Integrated Circuit is behind the contacts.
What makes the card "smart", compared to a memory card or magnetic card, is
the enforcing of access control rules to the memory: for example some areas
(like card holder name) might be made read-only after it is first written;
and/or an area (holding the card value) might be written only in a manner
allowing the value of the card to go down, not up. This access control can
be performed by an 8-bit microcontroller similar to a Motorola 6805 or an
Intel 8051, or by even simpler circuitry in low-end Smart Cards.
Here's a good overview of smart cards:
http://res.ufgartner.ufl.edu/datapro/2882-1.htm
2.2. Where did the phrase "smart card" come from?
Smart cards were independently invented in Germany (1967), Japan (1970), the
United States (1972), and France (1974). In 1980, when France began a major
campaign to export the technology, Roy Bright of the government's
marketing organization, Intelmatique, coined the phrase "smart card" to
describe the technology.
2.3 Is it "smart card" or "smartcard"?
Most English dictionaries use "smart card" but you'll see both in use.
In French it's "carte a puce" which is roughly "card of a flea".
Tiny integrated circuit chips look like fleas.
2.4. Is the a.t.s. FAQ on the Web somewhere?
Yes. http://www.mobile-mind.com/htm/scfaq.htm
2.5 Are the postings to a.t.s. archived somewhere?
Yes. www.google.com maintains an archive of all postings to a.t.s that
is searchable in a number of different ways.
2.6. Is a.t.s the right place for information about satellite card analysis,
emulation and hacking?
Only for TECHNICAL information. Please do not post here satellite card
advertisement, channel keys, channel frequencies. Post here only information
about algorithms, protocols, security breaches, ECMs.
2.7. Is a.t.s the right place for satellite card and other satellite
equipment advertisment?
alt.satellite.tv.crypt.forsale would probably generate more sales.
2.8. Is a.t.s the right place for smart card collectors?
The rec.collecting hierarchy is probably a better selection.
3. Standards and Specifications
3.1. Are smart cards standardized?
There are all sorts of smart card standards. The physical and mechanical
standards are observed more uniformly than the software standards.
An excellent annotated summary of most smart card standards is at:
http://forum.afnor.fr/afnor/WORK/AFNOR/GPN2/Z15Y/PUBLIC/WEB/ENGLISH/commerce.htm
and standards that are particularly relevent to payment cards at:
http://www.aston.ac.uk/smartcard/documentation/standards1.htm
Some standards are posted at:
http://www.ttfn.net/techno/smartcards/standards.html
ISO/IEC JTC1 Information technology SC 17 Identification cards and related
devices (www.iso.ch/meme/JTC1SC17.html) is interested in common smart card
issues. The ISO 7816 series of standards and the ETSI SMG9 standards are
the most important and relevant for smart card application programmers.
ISO 7810 Identification cards -- Physical characteristics.
ISO/IEC 7812 Identification cards -- Identification of issuers.
ISO/IEC 7816 Identification cards -- Integrated circuit(s) with electrical
contacts. A complete description of the ISO 7816 standards is provided in
Section 3.2 below.
ISO/IEC 10536 Identification cards -- Contactless integrated circuit(s)
cards. The standard specifies close coupling (slot and surface) cards
communication (parts 1-3)
ISO/IEC 10373 Identification cards -- Test methods.
ISO/IEC 14443 Remote coupling communication cards. (Contactless cards)
ISO TC 68 Banking and related financial services SC 6
(www.iso.ch/meme/TC68SC6.html) Financial transaction cards, related media
and operations is representing interest of smart payment card issuers and is
developing the standard series ISO 10202 Financial transaction cards --
Security architecture of financial transaction systems using integrated
circuit cards (parts 1-8).
EN 742 Identification cards: location of contacts for cards and devices used
in Europe. New edition specifies the format ID-000 used for GSM Subscriber
Identity Module (SIM).
EN 726 Terminal Equipment (TE); Requirements for IC cards and terminals for
telecommunication use. The standard is the technical basis for smartcards in
Europe.
In the U.S., the National Institute of Standards and Technology (NIST at
http://csrc.ncsl.nist.gov/) has published FIPS 140-1
(http://csrc.nist.gov/publications/fips/fips1401.htm) "Security Requirements
for
Cryptographic Modules" concerns physical security of smart card IC-s as they
are one kind of cryptographic modules.
The Swedish government is standardising a smart card for use by its citizens
called the Secure Electronic Information in Society (SEIS) (www.seis.se)
card.
3.2. What is ISO 7816 all about?
The formal title of ISO 7816 is Integrated Circuit Cards with Electrical
Contacts. It is the most widely used and referenced smart card standard. ISO
7816 is the international standard for integrated-circuit cards that use
electrical contacts. Anyone interested in obtaining a technical
understanding
of smart cards needs to become familiar with ISO 7816.
ISO 7816 currently has thirteen parts:
Part 1 - Cards with contacts: Physical characteristics
Part 2 - Cards with contacts: Dimensions and location of the contacts
Part 3 - Cards with contacts: Electrical interface and transmission
protocols
Part 4 - Organisation, security and commands for interchange
Part 5 - Registration of application providers
Part 6 - Interindustry data elements for interchange
Part 7 - Commands for SCQL
Part 8 - Commands for security operations
Part 9 - Commands for card management
Part 10 - Cards with contacts: Electrical interface for synchronous cards
Part 11 - Personal verification through biometric methods
Part 12 - Cards with contacts: USB electrical interface and operating
procedures
Part 15 - Cryptographic information application
3.2.1. Part 1: Physical characteristics
Defines the physical dimensions of contact smart cards and their resistance
to static electricity, electromagnetic radiation and mechanical stress. It
also prescribe the physical location of a IC card's magnetic stripe and
embossing area.
Amendment 1 : Maximum height of the IC contact surface
3.2.2. Part 2: Dimensions and Location of Contacts
Defines the location, purpose and electrical characteristics of the card's
metallic contacts:
3.2.3. Part 3: Electronic Signals and Transmission Protocols
Defines the voltage and current requirements for the electrical contacts
defined in Part 2 and asynchronous half-duplex character transmission
protocol (T=0).
Smart cards that use a proprietary transmission protocol carry the
designation, T=14. In practical terms, that means the card is not compatible
with ISO 7816. Proprietary protocol is used in German health care cards.
Amendment 1:1992 Protocol type T=1, asynchronous half duplex block
transmission protocol.
Amendment 2:1994 Revision of protocol type selection
Amendment 3: Electrical characteristics and class indication for
integrated circuit(s) cards operating at 5V, 3V and 1,8V
3.2.4. Part 4: Inter-industry Commands for Interchange
ISO 7816-4 is an International Standard that establishes a set of commands
across all industries to provide access, security and transmission of card
data. Within this basic kernel, for example, are commands to read, write and
update records.
There is an urban legend often repeated by smart card sales people that
ISO 7816-4 is so complex and so poorly written that it is impossible to
implement. Strictly compliant implementations of ISO 7816-4 have been
created. These claims are intended to excuse lack attention to complying
with the standard in the hopes of selling non-standard cards.
Amendment 1: Impact of secure messaging on the structures of APDU messages
Clarifies the construction of secure message variants of commands in Part 4.
http://perso.wanadoo.fr/dgil/scm/iso7816_4.html
3.2.5. Part 5: Numbering System and Registration Procedure for Application
Identifiers
Establishes standards for Application Identifiers (AIDs). An AID has two
parts. The first is a Registered Application Provider Identifier (RID) of
five bytes that is unique to the vendor. The second part is a variable
length field of up to 11 bytes called the Proprietary Application Identifier
Extension (PIX) that a vendor can use to identify specific applications.
Every
smart card application builder such as yourself can get a RID.
RIDs are assigned by the Copenhagen Telephone Company Ltd. (KTAS),
(aka TeleDanmark) which is also the ISO/IEC 7816-5 Registration Authority,
KTAS's address is Teglholmsgade 1, DK-1790, Copenhagen, V, Denmark, but the
application has to be approved by your national ISO body. RIDs cost $500.
Matthew Deane (212) 642-4992) at the American National Standards Institute
will handle requests for both national and international numbers. Forms
for
applying for an RID can be found at www.scdk.com. Fax the application back
to
Matthew Deane at ANSI, (212-840-2298) but make your payment directly to the
Registration Authority in Denmark.
If you want to issue a single application smart card then you need an Issuer
Identification Number (IIN) which is specified in ISO 7812. For U.S.
residents,
forms for an IIN are also available through Matthew Deane at ANSI. The cost
is $600.
For those in the US, all the relevant registration information for both
RIDs and IINs is at http://www.ansi.org/public/register.html
3.2.6. Part 6: Inter-industry data elements
Describes encoding rules for data needed in many applications e.g. name and
photograph of owner, his preference of languages etc.
Technical Corrigendum 1: Interindustry Data Elements
Amendement 1: IC manufacturer registration
3.2.7 Part 7: Interindustry commands for Structured Card Query Language
(SCQL)
Defines how to treat the data on the card as an SQL database.
3.2.8 Part 8: Security related interindustry commands
Adds symmetric and asymmetric key capabilities to Part 4.
3.2.9 Part 9: Additional interindustry commands and security attributes
Adds commands needed for personalization such as Create File and Delete File
as well as search commands to Part 4.
3.2.10 Part 10: Electronic signals and answer to reset for synchronous cards
Defines basic communication protocols for synchronous (T=14) smart cards.
3.2.15 Part 15: Cryptographic token information in IC Cards
A standardized way to keep cryptographic material on a smart card
and to access public keys and certificates stored therein.
3.3 Contactless Cards
Contactless cards are cards that just have to be held near a reader
rather than actually inserted into (and thus make contact with the
electrical contacts of) a reader. Contactless cards are classified
based on how far away from the reader they can be and still be read.
Close-Coupled Cards 0mm - 10mm (you touch it against the reader)
Proximity Cards 10mm - 10cm (you hold it up to the reader)
Vicinity Cards 10cm - 50cm (you walk by the reader)
The releavant standards for these cards are:
ISO/IEC 10536 - Identification cards - Contactless integrated
circuit(s) cards - Close coupled cards
ISO/IEC 14443 Identification cards -- Contactless integrated circuit(s)
cards -- Proximity cards. The standard set (parts 1-4) specifies the
communication (transmission, anticollision, selection and command
exchange) of chipcards in ranges up to 10cm. These standards define
protocols type A and B and there are "industry standards" for type
C, D and E. For interoperability look for compliance to parts 1-4 and
type A and/or B.
ISO/IEC 15693 - Identification cards - Contactless integrated
circuit(s) cards - Vicinity cards
There are also devices into which you can put a contact card which
turn it into a contactless card. These devices can project a smart
card a considerable distance, up to 10 meters and more. They are
used for example for using pre-paid cards with drive-through highway
toll booths and drive-through Taco Bells.
Access to the contactless standards is available at:
http://wg8.de/sd1.html
Increasingly common are now dual-interface processor cards which do have
a contactless interface according to ISO/IEC 14443 parts 1-4 and a normal
contactbased interface according to ISO/IEC 7816 parts 1-3. Examples for
controllers are the Philips MIFARE ProX (includes NPU) and the Infineon
SLE66CL160S.
3.4. Where do I get the ISO standards?
Official copies of the ISO standards must be purchased from the ISO catalog
at www.iso.ch. The ISO is very proud of these standards. A Xerox copy of
the most important standard from a software developer's point of view,
ISO 7816-4, costs $85.40. The 7-page Xerox copy of ISO 7816-5 costs $31.80.
A complete set of ISO 7816 smart card standards costs $436.50 plus shipping
and handling. Delivery can take months.
At www.iso.ch standards you can also be downloaded at a cheaper price.
ISO/IEC 7816-4: Paper: CHF 136 (ca. 90 EUR), PDF: CHF 44 (ca. 29 EUR)
ISO/IEC 7816-5: Paper: CHF 50 (ca. 33 EUR), PDF: CHF 44 (ca. 29 EUR)
I'm to lazy to add up the prices of all these PDF standards.
ANSI tacks an additional 35% onto these prices (ISO 7816-4 is $115) but
lets you download copies immediately. See http://www.ansi.org/. Under
Electronics Standards Store select ISO/IEC JTC.
ISO 7816-1, -2, and -3 dealing with the physical aspects of smart
cards can be found in text form at: http://cuba.xs4all.nl/hip/iso7816.txt.
Part 4 is at http://cui.unige.ch/~zbinden6/smartcard/iso7816_4.html. A
well-written overview of the T= protocols is at
http://www.gsm-hacking.dk/papers/iso7816.txt
3.5 Doesn't ETSI also write standards for smart cards?
Yes. The most successful smart card is actually invisible. It is the
Subscriber
Identity Module (SIM) in GSM mobile telephones. Besides the subscriber's
personal cryptographic identity key, the SIM contains other useful
information such as the current location of the phone and an address book
of frequently called numbers.
Recently this network-connected smart card has been opened up (on a
controlled basis) to application programming. The ETSI SMG9 working group
wrote the standards for the SIM card. The most relevant standards
are for building applications for the SIM are:
GSM 02.19: Digital cellular telecommunications system (Phase 2+);
Subscriber Identity Module Application Programming Interface (SIM API);
Service description; Stage 1
GSM 02.48: Digital cellular telecommunications system (Phase 2+);
Security mechanisms for the SIM application toolkit; Stage 1
GSM 03.19: Subscriber Identity Module Application Programming Interface
(SIM API); SIM API for Java Card (TM); Stage 2
GSM 03.48: Digital cellular telecommunications system (Phase 2+);
Security Mechanisms for the SIM application toolkit; Stage 2
GSM 11.11 Digital cellular telecommunications system (Phase 2);
Specification of the Subscriber Identity Module - Mobile Equipment
(SIM - ME) interface (GSM 11.11)
GSM 11.14: Specification of the SIM application toolkit for the Subscriber
Identity Module - Mobile Equipment (SIM - ME) interface
ETSI EG 201.220 Integrated Circuits Cards (ICC); ETSI numbering system
for telecommunications; Application providers (AID). See Section 3.2.5
above for instructions on obtaining application identifiers for GSM SIM
Toolkit Applications.
All are available free of charge from www.etsi.org. It would seem
that ETSI actually wants folks to use their standards.
3.5.1 Other Mobile Telephone Smart Cards
Other mobile telephones besides GSM phones use smart card modules for
security, for GSM compatibility and for prepay. The generic name
for all these cards including the GSM SIM is UIM for User Identity Module.
The smart card in a WAP phone is called a WIM for Wireless Interface Module.
It is described in WAP WIM Wireless Application Protocol Identity Module
Specification, available (for free) at www.wapforum.org.
The smart card for a 3GPP (aka UMTS) mobile phone is called the USIM.
It is described in 3G TS 21.111 Version 3.0.0, USIM and IC Card
Requirements,
available (for free) at http://www.3gpp.org/specs/specs.htm.
The smart card for a 3GPP Project 2 (3GPP2) mobile phone is called the R-UIM
or UIM depending on whether or not it is removeable. The R-UIM is described
in a specification issued by the 3rd Generation Partnership Project 2
entitled Removable User Identity Module (R-UIM) for Spread Spectrum Systems
(3GPP2 C.S0023) of December 9, 1999, It is available (for free) from
http://3gpp2.org/tsg_c.html#doc.
The smart card for a CDMA mobile phone is just called a smart card.
It is described in CDMA Development Group Document #43, Smart
Card Stage I Description, Version 1.1, May 22, 1996, and can be ordered
at http://www.cdg.org/tech/tech_ref.html and costs $25.
3.5.2 3GPP Work Group T3
In late 1999 representatives of the various TDMA mobile phone systems
got together and decided to start a project to come up with a common
subscriber identity module. Since the GSM specification was the most
mature, it was taken as the starting point. ETSI shut down SMG9 and
transferred all of its documents and responsibilities to 3GPP Work Group
T3 which is now responsible for the common core SIM in all 3GPP phones
including GSM phones. T3's documents can be found at:
http://www.3gpp.org/ftp/TSG_T/WG3_USIM/
Each TDMA technology can still put their own extensions on the 3GPP core
depending on the particular needs of the technology.
3.5.3 3GPP2 Work Group TSG-C
Some but not all CDMA phones use a smart card for network access
authentication. In these phones the SIM is called the R-UIM which
stands for Removable User Identity Module. The CDMA folks think
of their handsets as being secure platforms and they think of the
SIM as a kind of industrial-strength floppy disk ... a removable
media. 3GPP2 R-UIM specs are available at:
http://www.3gpp2.org/Public_html/specs/#tsgc
3.5.4 ETSI Project - Smart Card Platform
An effort has also been launched to define a common core for the identity
module used in all communications applications. This module is called
the Universal Integrated Circuit Card (UICC). It would include for example
all mobile phones (not just TDMA phones), settop boxes, internet TVs,
wireless SCADA, and so forth. The thrust of this project is to define
a framework for smart cards that contain identity support for all of these
applications simultaneously. After all it's always you whether you are
talking on the phone or transmitting your blood sugar readings.
ETSI was given initial responsibility for this project and since it rose
from the ashes of SMG9 it was originally called "The New SMG9". One of its
first official acts was to give itself more compelling name, hence Smart
Card
Platform (SCP). All communication organizations are represented in this new
group or at least have been invited to participate. In an effort to gain as
wide a consensus as possible it has thrown its Web site open to all at:
You can tell from the name that the SCP folks imagine that the results of
their efforts might have applicability outside communication.
It becomes a bit challenging to keep track of documents coming out
of these three groups. Here's a start.
Description GSM 3GPP SCP
=========== ===== ====== =======
Vocabulary for Smart Cards 102.216
USIM and IC Card Requirements 21.111
USIM/SIM Application Toolkit (USAT/SAT) 02.19 22.038
Physical and Logical Characteristics 11.11 31.101 102.221
Administrative Commands 102.222
Test Specifications 102.230
Characteristics of the USIM Application 11.14 31.102
USIM Application Toolkit (USAT) 31.111 102.223
Security Mechanisms for the SAT-Stage 1 02.48
Security Mechanisms for the SAT-Stage 2 03.48 33.102
Numbering System for Card Applications 101.220
SIM API for Java Card 03.19
SIM API for the C Programming Language 31.131
Here are the core standards that define the Smart Card Platform:
GSM 02.17 - Subscriber Identity Module (SIM); Functional Characteristics
GSM 02.19 - Subscriber Identity Module Application Programming Interface
(SIM API): Service Description; Stage 1
GSM 02.48 - Secuity Mechanisms for the SIM Application Toolkit; Stage 1
GSM 03.19 - GSM API for SIM toolkit; Stage 2
GSM 03.48 - Security Mechanisms for SIM Toolkit Application; Stage 2
3GPP 21.111 - USIM and IC Card Requirements
3GPP 22.038 - SIM Application Toolkit (SAT); Stage 1
3GPP 22.112 - USIM Toolkit Interpreter; Stage 1
3GPP 31.102 - Characteristics of the USIM Application
3GPP 31.111 - USIM Application Toolkit (USAT)
3GPP 31.113 - USAT Interpreter Byte Codes
3GPP 31.131 - C API for the USIM Application Toolkit
3GPP 34.131 - Test Specification for the C SIM API
SCP 101.220 - Integrated Circuit Cards (ICC); ETSI Numbering System for
Telecommunication; Application Providers (AID)
SCP 102.221 - Smart Cards; UICC-Terminal Interface; Physical and Logical
Characteristics
SCP 102.222 - Integrated Circuit Cards (ICC); Administrative Commands for
Telecommunications Applications
SCP 102.230 - Smart Cards; UICC-Terminal interface; Physical, Electrical
and Logical Test Specifications
SCP 102.223 - Smart Cards; Card Application Toolkit (CAT)
SCP 102.224 - Security mechanisms for the Card Application Toolkit:
Functional requirements
SCO 102.225 - Secured packet structure for UICC applications
SCP 102.226 - Remote APDU Structure for UICC based Applications
SCP 102.240 - UICC Application Programming Interface
All of them are available free at
http://www.3gpp.org/ftp/Specs/
for the GSM and 3GPP documents and
http://docbox.etsi.org/tech-org/scp/Document/scp/
for the SCP documents.
3.6 Are there other standards bodies working on smart card standards?
Yes.
The IETF is becoming a forum for discussion of smart card standards
at least as they pertain to smart cards being nodes on the Internet.
See, for example, the Internet Draft "IP and ARP over ISO 7816-3" at
http://search.ietf.org/internet-drafts/draft-guthery-ip7816-00.txt
The B10 workgroup of NCITS (it used to be ANSI) is the US representative
to the ISO. They work on a number of existing and emerging standards
One of the most interesting ones is a smart card driver's license. The
current draft is at http://www.aamva.org/standards/index.asp.
3.7 Are there any industry specifications?
In addition to standards formulated by recognized standards bodies, there
are a number of specifications created by companies, industrial consortia
and ad hoc users groups. These specifications are typically guided as much
by marketing agendas as by technical necessity or utility. Membership rules
vary from organization to organization but are usually constructed to be
functionally equivalent to invitation only; i.e. the market wannabes trying
to gang up on the market leader.
Europay, MasterCard and Visa formed working group to create their Integrated
Circuit Card Specifications for Payment Systems, commonly called "EMV'96" or
just "EMV" (http://www.emvco.com/). The specification was
intended to create common technical basis to compete with the Mondex
specifications. Everybody of course when ahead and implemented their own
version of EMV cards (UKIS - UK Bank EMV, VSDC- Visa EMV. MCHIP - MasterCard
EMV).
Europay as also lead the defintion of a standard electronic cash purse
called CEPS for Common Electronic Purse Specifications. The specification
costs EUR 94 and is available at www.europay.com. Like EMV, each of the
card associations are implementing their own version of CEPS. Check out
CEPS specs at http://www.cepsco.com/
An old version of the GeldKarte specification is available at
ftp://ftp.ccc.de/pub/docs/geldkarte.pdf for free. The latest version
is available from Bank-Verlag Koeln, Melatenguertel 113, D-50825 Koeln,
Germany. Phone +49-0221-5490-0. Fax +49-0221-543498. (www.bank-verlag.de)
It costs DM400 and there is an NDA to execute.
Microsoft heads a group of smart card manufacturers to produce a
specification for the use of smart cards on personal computers and
workstations called PC/SC for Personal Computer/Smart Card
(http://www.pcscworkgroup.com).
The SET (Secure Electronic Transactions) at http://www.setco.org/
and C-SET (Card Secured Electronic Transactions) at
http://www.europayfrance.fr/fr/commerce/secur.htm specifications
include descriptions of the smart cards they use to perform SET
transactions.
RSA (www.rsa.com) has published an file hierarchy and data description for
accessing PKI certificates and associated information on cryptographic
tokens
including smart cards. It is called PKCS #15 and entitled "Crytographic
Token
Information Syntax Standard". Unfortunately since it is not a card-edge
specification it does not advance the cause of interoperable PKI tokens.
Visa is very active in the smart card area and has published specifications
for Visa Cash, the Visa Integrated Circuit Card
(www.visa.com/cgi-bin/vee/nt/chip/visdownload.html) and the Visa Open
Platform (www.visa.com/nt/suppliers/open/main.html).
GlobalPlatform (www.globalplatform.org) is a consortium organized by Visa
which is drawing up a specification based on Visa Open Platform (US Patent
6,005,942) for loading applications on and deleting applications from
multi-application smart cards.
MasterCard has formed the Global Mobile Commerce Team (not to be confused
with
the Globle Mobile Commerce Forum) and the Chip Vendor Services Program
(CVSP).
The Java Card Forum (www.javacardforum.org) and JavaSoft (www.javasoft.com)
maintain specifications for the Java Card.
The OpenCard Framework (www.opencard.org) is a way to access smart cards
from the Java programming language.
The Small Terminal Interoperability Platform consortium (www.stipgroup.org)
is doing this too.
The Radicchio (www.radicchio.org), Global Mobile Commerce Forum
(global.mobilecommerce.com), are studying the use of PKI smart cards
on wireless networks.
The Mobile Electronic Signature Consortium (www.esign-consortium.org)
is based on Brokat's digital signature patent WO09922486A1 of 5/6/1999
entitled
"METHOD FOR DIGITAL SIGNING OF A MESSAGE" and is writing a specification
based
on this patent for wireless e-commerce.
The PKI Forum (pkiforum.org) is also writing specifications for
digital signatures.
MasterCard is also starting coalition to draft U.S. digital ID procedures
for issuing, revoking and establishing digital user identifications.
The coalition includes ACI Worldwide, Gemplus, Bull Smart Cards & Terminals
Giesecke & Devrient; Schlumberger and Unisys.
The Mobey Forum (www.mobey.org) is a collection of banks, handset
manufacturers and smart card manufacturers that are trying snatch the
mobile trust high ground away from the telecoms. In a refreshing display
of candor, they have explicitly locked the telcoms out of their
organization.
The ETSI Technical Committee Security (sic) has also weighed in with
a standard for the format of PKI certificates, ES 201 733.
The World Airline Entertainment Association has put out a fascinating
specification for the use of smart cards by passengers in airplanes:
http://www.waea.org/tech/techspecs/smartcards.htm. It's free.
The International Air Transport Association sells a specification for
smart cards in travel and entertainment cards for $200 at
http://www.iata.org.
The SIMalliance (www.simalliance.org) is writing specifications for
a suite of protocols to connect GSM SIM cards to the Internet. It is a
closed group consisting of five smart card manufacturers. The proposal is
to hack up the WAP protocols which are themselves a hack up of the standard
Internet protocols. A TCP/IP stack with a real Web server can be put on a
SIM
card so you have to wonder we why need a new, homegrown bunch of protocols.
Across Wireless (www.AcrossWireless.com) makes the specifications for
its micro-browser available to everyone. Contact Anders Sellin
(Anders...@AcrossWireless.com).
The Smart Card Constituency working under the banner of eEurope
(http://europa.eu.int/comm/information_society/eeurope/index_en.htm)
is proposing to write yet another set of smart card interoperability
specifications that everybody can ignore. They have published a list
of 17 items for action and set up a bunch of task forces and work packages.
Contact Jan van Arkel <ar...@ecp.nl> for details.
The Card Application Management System Consortium consists of just
Visa and MasterCard. The relationship of this effort to Visa's
Open Platform effort and the work of the Global Open Platform would
break a pencil at any PR agency.
Eurosmart (www.eurosmart.com) is kind of a retirement project
for the first generation of smart card experts who know much but
say little at least publically.
Israel has a standard concerning the use of Hebrew for textual data
in smart cards. It is available (in English) at
http://www.qsm.co.il/Hebrew/si4424e.htm
E-Europe is kind of a European governmental trade association. There
is a smart card project inside E-Europe that has generated a number
of white papers that are good smart card tutorials and talk a lot about
smart card applications, real ones and possibilities. Check out ...
http://www.eeurope-smartcards.org/B2-Index.htm
3.8 Patents
There is an ongoing debate as to who invented the smart card and
who got the first smart card patent. Some claim the card was invented
in America and some claim it was invented in Germany.
Jules Ellinboe, an American working for TRW, applied for a patent on
an "Active Element Card" on October 27, 1967. The was patent, US 3,637,994,
was granted on January 25, 1972.
Two German engineers, Jurgen Dethloff and Helmut Grottrupp essentially
working in their garage are regarded to be the inventors of the smart
card in Europe. They announced their invention in 1967 and filed for a
German patent (DE 19 45 777 C2, "Identifikanden/Identifikationsschalter)
in February of 1969. Amazingly this patent wasn't granted until 1982.
On August 8, 1978, Dethloff was granted US patent 4,105,156, "Identification
system safeguarded against misuse".
Kunitaka Arimura of the Arimura Technology Institute in Japan filed for a
Japanese patent in March of 1970. In May of 1971, Paul Castrucci of IBM
filed for an American patent entitled simply "Information Card". The patent,
US 3,702,464, was issued on November 7, 1972.
Between 1974 and 1979 a French journalist, Roland Moreno, filed 47 smart
card
related patents in 11 countries and founded the French company Innovatron
to license these patents. US 3,971,916, "Methods of data storage and data
storage
systems" is a foundational US filing. The square-on-top-of-a-stick
or two-piece flag that you see printed on some smart cards is the trademark
of an Innovatron license.
Bull under the leadership of Michel Ugon has also historically been very
active in patenting smart card technology, filing over 1,200 patents
starting in 1977. Bull claims that all smart cards use their SPOM
(Self-Programmable One-Chip Microcomputer) technology. US 4,404,464,
"Method and apparatus for electrically connecting a removable article,
in particular a portable electronic card" issued September 13, 1983, is
a key Bull patent. The tiny circular smart card contact that you
see printed on some smart cards is the trademark of a Bull license.
Many of the original smart card patents have expired. Some pundits have
opined that the vigorous enforcement of these patents has inhibited smart
card use and that their expiration will open up the smart card market.
About the only thing that has happened so far however is that Bull CP8
died when it was taken off royalty payment life support.
A surprising number of entities, not historically associated with
the smart card industry, are applying for and getting smart card
patents these days. Some smart card software and business process patents
applied for or issued in the last 12 months of interest at least to the
editor are:
US20030163699A1: Cryptography method and smart cards microcircuit.
France Telecom Etablissement autonome de droit public (Pailles,
Girault), August 28, 2003.
WO03069922A2: LAYERED SIM CARD AND SECURITY FUNCTION. TELEFONAKTIEBOLAGET
LM ERICSSON (Moller, Esswein, Svedenmakr, Kirchner, Smeets, Bock), August
21, 2003.
WO03069551A2: DATA ORGANIZATION IN A SMART CARD. Schlumberger (Perrinot),
August 21, 2003.
US6604168: Flash eeprom management using ratio of used to unused sectors.
Canon Kabushiki Kaisha (Ogawa), August 5, 2003.
US6594361: High speed signal processing smart card, Thomson Licensing
(Chaney, Deiss, Beyers), July 15, 2003.
US6591229: Metrology device with programmable smart card, Schlumberger
(Pattinson, Somogyi, Pietrzyk, Du Castel), July 8, 2003.
US20030115227A1: Hierarchical file system and anti-tearing algorithm for a
limited-resource computer such as a smart card. Fujitsu (Guthery),
June 19, 2003.
US6581122: Smart card which operates with the USB protocol. Gemplus (Sarat),
June 17, 2003.
US20030098355A1: Dual battery configuration and method of using the same to
provide a long-term power solution in a programmable smart card. (Johnson),
May 29, 2003.
US6571112: Method and apparatus for processing an embedded message at a
wireless
mobile station which includes a subscriber identity module, Motorola
(Ramaswamy), May 27, 2003.
WO03042817A2: METHOD AND APPARATUS FOR LINKING CONVERTED APPLET FILES
WITHOUT
RELOCATION ANNOTATIONS, Schlumberger (Krishna, Wilkinson, Prevost,
Burianne),
May 22, 2003.
US20030097344A1: Multi-purpose transaction card system, (Chaum, Ferguson,
Van Der Hoek), May 22, 2003.
US6567915: Integrated circuit card with identity authentication table and
authorization tables defining access rights based on Boolean expressions of
authenticated identities. Microsoft (Guthery), May 20, 2003.
WO03038610A1: INSTALLATION OF A COMPILED PROGRAM, PARTICULARLY IN A CHIP
CARD
Gemplus (Burdy, Casset, Deville, Requet), May 8, 2003.
US20030086542A1: Method for managing multimedia data transmission via
internet
and smart card therefore, Schlumberger (Urien), May 8, 2003.
EP1308805A1: Method and apparatus for controlling a device from a smart card
Ericsson (Janez-Gonzales, Sanches-Yoldi), May 7, 2003.
US6547150: Smart card application development system and method, Microsoft
(Deo, Milstein, Perlin, Odinak, Guthery), April 15, 2003.
EP0858644B1: A SYSTEM AND METHOD FOR LOADING APPLICATIONS ONTO A SMART CARD,
Gemplus (Lisimaque, Peyret), March 26, 2003.
US6536671: AUTOMATIC RECOVERY OF INTEGRATED CIRCUIT CARDS, IBM (Baentsch)
March 25, 2003.
WO03023560A2: METHOD AND DEVICE FOR CONTROL BY CONSUMERS OVER PERSONAL DATA
MasterCard International (Binder), March 20, 2003.
WO03021428A1: METHOD AND APPARATUS FOR LINKING CONVERTED APPLET FILES,
Schlumberger (Krishna, Wilkinson, Burianne), March 13, 2003.
US20030046554A1: VOICE ACTIVATED SMART CARD, Schlumberger (Leydier,
du Castel) March 6, 2003.
US20030042318A1: METHOD AND APPARATUS FOR LINKING CONVERTED APPLET FILES
Schlumberger (Krishna, Wilkinson, Burianne), March 6, 2003.
EP0903034B1: DECODING OF DIGITAL DATA INCLUDING PROGRAM SPECIFIC INFORMATION
Thomson Consumer Electronics (Blatter, Bridgewater, Deiss, Horlander)
March 5, 2003.
WO03014916A1: SECURE METHOD FOR PERFORMING A MODULAR EXPONENTIATION
OPERATION,
Gemplus (Joye, Villegas), February 20, 2003.
WO03003772A2: METHOD FOR REMOTE LOADING OF AN ENCRYPTION KEY IN A
TELECOMMUNICATION
NETWORK STATION, Gemplus (Hu, Fan, Zhao), January 9, 2003.
US6502748: SYSTEM FOR CARD TO CARD TRANSFER OF SECURE DATA, SunSystem for
card to
card transfer of secure data. (Berg, Nelson) January 7, 2003.
US6501962: MOBILE COMMUNICATIONS TERMINAL SMART CARD, Orange
Personal Communications Services Limited (Green),December 31, 2002.
WO02095697A1: APPLICATION DEPLOYMENT FROM A SMART CARD, Gemplus
(Potonniee, Pellegrini), November 28, 2002
US20020175207A1: TERMINAL SOFTWARE ARCHITECTURE FOR USE WITH SMART CARDS,
(Kashef, Billon, Colas, Nakamura, Sak), November 28, 2002.
US6484937: METHOD FOR STORING DATA IN A CHIP CARD REWRITABLE MEMORY
Oberthur (Devaux, Perrot), November 26, 2002.
US6480935: SMART CARD MEMORY MANAGEMENT SYSTEM AND METHOD, (Carper,
Hemmo), November 12, 2002.
US20020158123A1: WEB-BASED SMART CARD SYSTEM AND METHOD FOR MAINTAINING
STATUS
INFORMATION AND VERIFYING ELIGIBILITY, (Allen, Norwood) October 31, 2002.
WO02084457A1: PERSONAL COMPUTER WITH THE SMART CARD AND ORGANISM SENSOR
(Jun), October 24, 2002.
EP1163623B1: METHODS AND APPARATUS FOR AUTHENTICATING THE DOWNLOAD OF
INFORMATION ONTO A SMART CARD, American Express (Petit), October 16, 2002.
WO02073337A2: SYSTEMS AND METHODS FOR PROVIDING SMART CARD INTEROPERABILITY
United States General Services Administration (Dray, Fedronic, Fernandez,
Jackson, Barr, Windsor, Hendricks), September 19, 2002.
US6453167: TELECOMMUNICATIONS SYSTEMS, British Technology Group (Michaels,
Timson, Dervan), September 17, 2002.
US20020129266A1: SYSTEM FOR IDENTIFICATION OF SMART CARDS, (Bender)
September 12, 2002.
EP0976114B1: SECURE MULTIPLE APPLICATION CARD SYSTEM AND PROCESS, Mondex
(Everett, Miller, Peacham, Simmons, Richards, Viner), August 14, 2002.
EP1225550A2: DATA PROCESSING METHOD IN A SMART CARD SYSTEM, Hitachi
(Sukeda, Ohki, Ohzeki, Fujita), July 24, 2002.
US20020095587A1: SMART CARD WITH INTEGRATED BIOMETRIC SENSOR, IBM (Doyle,
Hind, Peters) July 18, 2002
US20020095601A1: TECHNIQUE FOR ESTABLISHING A PROVABLE CHAIN
OF EVIDENCE, IBM (Hind, Peters) July 18, 2002.
WO0245446A1: METHOD AND DEVICE TO TRANSFER A SOFTWARE APPLICATION
WRITTEN IN HIGH LEVEL LANGUAGE BETWEEN THE SUBSCRIBERS OF A
TELECOMMUNICATION NETWORK, Schlumberger (Fargues), June 6, 2002.
WO02056174A2: METHOD FOR MANAGING COMPUTER APPLICATIONS BY THE OPERATING
SYSTEM OF A MULTI-APPLICATION COMPUTER SYSTEM, Gemplus (Naccache,
Vavassori), July 18, 2002.
WO0247020A2: CONCURRENT COMMUNICATION WITH MULTIPLE APPLICATIONS
ON A SMART CARD, Mobile-Mind (Guthery, Cronin) June 13, 2002.
3.9 Security Evaluations and Certifications
Smart cards and smart card readers can be subjected to various national
information technology security evaluations and certifications. In the
past this was ITSEC in Europe, TCSEC in the US and ITSET in Canada. The
shortcoming of these evaluation schemes was that one didn't know what had
been evaluated and thus had no basis on which to judge the utility of
the evaluation to one's application context.
Only one smart card has received the higest possible ITSEC certification,
the Multos card, which has been certified at the E6 High level.
These diverse evaluation criteria and protocols are slowly being harmonized
and homogenized into a world-wide standard called the Common Criteria.
http://csrc.nist.gov/cc/linklist.htm lists the Common Criteria Web sites
of the countries actively involved in this effort.
A property of Common Criteria testing is that the tests performed are
public.
The tests are called protection profiles. A number protection profiles have
been proposed for smart cards:
Smartcard Integrated Circuit, PP/9806, Version 2.0, September 1998.
Intersector Electronic Purse and Purchase Device, PP/9808,
Version 1.2, February 1999.
Smart Card Integrated Circuit with Embedded Software, PP/9809,
Version 1.0, Issue October 1998.
Smartcard Embedded Software, PP/9810, Version 1.0, November, 1998.
Smart Card Integrated Circuit with Embedded Software, PP/9811,
Version 2.0, Issue June 1999.
PP/9806, PP/9908, PP9909 and PP/9811 are available at
-http://www.eurosmart.com/download.
Large card issuers have also published their security evaluation and
certification criteria. Visa's, for example, can be found at
- http://international.visa.com/fb/paytech/smartcard/vsmartspecs/main.jsp
For complete information on the Common Criteria approach and the
Smart Card Security Users Group (SCSUG) check out
- http://csrc.nist.gov/cc/sc/sclist.htm
Common Criteria is also known as ISO 15408.
The ISO is finally starting to standardize the tests used to validate
claims about 7816 conformance. The first such is ISO FCD 10373-3
which is specification of the test methods for ISO 7816-3.
Four chips have received Common Criteria certification:
- STMicroelectronics ST19 (EAL4+)
- Philips P8WE6017V1I (EAL5+)
- Philips P8WE5032V0B (EAL3)
- Atmel AT05SC1604R (EAL4+)
3.10 Smart Card Testing Laboratories
The following organizations do smart card testing and certification and/or
sell testing tools:
- Aspects Software (http://www.aspects-sw.com)
- Bantry Technologies (http://www.bantry-technologies.ie)
- Collis (http://www.collis.nl/conclusion)
- CygnaCom CEAL (www.cygnacom.com/ceal.html)
- Domus ITSEC Laboratory (www.domus.com)
- Exponent (http://www.exponent.com)
- FIME (http://www.fime.com)
- Gilles Leroux (http://www.gilles-leroux.com)
- ICC Solutions (http://www.iccsolutions.com)
- InfoGuard Labs (http://www.infogard.com)
- Integri (http://www.integri.be)
- Micropross (http://www.micropross.com)
- Platform 7 (http://www.platform7.com)
- Tuvit (http://www.tuvit.net)
- Yalbi (http://www.yalbi.com)
The following four have been certified as Common Criteria
laboratories by the US NSA and NIST agencies:
Computer Sciences Corp. (Hanover, Md.);
CygnaCom Solutions (McLean, Va.);
Science Applications International Corp. (Columbia, Md.)
TuViT Inc. (Austin, Texas).
Besides the general-purpose FIPS 140 cryptographic token certification
there are two Common Criteria protection profiles specifically
for US government smart cards:
- Department of Defense Public Key Infrastructure and Key Management
Key Infrastructure Token Protection Profile
http://www.iatf.net/protection_profiles/file_serve.cfm?chapter=tokens.pdf
- Smart Card Security User Group Smart Card Protection Profile
http://csrc.nist.gov/cc/sc//scscug.pdf
There is also a strong initiative achieve interoperability between
smart cards used by the US government. See the patent application:
WO02073337A2: SYSTEMS AND METHODS FOR PROVIDING SMART CARD INTEROPERABILITY
and "Government Smart Card Interoperabilty Specification" available at
csrc.nist.gov/smartcard/GSCISV2-0.pdf.
4. Smart Card Hardware
To build your own smart card you can either work with a full-service
smart card manufacturer who has the know-how and equipment to take your
software and return finished cards. Or you can work directly with a chip
manufacturer to produce smart card chips or modules which contain your
software and then work with an embedder to put your module into a card.
Smart card manufacturers include: Dai Nippon, Gemplus, Gieseke & Devrient,
Intercard, Landis & Gyr, Oberthur, Orga, Exponcard,
I'M Technologies, Samsung, SchlumbergerSema, Solomon and Tianjin,
Worldtronix.
Chip manufacturers include include Advanced Logic, Atmel, Dallas
Semiconductor, Hitachi, Infineon, Inside Technologies, Microchip,
NEC, Philips, Samsung, STMicroelectronics, Texas Instruments,
Toshiba and Xicor.
Embedders include Micromodular Data Solutions, Integrated Card
Technology, ACG, and NBS.
Of course if you're really into doing it yourself and the folks
downstairs don't mind a little noise, you can make your own
smart cards: Muehlbauer (http://www.muehlbauer.de), Meinen,
Ziegel & Co. (http://www.meinen-ziegel.com).
STMicroelectronics publishes a nice set of data sheets on their
chips. Look under Smartcard ICs on http://www.st.com.
If you want to build your own smart card O/S from the I/O registers up,
Atmel chips are probably the best place to start. There are a bunch of
good tools at http://www.openavr.org/
The Chip Store http://www.chipcardstore.com supplies a range of
parts used for building smart cards and smart card systems.
If you want to jump-start your smart card O/S project, there are some
good building blocks at http://www.smartecos.com
Good articles on the various physical attacks that are mounted
on smart cards can be found at the following two sites:
- http://www.cl.cam.ac.uk/Research/Security/tamper
- http://www.cryptography.com/dpa/technical/index.html
5. Smart Card Operating Systems and Custom Cards
A smart card operating system is a type of embedded operating system.
There are many of them for the same reasons that there are many
embedded and real-time operating systems. It is not certain that
there will ever be a DOS for smart cards although many companies
continue to pursue this vision.
Historically smart card operating systems have been bundled with
smart card hardware so it was difficult to buy a smart card chip
and an operating system independently. It was even harder to license
a smart card operating system that you could customize and put
on your own chip. This situation is changing slowly.
5.1 Do-It-Yourself Smart Card Operating Systems
Open Source Projects
====================
There are a couple open source smart card operating system efforts
underway. One, Gnu Card O/S (gcos), was lead by Christian
Kahlo (C.K...@intershop.de) but has been shutdown. The obituary is
at www.gcos.de. There is also an open source smart card
operating system project going on at the University of Michigan
(www.citi.umich.edu). Contact Jim Rees (re...@umich.edu).
There is also a smart card communications project going
on at the University of Cape Town:
http://www.cs.uct.ac.za/Research/DNA/SOCS/projectpage.html
Simple Operating System for Smartcard Education (SOSSE) is a smart
card operating system for Atmel processors. It move sooner or later
to www.opensc.org/sosse/. Currently at www.mbsks.franken.de/sosse/.
http://www.franken.de/users/mbsks/sosse/index.html
www.gcos.de
Development Kits and Emulators
==============================
A number of embedded software tool companies are spotting
an opportunity for growth by including smart cards in their
offerings. Most of these are as expected chip specific.
You'll need ...
1) a C compiler for the chip
2) a workstation-based chip simulator to do first
level debugging
3) an in-circuit emulator (ICE) that contains the
real chip in a electronic debugging harness and
let's you single step your program and examine
memory
4) developer cards with a ROM loader that contain the
chip you're working with so you can alpha and
beta test your program
- Ashling (http://www.ashling.com)
- Associated Compiler Experts (ACE) (http://www.ace.nl)
- Atmel (http://www.atmel.com)
- Hitex (http://www.hitex.com)
- IAR Systems (http://www.iar.com)
- Keil (http://www.keil.com)
- Raisonance (http://www.raisonance.com/En/Products/SmartCard/Prescards.htm)
- Tasking (http://www.tasking.com/home.html)
SmarTEC (http://www.smartecos.com) make available a free SDK for
their SmarteCOS smart card operating system.
Blank Cards, White Cards and Soft Masks
=======================================
These cards let you download executable code directly to the
EEPROM memory of the smart card chip. They contain a small
loader in ROM which loads Motorola S-records or Intel extended
hex records or some other industry standard binary core image
representation. After you finish downloading, you flip a bit
that tells the chip to execute your program rather than the ROM
loader the next time it is reset. Clearly these are the most
flexible cards you can use from an application developer's point
of view. They are also the hardest to get hold of. There is
much heavy breathing about security considerations regarding
blank cards but in fact there is nothing you can do with a blank
card that you can't do with a Java Card or a Windows card so
the heavy breathing really all about market control not security.
Atmel sells a development kit for building your own smart
cards from scratch using flash memory AVR chips
A particularly interesting development in the blank card area are
the PIC cards being offered by MDS. See also the discussion of creating
your own mask in the smart card operating section above.
Multisat (http://www.multisat.de/) makes some nice programmer
tools for those building their own smart cards.
Finim (http://www.electronic-devices.com/ and http://www.finimusa.com)
also makes some useful smart card development tools including serial
port paddle boards.
Cards and Loggers
- Card-Shop (http://www.card-shop.net/Cards/cards.html)
- hm-zeit ( http://www.hm-sat.de/shop/)
- Mr. Server (http://www.mr-server.de/c70.html)
- Olbort (http://www.olbort.at/bdm.htm)
- RTVShop (http://www.rtv-w.de/)
- Wafer Shop (http://www.wafer-shop.de/)
5.2 Smart Card Operating Systems
Some work as been done in research settings on the specification
of smart card operating systems and their components. For example ...
http://citeseer.nj.nec.com/glaser96structuring.html
http://citeseer.nj.nec.com/44724.html
http://citeseer.nj.nec.com/hartel94towards.html
http://www.research.microsoft.com/scripts/pubs/view.asp?TR_ID=MSR-TR-99-07
Paul C. Clark and Lance J. Hoffman, "Bits: A Smartcard Protected
Operating System", Communications of the ACM, pp. 66 - 94, November
1994 Vol 37 Number 11.
Naccache, David and David M'Raïhi. 1996. Cryptographic
Smart Cards. IEEE Micro 6:14, 16-19, 21 - 24.
The following smart card operating systems can be licensed
independently and customized to a greater or lesser extent.
SmarTEC SmarteCOS
19834 Merritt Drive
Cupertino, CA 95014
Telephone: +1.415.874.7248
Fax: +1.408.516.8968
Web Site: http://www.smartecos.com
Todd Carper
to...@smartecos.com
Procos( Protekila Smart Card Operating System)
Protekila
Husrev Gerede Cd. No 112 D 6
Tesvikiye 80200
Istanbul Turkey
TELEPHONE: +90 212 2610163
FAX: +90 212 2610494
E-MAIL: in...@protekila.com.tr
SuperTech STCOS
Address: Yinhua Building 16th Floor
Wuyi Middle Road
Changsha, Hunan 410011
China
Phone : (86)731-445-3191 (86)©731-445-6556
Fax : (86)731-445-6319
Email : sts...@public.cs.hn.cn
E-mail : supe...@public.cs.hn.cn
Phone : (86)731-445-3191 (86)731-445-6556
Fax : (86)731-445-6319
Web Site : http://www.supertech.com.cn
Flash COS and Logos SIM iMP
Logos SmartCard
Sorgenfrivej 18
DK-2800 Kgs.Lyngby
Denmark
Mr. Mads Pii or
Mr. Hans Peter Riggelsen
Voice: (+45) 70 25 02 66
FAX: (+45) 70 25 02 67
sa...@logossmartcard.com
Also at http://www.acg.de
STS-COS
SuperTech Systems, Inc.
2425N. Central Expressway
Richardson, Texas 75080, USA
Tel: +1 (972)231-2037
FAX: +1 (972)231-2041
E-mail: sts...@supertechsystems.com
http://supertechsystems.com/products/COS.htm
AMOS-SC and AMOS-SIM
American Microdevice Manufacturing, Inc.
1830-A Bering Drive
San Jose, CA 95112-4226
California, USA
Voice: +1 (408) 573-7070
FAX: +1 (408) 573-7607
On-Track S2COS-5
Z.H.R. Industrial Zone
P.O.Box 32
Rosh Pina
12000 Israel
Tel: +972-6-6938884
Fax: +972-6-6938887
e-mail:ont...@oti.co.il
Exceldata
http://www.exceldata.es
M.MAR ISO - ISO 7816 Card
M.MAR GSM - GSM SIM Card
M.MAR J+ - GSM SIM with J+ virtual machine
M.MAR CEN/WG.10 - CEN e-purse card
MioCOS
Peter Öhman
Miotec Oy
Kamreerintie 6
FIN-02770 ESPOO, FINLAND
Tel (+358) 9 8045 3094
FAX (+358) 9 859 4041
GSM (+358) 40 547 4905
peter...@miotec.fi
www.miotec.fi
IBM MFC
Michael Schilling
Project Manager Smart Card Projects
schi...@de.ibm.com
IBM Java Card Operating System
Peter Buhler
b...@zurich.ibm.com
Gator and SCOS
Amazing Smart Card Technologies
1615 Wyatt Drive
Santa Clara, CA 95054
U.S.A.
Voice: +1 408 566 0300
FAX: +1 408 748 7724
Email: sa...@amazingtechnologies.com
Smart Card for Windows
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
U.S.A.
Contact: Mike Dusche
mdu...@microsoft.com
SCOS
Techtronics Ltd
Katesbridge
Thurlby
Bourne
Lincolnshire PE10 0EN
UK
Voice: +44 1778 562920
FAX: +44 1778 561174
Email: sa...@techtronics.com
SCOS
Personal Cipher Card Corporation (PC3)
3211 Bonnybrook Dr.
North Lakeland, FL 33811
Voice: +1 941 644 5026
FAX: +1 941 644 1933
Contact: Kip Wheeler
Also available from
Micromodular Data Solutions
1582 Norman Avenue
Santa Clara CA 95054 USA
Voice: +1 408-986-9000
FAX: +1 408-986-9829
sa...@micromodular.com
DVK1
SoftChip Technologies Ltd.
38 Nerot Shabbat St.
P.O. Box 23411
Jerusalem 91233
Israel
Voice: +972 2 5864086
FAX: +972 2 5864008
Contact: Eitan Mizrotsky
ei...@softchip.com
Blue
eCash Technologies
Bothell, WA
David Watson
david....@ecashtechnologies.com
OSSCA
Keycorp Limited
Level 9
67 Albert Avenue
Chatswood NSW 2067
Australia
Voice: +61 2 9414 5297
FAX: +61 2 9415 1363
http://www.keycorp.net
DKCCOS
Datakey
407 West Travelers Trail
Burnsville, MN 55337
Voice: 612-890-6850
FAX: 612-890-2726
http://www.datakey.com
Secure Java O/S
David Samyde, qua...@worldnet.fr
Gilles Dumortier, dg...@ieee.org
http://perso.wanadoo.fr/dgil/jaya/index.htm
Siemens CardOS M3 and M4
Werner Braun
werner...@nbg.siemens.de
Information and Communication Group,
Smart Cards and Security
Otto-Hahn-Ring 6
D-81730 Munich
Germany
FAX: +49 (0)89 636 46400
http://www.siemens.com/sbs/en/offerings/services/SmartCard/Products/cardos_m4.html
WebKomputing
649 S Main St.
Milpitas, CA 95035
Phone: +1 408-262-8638
http://www.webkomputing.com
Hive Minded, Inc.
2110A Vine Street,
Berkeley, California, 94709
USA
in...@hiveminded.com
http://www.hiveminded.com
Simple Operating System for Smartcard Education
http://www.franken.de/users/mbsks/sosse/index.html
If you license one of these operating systems or write your
own the next step is getting it onto a smart card. Most
of the chip manufacturers can supply "blank" cards that
contain a simple loader in ROM which will load your O/S
into EEPROM and run it from there. Unfortunately you may have
to commit to very large orders and pledge your first born
child in order to get these loader cards. The old economy
smart card manufacturers could also provide this service but
they won't because they want to sell you cards containing
their operating systems.
There are a growning number of firms that are setting about
to serve the exploding demand for low-volume batches of custom
smart cards. Here are some to check out:
- ACG (http://www.acg.de)
- EM2 (http://www.em2-outsourcing.com)
- Emosyn (http://www.emosyn.com)
- Micromodular Data Solutions (http://www.micromodular.com)
- Multisat (http://www.multisat.de/)
- Ordacard (http://www.ordacard.com)
- Versatile Card Technologies (http://www.versacard.com)
- Winter Wertdruck (http://www.winter-ag.com)
- Zeitcontrol (http://www.zeitcontrol.com)
The GNU folks have a program for managing passwords on
smart cards.
- GnuPOC http://www.gnu.org/software/poc/poc.html
6. Fixed-Command Smart Cards, Readers and Tools
6.1 Fixed-Command Smart Cards
Smart cards for developers come in four forms:
- off-the-shelf programmable cards
- off-the-shelf non-programmable cards
- smart card software development kits (SDKs)
- application-specific packages
Off-the-Shelf Programmable Cards
================================
Programmable cards such as the Multos card, Microsoft's Smart Card for
Windows, Zeitcontrol's Basic Card and the many Java Cards offer the
developer maximum flexibility at the cost of some performance. With these
cards you can download a program to the card that implements the
commands that you want your application to use to access the card.
In other words, you control both the host side and the card side.
All of these cards run a virtual machine on the card which interprets
the downloaded code.
EVerybody and his dog are putting out Java Cards these days. In spite of
the "Write-Once-Run-Everywhere" hype, there is no binary compatibility
between them. To move an applet from one card to another you have to
have the source code and recompile it. What's worse is that there is not
even source compatibility between the various versions of the Java Card
specifications.
There is a vast speed difference between competing implementations of the
Java Card Virtual Machine. The IBM JVM called JCOP is fastest EEPROM
implementation. It is roughly five (5) times faster than the other
EEPROM implementations. The Fujitsu implementation is even faster than
JCOP due in no small part to the use of FRAM rather than EEPROM memory.
- Gemplus GemXpresso RAD 211 (www.gemplus.com)
- Giesecke & Devrient Sm@rtCafé (www.gdm.de)
- Oberthur GalactiC (www.oberthurusa.com)
- Schlumberger Cyberflex (www.cardstore.slb.com)
- IBM Java Card (Peter Buhler at b...@zurich.ibm.com
- Aspects Software (www.aspects-sw.com)
- Microelectronica Espanola (www.exceldata.es)
- I'M Technologies (www.imcorporation.com)
- Datacard Aptura (www.datacard.com)
- Fujitsu HIPERSIM (www.fujitsu.com)
- Datakey Model 330J (www.datakey.com)
- WebKomputing (www.webkomputing.com)
Motorola fielded a 32-bit smart card with a 32-big Java Card
implementation but it's gone.
IBM has put up a good Web resource on Java Card at
http://www.zurich.ibm.com/csc/infosec/smartcard.html.
In general it is difficult to compile non-Java languages to a Java
virtual machine. Thus, if you use a Java card you are stuck with
using the Java programming language. Bug or feature, your choice.
Two programmable card designers have taken a different approach which is to
provide a language-independent virtual machine on the card and let the
programmer write in any one of a number of languages and then compile this
language to the virtual machine.
- Multos (www.multos.com) - C, Java, and assembler (MEL)
- Microsoft (www.microsoft.com/smartcard) - Visual Basic, C, and assembler
(RTE)
The ZeitControl (www.zeitcontrol.de) Basic card sports a
language-independent
virtual machine but only a Basic compiler is available for it. The
ZeitControl
SDK is is available from Versatile Card Technology
(http://www.versacard.com)
Hiveminded (www.hiveminded.com) has announced a smart card based on
Microsoft-designed and ECMA-standardized .NET architecture. Smartcard.NET
supports multiple programming languages.
Off-the-Shelf Non-Programmable Cards
====================================
Off-the-shelf non-programmable cards are "classic" smart cards
with fixed command sets. You can send commands to these cards through
the smart card reader API or through the PC/SC or OpenCard APIs. If you
go this route be sure to get the detailed technical documentation
for the card including a bit-level description of each command
the card supports, the files and the file system, the access controls
on the files, and any keys you need to unlock the card.
- Deutsche Telekom (http://www.telesec.de)
Company Multifunction Card
TCOS Cryptographic Card
- Schlumberger (http://www.cardstore.slb.com)
Multiflex
Cyberflex
Cryptoflex
MicroPayflex
- Gemplus (http://store.gemplus.com)
GEMSafe (http://www.gemsafe.com)
- IBM MFC 4.1
Availble from ComCard (http://www.comcard.de)
Contact Mr. Haertel (hae...@comcard.de) or
Mandy Oeser (oe...@comcard.de)
Schlumberger makes the full documentation for their multi-purpose card,
Multiflex, and their cryptographi card, Cryptoflex, available for free
on-line at http://cardstore.slb.com; click down to the individual card
descriptions to find the docs.
Application-Specific Packages
=============================
Application-specific, ready-to-go packages expensive and they may only work
with certain cards but if you only have one thing to do they can get
on the air very quickly. Examples of application-specific packages:
- ActivCard Services Integration Kit (http://www.activcard.com)
- Gemplus GEMSafe (http://www.gemplus.com)
- Litronic Netsign (http://www.litronic.com)
- Schlumberger Cryptoflex Security Kit (http://www.cardstore.slb.com)
Tools and Libraries
===================
Freeware Smart Card Tools and Libraries
- SCEZ Library (http://www.franken.de/crypt/scez.html)
- UMich Library (http://www.citi.umich.edu/projects/smartcard/sc7816.html)
- PC/SC software (http://www.pcsc.pl/VAS/index.html)
- ttfn (http://www.ttfn.net/techno/smartcards/software.html)
- ActiveX Component (http://www.prioregroup.com/)
Other Smart Card Tools and Libraries
- DataKey SignaSURE DTK (http://www.datakey.com)
- Flint Smart (http://www.flint.co.uk)
- Giesecke & Devrient STARCOS Tool Kit (http://www.gdm.de)
- Metrowerks (www.metrowerks.com) - a Java Card development system
- Schlumberger (cardstore.slb.com) - Cyberflex Java Card development kit
- Smart Dynamics EZ Formatter (http://www.smartdynamics.com/software.htm)
- Smart Toolz (http://www.smarttoolz.com)
- Utimaco (http://www.utimaco.com)
- Card-Lab: http://www.card-lab.com/
Card-Lab has created a combined simulator/emulator for Multos, Check
it out at www.card-lab.com.
A really useful tool for use with the Windows PC/SC stack is the WinSCard
APDU View Utility available at http://www.fernandes.org/apduview/index.html.
Dmitry Basko has posted open source for a PC/SC driver at
http://www.dbasko.com
along with a bunch of nice PC/SC utilities.
A smart card API for Delphi can be found at http://www.ppuvas.com.pl.
AET provides a software that supports PKCS#11 on serveral platforms (Windows
95 / 98 / SE / ME / NT4.0, Windows 2000 / XP, Linux, MAC OS X). see
http://www.aeteurope.nl/index.html. Currently they support G&D StarCos card
(ITSEC E4 high evaluated) and Rainbow iKey 3000 USB tokens.
6.2 Smart Card Readers
Smart card readers used to come with their own homegrown APIs and not look
like other peripheral devices in the computing environment. A group
of companies got together to create a specification for treating smart
card readers as standard peripherals. This specification is called
Personal Computer/Smart Card or PC/SC for short. The PC/SC specification
has been implemented on Windows and Linux. The multi-part specification
can be obtained at http://www.pcscworkgroup.com.
The list of PC/SC readers that work with Windows can be found at:
- http://www.microsoft.com/hcl/default.asp
under Smart Card Readers.
Linux PC/SC implementations for many smart card readers can be found at
Smart card reader manufacturers that sell readers in small quantities
include:
- Advanced Card Systems (http://www.acs.com.hk)
- American Biometric (http://www.abio.com)
- ASK (http://www.ask.fr)
- Athena (http://www.athena-scs.com)
- Bull SC&T (http://www.cp8.bull.com)
- Castles Automation (http://www.casauto.com.tw)
- Celo (http://www.celocom.com)
- Cheery (http://www.cherrycorp.com/english/advanced-line/index.htm)
- Datamega (http://www.datamega.com)
- DeLaRue (http://www.delarue.com)
- Epsilon Electronics (http://www.eps.no)
- Firstoi (http://www.firsttoy.com)
- Fischer International Systems (http://www.fisc.com)
- Gemplus (http://www.gemplus.com)
- Inside Technologies (http://www.insidefr.com)
- Intertex (http://www.intertex.se)
- Litronic (http://www.litronic.com)
- Maxking (http://www.maxking.com/minimax.html)
- Omnikey (http://www.omnikey.com)
- Omron (http://www.omron.com)
- Rainbow Technologies (http://www.rainbow.com)
- Schlumberger (http://www.slb.com/smartcards)
- SCM Microsystems (http://www.scmmicro.com)
- SDLogic Technologies (http://www.sdlogic.com)
- SecureTech (http://www.securetech-corp.com)
- Todos (http://www.todos.se/argosminiindex.htm)
- Towitoko (http://www.towitoko.de)
- Uniform Industrial (http://www.uicusa.com)
- Utimaco (http://www.utimaco.com)
- Zeitcontrol (http://www.cybermouse.de)
Maxking even provides schematics for you to build your
own smart card reader.
Here's a high-end reader that is connected with its
own Cryptographic Service Provider:
http://www.wave.com/technology/csp.html
Here are some schematics for building your own reader:
http://www.technick.net/index.php?load_page=http%3A//www.technick.net/cir_smartcarde
mu.php
There are a growing number of portable or handheld readers.
Most of them can double as a serial port reader on your PC.
- Xiring Multigame (www.xiring.com)
- Spyrus Personal Access Reader (www.spyrus.com)
- Towitoko Chip Drive Mobile (www.towitoko.de)
Almost all readers are micro-processor based and contain an
internal API of some sort. Smart card reader manufacturers
have been slow to surface these APIs to allow smart card developers
to build their own application-specific functionality into the
readers. A delightful exception is Traditor in Finland which makes
a nice line of smart card readers with SDKs. Contact Antti Saksa
at a...@traditor.fi. The Spyrus Rosetta PAR 2 (Personal Access
Reader) (www.spyrus.com) has a programmable API and program loading
features.
There is a German standard for smart card readers called the Card
Terminal Application Programming Interface (CT-API). There is
an English version of the specificaiton at
http://www.microdatec.de/download/ctapi11e.pdf
The Small Terminal Interoperability Platform consortium is trying to
standardize smart card terminals. The latest version of their
specification is available at their Web site (http://www.stipgroup.org/).
Rarely does one see so much code do so little.
Europay International (http://www.europay.com) has also put together a
specification for terminals called the Open Terminal Architecture (OTA).
OTA includes a Forth virtual machine. The OTA VM is a derivative of the
FORTH VM designed by MicroProcessor Engineering (www.mpeltd.demon.co.uk)
for the SENDIT Esprit project. The VM uses a two-stack architecture derived
from Forth, and extended to be language neutral so that code can be compiled
from languages other than Forth. C is in fact used more than Forth.
Europay
has submitted this specification for ISO standardization.
Bull is pushing an Electronic Funds Transfer Point Of Sale (EFT-POS)
terminal based on Sun's K virtual machine (which should not be confused
with a virtual machine for the K programming language found at
http://www.kx.com).
Point of Sale (POS) terminals have a lot in common with smart
card readers. Check out:
- Hal Stile's POS Page (http://www.beachnet.com/~hstiles/posl2.html)
A number of efforts are underway to improve the speed of communication
between the smart card and the terminal. Most of these use the two
spare contacts on the module interface. The USB protocol is a popular
candidate and it is in the process of being standardized through the
ISO process.
6.3 Software Tools
There are a number of software tools available for working with
smart cards (even setting aside all the DSS hacking tools which
we won't cover).
SmartX by ThinkPulse (http://www.thinkpulse.com) is XML script
that makes one smart card look like another or like a fantasy
smart card such as one that abides by the ISO standards.
The Smart Card Explorer by Smart Dynamics (http://www.smartdynamics.com/)
lets you configure smart card file systems. It works with a number
of different cards and card readers and includes a scripting
language that lets you add your own. Unfortunately, it doesn't
run on top of PC/SC.
Smart Toolz (http://www.smarttoolz.com/) provides software and APIs
that work with CardLogix smart cards. CardLogix (www.cardlogix.com)
also provides software that supports these cards. The Smart Toolz
and CardLogix packages also support CardLogix's memory cards.
Netissmo (http://www.netissimo.com) is a smart card SDK for Internet
applications.
PocketServer (http://www.pocketserver.com) is a smart card and smart
card SDK for personal information and transaction processing.
One of the best books on smart card hardware is the Smart Card Handbook
by Wolfgang Rankl and Wolfgang Effing. The first author has made
available a freeware smart card simulator written in Visual Basic.
http://www.geocities.com/SiliconValley/Foothills/4710/tscs.html.
IFDTEST is a program that was built to exercise a card reader and
check it for PC/SC compliance. It is also a very handy low-level,
command-line card editor. You can download it form
http://www.microsoft.com/hwtest/device/smartcard.asp.
THe list of all the readers that are PC/SC compliant is at
http://www.microsoft.com/hcl/
7. Programmable and Multi-Application Smart Cards
7.1 General Purpose Programmable Cards
Perhaps the most revolutionary event in the history of smart cards over the
last 25 years is the recent emergence of programmable smart cards. Rather
than freezing the program that runs in the smart card in read-only memory at
the time the card is manufactured, programmable smart cards let you add
executable code to the smart card at any time in its lifetime. The primary
intended use of programmable smart cards is to create multi-application
smart cards on which applications can be added and deleted at will. Thus you
might decide to get rid of the Koffee Klub Frequent Drinker program and add
the Budapest Transport System ticket program.
There are a number of programmable smart cards on the market. Some can be
programmed in high-level languages, some can be programmed in virtual
assembly language and some can only be programmed in the assembly language
of the chip on the smart card.
The Basic Card from Zeitcontrol (www.basiccard.com) can be programmed in
Basic. Zeitcontrol has done a excellent job of integrating the development
of the program on the smart card with the development of the program on the
host or terminal that is using it. The Basic Card is available directly
from Zeitcontrol and from Versatile Card Technologies in the US.
The MULTOS (www.multos.com) smart card is a smart card defined by MAOSCO, a
spin-off of MONDEX and MasterCard. The MULTOS card can be programmed in C,
Java, Basic and MEL (MAOS Executable Language), which is the assembly
language
for the virtual machine on the card.
Keycorp (www.keycorp.com.au) once marketed a smart card called OSSCA
(Operating System for Smart Card Applications) which you could program
in the Forth language. This may have been the first smart card with
a virtual machine.
The HOST operating system from Oberthur (www.oberthurusa.com) is also
advertised as supporting the field loading of interpreted applications
written in an undefined high-level language.Contact Michael Cariou
of Oberthur for details (michael...@Oberthurusa.com).
Both Syprus (www.spyrus.com) and Datakey (www.datakey.com) have cards
that let you add programs written in native assembler if you are
approved by their respective creators. The operating system on the
Spyrus card is called SPYCOS and the operating system on the Data key
card is called DKCCOS.
Java Card
---------
A number of card manufacturers have announced smart cards which can be
programmed in Java. Each defines its own Java byte code set so you can't
take an applet off the card of one manufacturer and run it on the card of
another. This problem has been recognized and is starting to change
for the better. The Java Card Forum (www.javacardforum.org) controls
the technical specification of the Java Card. Only Schlumberger sells
its Java Card and Software Development Kit (SDK) on-line:
- Schlumberger: Cyberflex, http://www.cardstore.slb.com
The other vendors of Java Cards and Java Card SDKs are:
- Aspects Software: http://www.aspects-sw.com
- Gemplus: GemXpresso, http://www.gemplus.com
- Oberthur: Galactic, http://www.oberthursc.com
- Giesecke & Devrient: Sm@rtCafe, http://www.gdm.de
- IBM: http://www.zurich.ibm.com/csc/infosec/smartcard.html
- Fujitsu: http://edevice.fujitsu.com/fj/CATALOG/PDF/a05000263e.pdf
The current version of Java Card is 2.2.
Windows for Smart Cards
-----------------------
The Windows for Smart Card smart card operating system has
been licensed by Smart Card Integrators and Sagem. You
can obtain cards from them.
Smart Card Integrators (SCI): http://www.sci-s.com
Sagem: http://www.sagem-online.com
.NET Card
---------
Hive Minded (www.hiveminded.com) has created a .NET smart card
that sports a language-independent virtual machine a lots of
other goodies.
-
7.2 Programmable SIM Cards
The SIM cards in GSM mobile phones (and soon other mobile phones and
wireless communication devics) sport an application programming interface
called the SIM Application Toolkit or SAT for short.
There are at least ten SIM cards that support SAT.
Eight run applications written in Java:
- Schlumberger's SIMera
- Gemplus' GemXplore98
- Oberthur's SIMphonic
- Orga's SIMtelligence
- Giesecke & Devrient's StarSIM
- Excedata's M.MAR J+ SIM
- Xponcard
- I'M Technologies's Java SIM Card
- Aspects Software
All of these are separate from the general purpose Java
card offered by these vendors. They cost more than the
general purpose SDKs and are harder to order.
The Multos SecureSIM SIM Card runs applications written in
C, Java or MEL. Information about SecureSIM can be obtained
from Derek Ross, derek...@mobecom.com.
The interesting thing about the Multos SIM card is that
the SIM functionality (11.11 and 11.14) is just an interpreted
application written on top of a standard Multos card. This
means that the Multos SIM is the most secure of the SIMs since
it has an E6 ITSEC rating and the others are unrated. It also
means that telecom operators can customize their SIMs without
becoming beholden to card manufacturers by simply customizing
the SIM application.
Microelectronica offers a SIM card with SAT
- http://www.exceldata.es/tarjet_i/itarjba.htm
as does Miotec
and Setec Oy
7.3 Contactless
Contactless card applications are starting to get some traction
outside the transportation industry. Think of a contactless
card as a secure RFID tag. There are a number of kits on the
market that let you explore contactless card application development:
- http://www.insidefr.com/products/kits.htm
- http://www.epicard.com/contactless/products/
- http://www.supertechsystems.com
- http://smartechnology.com.au/index1.htm
- http://www.topcard-monetique.com/anglais/summary/summaryd.htm
- http://www.epsys.no/sreaders.htm
- http://www.omron.com/card/rfid/prod/v720/kit.html
- http://www.microchip.com/1000/pline/tools/index.htm
- http://www.ehag.ch/HTML-Files/RFID/inside.htm
8. Vertical Markets and Associated Products
8.1 Smart Cards in SCADA Applications
Smart cards are starting to show up in some new places and none
are more interesting (IMHO) than system control and data acquisition
applications. Their environental robustness coupled with their
tamper-resistance make them perfect places to collect data from or
inject sensitive information to autonomous digital systems.
Home medical applications are particularly interesting because
of the ease with which self-help patients can manage the
cards that are monitoring and controling their treatments.
Resptronics (http://www.respironics.com/ and
http://www.cpapman.com/respiron.html) has done some very
innovative work here with their Encore SmartCard.
We're also starting to see some patents in the area, for
example:
US6170742: Method for using a smart card for recording operations,
service and maintenance transactions and determining compliance
of regulatory and other scheduled events
US6122351: Method and system aiding medical diagnosis and
treatment by Med Graph.
8.2 Card and Application Management Systems
Once you start loading to and unloading applications from smart cards
after they have been issued, you immediately are confronted with the
problem of managing a card population where all the cards are different
and which can change their application load daily. This is called the
card and application management problem. Many people believe that card
and application management is where the trust goes into a card scheme
and the money comes out.
The Java Card Forum (www.javacardforum.org) has published an overview paper
that describes the problem. It's free. Justin Monk and Judy Henderson
have published a report entitled "Implementing a Multi-Application Smart
Card Project: A Practical Guide to the Smart Card Project Life Cycle"
available at SMi Publishing (http://www.smi-online.co.uk). It costs $775.
There are a number of competing specifications and commercial
systems for doing card and application management. The three
leading specifications are:
- MXI by MAOSCO (http://www.multos.com)
- Open Platform by the Global Platform (http://www.globalplatform.org)
- PMA (Platform Management Architecture) by platform7
(http://www.platform7.com)
Only the MAOSCO specification has been converted to a fielded system.
It is in actual use and in fact has been for a number of years. There
have been some noises recently that the Visa system (Open Platform)
and the MasterCard system (MXI) are going to at least interoperate which
means essentially that they will recognize and support each other's cards.
The current version of the Open Platform specification is at
http://www.visa.com/nt/suppliers/open/docs.html.
There are a number of commercial systems that have set about to solve
the card and application management problem including
- Authentic8 (http://www.authentic8.com)
- ACI Worldwide (http://www.acismartcard.com)
- Cardbase Technologies (http://www.cardbase.com)
- Cards etc (http://www.cardsetc.com)
- DataCard (http://www.datacard.com)
- Logica (http://www.logica.com)
- Oberthur (http://www-usa.oberthur.com)
- RSA (http:/www.rsa.com)
- Total System Services (http://www.totalsystem.com)
- Ubiq (http://www.ubiqinc.com)
- Zaxus (http://zaxus.com)
Most of the major smart card manufacturers are also fielding card and
application management systems.
Total System Services and DataCard have implemented a version
of the Visa GlobalPlatform card management system. Gemplus and
IBM have also announced a system. Both are in the press release
stage of development.
9. Resources
9.1 Vendor-Specific Forums and Newsgroups
Some of the vendors run discussion forums or newsgroups to catch
questions about their products and provide answers.
- Schlumberger Cyberflex: http://www.cyberflex.slb.com/Support/support.html
- Multos: http://www.multostechnet.com
- Microsoft: News Server: msnews.microsoft.com, Group:
microsoft.public.windowscard
- Gemplus: http://www.gemplus.fr/developers/
9.2 Newsgroups
There is a French smart card group at:
news:fr.comp.carte-a-puce
Besides alt.technology.smartcards and fr.comp.carte-a-puce, there are other
newsgroups
that while not devoted exclusively to smart cards carry information relevant
to
smart cards.
- news:alt.microcontrollers.8bit - Discussion of CPUs like those in smart
cards
- news:comp.arch.embedded - Good source of software and expertise
- news:sci.crypt - Different methods of data en/decryption
- news:sci.crypt.research - Cryptography, cryptanalysis, and related issues
- news:comp.security.misc - Security issues of computers and networks
- news:alt.security - Security issues on computer systems
- news:alt.stellite.tv.europe - Europe satellite TV watchers' forum
- news:alt.satellite.tv.crypt - Satellite TV payment systems security
- news:alt.microcontrollers - Low traffic
- news:comp.robotics.misc - Another good source of software and 8-bit
experience.
9.3 Pointer Farms
There are many smart card resources on the Web and they change so
quickly that it would be futile to try to list them all here. There are
however a number of people who have built wonderful pages of pointers to
smart card resources. Therefore rather than listing the original resources,
we just include pointers to these pages of pointers here. Please let the FAQ
maintainer (sgut...@mobile-mind.com) know about your favorites.
CardInsight Magazine
http://www.cardinside.com/E_Inhalt_Useful_links.html
Wolfgang Rankl's Smart Card Link Farm
http://www.wrankl.de/links.htm
Peter Gutman's Security Products
http://www.cs.auckland.ac.nz/~pgut001/links/products.html
Crypto Links
http://info.aanekoski.fi/~mpe/suojaus/smart.html
E-Panorama
http://www.epanorama.net/links/smartcards.html
InfoSec on Smart Cards
http://www.infosyssec.org/infosyssec/secsmc1.htm
Peter J. Ognibene's List
http://members.aol.com/pjsmart/page4.htm
University Cards
http://www.mcard.umich.edu/otherLinks.htm
Sesam Vitale Health Card
http://www.sesam-vitale.fr/
Bo Lavare's Smart Card Security Information Page
http://www.geocities.com/ResearchTriangle/Lab/1578/smart.htm
Giovanni Motta's Smart Card Links
http://www.cs.brandeis.edu/~gim/smartcards.html
Peter J. Ognibene Smart Card Development Services
http://members.aol.com/pjsmart/index.htm
Tomi Engdahl's Card Technology Technology Page
http://www.epanorama.net/links/smartcards.html
University of Michigan MCard Links
http://www.mcard.umich.edu/otherLinks.htm
Smart Card News (under Links)
http://www.smartcard.co.uk
Smart Card Resources on the Web
http://www.dice.ucl.ac.be/crypto/card.html
Smart Card Manufacturers and Services
http://www.smartcard.co.uk/links.html
Smart Card Security Information Page
http://www.geocities.com/ResearchTriangle/Lab/1578/smart.htm
HIP Smart Card
http://cuba.xs4all.nl/~hip/
General Smart Card Information
http://www.cryptsoft.com/scard/
Smart Card Security News
http://www.geocities.com/ResearchTriangle/Lab/1578/smart.htm
The Smart Card Cybershow
http://www.cardshow.com/
The Smart Card Club
http://www.smartcardclub.co.uk/
S. Prasad's Page of Pointers
http://home.att.net/~s-prasad/ecsc.htm
Smart Card Central
http://www.smartcardcentral.com/
Smart (U.S.) Government
http://smart.gov
U.S. Campus Cards
http://www.allcampuscard.com/huber/card.htm
Goran Vlaski's Software Page
http://vlaski.virtualave.net/
Maxking
http://www.maxking.demon.co.uk/cardprog1.html
The Story of What Happens To You If You Blow
Away the Security-Through-Obscurity Smoke Screen
http://www.parodie.com/humpich/home.htm
Leo Van Hove's Master List of E-Purses
http://cfec.vub.ac.be/cfec/purses.htm
Smart Cards On-Line
http://www.smartex.com/
Smart Card Basics
http://www.smartcardbasics.com/links.html
9.4 Smart Card Associations
Asia Pacific Smart Card Forum
http://www.smartcardforum.asn.au/index.html
Card Europe (www.cardeurope.demon.co.uk), The Association For Smart Card
And Related Industries, 146 Valley Road Rickmansworth Herts WO3 4BP United
Kingdom, Voice: +44 1923-897477, FAX: +44 1923-897414.
Alan Leibert (al...@cardeurope.demon.co.uk), Director
Smart Card Industry Association (www.scia.org), 191 Clarksville Road
Princeton Junction, NJ 08550 USA Voice: +1 609-799-5654 FAX: +1
609-799-7032
Charles Cagliostro (ccagl...@scia.org).
Smart Card Forum (www.smartcardforum.org). 2000 L Street, NW, Suite 200,
Washington, DC 20036 USA Voice: +1 202-530-5306 FAX: +1 202-530-5307
Email: in...@smartcardforum.org, Donna Farmer, President & CEO.
Smart Card Alliance (www.smartcardalliance.org). This is a merger of
the two above organizations, SCIA and SCF. 26 Broadway, Suite 400,
New York, NY 10004, Phone: (212) 837-7713, Fax: (212) 837-7720
ACT Canada (www.actcda.com) 831 Miriam Road, Pickering, Ontario, L1W 1X7
Voice: +1 905-420-3520, FAX: +1 905-420-27297
AIM USA (www.aimusa.org) 634 Alpha Drive Pittsburgh, PA 15238-2802
Voice: +1 412-963-8588 FAX: +1 412-963-8753 Email: a...@aimusa.org,
Tomo Razmilovic, Board Chairman
Electronic Funds Transfer Association (www.efta.org) 950 Herndon Parkway,
Suite 390
Herndon, VA 22070 Voice: +1 703-435-9800 FAX: +1 703-435-7157 Lisa Eyler,
Director of Marketing
EuroSmart (www.eurosmart.com) Mr Lutz Martiny, Rue Montoyer, 47. B-1000
BRUSSELS.
Voice: +32 2-506-88-68, Email: in...@eurosmart.com,
Federal Smart Card Users Group, Financial Management Services
Department of the Treasury, 6449 Gildar Street, Alexandria, VA 22310
Voice: +1 703-971-6339, FAX: +1 703-971-6331
John G. Moore (john....@fms.sprint.com), Chairman
International Card Manufacturers Association (www.icma.com) 34-C Washington
Road Princeton Junction, NJ 08550 Voice: +1 609-799-4900 FAX: +1
609-799-7032
Justin D'Angelo, President
National Association of Campus Card Users (www.naccu.org) 21 Colony West,
Suite. 180, Durham, NC 27705, Voice: +1 919-403-2273 FAX: +1 919-403-1324
Global Chipcard Alliance (www.chipcard.org) 1420 Fifth Avenue, 22nd Floor
Suite 2222, Seattle, WA 98101, Seattle, Washington, USA, Voice: 206-613-4430
FAX: 206-613-4431
GlobalPlatform, PO Box 8999, San Francisco, CA 94128-8999, USA,
Voice: +1 650-432-4116, FAX: +1 650-432-3980.
9.5 Smart Card Centers and Laboratories
IBM Student Chipcard Innovation Team
http://www.iscit.surfnet.nl
Center for Information Technology Integration at the University of Michigan
http://www.citi.umich.edu/projects/sinciti/smartcard
Smart Card and Biometrics Group at Purdue University
http://www.cerias.purdue.edu/coast/projects/smartcard.html
9.6 Conferences
A schedule of upcoming smart card conferences is maintained by the Smart
Card Club (www.smartcardclub.co.uk/conferences.html). Notable are:
European Smart Card Application and Technology - held regularly in the
beginning of September.
Cards UK Exhibition & Conference - annual fall conference in London.
CARDIS Primarily academic and research center presentations. No "floor
show". Every eighteen months.
Cartes - The annual smart card show in Paris typically at the end of
October.
Cards Australia. Annual show down-under.
Asia Card Technology. New but rapidly growing show.
CardTech/SecurTech (www.ctst.com) conferences in the U.S. The proceedings
from these shows are useful summarizations of the current state of the
market.
Omnicard (www.omnicard.de) The leading German smart card conference.
9.7 Books
Mobile Application Development with SMS and the SIM Toolkit by Scott
Guthery and Mary Cronin ... $59.95 at
http://www.amazon.com/exec/obidos/ASIN/0071375406/smartcarddevelopA/
Smart Card Manufacturing: A Practical Guide by Yahya Haghiri and
Thomas Tarantino ... $135.00 at
http://www.amazon.com/exec/obidos/ASIN/0471497673/smartcarddevelopA/
Smart Cards: A Developer's Toolkit by Tim Jurgensen and Scott
Guthery ... $44.99 at
http://www.amazon.com/exec/obidos/ASIN/0130937304/smartcarddevelopA/
Get Smart : The Emergence of Smart Cards in the United States and their
Pivotal Role in Internet Commerce by Chuck Wilson ... $35 at
http://www.amazon.com/exec/obidos/ASIN/0967446058
Smart Card Security and Applications by Mike Hendry ... $79 at
http://www.amazon.com/exec/obidos/ASIN/1580531563/smartcarddevelopA/
Smart Cards: a Case Study (IBM SG24-5239) by Jorge Ferrari, Robert
Mackinnon,
Susan Poh, and Lakshman Yatawara ... $30 at www.redbooks.ibm.com.
Smart Cards: Seizing Strategic Business Opportunities by Catherine Allen and
William Barr (eds.) ... $26.25 at
http://www.amazon.com/exec/obidos/ASIN/0786311088/smartcarddevelopA/
Smart Cards: A Guide to Building and Managing Smart Card Applications by
Henry Dreifus and Thomas Monk ... $31.99 at
http://www.amazon.com/exec/obidos/ASIN/0471157481/smartcarddevelopA/
Smart Card Developers Kit (including a CD-ROM and a working smart card) by
Scott Guthery and Tim Jurgensen ... $79.95 at
http://www.amazon.com/exec/obidos/ASIN/1578700272/smartcarddevelopA/
Smart Cards: The Global Information Passport: Managing a Successful Smart
Card Program by Kaplan ... $44.95 at
http://www.amazon.com/exec/obidos/ASIN/0786311088/smartcarddevelopA/
Smart Card Handbook by Wolfgang Rankl and Wolfgang Effing ... $125.00 at
http://www.amazon.com/exec/obidos/ASIN/0471988758/smartcarddevelopA/
Smart Cards by Jose Luis Zoreda and Jose Manuel Oton ... $67.00 at
http://www.amazon.com/exec/obidos/ASIN/0890066876/smartdevelopA/
Smart Card Application Develoment Using Java ... $59.95 at
http://www.amazon.com/exec/obidos/ASIN/3540658297/smartdevelopA/
Java Card Technology for Smart Cards ... $39.95 at
http://www.amazon.com/exec/obidos/ASIN/0201703297/smartdevelopA/
9.8 Newsletters and News Release Sites
Personal Identification Newsletter (PIN), Warfel & Miller Publishing,
12300 Twinbrook Parkway #300, Rockville, MD, 20852, Voice: +1 301 881-6668
FAX: +1 301-881-2554, Email: Cards...@aol.com
Smart Card Monthly, Mr. Stephan Seidman, Editor & Publisher, P.O. Box
548, Lopez Island, WA 98261, Voice: +1 360-468-3570, FAX: +1 360-468-3571
Smart Cards and Comments, Mr. Jerome Svigals, Publisher, 221 Yarborough
Lane, Redwood City, CA 94061, Voice: +1 415-365-5920, FAX: +1 415-363-2198
The Nilson Report, Mr. H. Spencer Nilson , Publisher, P.O. Box 49936
(Barrington Station), Los Angeles, CA 90049, Voice: +1 310-396-0615,
FAX: +1 805-983-0792
World Card Technology, Ms. Jane Adams, International Managing Editor,
European Office: 42 Phoenix Court, Hawkins Road, Colchester, Essex CO2 8JY,
Voice: +44 31-337-3311, FAX: +44 31-337-7739
Smart Card News, PO Box 1383, Rottingdean Brighton, East Sussex
BN2 8WX United Kingdom Voice : +44 1273-236677, FAX : +44 1273-624433
Email: s...@pavilion.co.uk
Report on Smart Cards, 1333 H Street NW, Suiote 100-East, Washington, D.C.,
20005-4606, Voice: +1 202-842-0520, FAX: +1 202 842-3023, www.tr.com.
Card News, Phillips Business Information, 1201 Seven Locks Road,
P.O. Box 60037, Potomac, MD 20859-0037, Voice: +1 301-424-3338,
FAX: +1 301-309-3847, Email: clients...@phillips.com.
Card Technology, http://www.faulknergray.com/
Smart Card Central, http://www.smartcardcentral.com/
9.9 Consultants
These people can provide technical and marketing assistance in specifying,
designing, engineering and rolling-out a smart card program.
If you are smart card consultant and would like to be added to this list
simply send an e-mail to Scott Guthery (sgut...@mobile-mind.com).
Philip E. Andreae
E-Mail: phi...@andreae.com
1505 McCarthy Road
Eagan, MN 55121
Tel/Fax: +1 (651) 493 6771
Mobile: +1 (651) 308 5646
www.andreae.com
David Brich
E-Mail: da...@hyperion.co.uk
CONSULT HYPERION
Voice: +44 1483 301793
8 Frederick Sanger Road,
Guildford, Surrey, GU2 5YD, UK
Matthias Bruestle
E-Mail: matthias...@ecore.net
Siegertsbuehl 9
91077 Neunkirchen am Brand
Voice: +49-9134-995521
Fax: +49-9134-995722
Larry Carnes
E-Mail: larry....@prodigy.net
Voice: +1 409 684 1290
P.O. Box 1068
Crystal Beach, TX 77650 USA
Bonar Dickson
E-Mail: bo...@xicom.com.au
Voice: +61 2 6290 0850
FAX: +61 2 6290 0851
Mobile: +61 0408 499 086
Unit 5, Southlands House,
18-28 Mawson Place,
Mawson ACT 2607
Canberra, Australia
Ian Donald
E-Mail: dona...@iaccess.com.au
Voice: +61 3 9614 2400
FAX: +61 3 9614 2444
Level 2, 517 Flinders Lane
Melbourne Victoria 3000 Canada
Uli Dreifuerst
Open Domain Inc.
E-mail: u...@opendomain.com
Voice: 925-855-0558
FAX: 925-855-0460
9 Crow Canyon Court Suite 100
San Ramon, CA 94583
USA
Henry Dreifus
Dreifus Associates, Ltd.
E-Mail: in...@dreifus.com
Voice: +1 407 862-3398
P.O. Box 915746, Longwood,
FL 32791-5746 USA
Robert Elliott Phd
TekCard Corporation.
Voice 703.530-8144
Fax 703.530-8155
E-Mail Drb...@gte.net
143 Forrest St
Manassas Park Va. 20111
Scott Guthery
E-Mail: sgut...@rcn.com
Voice: +1 617 964 1798
Mobile: +1 617 290 3963
FAX: +1 617 795 1630
Tim Jurgensen
E-Mail: tmjur...@jump.net
Voice: +1 512 452 8090
Mobile: +1 512 965 4806
2720 Mt. Laurel Lane
Austin, TX 78703 USA
Klaus P. Karmann
E-Mail: kar...@t-online.de
European and German Patent Attorney
Franz-Albert-Str. 28c
80999 München
Germany
Voice: +49 700 PKarmann
Dmitriy Kruglyak
Aquave Group
E-Mail: dkru...@aquave.com
Voice: 650-329-0397
Mobile: 650-678-1480
www.aquave.com
METACA Corporation
460 Applewood Crescent,
Concord, Ontario, Canada L4K 4Z3
Tel. (905) 761-8222
Fax. (905) 761-8220
sa...@cards.ca
Micro Szience and Athena Five
25 Fell Mead, East Peckham,
Tonbridge, Kent, UK TN12 5EQ
Voice: +44 1622 873 102
Joe Naujokas
E-Mail: JA_Na...@compuserve.com
Naujokas & Associates
Peter J. Ognibene
Smart Card Development Services
E-mail: pjs...@aol.com
Voice: +1-301 434 8572
P.O. Box 3013
Silver Spring, Maryland 20918-3013
U.S.A.
Walter Oney
Consulting and Training
PC/SC drivers a specialty
http://www.oneysoft.com
E-Mail: walt...@oneysoft.com
Dr. Gerd Pfeiffer
Unternehmensberatung Dr. Gerd Pfeiffer
Hängerweg 2
D-34281 Gudensberg
Germany
Phone: +49 5603 911855
Email: in...@cardinsight.de
Jonathan Rosenne
QSM Programming Ltd.
E-Mail: ros...@qsm.co.il
Voice: + 972 3 561 2015
Mobile: + 972 54 246 522
FAX: + 972 3 561 6049
74 Petah Tiqva Road
P O Box 51298
Tel Aviv 67215
Israel
Jim Russell
Russell Technology Associates
E-Mail: jfrus...@aol.com
Voice: +1 302 234 3319
675 Montgomery Woods Drive,
Hockessin, DE 19707-9323 USA
Bill Shaw
Westbrook Systems
Email: bs...@connix.com
Voice: 860-399-5334
176 Dennison Road
Westbrook, CT 06498
Andrew W. Tarbox
Thornebrook Associates, LLC.
E-Mail: an...@thornebrook.com
Voice: +1 518 279 1000
FAX: +1 518 279 9677
Mobile +1 518-441-8810
PO Box 3038 (Center Brunswick)
Troy, New York 12181-3038 USA
Hardy Tichenor
E-Mail: in...@hardysoft.com
Voice: +1 415 331 5077
FAX: +1 415 331 5472
44 Edwards Avenue
Sausalito, CA 94965 USA
9.10 Smart Card Graphic Designers and Printers
These people can help you create the graphics to be printed
on a smart card and get the card produced.
If you are smart card designer or printer and would like to be added
to this list simply send an e-mail to Scott Guthery
(sgut...@mobile-mind.com).
Maria Nekam
Smart Card Design
Voice: +1 512 258 0758
Email: ne...@austin.rr.com
Paul Tripi or Jenny Baird
Data Manufacturing Inc.
Chesterfield, MO
Voice: +1 888 526 2273
http://www.datamfg.com
Micromodular Data Solutions
1582 Norman Avenue
Santa Clara CA 95054 USA
Voice: +1 408 986 9000
FAX: +1 408 986 9829
Email: sa...@micromodular.com
http://www.micromodular.com
Smart ID Card, Ltd.
450 N. Causeway Blvd., Suite D
Mandeville, LA 70448
Voice: +1 504 727 4865
FAX: +1 504 727 0133
Email: sa...@smartidcard.com
http://www.smartidcard.com
9.11 Smart Card Supplies (Card, readers, SDKs, etc.)
Alegra Technologies
Pittsburg, Pennsylvania USA
Jim Canfield
jcan...@alegratechnologies.com
Toll Free: 866-6ALEGRA
Phone: 412-771-7120
Fax: 412-771-7121
Bantry Technologies
25 Ballsbridge Terrace
Ballsbridge, Dublin 4
Ireland
Tel: +353 1 664 29 30
Fax: +353 1 664 29 33
http://www.bantry-technologies.com
CDN Print Plastic
91 Kelfield St, #6
Toronto, ON Canada
M9W-5A4
Tel: (1) 416.240.7775
Fax: (1) 416.241.0825
http://www.cdnprintplastic.com/index.htm
Dawar Technologies
1020 Ridge Avenue
Pittsburgh, PA 15233
Phone: 800-366-1904
Phone: 412-322-9900
http://www.dawar.com/
Digital Solutions
www.smartcard.bz
Gemplus
http://store.gemplus.com
Net Informatique Services
http://www.nis-infor.com/
Nexsmart Technologies
2102 business Center Dr. Suite 217
Irvine, CA 92612
U.S.A.
Tel: (949) 453-8588
Fax: (949) 453-8587
http://www.nexsmart.com/
Oak-Tech.com
Room 2607
APEC Plaza, 49 Hoi Yuen Road
Kwun Tong, Kowloon
Hong Kong
Phone: + (852) 2771 3898
FAX: + (852) 2771 3399
mar...@hkaok-tech.com
in...@hkoak-tech.com
http://www.hkoak-tech.com
Schlumberger Smart Card Store
http://www.scmegastore.com/
SDLOGIC Technologies, Inc.
545 Thrush Dr.
Big Bear Lake, CA 92315-1403 USA
SDLOGIC Toll-Free Phone - Sales (866) 524-7272
SDLOGIC Toll-Free Phone - Tech Support (866) 584-8697
SDLOGIC Fax - (909) 878-4733
Sales / Dealer Enquiries Email: sa...@sdlogic.com
Technical Support Email: techs...@sdlogic.com
http://www.sdlogic.com/index.asp
Smart Card Integrators
1380 W. Washington Blvd.
Los Angeles, CA 90007
+1 213 743 9181
in...@sci-s.com
http://www.sci-s.com
Smart Dynamics
3601 Wilson Blvd.
Suite 500
Arlington, VA 22201
Phone: (703) 312-7383
Fax: (703) 812-5190
http://www.smartdynamics.com/
SmartcardFocus
37 Kew Road,
Richmond,
Surrey TW9 2NQ,
UK
Voice (UK Customers): 0800 068 1219
Voice (Outside UK): +44 (0)20 8241 9596
Fax: +44 (0)20 8241 2192
http://www.smartcardfocus.com/
in...@smartcardfocus.com
SMART-SOLUTIONS.CA
PO Box 48143
Bedford, NS
B4A 3Z2
http://www.smart-solutions.ca/
in...@smart-solutions.ca
VCT
5200 Thatcher Road, Downers Grove, Illinois 60515
Telephone: (630) 852-5600
Fax: (630) 852-5817
Mr. Rome Jetté, Director Card Applications and Security (x265)
email: ro...@versacard.com
http://www.basiccardusa.com/
Towitoko Inc.
9155 Brown Deer Road, Suite 1
San Diego, CA 92121
Ph. (858) 622-2004
Fax. (858) 622-2011
http://www.towitoko.com/home.html
VFJ Technology
33 Brookhollow Ave
Norwest Business Park
Baulkham Hills, NSW 2153
Australia
Telephone: +61 2 8853 8000
Facsimile: +61 2 8853 8088
Email: in...@vfjtech.com.au
http://www.vfjtech.com.au/vfjhome.htm
Westai Media
http://www.westai.no/
ZeitControl
Cardsystems GmbH
Siedlerweg 39
D-32427 Minden
Germany
Tel.: +49 (0)571 50522-0
Fax: +49 (0)571 50522-99
eMail: in...@basiccard.com
http://basiccard.com/
9.11 Smart Card Collectors
Smart card collecting has ebbed and flowed over the years. Here's
a dated page of some folks that do or did at one time collect
smart cards:
http://www.cip.com.au/scard/collect.html
If you get hold a smart card you can't identify, there is a
list of smart card ATRs at
http://ludovic.rousseau.free.fr/softwares/pcsc-tools/smartcard_list.txt
9.12 Smart Card Applications
There are some innovative applications of smart cards
starting to appear. If you hear of any others, please
drop a line to sgut...@mobile-mind.com.
Games: http://www.kaosc.com
Web Access: http://www.britneyspears.com/smartflashcard/index.php
Entertainment: http://www.statcard.com
Medical: http://www.respironics.com
Medical: http://www.cpapman.com/respiron.html
Laundry: http://www.macgray.com