International Business Mach- ines Corp. is aiming to settle questions about smart card security once and for all in a collaboration with Philips Semiconductors.
IBM and the division of the Dutch company Royal Philips Electronics said they plan to develop a new generation of card systems meeting the most stringent, internationally recognized security standards, while taking advantage of the microprocessor power to accommodate multiple functions and services on a single card.
The agreement represents a significant endorsement of the Philips SmartXA computer on a chip, which has been on the market since 1997 but without the operating system and Java Card programming that IBM brings to the project.
IBM deemed SmartXA "the only available smart card integrated circuit that offers high-level hardware security through separate user and system modes, and a memory management unit providing hardware memory protection," said Elaine Palmer, manager of secure systems and smart cards at IBM Research in Hawthorne, N.Y.
In other words, the Philips chip has security elements built into hardware that many technologists view as critical to authenticating buyers and sellers in electronic commerce and preventing one company from interfering with another's software in the chip.
Ms. Palmer said IBM has had its eyes on such high-assurance system development for several years but "the hardware was not available."
She said it will probably take until the middle of next year to get the IBM-SmartXA system from an internal "alpha test" to a more open and rigorous beta stage.
In officially announcing their effort last week, the companies said this will be "the first time that multiple smart card applications can be written in different programming languages and then loaded onto to the same card after it is issued." Banking and payment services, medical records, certificates of authentication, and customer loyalty systems could all reside on the single chip with firewalls and other protections guarding the integrity of each.
Because it will be measured against defined security criteria-the ITSEC methodology in Europe or the Common Criteria adopted by U.S. government agencies and some foreign countries-companies will be able to deploy the IBM-Philips technology "knowing that an independent third party has assured that valuable information remains totally separate and secure from other companies offering services on the card," said Scott McGregor, senior vice president and general manager of Philips Semiconductors' emerging businesses.
Such capabilities and assurances have been talked about for as long as chip cards have been struggling to gain acceptance in banking and other industries. MasterCard International's Mondex International subsidiary, for one, uses a multiple-application operating system that has gotten some of the high-grade security certifications that IBM and Philips are striving for.
But between their work in Sun Microsystems Inc.'s Java programming language-which differentiates IBM, Visa International, and others from Mondex-and their reliance on 16-bit processors that promise 30 times the performance of today's common 8-bit chips, IBM and Philips aim to create a smart card system that is ready for any foreseeable technical requirement.
"Today, applications are either fixed at the chip factory, or with Java Card and Mondex's MEL (language) can be downloaded later in the field," said Ms. Palmer of IBM. With the new architecture, a given language would pose no obstacle to loading a program or, in the Java framework, an applet.
An extreme example of what might be coming down the pike, she said, will be AES, the Advanced Encryption Standard, which in a year or two is expected to begin displacing the current Digital Encryption Standard with longer and more-difficult-to-compromise keys for deciphering coded messages. The SmartXA cards would be able to be updated for AES in the field.
"We can say that whatever you encounter, we can handle it and do it safely," Ms. Palmer said.
The smart card industry has reeled from occasional reports of security vulnerability. One expert in the field, who said he had not looked into the IBM-Philips plan in detail, said it may be an attempt to preempt some consultants' or academics' forthcoming pronouncements.
Among Philips' SmartXA selling points is that it handles digital signatures with key lengths of more than 2,048 bits in a few hundred milliseconds. The AES encryption keys would probably be 128 bits; DES calls for only 56 bits and is viewed as increasingly vulnerable to hackers.
When interviewed last week, Ms. Palmer declined to put her effort in any "relative security" context. "You always have to improve security," she said. "There are always new attacks and defenses. It is an ever-evolving process."
IBM and Philips expect their smart cards to be evaluated at the highest levels of the ITSEC criteria-they run from E1 through E6, the last essentially being military-intelligence grade-or the Common Criteria that run from EAL (Evaluation Assurance Level) 1 through 7. EAL 5 through EAL 7 are not yet fully formulated, Ms. Palmer said, suggesting that her program may focus first on the European ITSEC.
IBM said it intends to make the technology, an outgrowth of a Java Card alliance it announced late last year with Gemplus of France, available to other "partners" for evaluation and consideration in future products.
IBM, Philips, and Gemplus are just a few members of the hardware security bandwagon that see smart cards fitting into public key infrastructures and digital certificate programs.
"We are smart card bigots," said Peter Freund, chairman of the certificate technology vendor Certco of New York. He and others expect smart card authentication to spread within corporations and in business-to- business commerce before making its way to the mass market.
"How much trust can you really have in a file or an e-mail stored openly in a computer?" asked Bob Davis, vice president of marketing at Spyrus, a Santa Clara, Calif., information security company that champions smart cards. "Anyone can change that file or deny sending it in the first place. And certificates and identities stored in a computer aren't much better.
"Smart cards are the only way to run a business electronically with the same protection people have in the paper world."
