NXP Semiconductors announced that its MIFARE Plus contactless smart card CPU IC (MF1PLUSx0y1) has been awarded Common Criteria EAL 4+ certification by the German Federal Office for Information Security.

NXP has also announced the successful performance of MIFARE Plus in independent security reviews conducted by cryptography experts from the Ruhr-Universität in Germany and the Katholieke Universiteit Leuven in Belgium.

MIFARE Plus technology features 128-bit Advanced Encryption Standard (AES) and supports migration from existing MIFARE Classic implementations. The contactless microcontroller IC offers an upgrade path for system integrators and operators wishing to implement additional layers of security to their automatic fare collection, access management and micro-payment installations.

The Common Criteria certification validates correct implementation of the promised security features, evaluates attack resistance and allows systems integrators to assess the security quality of similar products.

Smart card manufacturers Giesecke & Devrient (G&D) and Oberthur Technologies, and chip suppliers Infineon Technologies AG and INSIDE Contactless have announced the launch of an industry initiative to provide “a new security solution for next-generation smart card based public transport applications. The solution will build on an open standard now being implemented by the four partner companies, which will eventually be governed by an independent body. Companies active in the smart card arena - providers of chips, smart cards, application-specific operating software, reader devices and transportation systems - are invited to join the initiative for the advancement of more secure public transportation applications.”

The new standard promises to bring a number of key benefits to both public transport agencies and smart card industry players, including higher performance and advanced system security for public transport applications, as well as the availability of multiple sources for chip products. Through independent testing, the open standard will also provide optimized interoperability to enable simple and fast integration into public transport schemes. The first emulation chips and transportation smart cards using this standard are scheduled to be available by the end of 2010.

The industry initiative is based on groundwork performed by Infineon, the world’s number one chip card IC (integrated circuits) provider. Infineon has developed a hardware-based security system specifically suited for public transportation smart card applications. It is comprised of a specific authentication scheme using the open and well-accepted Advanced Encryption Standard (AES) with 128-bit key length and file types and command sets based on the ISO/IEC 7816 standard. Employing AES, an encryption algorithm also used for commercial transactions, will significantly increase security over less-robust security schemes widely used in current public transportation systems. Using the encryption and secure messaging scheme for authentication, data encryption and Message Authentication Coding (MACing) allows high flexibility and fast adoption for different applications. Infineon, which has already started its own chip development based on the open standard security system, has verified the feasibility of the authentication scheme, enabling the other manufacturers to start their development work immediately.

The fabless semiconductor company INSIDE Contactless, the world’s largest chip provider for contactless payment cards, has already signed an agreement with Infineon to implement the security scheme for its chip platforms. In addition, two of the world’s top three card manufacturers, G&D and Oberthur Technologies, have already agreed to develop public transport applications based on the scheme.

“INSIDE Contactless is proud to be among the initial partner companies of this new initiative, and we are eager to contribute our experience and develop products for this effort as an advanced, open standard is very much needed especially for higher value transport smart cards, which might eventually converge with payment cards,” said Remy de Tonnac, CEO at INSIDE Contactless. “With the convergence of contactless payments and transit fare collection in contactless smart cards and NFC enabled mobile phones, INSIDE envisions implementation to the open security standard across all our product lines.”

“We see a strong trend towards convergence of secure solutions for transit, between tickets and mobile phones with NFC, and between transit and other payment schemes. As a major player in all these markets, G&D is committed to play a key role in achieving open standards needed to support this convergence. This initiative provides an attractive alternative to existing technologies, and G&D will fully support it with its application security expertise,” said Willem Bulthuis, CTO and Group Vice President of Giesecke & Devrient.

“Oberthur Technologies has always supported open standards. As a major actor in the public transportation market segment, we will actively participate in this initiative which aims at delivering increased interoperability and security at lower cost. This open standard will facilitate the deployment of transit systems using multiple end-user devices including multi-application payment cards and NFC phones,” said FrŽdŽric Chevreton, General Manager of the Payment and Transport Product Line at the Card Systems Division of Oberthur Technologies.

“This initiative of four smart card heavyweights sets forth a new open platform with enhanced security compared to current solutions in public transportation, one of the fastest growing smart card segments,” said Dr. Helmut Gassel, President of the Chip Card & Security Division at Infineon Technologies. “Open systems provide global interoperability of reliable components from multiple sources under fair and reasonable business terms. Infineon contributes contactless excellence and tailored security with the right level of security at best cost-performance ratio to help to advance both current and future transportation applications.”

One of the largest deployments of healthcare smart cards in the world is on hold, pending review of the security and confidentiality of the program, which was intended to mobilize health data for 80 million people in Germany.
Citing a BMJ report, E-Health Europe says that the new coalition government in Germany will take a closer look at how to safeguard health information on electronic cards, in response to long-held concerns from physicians and security consultants. German Health Minister Philipp Rösler says that the rollout for now will be restricted to certain trial areas and will keep most clinical information off the cards. Instead, the cards will contain only a photograph, patient demographic information and insurance status. With patient consent, the health officials will add a limited clinical record for emergency use only.
The program has been plagued with delays and cost overruns for several years. All 80 million people on German health plans were to be using the cards at clinics, hospitals and pharmacies nationwide by January 2006.

Read more: Germany halts smart-card program for security review - FierceMobileHealthcare http://www.fiercemobilehealthcare.com/story/germany-halts-smart-card-program-security-review/2010-01-26#ixzz0vHZtko1u
Subscribe: http://www.fiercemobilehealthcare.com/signup?sourceform=Viral-Tynt-FierceMobileHealthcare-FierceMobileHealthcare

ORCA transit smart cards will be available for free through Feb. 28.
Starting March 1, a standard adult or youth ORCA card will cost $5. The free-card promotion had been scheduled to end Jan. 31.
ORCA — for One Regional Card for All — is a collaboration between Metro Transit and transit systems in King, Kitsap, Snohomish and Pierce counties. The plastic card contains a microprocessor; cards come equipped with a so-called e-purse function to allow riders to preload fares onto the card. Customers can also purchase a pass product, like a monthly PugetPass, and then load it onto the smart card.
Buy a card online here or at a Sound Transit vending machine. Standard adult ORCA cards can be purchased from any ticket machine at Central Link light rail stations or Sounder commuter rail stations. Central Link is open seven days a week, so riders can pick up a card at the locations 24/7.
Order a card by phone at 888-988-6722 toll-free.
Or pick up a card at the Metro sales office on the mezzanine level of Westlake Tunnel Station and Metro headquarters in the King Street Center building, 201 S. Jackson St., Seattle. The office will be open Saturdays from Jan. 30 through the end of February.
Transit officials said the extended free-card promotion should help ease the transition to ORCA and reduce the rush for the cards at customer service centers. Each of the ORCA partner agencies took special measures, like increased staff at ticket locations, to meet the high demand.

The Smart Card Alliance has been invited by the organizers of RSA Conference 2010 to deliver a special one-day tutorial for security professionals interested in overcoming identity management challenges presented by new and changing security regulations, compliance considerations, and data breach threats. This is the fifth consecutive year that the Smart Card Alliance has provided an educational workshop on the use of smart card technology for information security at the RSA Conference, the world’s leading information security conferences and expositions.
The Alliance’s three-part tutorial, “Smart Cards and Identity Management for Public and Private Enterprises” (TUT-M11), will be held Monday, March 1st from 9:00 A.M. to 5:00 P.M.
“Professionals in the enterprise security business are changing their approaches to security policy, identity management, and authentication. They are looking for strong solutions to securely establish identities, as well as to authenticate those identities for both physical and logical access,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “To this end, we have drawn on the expertise of our membership to create this full day tutorial that details the role of smart cards for strong identity management.”
The tutorial will discuss the ways to establish an identity, transform identity attributes into digital credentials, and assign privileges associated with that identity. Presenters will also explain methods for presenting the credentials in a secure, authenticated manner for physical and logical access, and explore real-life use cases for large-scale identity systems.
Security and identity management expert presenters are: Stephen Howard, vice president of operations, CertiPath; Gerald Smith, senior consultant, ID Technology Partners; Iana Bohmer, director identity management, Northrop Grumman; Chris Williams, corporate IT security controls, SAIC; and Bryan Ichikawa, vice president of identity solutions, federal systems, Unisys. Also, Randy Vanderhoof, executive director, Smart Card Alliance, will be moderating the session and giving an update on government and commercial implementations of secure identification and information technology security market trends.

Mediterranean Smart Cards Company (MSCC) recently announced that its Payment Card Industry (PCI) Compliance certification as a smart card processing provider has been renewed. For the second year, MSCC received the highest level of compliance by an international team of auditors. As a PCI member organization, MSCC works with the Council to evolve the PCI Data Security Standard (DSS) and other payment card data protection standards.

”As the Egyptian banking sector continues to grow more sophisticated, all stakeholders have an interest in ensuring consumer payment data is protected,” said Hoda Shoukry, MSCC Managing Director. “MSCC is continually working to upgrade our technology and implement international best practices as demonstrated by the renewal of our PCI DSS certification. With more consumers using electronic payment cards, our mission continues to provide the most efficient, secure, and accurate smart card processing services throughout the region’s payment card industry.”

For most people, the switch to an ORCA transit card is simple. They either apply online, get a subsidized card at work or tap the screen at any ticket-vending machine at any Sound Transit rail station.

But far more effort is demanded from people who are elderly or disabled.

Since December, thousands have had to find their way to a King County Metro customer-service counter downtown. Earlier this month, they waited in lines up to an hour or more to prove to the next available customer-service representative that they qualified for a discounted fare pass.

“It’s completely unacceptable that people had to wait that long,” King County Executive Dow Constantine said Thursday. He and Metro manager Kevin Desmond said they will improve customer service, including a boost in personnel at customer centers. Also, a $5 fee for adult customers to get a new ORCA card is being delayed until March 1, instead of the earlier Feb. 1 deadline, transit managers announced today. There are only two places in all of King County where seniors can go for discounted fare passes — the Metro customer-service stop in Westlake Station and Metro headquarters in Pioneer Square.

The disabled must report to Metro headquarters. That’s because disabled passes require photographs and other computer equipment that’s only available at that office.

The two sites also serve the general public, including many youth, non-English speaking, and other customers.

ORCA (One Regional Card for All) was launched last year after six years of development and testing. The single “smart card” now is used on buses, trains, streetcars and ferries in four counties, replacing some 300 kinds of passes and transfers.

The smart card is meant to simplify travel. But the changeover has been a hassle for thousands of people.

“I guess it’s a minor nuisance, in the scheme of things” said Howard Johnson, 71, who bused from Bellevue last week to wait in line at Westlake Station, where it took an hour to swap his old senior card for a new ORCA senior card.

People are willing to make the effort for the savings that come with a senior or disabled permit — for instance, a senior or disabled monthly pass is $18 per month for travel in both Seattle and the suburbs, compared to $99 for a similar adult pass.

ORCA is gradually replacing other all other passes as they expire this year. People who are using an annual pass issued in 2009 need not switch to ORCA until their old passes expire.

Earlier this month, a few seniors waited up to 90 minutes. A one-hour wait was typical last week, but times improved this week, to 30-45 minutes Thursday and only a few minutes today — although Desmond called this a mid-month lull, and expects another surge.

“I hated seeing the lines,” he said. “It’s not what we wanted to put our customers through.”

After the first December wave, Metro supervisors began walking up to people in the lines, taking questions with kindness and patience. Often, they escort an adult to the nearby ticket machines, for a quick transaction.

But at Westlake Station, only two and sometimes one of the three windows is manned. Metro cites high costs. Desmond said he plans to staff all windows at Westlake, once new people are trained Jan. 25 and absorb the overtime cost later.

Sound Transit spokesman Geoff Patrick emphasized that this winter’s inconvenience is a one-time situation. Once they get ORCA cards, people won’t need renew them every year at a service window.

Part of the problem is that many adults are yet unaware they can get ORCA online or through ticket machines — without a wait.

Winter’s rush happened partly because of ORCA publicity and news coverage about the big changeover for 2010. Many riders worried about getting hit with a $5 card fee or that their current passes would become invalid — though transit officials clarified this week that the situation is actually less severe. More people have been obtaining cards in person than online.

There are no suburban outlets, not even an ORCAmobile to barnstorm the county. Transit staffers did visit senior centers in 2009 — an effort that is going to be increased the next few weeks, to educate people and take card sign-ups, Desmond pledged.

Seeking ORCA

Two middle-aged women, Marci Carpenter and Kay Burrows, finished their pancake breakfast and caught a bus downtown, to convert their transit passes to the new ORCA smart-card.

They sought disabled reduced-fare cards, because both are blind. They took their place at the rear of the line in Westlake Station.

A few minutes later, a Metro employee showed up, explaining they had to go down to 201 S. Jackson St., the only place where Metro keeps photographic and computer equipment to collect mug shots for passes for disabled people.

The two women descended into the tunnel and caught a bus to the International District/Chinatown station. Tapping their white canes, they found the escalator to street level, became separated crossing Fourth Avenue South, but reunited to reach Metro headquarters, behind 40 people in line. “It’s better than it’s been,” a transit supervisor said.

Carpenter’s back is damaged because of a car crash, and Burrows has a hip disorder, so they both sat on a padded bench. After an hour, the supervisor called them forward at what was their turn in line.

Carpenter waved her new ORCA card in front of her face.

“Free at last!” she said. “Free at last.”

Huge demand

The crush of card applications is far greater than Metro anticipated.

The agency processed almost 4,000 reduced-fare passes in December, more than triple the normal volume. It takes about 20 minutes per customer to answer questions, take pictures and register someone for disabled passes, Desmond said.

Desmond is both pleased and caught off-guard at what he called the public’s very fast adoption of smart-card technology. About 154,000 daily rides — almost one-third of the regional total — have been made already by ORCA this month.

The Yemeni-Emirates joint committee held official talks here on Monday to discuss arrangements and procedures to implement the Smart Card Project in Yemen.

Minister of Planning and International Cooperation Abdul-Karim al-Arhabi, who chaired the talks session, noted that the smart card project to be implemented in cooperation with UAE is one of the important and vital projects.

The project would revolutionize the quality of work of the Civil Status and Civil Registration Authority in our country and establish an extensive database of civil registration, so at to contribute to succeeding the development plans, al-Arhabi indicated.

He called upon the committee to mover forward to succeed the project and discuss the appropriate mechanisms for its implementation and identify its priorities and examine the possibility to avail from the current databases to form a national database required by the smart card.

Al-Arhabi praised the UAE’s role in supporting development process in our country.

For his part, Head of the UAE side in the joint committee, Nasser Al Mazrui, presented an explanation on the UAE’s successful experience in the use of smart card, reviewing a number of technical aspects relating to the project and its benefits in different fields, topped by field of security and crime control as well as various economic ,health and other practical fields.

He noted to the importance of the smart card in the e-government system when it is created in the future, stressing the readiness of the UAE to cooperate fully to succeed the smart card project in our country.

In the talks, Undersecretary of Internal Ministry and Head of Yemeni side in the joint committee, Ryiad al-Qurashi, affirmed that the smart card project is a strategic project via which the ministry seeks to develop the system of the civil status and civil registration authority in our country.

Al-Qurashi expected to establish the smart card project in Yemen within two to three years.

Radio-chipped smart card technology is a more efficient way of making sure all skiers have paid before they hit the slopes, according to an assistant police chief.

The Denver Post reported that the new smart cards, which were introduced at many ski resorts across Colorado last year, were originally designed to cut queues, but have had the added benefit of helping to catch more fraudsters in the act.

Greg Morrison of the Breckenridge police commented that there is a “misconception” that it is easier for people to sneak onto the slopes without paying because the new cards are less visible than the old passes, which needed to be scanned visually.

His statement was echoed by Aspen Skiing Co spokesman Jeff Hanle, who commented that the new passes allow resorts to monitor potential fraudsters more closely.

Skiers are not the only people to benefit from shorter queues thanks to smart card technology. In the UK, season ticket holders and members of Bristol City Football Club use smart cards to gain access to matches, while passengers on Arriva buses in Bolton use sQuid cashless payments to travel.

A date representation software bug, the kind that didn’t hit in the year 2000, has caused problems for holders of millions of German credit card and automatic teller machine cards.

The German Savings Banks and Giro Association (DSGV) has issued a statement (in German) outlining that the problem hit as German card users tried to conduct transactions in the New Year. According to DSGV some 20 million ATM cards and 3.5 million credit cards are affected.

The card holders are being advised to carry cash as well as their cards in case the cards do not work. But as in most cases they need the cards to get cash from ATMs the advice could be seen as problematic.

Gemalto NV (Amsterdam, The Netherlands), the descendent company of chip-in-card pioneer Gemplus, more or less confessed to being responsible for the problem when it said that it is a major supplier to German banks and has been working on investigating and fixing the problem since it first came to light on Sunday (Jan. 3).

Oberthur Technologies SA (Levallois-Perret, France) said that cards that it had manufactured were not impacted and continue to function normally. Banking cards with chip modules from Giesecke & Devrient GmbH are also working properly. “No card with a G&D chip module has caused any difficulties at ATMs or points of sale,” the compay said, in a statement.

Gemalto said it is working with German banks to develop a “corrective process” that would avoid the replacement of the affected cards and that some of the cards are now being accepted by ATMs and point-of-sale terminals. Gemalto payment cards issued for other countries are not affected, the company said.

“We are fully focused on minimizing the inconvenience for the cardholders. As a partner, we will of course meet our contractual obligations, and continue to support our clients,” said Olivier Piou, chief executive officer of Gemalto, in a statement. “We trust that we will promptly deploy a solution with our German customers to return to full normal operation.”

Some estimates have put the cost of replacing the cards at up to $350 million, depending on how many cards must be replaced. It is not yet clear how much compensation German banks and Gemalto will be liable for because of the bug.

Gemalto is a major supplier of chip-in-card products, such as subscriber identification modules (SIM), Universal Integrated Circuit Card (UICC) in mobile phones, smart banking cards, smart card access badges, electronic passports, and USB tokens for online identity protection, to governments, wireless operators, banks and enterprises. The company had 2008 annual revenues of 1.68 billion euro (about $2.4 billion).