As much as it might struggle to sell smart cards, Mondex International Ltd. will always have the satisfaction of knowing that it was the first to reach one of the world's highest technological summits.
The MasterCard International subsidiary said Thursday that the Mondex electronic cash system had achieved the top rating under a rigorous, internationally recognized testing program known as ITSEC -- Information Technology Security Evaluation Criteria.
Mondex executives will cite the certification as proof that their form of virtual cash approaches the level of security assurances that would be expected of a national defense or intelligence installation. The rating can be used to answer some skeptics or critics who have raised questions about the vulnerability of smart card programs, including Mondex.
Mondex-Multos System Wins Top Security Rating
That may or may not translate into a competitive advantage against companies such as Visa that have serious security aspirations of their own. But one thing cannot be denied: Mondex attained level E6 in the ITSEC methodology, and no other commercial-sector product has gone higher than E4.
"It is hard to emphasize enough the scale of this success," said Mondex chief executive officer Michael Keegan. The E6 level "allows card issuers to manage product risk with the greatest degree of understanding as to where that risk lies, which remains fundamental to any financial product."
The London-based executive called the evaluation "the ultimate accolade for any high-security product." He added that despite reaching the milestone, "Mondex's security continues to evolve to ensure that it remains at the forefront of smart card security going forward."
Mr. Keegan conceded in an interview that there is still no guarantee that "our own or any smart card product can't be broken into." But certain claims can now be made for Mondex and its Multos multiple-application operating system "that can be mathematically proved."
"A purchaser should be assured that Mondex and Multos have been developed to the highest possible standards available in the commercial world," he added.
ITSEC, one of several such evaluation schemes that a company can use to measure itself against world-class benchmarks, evolved out of a few national efforts to become a European Community standard in 1991. At the time, Mondex was a research and development project within National Westminster Bank.
The inventors toiling in Natwest's credit card unit -- Tim Jones, now the London institution's top retail banking officer, and Graham Higgins, head of an offshoot venture called Platform Seven -- reasoned that "global electronic cash" had to be beyond reproach, and they aimed for ITSEC level E6.
Mr. Keegan said the ITSEC evaluation with a United Kingdom-sponsored agency took more than two years and was based on work going back to 1991.
A few electronic commerce companies have disclosed achievement of E3 or something equivalent under an increasingly accepted global methodology, drawing in part on ITSEC and known as the Common Criteria for Information Technology Security Evaluation. Common Criteria Evaluation Asssurance Levels, or EALs, go from 1 through 7; ITSEC numbers run from E0 to E6.
Philips Semiconductors, which has been particularly open about its security-evaluation hopes for smart card chips, said this week that it expects to achieve ITSEC E4 for the P8WE5032 model. That integrated circuit, WE for short, has already met strict security specifications for Germany's Geldkarte electronic purse. Visa International selected it for the "second-generation merchant card" to be used in processing Visa Cash transactions.
Visa has also published a "Smart Card Protection Profile" that calls for Common Criteria evaluations. A Visa spokesman pointed out that Visa, MasterCard, Mondex, American Express, and others are organizing within the National Information Assurance Partnership for evaluations under Common Criteria, "which supersede" the older ITSEC.
Elaine Palmer, manager of the secure systems and smart card group at the IBM Thomas J. Watson Research Center, who is working with Philips on some advanced chip security concepts, said in a recent interview that they were highly confident of achieving ITSEC E4 or E5.
The E6 rating was specifically conferred on Mondex cash running on the Multos operating system and a Hitachi H8/3112 chip. Dai Nippon Printing of Japan was credited as co-developer.
The certification body, U.K. ITSEC, examined both physical and logical security measures and other technical details with painstaking precision.
Mondex, which has never publicized some of those aspects of its operations, offered a summary of its ITSEC claims:
No value is created before or after a transaction takes place.
Value transfers occur only between authentic e-purses.
All value is accounted, including an audit trail of incomplete transactions for reimbursement.
Authenticity, integrity, and confidentiality of Multos program loads are assured.
Multos applications are segregated and protected from one another.
Robin Pizer, head of U.K. ITSEC, said in a prepared statement that since 1990 it has certified the security claims of more than 200 products under ITSEC and Common Criteria. (It recently conferred an EAL3 on Entrust Technologies Inc.'s Entrust/PKI public key cryptography software for electronic commerce.)
"Increasing reliance on smart card technology in electronic commerce has led customers to demand high levels of security," Mr. Pizer said. "The certification of Mondex electronic cash and Multos to ITSEC level E6 demonstrates a fundamental advance in the assurance that customers can expect, and need, in smart card products."
Duncan Brown, a prominent smart card industry analyst with Ovum Inc. in Burlington, Mass., said he doubted that ITSEC E6 would have much of a business impact, except to pressure competitors to "keep up with the Joneses." And he wondered if the hardening of the Multos chips might simply make smart cards more expensive, complicating an already difficult cost-justification.
"It is nice, but probably not necessary," he said. "It can give people who don't know much about security mechanisms a warm feeling."