Smart Card Talk March 2012
•
a Smart Card Alliance ePublication
Steady Pace Needed For Steady Roll-Out Dear members and friends of the Alliance, This month has been filled with a flurry of activity. The imminent mash-up of EMV and NFC mobile payments for consumers and merchants has me simultaneously feeling optimistic about the future and pessimistic about the outcome. I’m enthusiastic about the new payments tools we have and yet have a sense of foreboding about the lack of experience in using the tools. I find myself wishing that we could move faster and worrying if there is enough time to get everything right. Then I realize I need to take a step back and think about things logically and rationally. I begin to listen to the experienced experts and not be influenced by news reports or industry analysts
who seem to be delivering projections without solid facts supporting those projections. So, here’s my relatively simple observation. I believe the correct path for the roll-out of EMV is to keep it easy and low cost for everyone, and then it can happen relatively quickly. Mobile payments should come after EMV and not be too closely intertwined with EMV at the start. I say this with complete sincerity, that sometimes we look for obstacles when there are none and seek solutions to the wrong set of problems. There are times when things fall into place the way they were meant to be. Please feel free to contact me if you have questions, or simply want to talk about all the great things happening in our industry. As always, thank you for your support of the Alliance. Click Here to Read Letter. …
• Volume 17 : Issue 3
In This Issue: ② Executive Director Letter >> ③ Latin America Letter >> ④ Member Profile >> ⑥ Feature Article >> ⑧ Council Reports >> ⑩ Members in the News >> ⑫ From the Alliance Office >> ⑫ Events Calendar >> About Smart Card Talk Smart Card Talk is the monthly e-newsletter published by the Smart Card Alliance to report on industry news, information and events and to provide highlights of Alliance activities and membership.
About the Smart Card Alliance
Feature Article:
Member Profile:
FIPS 201 established the set of technical standards for interoperable Federal PIV credentials. This month’s article provides an easy-to-use comparison of PIV, PIV-I and CIV credentials for organizations planning to implement standards-based identity credentialing programs. Click to Read More …
This month Smart Card Talk spoke with Michael J. Wilson, Partner, Managing-Director, Mass Transit, North America, with Accenture. Mr. Wilson has been with Accenture for more than 21 years in a variety of roles. Currently, he is responsible for defining Accenture’s industry offerings and point of views in mass transit and coordinating its relationship activities with existing and potentially new mass transit clients. Click to Read More …
A Comparison of PIV, PIV-I and CIV Credentials
Accenture
The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology.
191 Clarksville Road Princeton Junction, New Jersey 08550 1.800.556.6828 Fax: 1.609.799.7032 info@smartcardalliance.org www.smartcardalliance.org
executive director’s corner
Steady Pace Needed For Steady Roll-Out Dear members and friends of the Alliance, I do not consider myself “well read,” meaning that I am not a scholar by any means. So when I begin quoting Charles Dickens to search for the right phrase to express my mood over recent developments involving EMV, NFC, and mobile payments at the merchant point of sale, you know that something has me really perplexed. I feel like I am caught in Dickens-esque moment, best expressed by the opening lines of A Tale of Two Cities: “It was the best of times, it was the worst of times.” The novel about the 1775 French revolution and its opening phrase say a great deal about the current state of the big next generation payments technology shift that is about to begin in earnest – but the less familiar continuation of the quote describes it even better: “It was the age of wisdom, it was the age of foolishness; it was the epoch of belief, it was the epoch of incredulity; it was the season of Light, it was the season of Darkness; it was the spring of hope, it was the winter of despair; we had everything before us, we had nothing before us.” The Internet and print media have filled us with wild projections of success in the form of millions of NFC enabled devices and readers available soon, and tens of millions of NFC transactions soon after that, and hundreds of millions of NFC retail sales projected soon after that. Yet this month, several large retailers announced that they want something different than what the two main mobile payments schemes, Isis and Google Wallet, are offering. Those same few vocal merchants are promoting their own payments roadmap vision while rejecting the roadmap Visa and MasterCard have put forth. Many millions of dollars may be invested to recast payments using secure EMV chips and dual interface contact and contactless cards and compatible mobile incarnations of those EMV payments transactions for NFC-enabled phones. So, as Dickens phrased it, it is the season of light and it is the season of darkness all at once. We seem to be caught between the forces of change and the anxiety of the unknown. Before we have seen the
2
Smart Card Talk
first real penetration of mobile payments (the few hundred Google Wallet consumers don’t count yet), we have merchants wanting to change it. Before the first EMV cards make it into the hands of shoppers here in the U.S. and Canada (the 1 million EMV cards issued for international travelers notwithstanding), we have merchants asking for EMV 2.0 -- some imagined improvement on the existing 1 billion EMV cards used every day in the market. My hope is that all sides take a deep breath, exhale and relax! Listen to the people who have the experience and who manage the lion’s share of the risk if something goes wrong, and stop looking for hidden agendas in their actions. The roll-out of EMV does not have to be difficult and expensive and take many more years than it should. Merchants are not going to gain confidence in a new technology if that new technology is always changing into the next new technology. There is enough change management that has to happen for issuers, merchants, and processors to implement today’s technology. Why complicate matters even more by trying to reshape it into something new, different and future looking at the same time? Let EMV happen first. Get the issuance, acceptance and processing infrastructure moving together. Then let EMV for mobile happen next. Help the mobile networks and Internet services providers (Google and PayPal) ride the existing payments rails they have been traveling on and leverage the new acceptance environment that EMV migration is enabling -- before building new retail payments information highways in the cloud. That process alone is going to take at least five or perhaps ten years to build out completely. In three to five years, when the EMV and mobile payments migration is reaching a level of “normalcy” and the market has adjusted to all of the disruptive elements, then we can start to plan for the next, next generation of payments. If not, then what Dickens said may come true, that “we had everything before us, we had nothing before us.” Personally, I am holding out for the “great expectations” that I have of this industry, where we all step back, look at the opportunities we can leverage today, and allow the future of mobile payments to progress organically, in a time frame that is neither too short nor too distant. It is with that hope that I look forward to our next event, the NFC Solutions Summit 2012, May 22-24 in San Francisco. I hope you’ll join us for the ride.
Sincerely, Randy Vanderhoof Executive Director rvanderhoof@smartcardalliance.org
Dear members and friends of the Smart Card Alliance Latin America, We are very excited to announce that SCALA, in partnership with Reed Exhibitions, will host the first smart card conference, “Mexico – Smart Card Summit,” and training workshop within Expo Seguridad Mexico (ESM) on April 24-26, 2012 at Centro Banamex in Mexico City. After signing the agreement with Reed Exhibitions, it became clear that our goal is to deliver an extremely successful industry event, with no holds barred. Expo Seguridad is the premier security exhibition, seminar and conference program in Latin America. Industry experts will lead sessions on the use of smart card technology for a wide array of applications, including: • Digital security • Secure access control • Biometrics • Transportation • Healthcare • Government identity including electronic passports, driver’s licenses, national ID, government employee ID, and resident alien cards It’s always been important for SCALA to maintain its presence as the independent and impartial source of information in the market. As a result, during the Summit we will offer our widely
acclaimed smart card training program, “Smart Card Fundamentals,” for the first time in Mexico City, on April 24th. The addition of this training program ensures that we are continuing to educate and inform prospective customers and industries about smart card technology and its benefits. Those who attend the Smart Card Fundamentals course will receive comprehensive training that covers all aspects of the technology, components, benefits, markets influenced, and basic file structure which guarantees improvements in the security, logistics, management of information, and overall productivity. It should be noted that this course has been widely acclaimed by previous attendees. SCALA recently received extremely positive survey results from our past training -- 5’s and 4’s (exceeded expectations and very good, respectively) -- with satisfaction level hovering at 5. While the overall event will concentrate on the uses and benefits of smart card technology for civil registry, government ID, secure access control, biometrics, transportation and healthcare, we are confident that many of the attendees will be equally interested in our topics and exhibit. In my mind, it’s always been quality vs. quantity, which our attendees have come to expect from SCALA and Alliance conferences. In conclusion, whenever SCALA has a chance to gather members of the industry, who share our goals, objectives, desires, and the sense of greater purpose, it make our hard work in organizing these activities worthwhile. I encourage all of you to join us in the Mexico – Smart Card Summit in April and find out what more than 40 member organizations have already realized. Wishing all of you a wonderful March, Edgar Betts Associate Director, Smart Card Alliance Latin America (SCALA) Direct Line: +507-225-9089, email: ebetts@smartcardalliance.org
Smart Card Talk
3
latin america corner
“Mexico – Smart Card Summit”
member profile
This month Smart Card Talk spoke with Michael J. Wilson, Partner, Managing-Director, Mass Transit, North America, with Accenture. Mr. Wilson has been with Accenture for more than 21 years in a variety of roles. Currently, he is responsible for defining Accenture’s industry offerings and point of views in mass transit and coordinating its relationship activities with existing and potentially new mass transit clients. Mr. Wilson joined Accenture after his graduation from The University of Western Ontario-Richard Ivey School of Business, where he received an Honours BA in Business Administration.
1. Describe Accenture’s business and its main offerings: Accenture is a global management consulting, technology services and outsourcing company serving clients in more than 120 countries. We work with clients in multiple industry sectors to design and implement solutions based around smart card technologies. This includes ticketing and payment systems for mass transit providers and road tolling agencies, U.S. Federal agencies providing management and border control services, healthcare agencies and providers seeking to adopt electronic medical records, and financial services companies migrating to EMV compliance.
2. What role does smart card technology play in supporting your business? Smart card technologies form the key component in many of the solutions Accenture offers to clients around the globe: • In mass transit, we enable our clients to offer more convenient, more reliable and more sustainable services through adoption of smart card systems. For example, Accenture is currently implementing the Presto system, an
4
Smart Card Talk
electronic fare management system that serves two million commuters in the Greater Toronto and Hamilton area. To help clients overcome funding constraints, we have developed a cloud-based model that can be implemented significantly quicker than traditional e-ticketing systems, reducing costs for the agency. • Accenture works with U.S. federal agencies to support identity management, using smart card technologies. Since 2004, Accenture has been supporting the U.S. Visitor and Immigration Status Indicator Technology (US-VISIT) program, with specific operational responsibility for biometric identification. Currently, the biggest biometric identification system in the world, US-VISIT processes more than 300,000 encounters a day, with an average response time of 10 seconds. • Within the healthcare industry, Accenture is at the forefront of the adoption of electronic medical records, developing solutions based on smart card technologies. In 2011, Accenture helped Singapore launch one of the world’s first national electronic medical record systems, which captures a broad range of patient medical data for exchange among clinicians.
3. What trends do you see developing in the market that you hope to capitalize on? The key trend that will increasingly provide opportunities for consulting firms is the migration of smart card applications to mobile devices. This trend represents the next step in the evolution of smart card technologies. In the 1990s, the vision for smart cards was to provide a single platform for banking, identity, transportation payment and medical data. Today, the vision is for smart phones to perform this function. For example, by the end of 2012, 20 percent of all new mobile phones will be Near Field Communication (NFC)-enabled, providing consumers with an alternative payment method to the contactless smart card. In the transportation industry, for example, mass transit providers are using mobile applications to provide more convenient and personalized services to their passengers. This includes offering mobile payments services using bar codes, SMS texting or NFC technologies. While the opportunities in mobile ticketing are significant in terms of revenue growth and greater efficiency, transit providers need to ensure that the systems they choose to implement are reliable, scalable and can adapt to the changing the needs of their customers. Another significant trend is the increasing ability of companies to leverage customer insights they gain from smart card technologies. By capturing deeper customer data, companies can provide more personalized services to consumers (e.g., transit companies offering discounted travel at certain times of day, using dynamic pricing).
4. What obstacles to growth do you see that must be overcome to capitalize on these opportunities? The biggest challenge we face is educating the consumer to change behavior and adopt new technologies, whether that is new border control systems, e-ticketing systems on public transport, or automated road tolling systems. With the imminent adoption of EMV “chip and PIN” bank cards in the United States, this is likely to be a big challenge for card issuers. Another potential barrier to adoption is ensuring the security of customer data. As the data used in smart card technologies is increasingly embedded in other devices (e.g., mobile phones), the challenge of keeping the data secure increases and the opportunity for fraud grows. This problem is particularly acute in industries such as healthcare and government where personal identity data is particularly sensitive.
5. What do you see are the key factors driving smart card technology in government and commercial markets in the U.S.? People, governments and companies alike are increasingly concerned about identity fraud. This will be one of biggest factors driving smart card adoption, with smart cards offering the best technology for confirming identity credentials.
Convenience will also drive adoption. For example, in the mass transit space, governments view smart card technology adoption as a way to encourage greater mass transit use and increase operating efficiency, helping them keep within tight budgets. This has two important benefits: it alleviates congestion, by reducing the number of vehicles on the road; and it reduces overall energy consumption, helping cities meet their sustainability and carbon emission targets. Smart card technology also helps transit organizations achieve greater operating efficiency, reduce costs, and drive revenue growth by providing a platform to offer additional customer services.
6. How do you see your involvement in the Alliance and the industry councils helping your company? The Alliance is a great forum to both exchange ideas and advance the state of the art in smart card applications. The Alliance is also an authoritative source and industry spokesperson when it comes to promoting the benefits of RF or contactless technologies, and plays an important role in educating the consumer about smart cards. Our goal at Accenture is to contribute to the goals of the Alliance and bring information about cross-industry applications to members so that we help providers improve their products and our clients make smart investments. Since Accenture is technology agnostic, our approach is to support the technology solution that best meets the clients’ needs and work with many vendors. We think this open architecture philosophy yields great benefits for everyone in the industry.
7. How does Accenture envision the future evolution of smart card technology? Accenture anticipates a major shift toward mobility, from “cardcentric” data (i.e., smart cards embedded with chips) to data residing on mobile devices. For example, credit card identity data that used to reside on magnetic strips can now reside on mobile phones, which serve as payment devices. This will have a dramatic impact in mass transit, with paper tickets being replaced first by smart cards, and subsequently by mobile devices equipped with payment technologies (such as NFC). However, wherever the data resides (on a card, mobile phone or other mobile device), the issues concerning security and privacy remain and will continue to pose significant business and legal challenges.
Member point of contact:
Michael Wilson Partner, Managing-Director, Mass Transit, North America Accenture E-mail: michael.j.wilson@accenture.com Phone: +1 416-312-7539 Smart Card Talk
5
feature article
A Comparison of PIV, PIV-I and CIV Credentials Homeland Security Presidential Directive 12 (HSPD-12) mandates a standard for a secure and reliable form of identification to be used by all Federal employees and contractors. Signed by President George W. Bush in August 2004, HSPD-12 initiated
the development of a set of technical standards and issuance policies (Federal Information Processing Standard 201 [FIPS 201]) that create the Federal infrastructure required to deploy and support an identity credential that can be used and trusted across all Federal agencies for physical and logical access. The policy, processes and technology in FIPS 201 also reflect specifications defined in a number of other special publications (SPs) specifically written for FIPS 201 and build on other National Institute of Standards and Technology (NIST) standards and SPs that support best practices. Importantly these standards also build on international and national standards from organizations such as the Internet Engineering Task Force (IETF), the International Telecommunications Union (ITU), the Institute of Electrical and Electronics Engineers (IEEE), the International Organization for Standardization (ISO), the Organization for the Advancement of Structured Information Standards (OASIS) and others.
References and Notes
About this Article
[1] X.509 Certificate Policy for the Federal Bridge Certification Authority (FBCA), Version 2.25, December 9, 2011 [2] The FASC-N contains a federal agency code which is managed by NIST. PIV-I and CIV credential numbers (UUIDs) are generated by the
This article was developed by the Smart Card Alliance Access Control Council to provide an easy-to-use comparison of PIV, PIV-I and CIV credentials. Access Control Council members involved in the development of this white paper included: AMAG Technology; Booz Allen Hamilton; Diebold Security; Marty Frary; HP Enterprise Services; Identification Technology Partners; Identive Group; IDmachines; Intellisoft, Inc.; NASA; NXP Semiconductors; Oberthur Technologies; Probaris; Software House/Tyco; U.S. Department of State; XTec, Inc..
issuing organization. See NIST SP 800-87 for additional information. [3] The Smart Card Alliance Access Control Council selected the name CIV and documented the specifications that would define a credential that was technically compatible with the PIV specifications. [4] Personal Identity Verification Interoperability for Non-Federal Issuers, Version 1.0, Federal CIO Council, July 2010 [5] Personal Identity Verification Interoperable (PIV-I) Frequently Asked Questions (FAQ), Version 1.0, Federal CIO Council, June 28, 2010 [6] The Commercial Identity Verification (CIV) Credential – Leveraging FIPS 201 and the PIV Specifications, Smart Card Alliance Access Control Council white paper, October 2011 [7] Requires that the CIV credential have a medium hardware certificate. [8] Logical access includes: computer logon, digital signatures, network access, application access, data/communication encryption.
6
Two additional credentials have been defined – the Personal Identity VerificationInteroperable (PIV-I) and Commercial Identity Verification (CIV) credentials – with the goal of taking advantage of the infrastructure created by the Federal government’s PIV program. The policy, process and technology applied to each of these credentials result in a level of assurance and interoperability, and ultimately the extent to which it can be used and trusted in its intended application. As shown in the table below, the policy and process around PIV and PIV-I enable the interoperability and trust of the credential. The CIV credential definition was developed to define a commercial credential that could take advantage of the PIV infrastructure. Identity and credential infrastructure requires an additional investment in order to adhere to and maintain these policies and processes. In return, users and organizations can access identity and credential services in the commercial arena with many of the advantages enabled by the creation of the PIV infrastructure.
Smart Card Talk
About the Access Control Council The Access Control Council is focused on accelerating the widespread acceptance, use, and application of smart card technology for physical and logical access control. The group brings together, in an open forum, leading users and technologists from both the public and private sectors and works on activities that are important to the access control community and that will help expand smart card technology adoption in this important market. Additional information can be found on the Smart Card Alliance Web site, http://www.smartcardalliance.org.
PIV
PIV-I
CIV
Policy Breeder documents
Follows FIPS 201
Follows FIPS 201
Follows the issuing organization’s policies
Background checks
National Agency Check with Investigation
None required, directly impacts level of suitability for access
Follows the issuing organization’s policies
Process Application Adjudication Enrollment Issuance Activation
Follows FIPS 201, including separation of roles, strong biometric binding
Follows Federal Bridge cross-certification certificate policies [1] Follows SP 800-63-1 for Federal issuance Based on FIPS 201, including separation of roles, strong biometric binding
Follows the issuing organization’s policies For Federal relying parties, follows SP 800-63-1
Card data model
Must follow SP 800-73
Must follow SP 800-73
“Follows” SP 800-73 (recommended)
Current primary credential number
FASC-N [2] (requires Federal agency code)
UUID (no Federal agency code required)
UUID (recommended) (no Federal agency code required)
Object identifiers
Federal Bridge
Federal Bridge
Organization Internet Assigned Number Authority (IANA) (if exists)
Technology
Types of Federation and Levels of Assurance Trustworthiness
Trusted identity, creden- Trusted basic identity and credential tial and suitability but not suitability
Trusted credential only within the issuing organization.
Trust among organizations
Federal Bridge
Clustered alone
Clustered through Federal Bridge
Origin Organization
NIST
Federal CIO Council
Smart Card Alliance Access Control Council [3]
Defining documents
FIPS 201, SP 800-73 and other related NIST publications
Personal Identity Verification Interoperability for Non-Federal Issuers [4] FICAM PIV-I FAQ [5]
The Commercial Identity Verification (CIV) Credential– Leveraging FIPS 201 and the PIV Specifications [6]
Motivation
HSPD-12
Interoperable credential for organizations doing business with the government and for first responders
Commercial credential that could take advantage of the PIV infrastructure
Markets Organizations that may issue and/or use the credential
Federal agencies
Federal agencies Federal contractors Commercial organizations doing business with the Federal government State and local governments Critical infrastructure providers First responder organizations Commercial organizations who are part of an industry initiative and require an interoperable, trusted credential
Commercial organizations seeking a credential for use for their employees, subcontractors, non-employee visitors and customers Federal agencies who accept credentials with medium hardware assurance [7]
Resources that the credential may be used for
Credential can be used in a wide range of both employment-related and consumer-based transactions. Examples include physical access, logical access [8], mass transit, and closed loop payments. Smart Card Talk
7
council reports
Updates from the Alliance Industry Councils HEALTHCARE • The Healthcare Council is working on two projects: a brief on smart cards vs. biometrics-only solutions for healthcare applications; an update to the smart card technology in healthcare FAQ. • The Council’s LinkedIn group, Healthcare Identity Management, is open for discussion on healthcare identity security and management. The group is open to both members and non-members.
TRANSPORTATION • The Transportation Council is discussing possible projects and developing its 2012 project plan. • The Smart.Transit LinkedIn Group is open for discussion on transit payments. The group is open to both members and public transit agencies.
IDENTITY • The Identity Council published a new white paper, PIVInteroperable Credential Case Studies. The white paper documents the benefits of using PIV-interoperable credentials for enterprises and provides implementation case studies from Booz Allen Hamilton, the Commonwealth of Virginia, SAIC and XTec Incorporated -- organizations that are issuing or planning to issue PIV-I credentials. Identity Council members involved in the development of this white paper included: Booz Allen Hamilton; Consult Hyperion; Datacard Group; Deloitte & Touche LLP; GSA; HP Enterprise Services; IDenticard Systems, Inc.; Identification Technology Partners; Identive Group; IDmachines; Intellisoft, Inc.; NagraID Security; NXP Semiconductors; Probaris; SAIC; Software House/Tyco; XTec, Inc.. • The Council is starting a new project to develop a brief on mobile devices and identity.
Alliance Members: Participation in all current councils is open to any Smart Card Alliance member who wishes to contribute to the council projects. If you are interested in participating in any of the active councils, please contact Cathy Medich.
8
Smart Card Talk
PAYMENTS • The Payments Council is discussing possible projects and developing its 2012 project plan. • The Council’s LinkedIn group, Smart.Payments, is open for discussion on payments and fraud. The group is open to both members and non-members.
ACCESS CONTROL • The Access Control Council published a new brief, A Comparison of PIV, PIV-I and CIV Credentials. The brief provides an easy-to-use comparison of Personal Identity Verification (PIV), PIV-Interoperable (PIV-I) and Commercial Identity Verification (CIV) credentials. Access Control Council members involved in the development of this white paper included: AMAG Technology; Booz Allen Hamilton; Diebold Security; Marty Frary; HP Enterprise Services; Identification Technology Partners; Identive Group; IDmachines; Intellisoft, Inc.; NASA; NXP Semiconductors; Oberthur Technologies; Probaris; Software House/Tyco; U.S. Department of State; XTec, Inc. • The Council is starting a new project to develop a white paper on strong authentication using smart cards.
• Access Control Council members will be presenting in an ISC West pre-conference workshop, Standards-Based Secure Identity Credentials: Leveraging the Personal Identity Verification (PIV) Specifications for Commercial Credentialing Programs, on March 27, 2012, at the Sands Convention Center in Las Vegas, NV. This Smart Card Alliance Educational Institute workshop will provide commercial enterprises with an understanding of the PIV, PIV-I and CIV specifications and the physical and logical access applications that they can support in a converged credentialing program.
OTHER COUNCIL INFORMATION • Members-only council web pages are available at http:// www.smartcardalliance.org/councils. These are passwordprotected pages that contain council working and background documents and contact lists. Each Council area has a separate password since Councils may have different membership policies. If you are a Smart Card Alliance member and would like access to a council site, please contact Cathy Medich. • A Council meeting calendar is available on the members-only web site at http://www.smartcardalliance.org/pages/memberscouncil-resources. • If you are interested in forming or participating in an Alliance council, contact Cathy Medich.
Smart Card Talk
9
members in the news
Smart Card Alliance Announces Innovative Conference Agenda Format for its NFC Solutions Summit 2012 Princeton Junction, N.J., March 7, 2012–Attendees can expect a different and innovative educational experience each day during the NFC Solutions Summit 2012, the Smart Card Alliance said today, announcing new agenda format details and pre-conference workshop topics. The Summit, held in partnership with the NFC Forum, is May 22–24, 2012 at the Grand Hyatt San Francisco Airport Hotel in Burlingame, California.
Smart Card Alliance Identity Council and Access Control Council Release PIV-I Case Studies, Educational Resources on Secure Identity Credentials Princeton Junction, N.J., February 28, 2012–The Smart Card Alliance Identity Council and Access Control Council today released two new resources for individuals and organizations looking for more education on Personal Identity Verification (PIV), PIV-Interoperable (PIV-I), and Commercial Identity Verification (CIV) credentials. The white paper, ”PIV-Interoperable Credential Case Studies,” and the brief, ”A Comparison of PIV, PIV-I and CIV Credentials” are available for free download on the Smart Card Alliance website.
Gemalto and Sony establish Global Agreement for FeliCa / Near Field Communication Technology World Congress, Barcelona - Feb 28, 2012–Gemalto (Euronext NL0000400653 GTO), the world leader in Digital Security, and Sony Corporation have established an agreement to provide FeliCa / Near Field Communication (NFC) solutions globally. Under the agreement, Gemalto will incorporate FeliCa software technology into its UpTeq NFC SIM product lineup starting in 2012, offering mobile operators and service providers a more comprehensive range of mobile NFC services globally. The addition of FeliCa makes Gemalto’s UpTeq NFC SIM the secure element that can embed the world’s broadest set of applications, and with the highest level of privacy.
Gemalto Launches Highly Reliable, Next GenReady Wireless Connectivity Solution for M2M, NFC and 4G LTE Services End-to-end solution enables 100% coverage of operators’ subscriber base and provides a highly reliable environment for mission critical applications Mobile World Congress, Barcelona - Feb 28, 2012–Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, announces the launch of the Advanced Connectivity offer, an
10
Smart Card Talk
end-to-end solution allowing 100% success rate for the download and activation of mission critical applications including M2M, NFC and streaming multimedia content over LTE networks. Advanced Connectivity combines Gemalto’s Advanced Over-the-Air (OTA) platform and Advanced Universal Integrated Circuit Cards (UICC) fitted with automatic updating(1). The carrier grade efficiency of the Gemalto OTA platform has already been field-proven through a number of high-profile commercial LTE deployments, notably with NTT Docomo in Japan, as well as Metro PCS and Verizon Wireless in the U.S.
G&D Selected by Intel to Provide Trusted Service Management of Embedded Secure Elements for Mobile Device Platforms Munich/Barcelona, February 27, 2012–Giesecke & Devrient (G&D), a global security technology leader, has been selected by Intel to deliver lifecycle management of the embedded Secure Elements within Intel’s Smartphone Reference Device. G&D will manage the partitioning and key management of the embedded Secure Elements Over-the-Air. Embedded Secure Elements provide an additional protected area for security-sensitive applications such as payments and ticketing using NFC (Near Field Communication) technology.
G&D Provides NFC-Capable SIM Cards for Italy’s First Mobile Payment Pilot Project Munich, February 22, 2012–Leading technology group Giesecke & Devrient (G&D) is supplying NFC-capable SIM cards to Nòverca, an MVNO, for Italy’s very first pilot project for mobile payments launched by Banca Intesa Sanpaolo. Six hundred employees and customers of Banca Intesa Sanpaolo can now use their mobile phones to make contactless payments in the northern Italian cities of Milan and Turin at more than 3,000 POS (point of sale) terminals provided by Setefi, the payment institution of the Intesa Sanpaolo Group, for example in supermarkets and cafés.
Chase Selects Gemalto For Trusted Service Management Chase expands business relationship with Gemalto to include its enterprise-wide mobile payments platform Wilmington, Del - Feb 27, 2012– Chase (NYSE: JPM) announced today that it has selected Gemalto (Euronext NL0000400653 GTO), a leader in digital security, to provide its Trusted Service Management (TSM) solution for Chase’s enterprise-wide mobile payments platform. Gemalto’s TSM will provision and manage the credit and debit card data of Chase customers, validating authenticity and supporting information delivery over the air. The Isis™ mobile wallet, developed through a joint venture between AT&T Mobility, T-Mobile USA and Verizon Wireless, will be the first to benefit from this partnership.
Gemalto new Strong Authentication Solutions presented at RSA Conference Delivers enhanced security and superior convenience for Windows DirectAccess users
Oberthur Technologies leverages global EMV expertise and strong historical market presence in the US Largest EMV provider in the U.S.
RSA Conference 2012, SAN FRANCISCO - Feb 27, 2012 - Gemalto, the world leader in digital security, will be demonstrating its broad range of strong authentication and one-time password (OTP) solutions, and the introduction of OTP login with Windows DirectAccess for remote and on-premise employees. The integrated security-enhanced solution will allow corporate users to securely logon to their network from a computing device running Windows 7 without the need for a conventional VPN.
Nanterre, February 20th, 2012–Oberthur Technologies, the world’s second largest provider of security and identification solutions and services based on smart card technologies, announced today that it shipped over 2.5 million EMV cards to US banks and credit unions, which made it the largest EMV provider in the U.S. for 2011. Oberthur Technologies additionally noted that it currently has fifteen active EMV programs in the US–more than doubling its EMV programs in just six months.
Gemalto Launches UpTeq NFC: the EMVready Advanced SIM Vault with Unmatched Security and Enhanced Post-issuance Servicing Capabilities
Gemalto Wins 2012 Cloud Award for Security Innovation
Increase ROI from post-issuance features enabling chip-payment level of protection for handling credentials and downloading applications after it is issued to consumers, and reduced complexity and risks. With the most comprehensive security certifications. Mobile World Congress, Barcelona - Feb 27, 2012–Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, launches the new UpTeq NFC SIM vault to offer mobile operators higher return on investment from their NFC roll-outs, and unmatched security for protecting mobile transactions. The powerful and robust new SIM has attained more security certifications from independent authorities and to the highest level possible. This enables mobile operators to install and manage a wealth of new NFC services even after issuing it to end users. This new flagship product from Gemalto combines the remote management expertise and security know-how that Gemalto has acquired from its extensive engagements across key digital security markets worldwide, creating the trusted environment for the mass deployment of mobile contactless services. UpTeq NFC is immediately available on order.
Gemalto Showcasing New Innovations in NFC, M2M and LTE at Mobile World Congress 2012 Mobile World Congress, Barcelona - Feb 27, 2012–Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, will showcase a broad range of innovations in the NFC, M2M and LTE domains at the Mobile World Congress 2012. Visitors can discover and view demonstrations on various mobile software and services as well as new secure personal devices designed to support mobile network operators in their strategy to develop a unified channel between various service providers and the ever growing subscriber population.
Award recognizes Gemalto’s expertise in securing cloud computing for enterprise applications Amsterdam, Feb 16, 2012–Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, announces it won the Security Innovation award in the inaugural 2012 Cloud Awards program. Gemalto was recognized for its Protiva Strong Authentication Service, a robust strong authentication platform that enables secure access to cloud resources and applications. This service delivers a full suite of security features including access control, data encryption and versatile authentication making the transition to cloud computing simple and cost effective.
Smart Card Alliance to Provide Identity Credentialing Workshop, Security Pavilion, and Certification Exam at ISC West 2012 PRINCETON JUNCTION, N.J., FEBRUARY 15, 2012–The Smart Card Alliance today announced its return to ISC West for 2012 with a new workshop, a smart card security technology pavilion, and a certification training course and exam for the Smart Card Certified Industry Professional/Government (CSCIP/G) designation. ISC West will be held March 27-30 at the Sands Expo Convention Center in Las Vegas, Nevada; the conference program will take place March 27-29 and the expo will take place March 28-30.
Members submit news each month to the Smart Card Alliance, with news items highlighted on the Alliance web site and in the monthly news letter. Members are invited to submit their news releases (as a Word document) to news@smartcardalliance.org to contribute to the Members in the News content.
Smart Card Talk
11
events calendar
SCALA Smart Card Summit At Expo Seguridad 2012 - Mexico April 24-26, 2012
NEW CSCIP Members Jay Schwisow
CPI Card Group
Feb. 2012
ALLIANCE IN THE NEWS NFC Solutions Summit 2012
A joint Smart Card Alliance and NFC Forum event San Francisco, CA May 22-24, 2012
EMV Tour-Ecuador
A joint SCALA and PaymentMedia event Quito, Ecuador June 6, 2012
Cardware 2012: Payment Insights June 19-20, 2012 Marriott Gateway on the Falls Niagara Falls, ON, Canada
Smart Card Alliance Government Conference 2012 Walter E. Washington Convention Center Washington, DC November 28-30, 2012
from the alliance office
Cartes 2012
November 6-8, 2012 Paris, FRANCE
WEB SITE NEWS Updated web content: • 2012 Payments Summit proceedings (members-only) • New brief, A Comparison of PIV, PIV-I and CIV Credentials • New white paper, PIV-Interoperable Case Studies • Update to Business Opportunities web page • Added graphic for 2012 Government Conference • Added content to NFC Solutions Summit page • Uploaded content for Mexico-Smart Card Summit
FEBRUARY 2012 WEB STATISTICS • • • • • • •
97,317 visitor sessions for the month 3,355 visitor sessions per day 382,627 total page views for the month 133,079 Industry News items viewed 835 Card Reader Catalog items displayed 17,174 PDF downloads 19,290 Product and Service Directory page views
If you have any suggestions on content that you’d like to see on the Alliance web site, please send them to info@smartcardalliance.org. 12
Smart Card Talk
The Alliance has an active communications program to promote industry messages in business, vertical market, and technology publications. Coverage results from both Alliance press releases and interviews with publications writing articles about smart cards. Selected recent coverage is shown below with links to online articles. • American Banker, 3/5/2012, Retailers Build Their Own Mobile Wallet, Seeking Security and Control • American Banker, 2/3/2012, MC: Pick Any Chip-Card Security You Want, as Long as It’s PIN • Bank Systems & Technology, 2/1/2012, MasterCard Says U.S. EMV Adoption is Key to Next-Gen Payments • Banking Strategies, 2/10/2012, Mobile Primer: What Does it All Mean? • DigitalID News, 3/1/2012, Smart Card Alliance councils release PIV-I educational resources • HealthID News, 2/21/2012, The Business Case for Health IDs • ISO & Agent, 2/1/2012, MasterCard EMV Liability Standard Leans Toward Chip-And-PIN • Near Field Communications World, 2/8/2012, Isis discusses Salt Lake City NFC pilot plans • Near Field Communications World, 2/7/2012, Smart Card Alliance publishes NFC transit white paper • NFC Magazine, 3/7/2012, NFC Solutions Summit 2012 • NFC News, 2/14/2012, Report: Strong growth for NFC mobile ticketing to 2016 • NFC News, 2/9/2012, Salt Lake gears up for NFC summer • NFC News, 2/7/2012, Smart Card Alliance releases NFC transit report • Payments Source, 3/5/2012, Rattling Their Own M-Wallet Initiative, Retailers Look For Better Security, Control • RFID News, 2/9/2012, Smart Card Alliance White Paper Explores Possibilities for NFC • Salt Lake Tribune, 2/10/2012, Salt Lake a testing ground for new way to pay • SecureID News, 3/1/2012, Smart Card Alliance councils release PIV-I educational resources • SecureID News, 2/21/2012, The Business Case for Health IDs • SecureID News, 2/17/2012, Smart Card Alliance to lead certification training and exam at ISC West • Security Systems News, 2/29/2012, What you need to know about PIV • Storefront Backtalk, 3/8/2012, Revolt Over Interchange: Home Depot, Wal-Mart Lead Way • Storefront Backtalk, 2/2/2012, The Never-Ending Dance Of Contactless Security • The Green Sheet, 2/13/2012, Visa says PIN unnecessary for EMV in U.S.
The Industry’s Leaders Join Forces to Present a Comprehensive $POGFSFODF 4IPXDBTF GPS UIF &OUJSF /'$ 7BMVF $IBJO
NFC Solutions Summit 2012
A Joint Presentation by:
Smart Secure Mobile Payments and Non-Financial NFC Apps .BZ t )ZBUU 3FHFODZ 4BO 'SBODJTDP "JSQPSU #VSMJOHBNF $BMJGPSOJB 1SF DPOGFSFODF XPSLTIPQT .BZ
The Smart Card Alliance and the NFC Forum are pleased to present NFC Solutions Summit— the first comprehensive American showcase for the burgeoning technology of Near Field Communications. The NFC Solutions Summit will cover the state of this promising technology, developments in new NFC devices and add-ons, the status of the growing NFC ecosystem, the promise of NFC-enabled payments and other popular applications, NFC implementation, and American and international market forecasts. In 2012 NFC technology will be widely available in new smart phone handsets, enabling quick transactions, ticketing, digital content exchange, secure identification, social networking and communication between electronic devices. The authoritative expertise of the NFC Forum and Smart Card Alliance will create the interest and momentum necessary bring together a broad base of industry players. The conference will feature leaders from every relevant sector for an interactive, instructive forum on the business issues, implementation milestones, and technology advancements happening in NFC markets.
Conference Agenda Built on a Broad Base of Association Expertise The conference presentations will leverage the extensive experience and resources of Smart Card Alliance and NFC Forum, both widely regarded as leading voices for the application of this technology. Conference content will include: Standards and Technology: Smart Phones and Devices, NFC System Architectures, Standards for Trusted Service Manager (TSM), and NFC Forum Specifications Security and Applications Management: Security Architectures for NFC, Bank Card Payments Application Security, Identity Credentials Storage in NFC Devices, NFC Secure Element Architectures, NFC Application Download and Management Implementation and Applications Topics: Financial Service Applications, Identity and Security Applications, Ticketing and Fare Collection Applications, Retail Applications
In Ă‚ the Ă‚ Technology Ă‚ Capital Ă‚ of Ă‚ the Ă‚ Americas NFC Solutions Summit will take place at the Hyatt Regency San Francisco Airport, a high-quality, self-contained conference venue with easy access for both domestic and international participants, only 20 minutes from the many attractions of San Francisco, and 30 minutes from the high-tech industry leaders of Silicon Valley.
Market and Business Model Topics: Challenges and Opportunities for Financial Institutions, NFC Business Partnership Opportunities and Challenges, Use Cases for NFC, Reports on Commercial Services and Pilots
Exhibit and Sponsorship Opportunities Available. Contact Bill Rutledge at +1-212-866-2169 | bill@cnxtd.com
4UBZ 5VOFE 3FHJTUSBUJPO 0QFOT JO 0DUPCFS t XXX TNBSUDBSEBMMJBODF PSH