Switched on?Our new survey shows how consumers really feel about security in the digital domain

Revıew Banking on the move

E-citizen cards in Portugal

Modernizing healthcare

The story of Java Card

the

Autumn 2008

�

4 Digital Digest_What’s new in digital security

8 research_Switched on or turned off?Gemalto’s survey found that consumers’ fears about security are holding back the growth of online shopping and banking

12 trenDs_The Java Card fileRamanuj Banerjee of Sun Microsystems talks about the past, present and future of Java Card

14 the big picture_Organized chaosHow a smart card based vehicle registration program is transforming driving in India

16 society_The rise of the digital citizenSmart card technology is helping to change Portuguese citizens’ relationship with the government – and making Mexico’s roads safer

20 global snapshot_Significant facts and figures from around the digital world

22 solutions_Taking care of patients’ dataSecure electronic storage of patient records is a hot topic in healthcare services around the world. We investigate the issues

28 technology_The mobile banking revolutionMobile phone companies and banks in Colombia have collaborated to enable people to do their banking on the move

32 news_News updates and success stories from around the world

34 column_Safety netContributing editor Davey Winder explains why the Internet has nothing to fear from terrorists

Howdoconsumers–theendusersofthetechnologywedevelopandoffer–feelaboutdigitalsecurity?Tofindout,wecommissionedasurvey.Youcanreadananalysisoftheresultsonpage8.Whilemoreandmorepeopleareembracingthefreedomandconvenienceofdigitalsolutionsinareassuchasshopping,bankingandtravel,thesurveyresultsshowthatimprovingtheeaseofuseandsecurityofthosesolutionswouldincreaseadoption.

Weusetheresultsofresearchlikethistoinformourthinkingaswedevelopnewproducts–because,ultimately,digitalsecurityisallabouttheenduser’sexperience.Themoreweunderstandtheirneedsandconcerns,themorewecandotohelpensurethatdigitalinteractionsaresaferandsimpler.

Alsointhisissue,youcanreadabouthowdigitalsecuritytechnologyishelpingtomodernizegovernmentservicesinPortugalandmobilebankinginColombia.There’sanin-depthlookatdatasecurityinthehealthcareindustryandweexaminethepast,presentandfutureofJavaCard,theremarkabletechnologyweinventedthatistransformingallkindsofmobileapplications.

Finally,asaconsumerofthismagazine,you’llnoticethatwe’vegivenitanewlookandfeel.Wehopeyoulikeit!

PaulBeverlyExecutiveVice-President,CorporateMarketingandPresident,NorthAmerica,Gemalto

The Review is published by Gemalto Corporate Communications – www.gemalto.com

© 2008 Gemalto – www.gemalto.com. All rights reserved. Gemalto, the Gemalto logo and product and/or service names are trademarks and service marks of Gemalto NV and are registered in certain countries. The views expressed by contributors and correspondents are their own. Reproduction in whole or in part without written permission is strictly prohibited. Editorial opinions expressed in this magazine are not necessarily those of Gemalto or the publisher. Neither the publisher nor Gemalto accepts responsibility for advertising content.

For further information on The Review, please email laurence.manouelides@gemalto.com

The Review is printed on 9Lives 55 Gloss & Silk paper. Certified as an FSC mixed sources product, 9Lives 55 is produced with 55% recycled fibre from both pre- and post-consumer sources, together with 45% FSC certified virgin fibre from well managed forest.

simon bisson

Matthew is a British journalist who lives and works in Colombia, where he reports on a wide range of topics and writes the Colombia News blog.

contributorsDavey winder

matthew bristow

Welcome

TheReview �

Upfront_ 34 “WidespreaddamagetotheInternetisextremelyrareandextremelyshort-lived”DaveyWinder

Contents

A technology journalist and consultant who writes about enterprise IT issues, Simon has real world experience of designing and building large-scale loosely coupled systems.

www.gemalto.com

A freelance technology journalist for 17 years, Davey won the 2008 Information Security Journalist of the Year award. He is the author of Being Virtual: Who You Really Are Online.

16

2812

8

14 22

The Review is produced for Gemalto by Wardour, Walmar House, 296 Regent Street, London W1B 3AW, UK Telephone: +44 (0)20 7016 2555Website: www.wardour.co.uk

consulting eDitor Davey WindereDitor Tim Turnergroup art Director Ben Barrettpicture eDitor Johanna Wardpublisher Mick HurrellproDuction manager John FaulknereDitorial Director Sharon Gethingscreative Director Richard Wise

Cove

r im

age:

Tim

othy

Alle

n/Ax

iom

� www.gemalto.com �

Digest_ industry updatecontinues >

creatures of habitA group of academics has spent six months studying the trajectory of some 100,000 anonymous cellphone users in order to understand the nature of human population dynamics better.

So where does a typical day take a typical human? It’s neither as straightforward nor as boring a question as you might imagine. In their study, ‘Understanding Individual Human Mobility Patterns’ (published in Nature), the researchers reveal that, rather than moving in a random manner, human trajectories display a high degree of “temporal and spatial regularity”. What’s more, after correcting for differences in distance and the like, it was possible to conclude that “humans follow simple, reproducible patterns”.

And why should this be of any interest to anyone? Because the results could affect everything from urban planning to the control of epidemics – and it was all made possible by the humble cellphone.

Digital digest

Fixing a holeIt will go down in history as the biggest Internet security compromise that hardly anyone knew about – until it had been fixed.

Security researcher Dan Kaminsky stumbled across the glitch within the heart of the Internet’s Domain Name System almost by accident earlier this year. He realized that a fundamental flaw in the way Internet addressing technology worked meant that, if it was exploited, criminals could effectively redirect web users to faked web pages in order to harvest their logins and data – even if they had typed the correct URL into their browser to begin with.

Fortunately, Kaminsky did not ‘go public’ with the news. Instead he contacted Cisco, Microsoft and Sun (among others), the main players behind the infrastructure of the Internet. Together they worked secretly for months to engineer a fix. It took the form of a patch, which all parties released simultaneously to minimize the window of opportunity for any would-be thief.

2billionPCsby2012According to analyst firm Gartner, the number of PCs in existence now exceeds 1 billion. This means that there is a PC for every seven people on the planet. Better news yet for those who look forward to the nirvana of ‘a computer for everyone’ is that Gartner estimates there will be 2 billion PCs by 2012.

events calendarGemalto regularly participates in trade shows, seminars and events around the world. Here’s a list of those taking place over the next few months:

Date

3–7 Nov 2008

4–6 Nov 2008

18–19 Nov 2008

15–16 Dec 2008

20-21 Jan 2009

27-29 Jan 2009

event

Tech-Ed IT Professionals Forum

CARTES

AfricaCom

GSM 3G Middle East

Nordic Card Market 2009

Security Printing & Alternative Solutions

sectors

Security

All

Telecoms

Telecoms

Financial Services

Security

location

Barcelona, Spain

Paris Nord Villepinte, France

Cape Town, South Africa

Dubai, UAE

Stockholm, Sweden

Vilnius, Lithuania

40%Google, IBM and the Swiss Federal Institute of Technology have been researching how safely people surf the web. Unfortunately, the figures are not encouraging: 40% of those surveyed are not using the latest version of their web browser, leaving them vulnerable to remote exploitation as they surf.

6%A recent Trend Micro poll shows that 6% of end users admit to leaking proprietary company data, while 16% suspect other employees of doing so. Worryingly, some 46% of companies do not have any policy in place to prevent exactly this kind of data leak.

340,282,366,920, 938,463,463,374, 607,431,768,211,456The Internet will run out of Internet addresses in 2011, according to a prediction by the Organization for Economic Cooperation and Development. Under the current Internet Protocol version 4 (IPv4) addressing scheme, there are 4 billion addresses available – but they have nearly all gone. The good news is that IPv6 is already being installed and will provide a total of 340,282,366,920,938,463, 463,374,607,431,768,211,456 addresses!

TheReview

Social networking has already made its mark on the technology market. The likes of MySpace and Facebook have gone from being mere consumer playthings to becoming important drivers of corporate branding and enablers of truly global product marketing reach.

However, analyst firm iSuppli suspects that this is just the tip of a very large iceberg. It predicts that the wireless social networking value chain will generate US$2.5 trillion in revenue by 2020. It says that, within 10 years, smartphones will become the de facto Internet access channel, which will create a demand for collaborative work and leisure applications. Given the consumer demand for, and commercial success of, the Apple iPhone, it’s hard to argue with this vision of the near future.

by the numbers

Youain’tseennothingyet

Digital digest>

a view too far?Google’s Street View application has been criticized by privacy watchdogs in several countries for breaching privacy and data protection laws.

Street View consists of photographs that match locations on Google Maps. The images are captured by fleets of cars fitted with cameras, and they can include passers-by who may not wish their image to be made available on the Internet. In the US, Google has already removed some images on request. In other cases, it has used recognition software to automatically blur any faces that appear.

A Google spokesperson said that Street View will not launch in any country until the company is confident that it can comply with local laws, including those that relate specifically to the display of images of individuals.

“sleepwalking into a surveillance society”Those are the very words used by Jonathan Bamford, the Assistant Information Commissioner in the UK, to describe proposed changes to the Communications Data Bill in that country. The government argues that the legislation needs to be changed to allow the authorities to counter criminal and terrorist activity by properly keeping up to date with new technologies.

However, privacy campaigners fear that the new law would effectively result in the creation of a new, centralized ‘super-database’ containing the details of every telephone call made, every email sent and every text message received within the UK. Currently the law dictates that communications providers must retain specific usage data for a year and make it available to the authorities on the production of a court order. The proposed changes would require them to collect the data and immediately pass it over to a centralized government database.

The government says a court order would still be required to access the data, but opponents point to numerous high-profile government database security and privacy breaches as good reasons why the risk far outweighs the procedural reward. Indeed, far from helping to prevent crime, it has been suggested that such a national database could become a one-stop shop for identity thieves.

“Thenewlawwouldeffectivelyresultinthecreationofanew,centralized‘super-database’containingthedetailsofeverytelephonecallmade”

� TheReview

Imag

es: Ju

pite

r, Get

ty, Is

tock

Job #: MAQ_COR_M89015 Mission Print Ad

McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054, 888.847.8766, www.mcafee.com. McAfee is a registered trademark of McAfee, Inc., and/or its affi liates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. © 2008 McAfee, Inc. All rights reserved.

SECURITY SOFTWARE SHOULD BE

MISSION CRITICAL, NOT MISSION IMPOSSIBLE.

Multiple threats. Multiple software solutions. Multiple vendors. Why is something so important so impossibly diffi cult tomanage? It’s not with McAfee. Our comprehensive security solutions help businesses of any size fend off more threats, more easily.

All managed through a single console. To see how we easily beat our competitors, visit McAfee.com

Total Protection Security

McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054, 888.847.8766, www.mcafee.com. McAfee is a registered trademark of McAfee, Inc., McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054, 888.847.8766, www.mcafee.com. McAfee is a registered trademark of McAfee, Inc., McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054, 888.847.8766, www.mcafee.com. McAfee is a registered trademark of McAfee, Inc., McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054, 888.847.8766, www.mcafee.com. McAfee is a registered trademark of McAfee, Inc., and/or its affi liates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. © 2008 McAfee, Inc. All rights reserved.

McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054, 888.847.8766, www.mcafee.com. McAfee is a registered trademark of McAfee, Inc., and/or its affi liates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. © 2008 McAfee, Inc. All rights reserved.and/or its affi liates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. © 2008 McAfee, Inc. All rights reserved.and/or its affi liates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. © 2008 McAfee, Inc. All rights reserved.and/or its affi liates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. © 2008 McAfee, Inc. All rights reserved.and/or its affi liates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. © 2008 McAfee, Inc. All rights reserved.

� TheReview www.gemalto.com �

Switchedonorturnedoff?

Fearsofidentitytheft,theimproperuseofInternetbankaccounts,virusesandmisuseofpersonaldatabygovernmentsorcorporationsloomlargeinthemindsofdigitalconsumers.Ifpeoplewerereassuredthatproperprotectivemeasureswereinplace,itcouldsignificantlyincreasetheirwillingnesstoshopandcarryoutothertransactionsonline.

TheseinsightsemergedfromanewsurveybyGemalto.ItcommissionedresearchintheUSandFrance,via2,000telephoneinterviewsandtwoin-depthfocusgroups,tofindouthowconsumers’attitudeshaveevolvedtokeeppacewiththedigitalrevolution.

PaulBeverly,ExecutiveVice-President,CorporateMarketingandPresident,NorthAmerica,explainsthatGemaltocommissionedtheresearchaftermanyofitsmajorcustomersaskedforguidanceonwhatendusersneededtomakedigitallifemoreconvenientandsecure.

“Ourcustomersexpectustocometothemwithadeep

understandingoftheirendusers’concerns,sowe’redoingmoreandmoretoinvestigatewhat’sgoingonatstreetlevel,”hesays.

Thefindingsrevealedthatnoonecompanywasconsistentlymentionedasbeingatrustedsourceofadviceondigitalsecurity.“Lackofchoicesandfeelingsofconcernaboutsecurityarehinderinggrowth,”saysBeverly.Andthat’sanissueGemaltoaimstoaddress.

the digital revolutionOnlyadecadeago,shoppingandbankingmeantatriptoyourlocalmallorhighstreetandtelephonecallshadtobemadefromhome,theofficeorphonebooths.Todayit’sadifferentstory,withanincreasingnumberofusembracingthefreedomandconvenienceofdigitalsolutions:managingourbankaccountsontheInternet,shoppingandpayingourbillsonline,usingelectronicpasscardswhenwetravelbytrainorbusandrelyingonourcellphonesratherthanusinglandlines.

ButGemalto’sresearch

Guaranteeing optimum security conditions could give a huge boost to online traffic and purchases, according to the results of a recent survey

author JILL HOPPERillustration JONATHAN TRAN

research_ Attitudes to digital security

>

My b

ank

Stat

e an

d fe

dera

l au

thor

ities

eBay

, Pay

Pal

Don’

t kno

w

Franc

e 17%

US 8

%

Franc

e 14%

US 2%

Fran

ce 3

%

US 7

3%

Fran

ce 6

0%

revealedthatconsumershavedeeplyambivalentfeelingstowardsthedigitalworld.Ontheonehand,itbringsfreedom,savingbothtimeandeffort.Ontheother,itmeansthatweareincreasinglydependentontechnology,forcedtotrustothersnottoabusethepersonalinformationwerevealwhenwecarryoutourday-to-daytransactions,dealingwithmachinesorautomatedservicesratherthanhumanbeings.

AquarterofthosesurveyedintheUSsaidtheyregularly

What companies or organizations would you trust on digital security issues?

56%of the French consumers surveyed said they would make more online purchasesif security were improved

US 8

%

10 TheReview www.gemalto.com 11

confirmationemails–helpedconsumerstovisualizetheprocessandfeelconfidentthatsafeguardswereinplace.

Endorsementbycrediblethirdpartiesismorereassuringthancomplicatedsafetyproceduressuchassecretcodesandmultipledataverificationsteps.Andmostconsumersdonotwanttoseestepsaddedtothepaymentprocedure,asthiswouldmakethewholeprocessmorecumbersomeandtime-consuming,cancelingoutthebenefitsofonlinetransactions.

Takingactivestepstomakesurethatconsumersfeelconfidentaboutsecuritycouldhaveanenormousimpact,thesurveyrevealed:56%oftheFrenchand36%oftheAmericanssaidthattheywouldmakemoreonlinepurchasesifsecuritywereimproved.

Fears of identity fraudOneofthemainworriesofthosequestionedwasthattheirpersonaldata,particularlyfinancialinformation,wouldnotbesafefromcriminalsandidentityfraudsters.Identitytheftwascitedasaworryby74%ofAmericansand58%ofFrenchpeople;56%oftheFrenchfearedtheironlinebankaccountscouldbeaccessedandmisusedbyunauthorizedthirdparties,whileamongAmericansthefigurewas44%.

Justhowwellfoundedarethesefears?TheFederalTradeCommissionstatesinits2006

IdentityTheftSurveyReportthattherewere8.3millionAmericanvictimsin2005,withtotallossesestimatedatUS$15.6billion.AndaccordingtoareportbytheUSfinancialresearchcompanyJavelin,thenumberofIDtheftvictimsintheUShasincreasedby16%since2006.

TheUSDepartmentofJusticeadvisesconsumerstobeontheirguard,particularlywhentransactingonline.Itsays:“Inrecentyears,theInternethasbecomeanappealingplaceforcriminalstoobtainidentifyingdata,suchaspasswordsorevenbankinginformation.Withenoughidentifyinginformationaboutanindividual,acriminalcantakeoverthatindividual’sidentitytoconductawiderangeofcrimes:forexample,falseapplicationsforloansandcreditcards,fraudulentwithdrawalsfrombankaccounts,fraudulentuseoftelephonecallingcards,orobtainingothergoodsorprivilegesthatthecriminalmightbedeniedifheweretousehisrealname.”

Meanwhile,theUK’sfraudpreventionservice,CIFAS,identifiedandprotectedmorethan65,000victimsofidentitytheftin2007,andCabinetOfficefiguresindicatethatthecrimecosttheUKeconomy£1.5billionin2005(themostrecentyearforwhichfiguresareavailable).Althoughreliablestatisticsaren’tavailablefortheEU,theEuropeanConsumers’

Organisationisconcernedabouttheissueandcallsforgreatereffortsbyfirmsofferingonlineservices:“CompaniesoperatingontheInternetshouldberequiredtostrengthenthesecurityoftheirdigitalproductsandservices[byusingdataencryptiontools,authenticationsystemsandsecurepaymentmethods]sothatconsumerprivacyandpersonalinformationarewellprotected.”

time-consuming complexityThesurveyhighlightedsomemoremundaneheadaches,too:68%ofFrenchpeopleand41%ofAmericanshadlosttimewithcomplicatedproceduresonwebsites,whileviruseshadposedproblemsfor60%.

Manyconsumersbelievedtherewasaninherentlackofsecurityinthedigitalworld,butfeltuninformedaboutspecificrisksandhowtoprotectthemselves.HalfoftheFrenchconsumersfeltconfusedaboutwhotoaskforadvice:mostwouldaskafriendorfamilymemberratherthansearchingtheweborreadingthepress.

It’snotallbadnews,though:

85%ofFrenchconsumersand76%ofAmericansagreedthateaseofusewasamajorbenefitofdigitaltechnology,while90%oftheFrenchand75%oftheAmericanssaidithelpedthemtosavetime.

Downloadingwasembracedby15%ofAmericansand5%oftheFrench.RespondentsfeltcomfortableaboutusinganelectronicIDbadgeforaccesstotheworkplace,usinganelectronicpasscardforpublictransport,makingcallsonacellphoneandusingapasswordtoaccessacomputernetwork.Over75%ofthosequestionedviewedthecellphoneasasecureandtrusteddevice.

a proactive partnershipTheresearchhasgivenimpetustoGemalto’sbrandbuildingstrategy.Thefirststageistoraiseawarenessofthebrandamongbusinessesviaanadvertisingcampaign.Thesecondistoinitiateadynamicdialoguewithconsumersaboutwhatspecificservicestheyneedtomakedigitallifemoreconvenientandsecure.

Todothis,Gemaltohas

createdawebsite(www.gemalto.com/digitalsecurity)thatithopeswillbecomethefirstportofcallforendusers.Itanswersquestionsaboutallaspectsofdigitalsecurity–fromwhattodoifyouloseyourcreditcardtohowtomakesureyourpasswordsaresecure.

“Ouraimisforthewebsitetobethe‘go-to’spottohavequestionsanswered,”saysBeverly.“Inadditiontoturningtofriendsandfamilyforadvice,peoplewillbeabletogetreliableinformationabouteveryaspectoftheirdigitallife–IDcards,drivers’licenses,cellphones,passwords,creditcards,etc.”

ThefinalstageofthestrategyisforGemaltotogobacktoitscustomers,equippedwiththisunderstanding,andcollaboratewiththemmoredeeplyindevelopingandlaunchingnewsolutions.AsBeverlyconcludes:“Wewanttomakesurethatwecanacceleratethedevelopmentofthisgreatdigitalrevolutionsothatwecanallhavebetterexperienceswithcommunication,travelandpurchasing.”.

“We’retryingtoknockdownthebarriersthatarepreventingpeoplefromtransactingmoreonline”PaulBeverly,Gemalto

the five services giving rise to the most frequent fearsin France: Online payment via the Internet Downloading Payment by credit card Sending encrypted documents via the Internet Managing bank accounts via the Internet

in the us: Payment by credit card Sales service online Paying by contactless bank card Online payment via the Internet Downloading

research_ Attitudes to digital security

>

If you would like to find out more about the survey, please email tim.cawsey@gemalto.com

When paying on the Internet, I am reassured by…

Payi

ng o

n a

site

I kno

wUS

87%

Fran

ce 8

7%

A sp

ecia

lized

com

pany

en

surin

g a

secu

re tr

ansa

ctio

nUS

84%

Fran

ce 8

6%

A ba

nk e

nsur

ing

a se

cure

tran

sact

ion

US 8

3%

Fran

ce 8

1%

madeonlinepaymentsviatheInternet,whileinFrancethefigurewas9%.AlmostathirdofAmericansandmorethanafifthofFrenchpeoplesaidtheymanagedtheirbankaccountsovertheInternet.InFrance,however,ahefty68%haddecidednottomakepurchasesonawebsitebecausetheydidn’ttrustthesite;intheUS,thefigurewas54%.

relying on trusted brandsMostInternetuserssaidtheyadoptedapragmaticapproachandusedfinancialservicesonlyundercertainconditions;namely,thepresenceofawell-knownbrandorinstitutionthatofferedproofofprotectivemeasures.Tangiblesignsduringthepaymentprocedure–suchaspasswords,padlockiconsand

75%of those questioned said they viewed the cellphone as a secure and trusted device

1� TheReview www.gemalto.com 1�

trends_ Java Card

SunMicrosystemscallsJavaCard“thelargestcomputingplatformintheworldtoday”.Backin1995,however,itwasjustanideathatsparkedinseveraldifferentplaces.TheforerunnersofGemaltowerethinkingaboutputtingJavaonasmartcard,andthisledtothedevelopmentofJavaCard1.0.

AsRamanujBanerjeeofSunMicrosystemsrecalls:“PeopleatSunwerethinkingalongsimilarlinesandthecompanybecameveryinterested.ItpurchasedIntegrityArts,aCaliforniansmartcardcompany,puttingasmartcardteaminsideSunforthefirsttime.”

In1997,JavaCard2.0arrivedand,withit,achangeinthewaytheJavaCardspecificationsweredeveloped.SunbeganhostingtheJavaCardForum,anindependentindustrybody.Banerjeeexplainsthattheresultwasgoodfortheentiresmartcardindustrybecause“wehaveatechnologywherethespecificationscomefromSun,butSundoesn’tmakeorsellthecards”.Thekeyto

theForum’ssuccesswasthecreationofasetofteststhatneededtobepassedbeforeacardcouldbecertified,whichmeantthatdifferentcardscouldbecomparedagainsteachotherforthefirsttime.

Intheyearsthatfollowed,JavaCardwentfromanideatoanenvironment,makingupthemajorityofallsmartcardsissued.Banerjeequotessomeimpressivenumbers.“Justinthepastyear,1.2billionunitswereshippedandtherearenowmorethan4billionincirculation.Infact,JavaCardisnowconsideredthelargestcomputingplatformbaseintheworld.”Gemaltohasplayedabigpartinthatstory;todayitisthebiggestlicenseeandlargestsupplierofJavaCards.

In2006,thingschanged.“Thenumberofcardsouttherewasgettingtoolargetomanage,”saysBanerjee.“Therecouldbetensofmillionsofcardsinphonesforasingleoperator.”JavaCardsneededamanagementsystemandInternettechnologiesweretheonlysustainable

TheJavaCardfile With more than a billion units shipped in

2007 alone, Java Card is transforming all kinds of mobile applications. The Review spoke to Ramanuj Banerjee of Sun Microsystems to trace its history and find out what’s on the cards for Java

way ofmanaging that size of application base.

“The way the silicon was getting faster and having more memory meant we could think about putting a web server on the card,” he continues. “That, combined with using USB to replace Java Card’s old, slow communications protocol, means that the latest iteration of Java Card actually changes the way in which applications are developed.”

looking to the futureOn 31 March 2008, Java Card 3.0 specifications were issued. Banerjee is enthusiastic about it, because “it’s opening up Java Card to a wider range of programmers. The built-in web server even includes a servlet engine.”

So why will the market want to switch to the new version? Continuity is a big reason. Take a government that wants to implement ID cards, for example. “Card supplies need to last at least 10 years, with continuity of the applications through many generations of silicon.”

Another reason is the shift to cloud computing. Java Cards are a tool that can help verify users to Internet services. Banerjee describes it as “a way of verifying outside of the system – to the systems outside of me. It’s no longer device-centric, instead it’s data-centric and control is with the data”.

Sun is investing significantly in cloud computing. Banerjee says that its Sun Ray terminal is “the culmination of the idea, where the smart card provides ID. We prove ourselves to the card, the card proves itself to

the system and the result is an end-to-end system of trust.”

Sun’s vision for the next generation of cards doesn’t stop at cellphones. With increased computing power in the card and greater bandwidth, there’s scope for a whole new range of applications. Banerjee suggests a few: “Cards will control Wi-Fi printers and turn cameras into web servers for sharing pictures. You could even have a search engine for your photographs.”

As Java Card evolves, larger amounts of memory can be added, mixing Flash with the smart card. There’s also added security here, allowing manufacturers to deliver trusted Flash.

But Banerjee expects the real future to come out of the mobile world. “Phones will be the major users of Java Card, with uses in every device that has connectivity. Smart card technologies will help to reduce security risks, adding a level of control that can help stop systems being hacked.”

Ultimately, Java Card has the potential to change the way mobile applications are deployed, making them more secure. Banerjee suggests one option: “It’s worthwhile for the phone to handle the user experience, so you separate the application and use the smart card for security, with the secure part of the application on the card.”

There’ll be plenty of power there, after all. “The phone may have more performance now, but card silicon is only two years behind,” he says.

One thing is for sure: the story of Java Card is one that will run and run.

“JavaCardhasthepotentialtochangethewaymobileapplicationsaredeployed,makingthemmoresecure”

4bnThe estimated number of devices in the world today that contain Java Card technology

author: SIMON BISSONportrait: ANTONIO OLMOS

www.gemalto.com 1�

OrganizedchaosDrivinginIndiaisnotoriouslychaotic:trafficrulesandbasicroadsafetyarewidelyignoredanddrivershavetocontendwithajumbleofbicycles,scooters,rickshawsandothervehicles.Nowonderthecountryisresponsiblefor10%oftheworld’strafficaccidents.That’sonereasonwhy,in2001,theIndiangovernmentdecidedtosetupasmartcardbasedvehicleregistrationprogram–tomakevehicleownersmoreaccountablefortheiractions.

The technologyGemalto’s smart card technology is an integral part of India’s vehicle registration program, launched in the state of New Delhi in 2004. The program is expected to be the largest of its kind in the world, with the potential for more than 100 million cards to be issued.

the big picture_ Transport

Imag

es: M

artin

Roe

mer

s/Pan

os

TheReview1� www.gemalto.com 17

society_ The digital citizen

Therıseofthedıgıtalcıtızen

Itcouldbeariddle:whatlookslikeabankcardbutcanbeusedtoregisteracar–and,inthenearfuture,acow?TheanswerisPortugal’snewCitizen’sCard,whichisbecomingmorewidelyavailablenationwidethisyearasthecountrytakesaboldsteptowardse-government.

Replacingthewallet-fatteningclutchofdocumentsthatPortuguesecitizenscurrentlycarry,thecardispartoftheadministration’sfar-sightedstrategytocutbureaucracyand

projectin2006.GemaltohassupplieditsSealyseIDcard,includingthesecureoperatingsystem,thepersonalizationsystem(usingtheCoesysIssuancesolution)andalltheapplicationsandmiddleware.High-securityprintingtechniquesareusedonthecarditself,augmentingthephysicalsecurityofthedocument.

It’sbypromisingtocutoutthefussinvolvedinhavingtoshuffleahandfulofimportantdocumentsthatthecardhaswonoverthePortuguesepublic.MiguelGanhão,executiveeditorofPortuguesedailypaperCorreio da Manhã,says:“Overall,peopleareenthusiasticaboutthis.It’smuchbettertohaveonecardthathasyoursocialsecuritynumber,yourfiscalnumberandyourhealthservicenumber,thantohave10cards.Peoplecanseethatit’sgoingtohelplessenday-to-dayproblems.”

online applicationsThegovernmentisconfidentthatPortuguesecitizenswillalsocometovaluethecard’sabilitytocutdownonhasslewhenit’susedonline.Thecardallowsholderstologonanddoimportantbusinessquickly,efficientlyandsecurely,withouttheneedtoleavetheirhomeoroffice.Likeabankcard,ithasachiponthe

left-handsidethatcanbereadwhenit’sslottedintoanelectronicreader.Cardholdersalsohaveafour-digitPIN.Thecardstoresadigitalsignatureanddigitalcertificatesforthepurposeofauthentication,aswellasotherdata,includingtheholder’sfingerprint–whichisalreadycustomarywiththecurrentIdentityCard.

Usedonlineinconjunctionwithanelectronicreader,theCitizen’sCardcancurrentlyfacilitatesiximportantactions.TheseincludecreatingacompanyusingthePortalDaEmpresa(BusinessPortal),registeringacar(atwww.automovelonline.mj.pt),andchangingaresidentialaddressbyloggingonatthePortalDoCidadão(Citizen’sPortal).Inaddition,thecard’sdigitalsignaturecanbeusedtosigndocuments,acapabilitythatisalreadybeingputtouseinternallybyprivatecompaniesandgovernmentbodies.

Infuture,itwillalsobepossibletousethecardbyphone,ensuringthatthosewhoareInternet-shy,orwhosimplydon’thaveaccesstotheweb,arenotexcludedfromtakingadvantageofitstime-savingcapabilities.Ofcourse,thecardcanbealsoproducedforthepurposesofidentificationwhileinteracting

Portugal is introducing a digital Citizen’s Card that replaces a host of paper documents – and it has a host of useful applications, too

author MARCUS TROWER >

heraldsaboldneweraofonlineinteractionwithgovernment.

TheCitizen’sCardreplacesthecurrentIdentityCard,Taxpayer’sCard,HealthServiceCardandSocialSecurityCard–andinthefutureitwillalsobeusedforvoting,thusreplacingtheVoter’sCardaswell.Thegovernmenthopesthisapplicationwillcommenceatnextyear’selection.

ThePortugueseNationalPrintingOfficechoseGemaltoastheprimecontractorforthe

1� TheReview www.gemalto.com

withgovernmentbodiesinpersoninthenormalway.

FurtherusesfortheCitizen’sCardarepromisedastheprojectgainsmomentum.AnabelaPedroso,presidentofAMA(theAgencyforPublicServicesModernization),thepublicbodyresponsiblefortheproject,explainsthatthegovernment’sstrategyhasbeentocreatethecardfirstandthenengineerusefulapplicationsarounditafterwards.

“Inthefirstplace,it’simportanttohavethecardandforeveryonetounderstandit,”shesays.“Then,atthesametimeasrollingitout,wearecreatingapplications.Weneedtohavemoreonlineservices–thekillerapplicationseveryonewilluse.Wearetryingtounderstandwhattypewillbeusefulforcitizens.”

remote originsOneprojectAMAhasinthepipelinewillenablepeopletoapplyforsocialsecuritybenefitsonline.AnotherverydifferentprojectwillallowinhabitantsoftheAzorestoregistercattlethroughtheInternet.“It’soneofthemainprojectsthere,becausedairyfarmingistheircorebusiness,”saysPedroso.“It’sourgoaltodeliverapplicationslikethisthatmeetcitizenneeds.”

ItwasintheAzores–thePortuguese-ownedgroupofislandsinthemiddleoftheAtlanticOcean,1,500kmfromLisbon–that

theCitizen’sCardbeganitsjourneyintothewalletsofthePortuguesepeopleduringapilotprojectthatbeganontheislandofFaialinFebruarylastyear.An86-year-oldmananda15-year-oldfemalestudentwerechosentobethefirsttwopeoplewhosefaceswouldgracethedocument.ItwaslaunchedbyJoseSocrates,Portugal’sPrimeMinister,ataceremonyinHorta,themainportofFaial.

“ThePortuguesepeoplehavetoseethattheyhaveacompetentpublicadministration,”saidSocratesatthelaunch,addingthatthecarddemonstratedthatPortugalhadapublicadministrationthatwas“modern,rigorousandambitious”.HesaidthefactthatitslaunchhadoccurredinalocationrightontheedgeofbothPortugueseandEuropeanterritorydemonstratedthatthecardwasmeantforeveryone.

nationwide roll-outToday,theAzoreshasthelargestconcentrationofcardholderswithinthecountry.Nearly50,000Azoreans,orroughlyafifthoftheislands’population,havepickeduptheircard,whichcosts€12.Roll-outofthecardsonthemainlandbeganinJuly2007withtheirintroductiontothedistrictofPortalegre.BythebeginningofAugustthisyear,morethan140,000Portuguesecitizens–about1%ofthepopulation–possessedthenewidentitydocument,whichwasavailableat248centersacrossthenation.Thenetworkofcenters

issuingthecardisexpectedtorisedramaticallybytheendof2008asthegovernmentmakesthedocumentavailableinallmunicipalitiesthroughoutthecountry.

Portuguesecitizensareundernocompulsiontoapplyforthecard.Instead,theycaneitherchoosetogettheirsvoluntarilynow,ortheyareissuedwithitwhenoneoftheexistingdocumentsitreplacesrunsoutorislost.

Withnationwideroll-outstillinitsearlystages,it’snotyetclearjusthowfarPortuguesecitizenswillembracenewformsofelectronicinteractionwiththeadministration.However,Pedrosoisconfidentthattheywillbeattractedbyitsbenefits–andsheseessomepromisingearlyindicators.

“SinceweintroducedtheCitizen’sCard,thenumberofenterprisescreatedthroughtheBusinessPortalontheInternethasincreasedalot.That’sastrongindicatorthatwewillhavealotofpeopleusingtheInternetinthefuture,despitehavingotherchannelsattheirdisposal.”

Aspartofthegovernmentstrategytodematerializeservices,AMAisnowlookingtocreateportalsthatmakepeople’sliveseasier.“Forinstance,wewanttocreateaone-stopshopforseniorcitizens,whichtheycanuseontheInternetorinperson,”saysPedroso.“Imaginetheservice:theywillbeabletogotoaLojaDoCidadão[Citizen’sShop]wheretherewillbeauniqueplaceforthemtotakecareoftheirpensionorgetinformationormakeaholidayreservation.

“WewanttoputthissortofportalontheInternet,too,sotheycanhavethesameservicethere–and,inthefuture,bytelephone.Thiskindofmultichannelone-stopshopisourideaofthefutureofe-government.”

The smart card driver’s license scheme that was piloted in one Mexican state last year has proved so beneficial in reducing traffic accidents, insurance costs, identity theft and even fraud in the administration that the project is set to expand further into the country.

In partnership with its local partner, Cosmocolor, Gemalto supplied the Instituto de Control Vehicular de Nuevo León with the Sealys eDriver license, which contains biometric and personal information on a microprocessor chip. Data from the cards can be scanned into a portable card reader using secure, dynamic technology that saves time and eliminates the need for piles of official paperwork.

The card’s efficiency in storing extensive driver information, such as details of previous accidents and traffic violations, is a big draw for licensing authorities and police alike. It is playing a vital role in reducing the number of accidents on Mexico’s roads, too. Since the scheme’s launch in Nuevo León in January 2007, the number of road accidents in the state’s three major municipalities has fallen dramatically, from 41,993 in 2006 to just 4,575 in the first third of 2008. The numbers of fatalities and incidents of drink driving have also been significantly reduced.

Mexico is the first Latin American country to introduce the eDriver license. Following the success of the cards in Nuevo León, the states of Veracruz, Sonora and México are now switching to eDriver licenses as well.

As well as proving useful for traffic authorities in the country, the

smart card licenses are benefiting drivers in the fight against identity theft. Because it stores its owner’s photograph and fingerprints, the license is a watertight credential, and people who want to obtain credit, cash checks or open bank accounts are using it as ID. Banks are able to read the cards using their existing POS payment terminals.

Another advantage for drivers is lower insurance costs, as swift and reliable access to drivers’ histories enables insurance companies to issue more accurate premiums.

The state of Nuevo León’s Board for Transport and Roads is delighted with the scheme. “The electronic licenses allow us to collect information about drivers and their vehicles instantly, whereas before this process would take a lot of time, especially when data had to travel across municipality borders,” says Dr Hernán Villareal, the department’s executive director.

He adds that the eDriver licenses also serve an additional purpose in protecting the public from one of Mexico’s more controversial driving issues – bribe-taking by unscrupulous officials. “With this technology, we know that tickets for traffic offenses can be issued remotely, which enables us to fight corruption.”

making the roads safer down Mexico way

“PeopleareenthusiasticabouttheCitizen’sCard.Theycanseeitisgoingtohelplessenday-to-dayproblems”MiguelGanhão,Editor,Correio da Manhã

140,000The number of Portuguese citizens who already have one of the new digital Citizen’s Cards

The Portuguese Citizen’s Card and the Mexican eDriver license are both examples of Gemalto’s range of fully compliant smart card based solutions for the public sector.

society_ The digital citizen

1�

>

Portuguese people can use their Citizen’s Card at Citizen’s Shops to do everything from changing their pension payments to booking a holiday

4,575The number of road accidents in Nuevo León’s three major municipalities in the first three months of 2008 – compared to a total of 41,993 in 2006

Imag

es: N

ichola

s Pitt

/Pho

tolib

rary,

Alam

y

global snapshot_ Statistics

�0 TheReview www.gemalto.com �1

Theworld_ by numbers

43mıllion

The latest forecasts predict that there will be as many as 43 million WiMax subscribers in the Asia-Pacific region by the end of 2013, producing revenues of approximately US$11 million a year for local operators.

The mobile Internet has reached a critical mass of users in 2008, according to analysts Nielsen Mobile. Take-up is highest in the USA, where 40 million people – 16% of cellphone users – use their handset to browse on the move. The UK and Italy are second and third in the table. The survey found that the most popular activities among mobile Internet users were checking email, visiting social networking sites and banking.

A recent report claims that 23% of the world’s smartphones will have a Linux operating system by 2013. Two frameworks, LiMo and Android, are competing for market share, both with the aim of eliminating some of the costs associated with developing mobile applications for multiple operating systems by using Linux’s open source code.

AustralianslostalmostAus$1billionin2007asaresultofInternet-basedpersonalfraud.Morethan800,000peoplefellvictimtoatleastonefraud,representing5%ofthoseaged15oroverinthecountry.

40m

A vulnerability in a web server contributed to attacks on 300 websites in Lithuania by Russian nationalists in early July, after the government passed a law prohibiting the public display of symbols from the Soviet era. Most of the sites were hosted on a single server, and experts think the vulnerability was either in the server’s software or its Linux operating system.

23%

A massive 79% of UK consumers are concerned about the methods used by banks and telecoms companies to confirm a user’s identity over the phone, according to a survey carried out in June. Only 21% said they were not worried about the possibility of fraudulent access to their telecoms accounts, and just 9% had no concerns about criminals gaining access to their bank accounts.

79%

300

7,400In the first 10 days after restrictions on the ownership of mobile phones in Cuba were relaxed, Cuban citizens took out 7,400 new mobile phone contracts. Previously, only government officials and people working for foreign firms were allowed to own a mobile phone.

50%Mobile phone penetration in pakistan passed 50% in the second quarter of 2008. By the end of June, the total number of connections had reached 88.02 million.

$1bn

Imag

es: G

etty,

Istco

k, Al

amy

TheReview�� www.gemalto.com ��

solutions_ Modernizing healthcare

Takingcareofpatients’data

In a world where you can Twitter instantly with friends on another continent, watch their antics on YouTube and even speak to them online without using a phone, it seems bizarre that the local hospital may still be keeping your sensitive medical information in a filing cabinet. This situation is starting to change, however, as healthcare providers around the world introduce increasingly sophisticated IT systems to store and share patient data.

“There will be an enormous move to electronic systems in the next few years,” says Bonnie Michelman, President of the US-based International Association for Healthcare Security and Safety (IAHSS). “The accuracy, efficiency and convenience that they bring all have a huge impact.”

Each country’s requirements are different, but every e-healthcare project features one or both of these two elements:Secure electronic storage of patient data in

a format that can be accessed and updated as necessary by healthcare professionalsThe distribution to patients of smart cards that

can be used for storing medical information (such as blood group, allergies and treatment history), verifying their identity, carrying prescriptions and making health insurance claims

the benefitsEither of these elements can be implemented in isolation, but it’s the integration of secure data storage with its safe transportation that brings the greatest benefits in terms of security, efficiency and cost-effectiveness.

For example, a fully integrated e-healthcare system makes it possible for a doctor to upload a prescription onto a national database and the patient’s personal smart card at the same time. The patient then takes the smart card to a drugstore, where the pharmacist can insert it

into a reader to confirm the details of the prescription. Meanwhile, those details are now on the database so that other medical professionals can view them as necessary.

Enabling electronic patient data to be shared and updated by clinicians involved in different phases of a patient’s healthcare process is a key benefit of e-healthcare. It helps to eliminate the possibility of clinical or administrative errors such as those that led to the 2001 Lipobay scandal in Germany. Lipobay was a drug that was used to lower cholesterol and prevent cardiovascular disease, but a number of patients died because of the effects of combining Lipobay with other medicines.

This was able to happen because data was not exchanged between the various doctors treating each patient; electronic storage of patient records allows doctors to cross-check the medicines used to treat each individual.

the challengesThere are two key challenges facing the administrators of e-healthcare projects – and the first has nothing to do with technology and everything to do with the people who use it.

The problem is that the weakest link in any security chain is staff behavior. Marjan Suselj, director of the HIC System Sector at the Health Insurance Institute of Slovenia, explains: “It’s important to ensure the highest level of data privacy, which needs to be incorporated not just into a new IT infrastructure, but also into new ways of working.

“It’s not just about technology issues – it’s about changing organizational processes. This requires staff training and ensuring that the necessary documentation is there. It’s a big change management project.”

So it is vital for hospitals and other healthcare providers to develop carefully thought-out security procedures backed up by clear, written user policies in order to ensure

One of the biggest challenges facing healthcare providers around the world is ensuring the protection of sensitive patient data. The Review investigates the key issues and looks at how they are being addressed in different countriesauthor CATH EVERETT

>

25mThe number of eHealth cards that Gemalto is providing and personalizing for customers of AOK in Germany

“Electronicstorageofpatientrecordsallowsdoctorstocross-checkthemedicinesusedtotreateachindividual”

www.gemalto.com

thateachmemberoftheorganizationisawareoftheirdutiesandresponsibilitiesastheyrelatetosecurity.

“It’scritical,”Michelmanconfirms.“Hospitalsneedtomandatethattheiremployeesandphysiciansmanagetheirinformation.Thatinformationmightresideonanythingfromlaptopstoharddrivesthataremovedaround,sothereispotentiallyahugeriskofIDtheftandbreachesofmedicaldata.”

Theriskofidentitytheftisthesecondkeychallengefore-healthcareadministrators.Thedownsideofautomationisthatopeningupsensitivepersonaldatatogreaternumbersofpeoplecanincreasetheriskofitbeingviewedbyunauthorizedparties.

DaveMarcus,DirectorofSecurityResearchandCommunicationsatMcAfee’sAvertLabs

unit,saysthatthehealthcaresector’smoveintoelectronictransactionsiscurrrentlybeingmatchedbythecriminalunderworld’sdevelopmentofmeasurestostealprivateinformation–includingidentitydata–thatcanbeusedforprofit.

Thetaskofsafeguardingsuchdataisthusanongoingprocess.“That’sjustthenatureofcomputersecurity–it’sdynamicandpronetoastateofflux,”saysPaulJudd,RegionalDirectorfortheUKandIrelandatFortinet,aunifiedthreatmanagementvendor.“Ican’ttellyouwhatwe’llneedtoaddnext,butIknowit’sgoingtocome,andfast.”

Soultimately,thekeychallengeforhealthcareorganizationsliesinstrikingabalancebetweenmakingasystemeasytouseandensuringthatwatertightsecuritycontrolsareinplace.

>

>

�� ��

world records

AlgeriaAzerbaijan

sloveniaSlovenia is in the process of introducing a national IT infrastructure to enable medical professionals to share patients’ health information on a nationwide basis and ensure that patients can access their health insurance data online.

The country rolled out a health insurance system based on Gemalto smart cards in 2000, in a move that helped to free up clinicians’ time in order to spend more time with patients. However, the initiative was not sufficiently coordinated at the national level initially. This meant that, while healthcare insurance companies were able to exchange medical data electronically, the same was not true of healthcare providers, where activities were often paper-based and processes were not standardised. A lack of central IT funding was also leading to a growing gap between requirements and practice on the ground.

As a result, all participants in the local healthcare market, including the Health Ministry, the Health Insurance Institute and the National Council for Healthcare Informatics, came together in 2006 in order to create the eHealth 2010 project.

The aim of the scheme is to enable 30,000 healthcare professionals and pharmacists to exchange information electronically and securely in real time using e-signature based

documents, in order to ensure joined-up patient healthcare.

Marjan Suselj, director of the HIC System Sector at the Health Insurance Institute of Slovenia, explains one of the benefits of the new system. “Pharmacists, for example, will be able to issue drugs electronically and link the data with patient records. This means they can see what other drugs have been prescribed and check how they interact, to prevent complications.”

Healthcare professionals will also be able to use the same network to share health insurance data with insurance companies. The increased transparency this will bring is expected to reduce misuse and fraud.

All parties will be able to securely authenticate themselves to the system using Gemalto’s digital certificate based smart cards, both for identification purposes and in order to provide an audit trail.

Suselj says: “Security is a key issue for the entire system because

this is sensitive patient data, so the entire project has been developed with this in mind.”

In the past, patient data was held on each citizen’s health insurance card, which was updated to include any changes in the available data. In future, however, individuals will be provided with new digital certificate based smart cards – again from Gemalto – for identification purposes. The cards will enable them to securely access their insurance data, which will be held in back-end databases but accessed via an eHealth portal.

Over time, other goals include enabling citizens to book an appointment online to see a specialist, which should improve waiting list times.

A field trial of the new online system was due to take place in October among 100,000 people in the western region of Slovenia. Roll-out will start in March 2009 and is scheduled to be completed by the end of that year.

germanyGermany is currently in the throes of implementing a national IT infrastructure to support the transformation of patients’ existing health insurance cards into fully functional eHealth cards.

One of the goals of the project is to ensure that practitioners can exchange electronic patient data more effectively, in order to improve the quality of patient care – and prevent the recurrence of a

Countries around the world are facing their own unique challenges as they modernize their healthcare systems and the way they manage patient records. Over the next three pages we look at four examples

480bcIt’s said that, during the Greek and Persian war of 480BC, an emissary was sent with a hidden message urging Aristagoras of Miletus to revolt against the Persian king. The message was tattooed on his shaved scalp and his hair was then allowed to grow back to full length. This is perhaps the first recorded example of steganography, or covered writing.

But what of cryptography – literally, hidden writing? The conversion of text (or computer code) into a cipher or code – encryption, in

other words – is nothing new. However, you may be surprised at just how far back in history the obfuscation of information using a secret key actually stretches.

3rd century bcThe oldest known encryption device is the scytale, or Spartan Stick. The sender would wrap a parchment belt around a stick, or scytale, and then write the message along its length. Unwrapped, the result was gibberish. Only when a stick of exactly the same diameter

was used to re-wrap the belt would the message become legible once more.

44bcYou need to jump forward to 44BC and the Roman Emperor Julius Caesar to get a true cipher in real-world use. Caesar used a substitution cipher technique, shifting letters by a known set amount (for instance, A becomes E, B becomes F, C becomes G, and so on), to good effect during the Gallic wars, sending secret messages to his generals.

9th centuryWherever there are code makers there will be code breakers, and this has been true throughout history. Take the 9th-century code breakers of Baghdad, who worked out that in a monoalphabetic cipher that replaces a letter with a symbol, there is a flaw, in that frequency stays constant. For example, if the number five appears in a message more often than any other character, it is probably hiding an E – the most commonly used letter in the English language.

1467Leon Battista Alberti probably had the biggest impact upon cryptography for centuries when, in 1467, he invented the polyalphabetic cipher disk. The use of separate alphabets on concentric rings was a revelation, not least because they hide those frequency patterns, so an E might still be represented as five if it appears as an even letter, but could be a seven if it is an odd one. The World War Two Enigma machine is perhaps the most famous example of a polyalphabetic cipher.

18th centuryThomas Jefferson further developed the cipher wheel concept when he built one consisting of no fewer than 36 wooden wheels on a central rod, each engraved with a scrambled alphabet. This could create a 36-letter message on one row and be encoded simply by writing the letters from another row. Recreate that jumbled text and the message reveals itself. In fact, this simple idea was so efficient that the US Navy successfully used a variation on the strip cipher in World War Two.

solutions_ Modernizing healthcare

TheReview

the history of encryption

30,000The number of healthcare professionals and pharmacists in Slovenia who will be connected by the eHealth 2010 project

Germany

Slovenia

TheReview�� www.gemalto.com �7

solutions_ Modernizing healthcare

“Theintegrationofsecuredatastoragewithitssafetransportationbringsthegreatestbenefits”

>

algeriaAlgeria’s healthcare organization, CNAS, has spent the past two years introducing a smart card based national healthcare system.

CNAS sits within the Ministry of Work and Social Security and works with 10 regional health bodies, which cooperate in turn with the health boards of each of Algeria’s 48 departments. These boards are responsible for supporting the country’s 185 health centers.

Algeria’s healthcare network is complex and widely dispersed, so the aim of the initiative is to introduce a standardized national system. This will cut administration costs and boost efficiency by improving information collection and trends analysis. Other goals include increasing the speed of reimbursement following patient claims, automating prescription provision and reducing fraud.

Gemalto is the prime contractor and has been involved in the project from the outset; a successful pilot

project saw 700,000 smart cards deployed across the country and claim reimbursement times cut from 30 days to just five. Gemalto provided consultancy on systems architecture, security mechanisms and underlying business processes. It also customized its PC-based Coesys Issuance, Enrolment and eGovernment applications and the Sealys smart card system to fit CNAS’s own unique requirements.

Patients are now issued with a PIN code-protected smart card for identity and security purposes, while health professionals use a USB key. This gives them a quick and simple means of authenticating themselves to the system online so that they can sign prescriptions electronically and ensure that all data is fed into a central repository for subsequent trend analysis.

A total of seven million smart cards will be rolled out by the end of 2008 to those workers and their dependents who are covered by the scheme.

azerbaijanAzerbaijan has just started implementing a national eHealthcare program, the first large-scale eGovernment project in this biggest and most populous country of the South Caucasus.

The Ministry of Health is driving the initiative, which will enable Azeri citizens to submit electronic rather than paper-based insurance claims after having accessed social security services, speeding up the reimbursement process. Gemalto will provide its eGovernment middleware as well as three million Sealys smart cards for identification and security purposes, while its local partner Bestcomp will act as systems integrator for the project.

The pilot phase began in February 2008 and a progressive rollout of the smart cards will take place over the next two years. Over time, however, the cards will also act as a foundation for the entire population to access a wider range of social security benefits.

pharmaceutical disaster similar to the Lipobay scandal that occurred in 2001. Then, the interaction of different types of prescribed medication resulted in a number of accidental deaths. This led to legislation being passed in 2004 requiring that all citizens carry an eHealth card, to guard against this type of situation.

Pablo Mentzinis at Bitkom, the industry body representing companies operating in the IT, telecoms and new media fields, explains the rationale behind the move. “It’s all about the exchange of patient histories and cross-checking the medicines used,” he says. “This means ensuring that a single file holds a patient’s entire medical history, rather than several that originate from different points, are not interlinked and haven’t been exchanged between different doctors or hospitals. Having one file ensures that dangerous ‘pharmaceutical conflicts’ simply cannot happen.”

Other goals are to prevent misuse of the healthcare system and to cut costs. The German Ministry of Health stated in a 2004 report that the country spent €200 million each year on employing staff at different agencies to manually transcribe medical records and prescriptions, and pass them back and forth between one another, making such activity prone to administrative errors.

An umbrella organization called Gematik was set up in 2005 to coordinate the project. It will also operate the new IT infrastructure, which will connect 123,000 GPs, 21,000 pharmacies, 65,000 dentists, 2,200 hospitals and 300 public and private health insurance companies, to enable them to exchange information.

As a key part of the project, AOK, Germany’s largest health insurance provider, has commissioned Gemalto to provide and personalize 25 million eHealth cards for its customers. Gemalto is

also supplying medical practitioners with eHealth terminals – its next generation of card readers.

The electronic health cards, which include digital certificates for identification purposes in order to reduce fraud, will initially be used to hold insurance data, but in due course they are also expected to incorporate emergency information such as blood group, allergies, ongoing treatment and insurance details. Further into the future, it is anticipated that the scope of the cards will broaden to hold all types of patient data.

Medical professionals will likewise be issued with their own digital certificate based cards to enable them to securely access electronic medical files. The move will also reduce administrative and operational costs for insurance providers, not least by preventing duplicate examinations, which should cut the unnecessary use of healthcare services.

Rolf Hoberg, Chairman of AOK Baden-Württemberg, says: “Gemalto won the Europe-wide pitch, as it was able to demonstrate the best offer in terms of both cost and benefits. It has supported AOK Baden-Württemberg in its tests in Heilbronn, contributing both test cards and knowhow.

“Together, we introduced and

7mThe number of smart cards that will be distributed to Algerian citizens by the end of 2008

“Hospitalsneedtomandatethattheiremployeesandphysiciansmustmanagetheirinformation”BonnieMichelman,InternationalAssociationforHealthcareSecurityandSafety

tested the personalization process, the cards’ look and feel and mechanisms for secure data communication. Gemalto really proved themselves here, thanks to their strong solution focus and their ability to deal proactively with our requirements.”

Pilot projects have already taken place in seven regions of Germany. The nationwide rollout is expected to take place in 2009, starting in a single region of North Rhine-Westphalia and spreading out from there.

>

Imag

es: Je

an-M

ichel

Clajo

ut/R

epor

ters/

Redu

x, Gi

ulio S

arch

iola/

Cont

rasto

/Eye

vine,

Jupite

r, Ben

jamin

Lowy

/VII

Netw

ork,

Robi

n Ham

mon

d/Pa

nos,

Istoc

k

TheReview

technology_ Banking on the move

Themobilebankingrevolutıon

MobilebankingbycellphoneisboominginColombiafollowinganadvertisingblitzbythreeofthecountry’slargestbanks(Bancolombia,AVVillasandDavivienda).TheserviceusesGemalto’ssecuresoftwareapplicationinSIMcards,whichallowscustomerstomakesecuretransactionsonthemove.Theycanaccessbankingservices,transfermoney,checkaccountbalances,rechargemobilephones,paybillsandmore.

MobilebankingisexpectedtotakeoffinabigwayinLatinAmericancountries,whichhavehighlevelsofcellphonepenetrationbutlowlevelsofInternetaccess.

“Morethan85%ofColombianshavecellphones,”saysGermanMartinez,Gemalto’sSolutionManagerLeaderinBogota.“InVenezuelathefigureisabout90%andinArgentinait’sabout95%,whereasonlya

minorityhaveInternetaccess.[Amere12%ofColombiansareinternetusers,accordingtoofficialfiguresfrom2007.]Butpeopleatalleconomiclevelswillhaveaccesstomobilebanking.Thephoneissomethingthatyoualwayshavewithyou.”

AllthreeofColombia’scellphonenetworksareofferingtheservice,anditworksovertheSMSchannel–somethingallcellphoneshave.Onekeyfactorofitssuccessfullaunchwasthatitisfreeforcustomers,withthecostsbeingabsorbedbythebanksandthecellphonecompanies.

Banksarehopingtheservicewillallowthemtocutcosts.TheaveragetransactioncarriedoutbycellphonecostsCOL$0.08,comparedwithCOL$0.27foranATMmachineandCOL$1.07foratransactioninabranch.

Customersliketheservicebecauseitcanbeused24/7andallowsthemto

An unprecedented collaboration between Colombia’s cellphone operating companies and banks has made it possible for people to do their banking on the moveauthor MATTHEW BRISTOW illustration PAUL JACKSON

�� www.gemalto.com

>

��

TheReview www.gemalto.com �1

avoidlonglinesinbankbranches.“SofarI’veonlyusedittorechargemyphone,butitworksreallywell,”saysCarolinaSanchez,anofficeworkerinBogota.“It’sveryconvenient,especiallycomparedwiththerestofthechannelsofferedbythebanks.Youdon’thavetowasteyourlunchhourstandinginline.”

banking with one handTheapplicationisdesignedtobeuser-friendly.Toemphasizetheservice’seaseofuse,televisionadsforBancolombiashowpeoplebankingwithonlyonehandwhileatpartiesandoncampingtrips.

“Thebasicpremiseisthatitisintuitiveanduser-friendly,”Martinezconfirms.“Asacustomer,youdon’tneedanytrainingtouseit.”

ThechallengeforGemaltowastodesignasystemthat,aswellasbeinguser-friendly,wascompletelysecureandwouldworkonanycellphone–eventhemostbasicmodels.What’smore,thewholesoftwareapplicationhadtobecrammedinto20KbsothatitcouldfitontheSIMcard.

Eachtransactionisencryptedbyapplyingaunique3DESkeyand,inthefirst12monthsaftertheservicewasintroduced,therewasnotasinglereportedcaseoffraud.

Bancolombia,Colombia’slargestbank,wasthefirsttointroducethe

service,inJanuary2007.Forfourmonths,mobilebankingtransactionshoveredaround10,000amonthforthewholeofColombia.Then,inMaylastyear,BancolombiastartedtheirTVadvertisingcampaign,andmobiletransactionshadshotuptomorethan200,000amonthbySeptember.InOctober,afterasecondbank,AVVillas,startedpromotingtheservice,transactionsdoubledtomorethan400,000amonth.

Sincethentheservicehascontinuedtoincreaseinpopularity.ByJune2008,monthlymobiletransactionswererunningat550,332,withtheaverageusermakingsixtransactionsamonth.

“Ithassurpassedourexpectations,”saysMartinez.“Itisanewsystem.Peoplehadnoexperienceofusingit,butit’salreadygeneratingmorethanhalfamilliontransactionsamonth.”

On1August,Davivienda,thethirdmajorColombianbank,introducedtheservice,whichitbeganactivelypromotingafewweekslater.FurtherspikesinusernumbersareexpectedinthecomingmonthsasmoreColombianbanksjumponthebandwagon.

Becauseofthesuccessofthissolution,mobilebankinginColombiaisnowevolvingtoprovidenewservicessuchasmobilepaymentsandmobilemoneytransfers–bothofwhicharecomingsoon.

“It’sveryconvenient.Youdon’thavetowasteyourlunchhourstandinginline”CarolinaSanchez,officeworker

While mobile contactless payment is starting to gain traction around the world, Europe is perceived by some commentators to be lagging behind. That may all be about to change if the results of the ‘Payez Mobile’ trial in France are as positive as expected.

The trial, which began in November 2007, is the result of a collaboration between numerous organizations under the umbrella of the Pegasus group: six major French banks, four mobile operators and several key technical suppliers, including Gemalto, which is providing SIM cards and its Allynis secure application management systems. These are being used to ensure that

the various applications installed on the user’s SIM card are isolated from each other – an essential security consideration for the financial institutions involved.

speed, simplicity and securityThe participants in the trial are 1,000 customers and 200 sales outlets in the cities of Caen and Strasbourg. They’re testing a mobile contactless system that uses existing bank card infrastructure and NFC technology. One or more payment applications (one for each bank) are installed on the customer’s SIM card, and they can then use their cellphone to make payments in participating shops. For payments of more than €20, customers have to enter a PIN on their cellphone keypad; for smaller amounts they can choose to pay without using a PIN.

The key benefits for the customers are speed, simplicity and security. The stores enjoy quicker checkout lines, the savings that result from the

reduced need to handle cash, and the positive associations they reap by being seen to be using technical innovations that benefit customers. An interim study by the Pegasus group found that the customer satisfaction rate was over 90%, with the ‘all-in-one’ approach and ease of use standing out as the most popular features.

With positive results like this, it seems highly likely that Payez Mobile will be rolled out across the country in the near future. The organizers of the trial believe that by 2012, several million French consumers will be using contactless mobile payment.

Beyond that, the work done in setting up Payez Mobile is also contributing to the definition of an international standard for contactless mobile payment. To that end, international organizations such as Visa and MasterCard have been involved from an early stage to ensure compatibility with their systems.

Going shopping?Don’t forget your cellphone!

A major trial in two French cities could help to define the international standards for mobile contactless payment

90%The overall customer satisfaction rate with the Payez Mobile trial so far

technology_ Banking on the move

>

�0

news

�� TheReview www.gemalto.com

Digest_ In brief

��

asia and oceania

3GcomestoBrazilGemaltoprovideditsUSIMcardstoBrasilTelecomforthelaunchofits3GnetworkinJune.TheUSIMtechnology–advancedsoftwareadaptedfor3GnetworksandloadedinSIMcards–willallowBrasilTelecom’suserstoaccessuniquevalue-addedservicesandbenefitfromhigherlevelsofsecurityonelectronictransactionsperformedwiththeircellphones.

The number of OTA (over the air) updates for cellphone subscribers in china that Gemalto has successfully carried out. This involved sending 6.3 billion text messages to GSM and CDMA cellphone customers in eight provinces.

53million

smart iD cards for alien residents in taiwanThe National Immigration Agency (NIA) in Taiwan has chosen Gemalto to supply it with electronic Alien Resident Certificate cards. Compared with the existing paper documents, the credit card-sized Gemalto Sealys microprocessor version reinforces security by drastically improving resistance to forgery and counterfeiting. Gemalto has already delivered 300,000 of the cards, and the NIA plans to replace all remaining paper cards by 2009.

italians use their cellphones to take the busTIM (Telecom Italia Mobile) has chosen Gemalto to support the launch of an unprecedented NFC program in Trento. Gemalto is providing TIM with transport applications embedded in SIM cards, allowing TIM customers to use their cellphone as a convenient access device to take public transport. Users can buy tickets from anywhere at any time through their cellphone and use it as a transport pass – even when the battery isn’t charged.

north and south america

europe and africa

an nFc mobile contactless world firstTaiwan’s leading telecoms company, Taiwan Mobile, has chosen Gemalto to provide the world’s first commercial NFC (Near Field Communication) SIM-based mobile contactless system. It’s designed to remotely manage the life cycle of any type of contactless service within a cellphone environment – especially payment applications, where high levels of security are essential. Taiwan Mobile will be able to register, issue, manage and terminate mobile NFC services over the air, while its subscribers will be free to purchase goods securely, top up their transport passes and manage coupons using their cellphone in contactless mode.

Multimedia SIMs come to ChinaThe first large-scale multimedia SIM deployment in Asia is taking place in the Chinese provinces of Guangdong, Shanxi, Beijing, Jiangsu and Shanghai, where Gemalto is deploying FullMultimedia SIM cards for China Mobile. The project was launched with four different Windows Mobile 6.0 handsets from leading Asian manufacturers, and Gemalto was able to integrate multimedia SIM-based content and applications into the high-functionality handsets without any problems. The FullMultimedia SIM is being distributed to China Mobile’s premium subscribers and features a multimedia phonebook and advanced SMS management – two applications the telecoms company has identified as critical.

Gemalto has received the 2008 Tomorrow’s Technology Today Award for its Smart Enterprise Guardian (SEG). Silicon Valley-based Info Security Products Guide named Gemalto the winner in the Personal Portable Security Devices (PPSD) category. The SEG is a unique, multi-function USB device jointly developed by Gemalto and Lexar. “To get this recognition in the new PPSD category is exciting,” said Jerome Denis, Marketing Director for Identity Access Management at Gemalto. “The SEG is an ideal example of a PPSD. It takes advantage of the highest levels of security that smart cards provide, delivering email encryption, two-factor authentication, digital signature, portable encrypted Flash and hard disk encryption.”

credit cards get personal in canadaGemalto is providing its CardLikeMe service to Canadian company PlasticNow, giving consumers the ability to customize their PlasticNow prepaid MasterCard with a personalized photo of their choice. Allynis CardLikeMe is completely web-based; cardholders can simply connect to the PlasticNow website, upload an image from their computer and order their card instantly online.

Data protection is a priority for Virchow KrauseVirchow Krause & Company LLP, a major accounting firm in the United States, is using Gemalto technology to protect its client data. This includes accounting and financial reporting as well as information on mergers, acquisitions and private investment banking. The new strong authentication solution combines Gemalto .NET card technology with one-time password (OTP) in a single convenient USB device.

A badge you can trustGemalto’s Instant Badge Issuance (IBI) is a new smart card identity badge creation system that complements Microsoft’s Identity and Access solutions and enables enterprises to produce employee IDs locally in minutes. IBI prints graphics and personalizing applications on a magnetic stripe or ISO 14443-compatible contactless chip, and works with Microsoft Active Directory and Identity Lifecycle Manager to load digital certificates directly onto the smart card. The result is a badge that gives employees secure access to facilities, networks and applications.

seg is a winner

Barclays PINsentry passes 1 million usersMore than 1 million customers of Barclays Bank in the UK are now using its cryptographic smart card reader for online banking transactions. The reader, which Barclays has named PINsentry, is supplied by Gemalto and offers extremely strong authentication – so much so that not a single PINsentry online customer has been a victim of fraud since it was introduced in July 2007. User feedback has been extremely positive and Barclays says customer acceptance of the device is 30% higher than it anticipated.

Polish students go electronicGemalto has supplied 1 million electronic identity cards to students in Poland. The card provides far more than just proof of ID, though. Students can use it to gain access to university premises, including libraries, dormitories and sports facilities; to pay for public transport in major Polish cities; to pay for car parking; and to claim student discounts wherever they are available. More than 100 universities and high schools in Poland are currently issuing the e-student card, and a further 300 institutions are expected to follow suit.

Orange Business Services (OBS) has selected Gemalto’s Upteq Smart Dongle to field test the USB-Connect service in the French business market. USB-Connect allows OBS customers to use their PC as a business line wherever broadband Internet access is available, keeping their Orange phone number, voicemail and contacts. The service is aimed at nomadic workforces, home workers and travelers.

gemalto buys multosGemalto has acquired Keycorp’s smart card business and Multos Ltd, a leading supplier of smart card operating systems to the financial services and government sectors. The MULTOS smart card operating system was the first to receive the highest security certification possible – ITSEC E6 High/EAL6+.

orange is quick on the upteq

Imag

es: G

etty,

Pan

os, Ju

pite

r

��

column_ Cyberterrorism

It’shardtoimagineaworldwithouttheInternet.ForgetaboutemailforamomentandthinkinsteadintermsofobtainingcashfromanATM,gettingtreatmentinahospital,thedistributionofelectricityfromapowerstation.Allwouldfalterifitweren’tforthenetworkinfrastructurethatdrivesthem.

It’sequallydifficulttoimaginethatthe21st-centuryterroristhasn’tconsideredthecombinedpropagandavalueandreal-worldchaosthatbringingdowntheInternetwouldprovide.

Cyberterrorismshouldberife,giventheongoingglobalwaronterror.Afterall,it’scheapertoengageincyber-warfarethantraditionalwarfare,ascomputerscostalotlessthangunsandexplosives.Thenumberandvarietyofelectronictargetsarehuge,theInternethasnogeographicalboundariesandthere’snoshortageofsuitablymotivated,skilledoperatives.

SoifweagreethattheInternetoughttobeaprimeterrortarget,thenextlogical

portrait: BERNIE REID

Fears that the world could be thrown into chaos by a terrorist attack on the Internet are groundless. Davey Winder explains why

questiontoaskis:whyhasn’titbeenattackedalready?Theanswer,ofcourse,isthatithas,buttheimpactwasminimalbecausetheInternetitselfishugelyresilienttodisruptionofitsunderlyinginfrastructure.

JohnGilmore,oneofthefoundersoftheElectronicFrontierFoundation,wasfamouslyquotedbyTIMEmagazinein1993assaying:“TheNetinterpretscensorshipasdamageandroutesaroundit.”ThishighlightsthemainreasontheInternetisrelativelysafefromseriousharm:thepacketswitchingconceptdictatesthat,ifpartofthenetworkisdamaged,datawillcontinuetoflowbychoosinganalternativepathtothesamedestination.

Therealproblemfacingcyberterroristsisthattheycaneithercausewidespreaddisruptionforaminimalamountoftimeusinganelectronicattack,orhighlylocalizeddisruptionforalongerperiodusingphysicalattack.Achievingbothgoalssimultaneouslyisallbutimpossible.

TheexampleoftheSQLslammerwormofJanuary2003

illustrateshowquicklyanelectronicattackcanspread:itinfected75,000globalserverswithin10minutes,withthenumberofcomputersinfecteddoublingevery8.5seconds.Yetitsimpactwasshort-lived.Some13,000BankofAmericaATMsdidn’tdispensecash,severalContinentalAirlinesflightswerecanceledwhenthebookingsystemwentdownandsomeSouthKoreanISPswereclosedforafewhours.Mostoftheworldcarriedonasusual,blissfullyignorantthattheslammerhadslammed.

ThetruthisthatwidespreaddamagetotheInternetisextremelyrareandextremelyshort-lived.Morerecentincidents,suchastheFebruary2007attacksontheDNSservers(themachinesthattranslatewebaddressesintothenumericalcodeunderstoodbytheInternet)bybotnetscomprisingmillionsofzombiePCs,hadlittleeffect.NoneoftheserverscrashedandtheInternetcontinuedtofunction

moreorlessnormally.Eveniftheterroristswere

tofocustheirattentiononthephysicalinfrastructureofthenetwork–thecablesinsteadofthecodes–thingswouldn’tbeanyworse.WhentheprimaryInternetbackboneservingSouth-EastAsia,IndiaandtheMiddleEastwasaccidentallyseveredoffthecoastofEgyptinJanuarythisyear–anincidentthatwascompoundedbyfaultswithseveralothermajorroutingcables–theendresultwashardlydevastating:a60-70%reductioninbandwidthtoswathesofIndia,PakistanandEgypt.Notatotaldisconnection,justlessbandwidth.TheInternetdidn’tbreak;itjustwentabitslowerforacoupleofweeks.

SoI’mnottooworriedbythethreatposedbyso-calledcyberterrorists.Indeed,I’mmoreconcernedaboutbandwidth-hoggingstreamingvideoentertainmentsuckingthelifeoutoftheInternet–butthat’sanotherstory….

TheReview

“WidespreaddamagetotheInternetisextremelyrareandextremelyshort-lived”

Safetynet

Moisten gummed edge, seal and post

Moi

sten

gum

med

edg

e, s

eal a

nd p

ost M

oisten gumm

ed edge, seal and post

We hope you have enjoyed this issue of The Review. To help us make it even better, please take a few minutes to answer the questions below; then simply moisten the gummed area, fold and seal the page where indicated, and put it in the post (you don’t need a stamp).

Don’t forget to tick the boxes at the bottom of the page if you would like to take out a free subscription to The Review and/or our regular e-Newsletter – and if you hurry, you could receive a free 2GB biometric USB key as well!

1. Which technology/security business magazines do you read?

2. How do you rate the design of The Review?

❑ Very good ❑ Good ❑ OK ❑ Poor ❑ Very poor ❑ Don’t know

3. How do you rate the quality of the written articles?

❑ Very good ❑ Good ❑ OK ❑ Poor ❑ Very poor ❑ Don’t know

4. What do you intend to do with your copy of The Review?

❑ Retain it for future reference ❑ Pass it on to a friend or colleague ❑ Discard it/recycle it

5. What subjects would you like to see covered in future issues?

6. How did you obtain your copy of The Review?

❑ By mail ❑ At an event ❑ Given to me by a colleague ❑ Other

The Review is published three times year, bringing you news, views and insight about the digital security industry around the world. Subscriptions are free and we deliver the magazine directly to you. What’s more, the first 50 people to subscribe using this form will each receive a 2GB biometric USB key. Simply tick the box (right), fill in your details and return this form to the address overleaf

Full name

Company

Address

Email address

❑ Yes, I would like to receive a free subscription to The Review. Please tick here

❑ Yes, I would like to receive Gemalto’s e-Newsletter, a regular publication with our latest news, offers and resources. Please tick here

Fold here

Subscribe to The Review for free

Tell us what you think

Terms and conditions: the USB memory stick will be sent to the senders of the first 50 correctly completed forms received by Gemalto. No correspondence will be entered into. There is no cash alternative.

Revıewthe

Revıewthe

Gemalto Review Research

Wardour

Walmar House

296 Regent Street

London

W1E 3BR

United Kingdom

IBRS/CCRI NUMBER:Your Licence Number Here

BY AIR MAIL par avion

Royal Mail

NE PAS AFFRANCHIR

NO STAMP REQUIRED

Your Address Here

REPONSE PAYEEGRANDE-BRETAGNE

IBRS/CCRI NUMBER:Your Licence Number Here

BY AIR MAIL par avion

Royal Mail

NE PAS AFFRANCHIR

NO STAMP REQUIRED

Your Address Here

REPONSE PAYEEGRANDE-BRETAGNE

IBRS/CCRI NUMBER:Your Licence Number Here

BY AIR MAIL par avion

Royal Mail

NE PAS AFFRANCHIR

NO STAMP REQUIRED

Your Address Here

REPONSE PAYEEGRANDE-BRETAGNE

PHQ-D/10538/W

Revıewthe

The International Civil Aviation Organisation (ICAO) TechnicalAdvisory Group on Machine-Readable Travel Documents (TAG MRTD), the ICAO Secretariat expert body in this area, is responsible for the development of specifications for traveldocuments with the goal of achieving global interoperability in this field.

In addition, the TAG MRTD seeks to advise ICAO Secretariaton technological issues related to the issuance and use ofmachine-readable travel documents.

Last May, during its 18th Meeting, the TAG/MRTD approved thework done by its working group and the work program to be putforward for the coming year. During the last year, an extensive,thorough and complex programme has been achieved by thisremarkable group of experts, which represents over 50 States.

Work achieved and recently approved by this group includes theTransliteration of Arabic Names for use in MRTDs and approvalfor the creation of a new working group, the Implementation andCapacity Building Working Group, (ICBWG). This group will,among other activities, increase the ICAO Secretariat’s focus onproviding field-proven assistance and expertise to nations thatare now in the process of converting or modernizing their traveldocuments issuance process and, more importantly, updatingtheir issuance systems.

What it is perhaps most remarkable about this ICAO Secretariatexpert group is its uniqueness: this is the only forum in theworld able to research, discuss, draft and establish a commonunderstanding on standards and specifications for MRTDs ande-MRTDs. There is no other.

This group has its foundations in an international convention(the Chicago Convention) adopted by 190 Contracting States,which provides the mandate and the ability to enforce suchstandards and specifications. The group also benefits from aunique cooperative agreement achieved with the InternationalOrganization for Standardization (ISO), which provides for thetechnical support and integrity required to achieve soundinternational standards.

Moreover, the work of the group and its success in implementinginternational standards relies on the cooperation and coordina-tion with other International organizations such as INTERPOL,

the United Nations Counter-terrorism Committee (UN CTC), the European Union (EU), the Organization for Security and Co-operation in Europe (OSCE), the Inter-American CommitteeAgainst Terrorism of the Organization of American States (OASCICTE), the International Air Transport Association (IATA) theInternational Organization for Migration (IOM), and AirportsCouncil International (ACI).

Thus, the ICAO TAG/MRTD is the only international forum thatcan truly propose and achieve the global interoperability requi-red for the standards and specifications in this field, and it hassuccessfully done so for over 30 years. Whether the initiatives or proposals come from a singular State, a small group ofStates or a region, the ICAO TAG/MRTD is the only rightful forum to which any such proposals shall be elevated to, in order to achieve any meaningful and significant internationalcommon understanding and standards.

Finally, the group also provides a forum for all ICAO ContractingStates to establish and consider, in a “vendor-free” environ-ment, their present and future needs for MRTDs and eMRTDs.Once these needs are established, the TAG MRTD, through itsNew Technologies Working Group (NTWG), issues a Request forInformation (RFI) every three years in order to keep abreast ofnew and improving technologies from the vendor community.Relevant information gathered during the RFI process is summa-rised and shared among the 190 ICAO Contracting States, which is further considered when international standards andspecifi-cations are developed (thus, assisting States to put the “horses before the chariot” when it comes to adoptingtechnology in this field.)

With the support of the Contracting States, the ICAO Assemblyand the ICAO Council, the Secretariat and the TAG/MRTD willcontinue to be the unparalleled fulcrum on which this progresswill revolve, and provide an unbiased and appropriate forum tocontinue and enhance it in the years to come—for the greatergood of all the ICAO Contracting States.

Mauricio SicilianoManaging EditorICAO MRTD Report

The ICAO TAG/MRTDThe only international forum to achieve global interoperability on MRTDs and eMRTDs

International Civil Aviation Organization

COMMUNIQUÉ FROM ICAO MRTD REPORT

3724_ICAO_pub_Mauricio_v2.qx:Layout 2 10/7/08 12:10 PM Page 1

BackcoverAwaitingAdartwork