Is there any future for smartcards?

Anne & Lynn Wheeler lynn at
Sat Sep 10 18:11:26 EDT 2005

Pat Farrell wrote:
> Nearly ten years ago, when I was at Cybercash, we worked with Mondex and
> other smartcard vendors who also said "as soon as we have infrastructure"
> Something tells me that soon is not gonna happen in what I would
> call soon. Smartcards (the smart part) were moderately interesting
> when there was no networking. We've been at ubiquitous networking
> for many years.
> While he was at Cybercash, Ellison was awarded US Patent 6,073,237
> "Tamper resistant method and apparatus" which is precisely
> a network based, software only smartcard.

my characterizations of smartcards from the 80s ... was that they were
targeted at the portable computing market segment. however, the
technology was only sufficient for the chip ... and there wasn't
corresponding portable technology for input and output. as a result you
saw things like the work in ISO for standardizing interface to the chip
... so the chipcard could be carried around and interop with fixed
input/output stations.

in the early 80s, you saw the advent of PDAs and cellphones with
portable input/output technology that sort of took over that market.
which would you prefer a portable computing device with lots of
application and data where you had to go find a fixed input/output
station to utilize the device .... or a similar portable computing
device where the input/output was integrated?

in the 90s, anne & I were asked to spec, design, & cost the
infrastructure for a mondex roll-out in the US ... aka it wasn't the
mondex card per-se ... it was all the rest of the infrastructure and
dataprocessing required to support a mondex infrastructure (from the
mondex international superbrick on down to loading/unloading value on
the chip). one of the financial issues with mondex was that most of the
float & value was at mondex international with the superbrick; in fact
later on you saw mondex international making inducements to various
countries where they offered to split the float. this was about the time
several of the EU central banks made the statement that the current
genre of stored-value smartcards would be given a couple year grace
period allowing them to establish an infrastructure ... but after that
they would be required to pay interest on unspent value in the card
(would have pretty much eliminated the float value at higher levels in
the operational stream). that was coupled with the fact that it had a
fundamental offline design point ... i.e. the value was held in the chip
... and could be moved between chips w/o having to go online ... becomes
something of an anachronism if you have ubiquitous online access (as
you've observed).

mondex also sponsored a ietf working group looking at possibly
application of mondex transactions in the internet environment. that
really represented a difficult undertaking being a shared-secret based
infrastructure. the working group somewhat morphed and eventually turned
out ECML and some other stuff ... some recent RFCs ..

XML Voucher: Generic Voucher Language
Voucher Trading System Application Programming Interface (VTS-API)
which evolved out of the work on ECML (electronic commerce markup
language), which in turned started out with working group somewhat
looking at adapting Mondex to Internet transactions.  Electronic
Commerce Modeling Language (ECML) Version 2 Specification

some of that chipcard technology can be applied to an electronic
"something you have" authentication technology ... where it is difficult
to compromise and/or counterfeit a valid chip.

this raises something of a perception issue ... if you stick with the
protable computing device model ... then the chipcard has a bunch of
capability that is redundant and/or superfluous for somebody with a

If you go with purely the (hard to compromise and counterfeit)
"something you have" authentication model in an online world ... then
KISS (or Occam's Razor) would imply that most of the features associated
with the earlier smartcard model are redundant and superfluous (and
might actually pose unnecessary complexity and points of
attack/compromise for something that is purely targeted as "something
you have" authentication).

a couple recent postings somewhat related to threat models and
authentication vulnerabilities. Hi-tech no panacea for ID
theft whoes Hi-tech no panacea for ID
theft woes

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list