The Norwegian telecoms firm and the SIM and smart card specialist are using an NFC-enabled key fob in combination with a new wireless-enabled SIM to deliver NFC functionality to 100% of today’s mobile phones.

CONNECTION: The companies have come up with an NFC keyfob that connects to a phone’s SIM via Wifi integrated into both devices
Norwegian telecoms operator Telenor and SIM and smart card supplier Sagem Orga have announced the development of a new method of delivering NFC functionality to existing mobile phones.

The new solution uses an NFC-enabled key fob in combination with a wireless-enabled SIM card and, say the two companies, it will work with 100% of today’s mobile phones.

Sagem Orga, Telenor and STMicroelectronics are demonstrating the new solution in live payments/ticketing demos at the Mobile World Congress in Barcelona this week.

“Use cases for NFC are numerous, but until today there has been a gap: The infrastructure is there, but no NFC-enabled phones,” says Sagem Orga. “The industry has been looking for ways of bridging this gap. Previous bridge solutions have drawbacks such as missing network connections or user interactivity, and none of the existing solutions leverages the SIM card in the mobile phone with all its capabilities. The new solution by Sagem Orga and partners overcomes these disadvantages. Mobile network operators will be able to fully manage and control NFC applications thanks to the SIM card.”

For the demo solution, a key fob has been equipped with a Sagem Orga NFC-enabled SIM card connected by Single Wire Protocol to a ST21NFCA chip from ST Microelectronics to enable the contactless functionality.

The NFC key fob connects to the SIM in the mobile phone via a new SIM technology called WLAN SIM that uses WiFi to form the bridge between the NFC device and the SIM card in a mobile phone.

“Any NFC application, such as mobile payment or Calypso for transportation, can be installed on the SIM card of the mobile phone and/or the NFC key fob using any traditional or over-the-air mechanism,” says Sagem Orga. “It can be executed in both devices or only in one of them, depending on the required performance, resources and connectivity.”

For example, a terminal for contactless banking can trigger the mobile payment application stored in the key fob to start a transaction. Next the key fob starts a remote SIM Toolkit execution on the SIM inserted in the mobile phone to enable interaction with the user, such as asking for a password, displaying a message or logging information to the network.

With the same key fob solution, the user can also start a SIM Toolkit application on the mobile phone to order new transportation e-tickets. In this scenario, the Calypso vending server would then use the normal OTA infrastructure to send the tickets securely to the SIM and on to the key fob.

“The WLAN communication channel between the SIM in the handset and the secure element in the key fob is highly secured and can be protected by a PKI mechanism if needed,” Sagem Orga explains.

“We believe that this innovative wireless bridge between NFC and the SIM card can give operators greater flexibility in the launch of NFC services,” explains Yogesh Malik, senior vice president at Telenor Group business development and research. “We hope to see this technology refined further through tests and trials so that it can become a user-friendly commercial product for services in ticketing, payment and access control.”

“The NFC key fob in combination with the WLAN SIM brings more convenience and security to contactless technology,” adds Didier Sérodon, chief technology officer at Sagem Orga. “We are demonstrating the advantages of a constant connection between the SIM in the mobile phone and the secure element in the accessory via a wireless link with examples from the transportation and the mobile payment area, but this can also pave the way for all classic NFC use cases such as access control, loyalty, etc. All of them can be managed by the NFC key fob.”

WLAN SIM, developed by Sagem Orga and Telenor, is the world’s first WiFi-enabled SIM and is designed to combine WiFi functionality on a mobile phone with the security of a SIM card.

“The SIM card has always been recognized as the secure element inside a mobile phone,” says Sagem Orga. “However, to date, mobile network operators have not been able to leverage its security features to bring trusted services in the field for fixed-mobile convergence and, in particular, to initiate communications with other proximity devices. Only phone to phone communication is possible, but in many ways such as infrared, Bluetooth, etc, the SIM card is not involved at all. User authentication on a PC is already possible via SIM card, but it would be more convenient to have one general and standardized way instead of different ones for each mobile phone model and provider.

“To overcome all these barriers and inconveniences, Sagem Orga is launching the first WLAN SIM. Equipped with a Telenor Wi-Fi module, it will be able to communicate independently with all other devices in the mobile ecosystem to enable strong security services managed by the mobile network operator. The WLAN SIM card can be used in any kind of mobile phone to enable fixed-mobile convergence, proximity transactions, trusted peer-to-peer operations between two SIM cards, strong authentication services, Web security and a large and varied set of use cases.”

“This innovative technology has the capability of opening up new business opportunities for operators and can also provide the possibility of deploying a range of new proximity services with a high degree of security and reliability,” Malik explains. “Through the cooperation with Sagem Orga we are now exploring different use cases that involve other operators. The purpose of this is to verify the potential of the technology and get valuable market feedback.”

“The SIM needs to open itself to the world,” concludes Jean-Christophe Tisseuil, head of marketing and business development for the telecommunications product line at Sagem Orga. “It’s the only way forward when talking about user authentication.”

Gemalto, the world leader in digital security, today announced a new solution enabling commuters to use their mobile phones as e- tickets in MIFARE DESFire* infrastructures. Gemalto achieved the world’s first implementation of a transport application compliant with the DESFire specifications in a SIM or UICC card, and will be presenting this innovation on its booth (8A102).

This innovation will enable commuters to use their NFC (”Near Field Communications”) mobile phone as an e-ticket, as simply as any other contactless travelcard. A high level of security is ensured, as the tickets are stored in the SIM card and the application meets the stringent security requirements of the DESFire specifications.

NFC technology in transport dramatically enriches the commuter experience by adding the mobile phone’s keypad and screen to the travelcard and by connecting it to the online world. NFC-based services are part of Gemalto’s Trusted Services Management (TSM) dedicated offering of solutions and services. It enables transport operators to offer travelers the ability to purchase and recharge their transport tickets, with the convenience of the mobile phone.

“Mobile phones have become an essential part of our daily life and mobile e-ticketing perfectly illustrates the trend by simplifying access to public transport,” commented Rémi De Fouchier, Senior Vice President, Trusted Services Management at Gemalto. “With this new solution, Gemalto broadens the use of mobile phones as travel passes in cities equipped with a DESFire infrastructure, enabling more and more commuters across the world to enjoy an enriched service.” Note to editors DESFire is an automatic fare collection technology which provides 3DES (Triple Data Encryption Standard) and AES (Advanced Encryption Standard) cryptographic algorithms. To date, it has been deployed in 40 cities across the world.

Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, today announced that Bulgaria has started deploying its smart cards to secure access to personal health records for the country’s military personnel and their family.
Gemalto has vast experience in providing solutions for eHealth, and has proved itself as a strong and reliable partner in Slovenia, Germany, France, Finland, the UK, Gabon, Algeria, Mexico, etc.
In Bulgaria, Gemalto delivered double-slot readers and smart cards with the associated middleware to KIM-2000, a local company specialized in eHealth projects. KIM-2000 acts as prime contractor for the electronic health record system commissioned by the Military Medical Academy*. This innovative system optimizes medical treatments, simplifies and modernizes procedures and increases security for accessing health information.
The Gemalto card is compliant with the Identification Authentication Signature (IAS) European standard to ensure the highest level of security for accessing personal electronic health records. The patient and the healthcare professional simultaneously insert their own card into the double-entry Gemalto reader and type in their PIN code to enable viewing or modifying of the medical file, which is stored on a highly secure IT infrastructure. The patient can also view their personal data online, using the Gemalto reader and card to authenticate themselves.
The personal electronic health record is a complete electronic archive of the patient’s medical history. It stores all existing medical documentation, including laboratory tests and results, X-ray pictures, all visual tests, electronic prescriptions, etc. It also contains the patient’s blood group, allergies and genetic predisposition to diseases, health check ups, surgical interventions and all useful medical information. The personal electronic health record enables healthcare professionals to immediately access a patient’s medical data and therefore, make more accurate decisions, especially in emergency situations, for which there is a special section in the electronic health record, containing the most important relevant information.
“For securing our system, we needed a smart card that meets the stringent requirements of international and European standards,” commented Kalcho Hinov, Chairman of the Board, KIM-2000. “Gemalto’s European Standard-compliant IAS solution ensures trust and confidence and enables smoother, more efficient interaction between patients and healthcare professionals.”
“The implementation of an electronic health record system is a highly innovative project and Gemalto is proud to contribute to this venture alongside KIM-2000,” added Ari Bouzbib, Senior Vice President Identity and Government Programs at Gemalto. “Through this initiative, Gemalto’s digital security technology proves to be a key enabler to next-generation eHealth programs. These are intended to deliver optimized treatment for each patient with utmost security, while protecting the privacy of personal data.”

The NFC Forum (http://www.nfc-forum.org), a non-profit industry association that advances the use of Near Field Communication (NFC) technology, today announced it has formed liaisons with three industry-leading organizations key to the NFC global ecosystem: EMVCo, the GSM Association and the Smart Card Alliance. These liaisons broaden and strengthen the NFC Forum’s collaborative ties with key associations and standards bodies across the NFC ecosystem. As a first step in the liaisons, the Forum has signed a Memorandum of Understanding (MOU) with each organization that outlines how they will collaborate to further the development of the NFC market and NFC-based solutions.

“The ongoing global deployment and adoption of NFC technology requires our close cooperation and interaction with all the key players in the NFC ecosystem”
EMVCo

EMVCo’s primary role is to manage, maintain and enhance the EMV™ Integrated Circuit Card Specifications to ensure interoperability and acceptance of payment system integrated circuit cards on a worldwide basis.

With this new liaison, EMVCo will share relevant technical information with the NFC Forum that will enable the certification of properly-provisioned NFC devices for use in the following scenarios:

to make POS payments (in Card Emulation mode) wherever such payments can be made with EMVCo contactless card products;
to act as POS devices (in Reader/Writer mode) within the EMVCo contactless payment infrastructure.
GSM Association (GSMA)

The GSMA represents the interests of the worldwide mobile communications industry. The new partnership will facilitate the NFC Forum and GSMA working together by:

exchanging information relating to each other’s programs through written comments;
commenting on technical specifications, certification and testing requirements;
sharing documents of interest and relevance to members of both organizations;
collaborating on joint marketing activities, such as seminar sessions, white papers and presentations; and
attending each other’s meetings as appropriate.
Smart Card Alliance

The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology.

The Smart Card Alliance is teaming up with the NFC Forum on several joint marketing initiatives, including educational programs for vertical markets such as retail and transport. Other programs under discussion include presentations at each other’s events and meetings, a joint event targeting the retail market in the U.S., and the provision for regular information sharing between the NFC Forum Marketing Committee and Smart Card Alliance Contactless and Mobile Payments Council.

“The ongoing global deployment and adoption of NFC technology requires our close cooperation and interaction with all the key players in the NFC ecosystem,” said Koichi Tagawa, chairman of the NFC Forum. “As the leading voices representing payment card companies, mobile operators, and the smart card industry, respectively, EMVCo, GSMA and Smart Card Alliance are valued partners in our efforts to bring the ease and power of NFC technology to mobile users around the globe.”

In addition to EMVCo, GSMA and SmartCard Alliance, the NFC Forum has established liaisons with the European Telecommunications Standards Institute (ETSI) and the Mobey Forum, a global financial industry forum whose mission is to facilitate the offering by banks of mobile financial services.

About EMVCo

EMVCo LLC was formed in February 1999 by Europay, MasterCard and Visa to manage, maintain and enhance the EMV™ Integrated Circuit Card Specifications for Payment Systems. With the acquisition of Europay by MasterCard in 2002, JCB joining the organisation in 2004 and American Express becoming its fourth member in 2009, EMVCo is currently operated by American Express, JCB, MasterCard and Visa.

EMVCo’s primary role is to manage, maintain and enhance the EMV Integrated Circuit Card Specifications to ensure interoperability and acceptance of payment system integrated circuit cards on a worldwide basis. EMVCo also maintains type approval processes for terminal compliance testing and Common Core Definitions (CCD) and Common Payment Application (CPA) card compliance testing. These testing processes ensure that a single terminal and card approval process is developed at a level that will allow cross payment system interoperability through compliance with the EMV specifications. Additional information can be found at http://www.emvco.com.

About the GSMA

The GSMA represents the interests of the worldwide mobile communications industry. Spanning 219 countries, the GSMA unites nearly 800 of the world’s mobile operators, as well as more than 200 companies in the broader mobile ecosystem, including handset makers, software companies, equipment providers, Internet companies, and media and entertainment organisations. The GSMA is focused on innovating, incubating and creating new opportunities for its membership, all with the end goal of driving the growth of the mobile communications industry. For more information, please visit: http://www.gsmworld.com/.

About the Smart Card Alliance

The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology.

Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.smartcardalliance.org.

About Near Field Communication Technology

Near Field Communication (NFC) is a standards-based, short-range wireless connectivity technology that enables simple and safe two-way interactions between electronic devices. NFC technology allows consumers to perform contactless transactions, access digital content and connect devices with the simplicity of a single touch.

Near Field Communication (NFC) technology provides global interoperability of contactless identification and interconnection technologies. NFC operates in the 13.56 MHz frequency range, over a typical distance of a few centimeters. The underlying layers of NFC technology are based on ISO, ECMA, and ETSI standards. NFC technology is supported by the world’s leading communication device manufacturers, semiconductor producers, network operators, IT and services companies, and financial services organizations. NFC is compatible with hundreds of millions of contactless cards and readers already deployed worldwide.

About the NFC Forum

The NFC Forum, http://www.nfc-forum.org, was launched as a non-profit industry association in 2004 by leading mobile communications, semiconductor and consumer electronics companies. The Forum’s mission is to advance the use of Near Field Communication technology by developing specifications, ensuring interoperability among devices and services and educating the market about NFC technology. The Forum’s 140 global member companies currently are developing specifications for a modular NFC device architecture, and protocols for interoperable data exchange and device-independent service delivery, device discovery and device capability.

The NFC Forum’s Sponsor members, which hold seats on the Board of Directors, include leading players in key industries around the world. The Sponsor members are: Innovision Research & Technology plc, INSIDE Contactless, MasterCard Worldwide, Microsoft Corp., NEC, Nokia, NTT DOCOMO, Inc., NXP Semiconductors, Renesas Technology, Samsung, Sony Corporation, STMicroelectronics and Visa Inc.

The Smart Card Alliance Health care Council will focus on educating the industry on the need for a solid, secure identity management infrastructure, its newly elected officers said.

“This has been an important year for the health care industry, with the federal government ready to invest over $19 billion in health care information technology as a result of the ARRA HITECH Act, and interest growing around the use of electronic medical records,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “The Health care Council has made a lot of progress this year, raising awareness of the need for a strong identity management infrastructure that is a necessary foundation for using electronic medical records, and introducing smart cards as a secure technology for health care applications.”

The officers and steering committee that will lead the Council for the upcoming year are:

Chair: Paul Contino, Mount Sinai Medical Center·
Vice chair: Michael Magrath, CSCIP, Gemalto
Secretary: Dale Grogan, CSCIP, LifeMed / SMART Association
Ola Martins, Oberthur Technologies
Matthew Neuman, Giesecke & Devrient
This past year, the Health care Council partnered with the Secure ID Coalition on the health care IT briefing in Washington, DC, “Protecting Your Health Information: Raising Public Awareness of the Privacy and Security Challenges of Health care Information Management.”

The council continued educational efforts by collaborating with the Smart Card Alliance Identity Council on two papers addressing health care identity management, “Health care Identity Management: The Foundation for a Secure and Trusted National Health Information Network,” and “Effective Health care Identity Management: A Necessary First Step for Improving U.S. Health care Information Systems,” and hosting the webinar, “Identity Management in Health care.”

The Smart Card Alliance Health care Council is currently developing a position paper on data breaches and identity theft.

A new smartcard ticketing system should be in operation on Adelaide’s buses, trains and trams by 2013, Transport Minister Patrick Conlon says.
The Minister today announced that US Fortune 500 company Affiliated Computer Services (ACS) had won the $30 million contract to supply the ATLAS ticketing system.

“Our current ticketing system has been in place for nearly 24 years – it has served us well but it is time to replace it as we continue our massive public transport revitalisation,” he said.

Passengers will be able to touch the smartcard against a validator, which will automatically deduct the fare. Cards can be topped up at stations, vending machines and shops, and on trains, trams and the internet.

NXP Semiconductors announced that its MIFARE Plus contactless smart card CPU IC (MF1PLUSx0y1) has been awarded Common Criteria EAL 4+ certification by the German Federal Office for Information Security.

NXP has also announced the successful performance of MIFARE Plus in independent security reviews conducted by cryptography experts from the Ruhr-Universität in Germany and the Katholieke Universiteit Leuven in Belgium.

MIFARE Plus technology features 128-bit Advanced Encryption Standard (AES) and supports migration from existing MIFARE Classic implementations. The contactless microcontroller IC offers an upgrade path for system integrators and operators wishing to implement additional layers of security to their automatic fare collection, access management and micro-payment installations.

The Common Criteria certification validates correct implementation of the promised security features, evaluates attack resistance and allows systems integrators to assess the security quality of similar products.

Smart card manufacturers Giesecke & Devrient (G&D) and Oberthur Technologies, and chip suppliers Infineon Technologies AG and INSIDE Contactless have announced the launch of an industry initiative to provide “a new security solution for next-generation smart card based public transport applications. The solution will build on an open standard now being implemented by the four partner companies, which will eventually be governed by an independent body. Companies active in the smart card arena - providers of chips, smart cards, application-specific operating software, reader devices and transportation systems - are invited to join the initiative for the advancement of more secure public transportation applications.”

The new standard promises to bring a number of key benefits to both public transport agencies and smart card industry players, including higher performance and advanced system security for public transport applications, as well as the availability of multiple sources for chip products. Through independent testing, the open standard will also provide optimized interoperability to enable simple and fast integration into public transport schemes. The first emulation chips and transportation smart cards using this standard are scheduled to be available by the end of 2010.

The industry initiative is based on groundwork performed by Infineon, the world’s number one chip card IC (integrated circuits) provider. Infineon has developed a hardware-based security system specifically suited for public transportation smart card applications. It is comprised of a specific authentication scheme using the open and well-accepted Advanced Encryption Standard (AES) with 128-bit key length and file types and command sets based on the ISO/IEC 7816 standard. Employing AES, an encryption algorithm also used for commercial transactions, will significantly increase security over less-robust security schemes widely used in current public transportation systems. Using the encryption and secure messaging scheme for authentication, data encryption and Message Authentication Coding (MACing) allows high flexibility and fast adoption for different applications. Infineon, which has already started its own chip development based on the open standard security system, has verified the feasibility of the authentication scheme, enabling the other manufacturers to start their development work immediately.

The fabless semiconductor company INSIDE Contactless, the world’s largest chip provider for contactless payment cards, has already signed an agreement with Infineon to implement the security scheme for its chip platforms. In addition, two of the world’s top three card manufacturers, G&D and Oberthur Technologies, have already agreed to develop public transport applications based on the scheme.

“INSIDE Contactless is proud to be among the initial partner companies of this new initiative, and we are eager to contribute our experience and develop products for this effort as an advanced, open standard is very much needed especially for higher value transport smart cards, which might eventually converge with payment cards,” said Remy de Tonnac, CEO at INSIDE Contactless. “With the convergence of contactless payments and transit fare collection in contactless smart cards and NFC enabled mobile phones, INSIDE envisions implementation to the open security standard across all our product lines.”

“We see a strong trend towards convergence of secure solutions for transit, between tickets and mobile phones with NFC, and between transit and other payment schemes. As a major player in all these markets, G&D is committed to play a key role in achieving open standards needed to support this convergence. This initiative provides an attractive alternative to existing technologies, and G&D will fully support it with its application security expertise,” said Willem Bulthuis, CTO and Group Vice President of Giesecke & Devrient.

“Oberthur Technologies has always supported open standards. As a major actor in the public transportation market segment, we will actively participate in this initiative which aims at delivering increased interoperability and security at lower cost. This open standard will facilitate the deployment of transit systems using multiple end-user devices including multi-application payment cards and NFC phones,” said FrŽdŽric Chevreton, General Manager of the Payment and Transport Product Line at the Card Systems Division of Oberthur Technologies.

“This initiative of four smart card heavyweights sets forth a new open platform with enhanced security compared to current solutions in public transportation, one of the fastest growing smart card segments,” said Dr. Helmut Gassel, President of the Chip Card & Security Division at Infineon Technologies. “Open systems provide global interoperability of reliable components from multiple sources under fair and reasonable business terms. Infineon contributes contactless excellence and tailored security with the right level of security at best cost-performance ratio to help to advance both current and future transportation applications.”

One of the largest deployments of healthcare smart cards in the world is on hold, pending review of the security and confidentiality of the program, which was intended to mobilize health data for 80 million people in Germany.
Citing a BMJ report, E-Health Europe says that the new coalition government in Germany will take a closer look at how to safeguard health information on electronic cards, in response to long-held concerns from physicians and security consultants. German Health Minister Philipp Rösler says that the rollout for now will be restricted to certain trial areas and will keep most clinical information off the cards. Instead, the cards will contain only a photograph, patient demographic information and insurance status. With patient consent, the health officials will add a limited clinical record for emergency use only.
The program has been plagued with delays and cost overruns for several years. All 80 million people on German health plans were to be using the cards at clinics, hospitals and pharmacies nationwide by January 2006.

Read more: Germany halts smart-card program for security review - FierceMobileHealthcare http://www.fiercemobilehealthcare.com/story/germany-halts-smart-card-program-security-review/2010-01-26#ixzz0vHZtko1u
Subscribe: http://www.fiercemobilehealthcare.com/signup?sourceform=Viral-Tynt-FierceMobileHealthcare-FierceMobileHealthcare

ORCA transit smart cards will be available for free through Feb. 28.
Starting March 1, a standard adult or youth ORCA card will cost $5. The free-card promotion had been scheduled to end Jan. 31.
ORCA — for One Regional Card for All — is a collaboration between Metro Transit and transit systems in King, Kitsap, Snohomish and Pierce counties. The plastic card contains a microprocessor; cards come equipped with a so-called e-purse function to allow riders to preload fares onto the card. Customers can also purchase a pass product, like a monthly PugetPass, and then load it onto the smart card.
Buy a card online here or at a Sound Transit vending machine. Standard adult ORCA cards can be purchased from any ticket machine at Central Link light rail stations or Sounder commuter rail stations. Central Link is open seven days a week, so riders can pick up a card at the locations 24/7.
Order a card by phone at 888-988-6722 toll-free.
Or pick up a card at the Metro sales office on the mezzanine level of Westlake Tunnel Station and Metro headquarters in the King Street Center building, 201 S. Jackson St., Seattle. The office will be open Saturdays from Jan. 30 through the end of February.
Transit officials said the extended free-card promotion should help ease the transition to ORCA and reduce the rush for the cards at customer service centers. Each of the ORCA partner agencies took special measures, like increased staff at ticket locations, to meet the high demand.