Thursday, 24 March 2011

Registration Authority Increases Interoperability, Security and Encourages Innovation

The appointment of a worldwide registration authority for smart card authentication protocols conforming to the ISO/IEC 24727 standard will ensure greater interoperability and security in this technology which plays such a vital role in establishing identity so that services such as healthcare, banking and transport go to the right person. Smart cards are also used by governments and by public and private sector organisations for identification in critical areas such as security access and border controls.

The ISO/IEC 24727 standard provides a globally harmonized approach to the widely recognised need for consistency in the way smart card technology - specifically, their crucial authentication protocols - are standardized. The new registration component is contained in Part 6 of the standard. The Australia-based SAI Global has been appointed as the ISO/IEC 24727-6 Smart Card Registration Authority.

From now on, there is a central repository where any authentication protocol can be publicly registered. From this point on, the specific authentication protocol can be explicitly referenced by its unique ISO/IEC compliant object identifier (OID).

Prior to the advent of ISO/IEC 24727, and the new registration authority, most smart card authentication protocols were either proprietary, not publicly documented, or there was no definitive publicly available reference document for them. Minor protocol differences can cause major interoperability issues.

This new approach has been long awaited and is welcomed by both developers and adopters of smart card technology. It has been designed to provide greater extensibility, efficiency and interoperability for smart card schemes - with associated benefits to the entire international community.

Full details can be found at

Vivo selects Oberthur Technologies to Enhance Network Efficiency

Oberthur Technologies has been selected by Vivo the largest mobile operator in Brazil, to manage the dynamic activation of SIM cards in circulation through its remote activation platform, Smart HLR. Oberthur Technologies relies on ATS to deploy Vivo's Platform.

Smart HLR detects first-time user registration and then allocates a mobile number. This solution is of great support for mobile operators wishing to reduce drastically SIM card logistics costs and to optimise their network: no more need to stock pre-activated subscriber identification modules. In addition to this, operators can offer their clients the possibility to choose golden mobile numbers according to their preferences.

"This solution will help us ensure the availability of numbers, without investing in additional retail infrastructure" said the group of Vivo's Directors in charge of the project.

"In a more and more competitive environment, helping our customers optimise the process of SIM ordering, distributing and provisioning is a top priority and commitment for Oberthur Technologies'," said Martin Ferenczi, Managing Director Americas, Card Systems Division at Oberthur Technologies.

LeicesterCare Looses Backup Memory Stick

A memory stick used as a backup devise has disappeared from Leicester Council's LeicesterCare's office.

The stick contains medical information on 4,000 elderly and vulnerable people, as well as around 2000 keysafe codes.

Keysafe codes are used to access a box on a residents outside wall which contains their front door key. Leicester Council is urgently carrying out changes to the keysafe codes of the people affected.

A spokesperson at the city council said: "We can confirm we are investigating the possible loss of a data device that contains personal details of around 4,000 LeicesterCare users.

The council believes it is missing within the building, adding that all information was encoded.

The loss has been reported to the police and to the Information Commissioner's Office.

FIME to Deliver NFC Forum Certification

FIME has achieved NFC Forum Authorisation for its laboratories. This allows FIME to conduct the required tests that will confirm a device's compliance to the NFC Forum's technical specifications and attain certification from the industry body.

In 2010 the NFC Forum - a global association which advances the use of NFC technology - launched a certification program to support industry interoperability and provide device behaviour assurances within the marketplace. As an Authorised NFC Forum Laboratory, FIME can now work with device manufacturers to enable them to achieve industry certification for their products, which will allow them to use and display the N-Mark.

Pascal Le Ray, CEO at FIME, comments: "It is an exciting time for the NFC marketplace as we see more and more contactless applications being deployed. To guarantee the longevity of this technology, however, we need to ensure that certain standards are established and maintained to create a secure, workable and sustainable infrastructure. Interoperability between NFC devices is key and the NFC Forum Certification Program gives increased assurances that certified products are compatible."

The NFC Forum Certification Program will advance as technical specifications evolve, with the next phase expected to be released in 2012. In addition to FIME becoming an Authorized Laboratory for current certification, it is actively contributing to the completion of the next phase by delivering technical writing services.

Multicard and Rabobank Deploy Cashless Payment Solution

Multicard, announce the roll-out of its mobile cashless payment solution with Rabobank, one of Netherland's largest financial services companies. Rabobank selected Multicard to provide the e-payment stickers and related services that will enable users to make purchases using their current mobile phones, directly from a virtual wallet. Multicard and Rabobank have been working closely to fine tune the solution and now are deploying it to canteens and cafeterias within Rabobank's national network of offices.

"This virtual wallet can be accessed and managed over the Internet rather than having to be loaded with value at special banking terminals, and payments can be made using a mobile phone or a contactless token such as a key fob or wristband," said Pieter Kooistra, Managing Director of Multicard Netherlands.

In addition to providing personalisation and fulfilment services for the program, Multicard will provide mobile phone applications to transfer money, check balance and top-up money to the wallet, as well as handle management of all transactions, incorporating Rabobank's MiniTix payment engine. Intended for small retail transactions, MiniTix can be used by virtually anyone, regardless of the user's mobile operator or mobile phone brand.

ZeuS/Zbot Source Code for Sale?

Yesterday in a blog Peter Kruse, Partner and Security Specialist at CSIS revealed that "someone using the handle "IOO" is actively trying to sell ZeuS/zbot source code".

For the past couple of weeks CSIS have observed several individuals jumping on the bandwagon announcing they have access to the Zbot/ZeuS source code and that it's for sale.

Although CSIS are not able to verify any of these claims at present, one particular announcement has a picture attached which might prove that parts of the source code are indeed in the hands of IOO.

Prior to this there were several rumours that the Zeus/Zbot code was sold to the creator of SpyEye. This is also currently unconfirmed however what is certain is the fact that someone besides the author of the ZeuS/Zbot has access to the code.

Note to Subscribers

If you would prefer to receive your News On Line email in plain text, please send an email with "Plain Text" in the subject line.

If you are a subscriber to our Daily News On Line service or Monthly Newsletter you are entitled to access restricted pages on our website news archive. For the username and password please send an email with "Subscriber Password" in the subject line. lesley.dann, Subscriptions Administrator, Smart Card Group.

To Unsubscribe Email Us at or click Unsubscribe

Important Information

From time to time, this news service may include industry forecasts and forward looking statements made by the companies concerned. Readers should be advised that Smart Card News Ltd cannot be held responsible for decisions and/or actions taken by readers of our news service, based on the information provided. This news is only to be distributed to persons/companies who have a contract with Smart Card News Ltd. Unless your company has gained a licence and/or written permission from Smart Card News, the contents of this news page are not to be forwarded to any other person or server. Any replication by any means without prior permission is illegal and action may be taken. If you receive this online news from a forwarded source please contact the team at Smart Card News Ltd. It is illegal to replicate this online news.

Tel: +44 (0)1903 734 677