Collective actions by groups of technology providers almost overshadowed the more conventional jostling for attention by individual vendors at last week's big smart card trade show.
Most of the more than 300 companies occupying five acres of exhibit space in the Washington Convention Center had developments to announce or demonstrate.
But these high-technology companies are also increasingly practicing what they preach in the realm of cooperation and standards. Various groups of them came together to make the 1998 Cardtech/Securtech conference a landmark in diplomacy as much as in innovation.
To be sure, standards and other modes of cooperation remain works in progress. Despite the existence of committees with "open" and "interoperability" in their titles, smart card operating systems still do not easily talk to one another.
The Cardtech/Securtech souvenir smart card, loaded with $3 and given to each person attending the show, was good for "official" uses but could not be taken or used elsewhere. Nor could various other brands of cards be read in the balance-checking key fob that came with the Cardtech card.
But attitudes of both buyers and sellers are pushing in one direction.
Dudley Nigg, executive vice president of Wells Fargo Bank, pleaded for "a common technology," saying it would be a boon to vendors "so they can build on it."
In a panel session sponsored by the Smart Card Industry Association, a group keeping a close eye on the issue, Michael Weigelt of International Business Machines Corp. predicted that a "standardized platform" would emerge in two to three years, and "the better one will win."
"I happen to think it will be Java," said IBM's director of global smart card solutions. "But if I'm wrong it doesn't matter. It will be one."
*
Several companies supportive of Java-the Sun Microsystems Inc. programming language that is on one side of the chip card rift between MasterCard and Visa-took their OpenCard effort to the next level.
The group, which includes IBM, Netscape Communications Corp., Sun, and Visa, announced the release of OpenCard Framework 1.0, "a specification that helps software developers create smart card applications that can be used across a variety of business and consumer devices such as PCs, network computers, automated teller machines, point of sale terminals, set-top boxes, and emerging hand-held devices."
With the completion of their "reference implementation" for software developers, what had been an ad hoc group has been transformed into a more permanent OpenCard Consortium.
"Another milestone has been achieved in the smart card industry," said David R. Tushie, president of OpenCard member Ubiq Inc. It promotes "cross- platform interoperability, which in turn helps accelerate widespread adoption of smart card technology."
"Interoperability is critical for the promise of smart cards to be realized globally," said Visa International senior vice president Jean T. McKenna. "Market leaders from multiple segments and industries must come together and cooperate in organizations such as the OpenCard Consortium."
*
Cardtech/Securtech marked a coming of age for the Global Chipcard Alliance. Formed in 1996 by telecommunications companies and headed by a Seattle-based US West executive, David Anastasi, the alliance struggled to gain the credibility that comes with cross-industry participation.
It attracted American Express Co. early on, as well as Microsoft Corp. and the big chip card maker Gemplus. At Cardtech it announced a 10-member breakthrough, including Gemplus competitors Schlumberger and Giesecke & Devrient, Citicorp, and three bank-owned ventures: Banksys of Belgium, Chipper Netherlands, and Mondex USA.
The alliance wants within five years to enable smart card holders "to be able to access their personalized applications and solutions wherever they are in the world," Mr. Anastasi said. "To accomplish this vision, GCA depends on the diversity of its new members to provide an open environment where advancement can flourish."
The many bankers active in the Smart Card Forum can expect to get a closer look at the Global Chipcard Alliance. The alliance will introduce itself through a panel discussion at the forum's annual meeting in September; the forum will reciprocate at a GCA event in November.
"The GCA is a cross-industry integrator creating business alliances and actual interoperability agreements," Mr. Anastasi said. "The SCF is a consortium led by users who focus on applications and business issues with the support of manufacturers and technology suppliers. Each group has a perspective that is valuable to the other."
*
One standards effort, the PC/SC Workgroup, bore fruit in a couple of ways.
Bull, Gemplus, Hewlett-Packard Co., Microsoft, Schlumberger, and others have been working since 1996 on standards for hooking smart card readers into personal computers. Microsoft announced during Cardtech that it would test and certify such devices' compatibility with its Windows operating systems.
The tie-in with the increasingly popular Windows NT platform should quickly open up the intracorporate, or enterprise security, market to smart card authentication, Microsoft officials said.
MasterCard-affiliated Mondex USA announced ReadiMondex, to promote rapid deployment of the electronic cash system in fast-food restaurants and other multilane locations. A key selling point is cheap PC/SC readers at the points of sale.
The "dumb reader makes the cost of electronic cash much less for these merchants," said Mondex USA president Janet Crane. Without the need for expensive peripheral equipment, "there is not a lot of fixed-asset investment."
*
Microsoft's strong hand was also evident in the launching of the BioAPI Consortium. Its ally Compaq Computer Corp., frequent antagonist IBM, and four others formed the group to create consistent application programming interfaces for biometric security technologies.
The initial objective is to "mainstream" fingerprint, voice, and face recognition systems. By Monday of this week, V-One Corp., maker of the widely used SmartGate network security system, had issued an endorsement and seized on the smart card possibilities.
V-One said it would collaborate with BioAPI member Identicator Technology to combine fingerprint authentication with virtual private networks. There is an option to store the digits on Gemplus smart cards thanks to a previous V-One alliance.
"This remarkable technology is a natural fit for our smart-card-based system, the bedrock of scalable, enterprise business VPNs," said V-One president and chief executive officer David Dawson. It is an example of "simpler technologies that produce ever stronger security."
*
In an electronic commerce parallel to PC/SC or card-based BioAPI, the public key infrastructure company Certco LLC of New York joined with some hardware and data security vendors in announcing the Digital Certificates/Smart Cards Task Force.
According to a statement, "The task force advocates an open specification in which digital certificates would perform in a standard manner so they can be used for secure electronic transactions on any platform-Windows, any standard browser, Unix, or in an ATM. The task force believes a smart card optimized to present a digital certificate through one vendor's Web browser should work seamlessly with another vendor's browser."
The members include the ubiquitous Gemplus and Schlumberger, Orga Card Systems, GTE Internetworking, and Spyrus.
*
Spyrus, a San Jose, Calif., company that played key roles in Internet security protocols like SSL (Secure Sockets Layer) and the credit card industry's SET (Secure Electronic Transactions), announced the sale of 20,000 smart cards to the National Security Agency.
Designed to ensure security in the Defense Messaging System, Spyrus' Rosetta chip cards are a lower-cost, more flexible alternative to the Fortezza Crypto Card, which are higher-capacity PCMCIA computer-insert cards. Spyrus has supplied 361,000 of the latter to the U.S. government since 1992.
Spyrus president Sue Pontius said the deal illustrates how Rosetta "can support multiple applications for both commercial and government use. This brings new levels of freedom to application developers who desire supporting a broad customer base with state-of-the-art, portable security."
