Flexible Smartcard Schemes Cambridge, October 6th 2005 SmartCitizen have been working with Cambridgeshire on the Cambridgeshire Direct Scheme. We have installed and configured the SmartConnect software to provide the database, enrolment and hosting services for the scheme. We have also provided specifications for the e-purse solution. Cambridgeshire have taken a bold approach towards the implementation of smartcards and the result is an innovative system using contactless cards. This is the first active implementation of the SmartConnect Mifare 4k specification.

Difficult decisions Scheme not scaleable Bad card choice Introduction Cornish Key implementation Technical lead officer for work package 9 SmartCitizen working exclusively with LA’s to implement the deliverables produced from the NSCP. SmartCitizen one of two companies accredited by the NSCP to install the WP9 starter pack & manage the source code Can’t add new services Non-standard system

SmartConnect Flexibility Flexibility of scale Flexibility in functionality Flexibility in platform choice Flexibility through standards

SmartConnect - Pilot or Rollout Single software installation Flat licence fee User support group Installation: The SmartConnect software can support small pilot schemes as well as full rollouts. The database has been tested with over one million entries. The testing found that there was no degradation in performance up to 100,000 entries. Response times on searches with one million entries is less than 5 seconds. There are no software upgrades required to develop a scheme from a few hundred records in a pilot to a full local authority deployment. Licence Fee: The software is free to Las although there is an annual licence fee to pay for support and further development.

SmartConnect - Functionality Phase 1: Libraries Leisure Phase 2: Concessionary Travel Schools Medical services The SmartConnect software can be configured to support a number of services to the citizen. The first phase of a scheme may consist only of Libraries and leisure services to conform to G12 requirements. However, as the scheme develops there may be other services added. It is more efficient to try and collect data for all services at the outset, even if these services are not immediately enabled from day one. However, even if this is not done new services can be added at any time. This is a configuration exercise and does not require any new development work. The order shown above is only an example. Services can be introduced in any order.

SmartConnect – Which Platform? JCOP30? Mifare1k? Mifare 4k? Mag-Stripe? JCOP41? This is the dilemma facing many smartcard project managers. The types of cards are many and bewildering. Contact, contactless, dual-interface, combi etc. Mag-stripe, barcode, plastic card. Historically, choosing a platform was a bit like getting married 50 years ago. For better or worse. And if things didn’t quite work out you were stuck with it. SmartConnect supports all the platforms mentioned here and more besides. The emphasis is on using a platform suitable for purpose, but making it easy to migrate to other platforms should the need arise. The card suits the users requirements so that there may even be a mixture of cards within a single scheme. SmartCafe?

SmartConnect – Scheme Profile Within a singe scheme there may be a number of typical cardholder profiles. These can be school children, 6’th formers, adults, LA employees, the retired etc. All will have different service requirements. These requirements may dictate the choice of card given to a person. For example, a school child using a card for registration, transport and libraries may need only a Mifare 1k card. Later, in the 6’th form, this may be upgraded to a Mifare 4k if certain citizen data fields are added. Council employees needing authentication up to the highest level 3 could be using JCOP41s or equivalent. SmartConnect can support all these platforms. Flexible platform selection is important considering the existing price disparities between card types. You could even use a magnetic stripe or totally dumb card for particular purposes. SmartConnect aims to be as platform independent as possible.

SmartConnect - Standards Specifications for Mifare and Javacard Universal data descriptions Inter-operability standards European standards SmartConnect has published specifications for the encoding of citizen data in both Mifare and Javacards. The ultimate aim is to ensure inter-operability between schemes. This objective fits in with the agenda of Government Connect which requires inter-operability. The specifications describe how to access citizen data on any Mifare or Javacard. All data items are tagged in conformance to ISO rules. Tagged items are grouped into ‘services’ such as Citizen Data, Health, Special Needs etc. The management of tags and services comes under the authority of LaSSEO to ensure that future uniformity is maintained. Software has been written to conform to E-Gif (standards for e-government inter-operability framework) and WC(3) web standards. The structure of data items conforms closely to European standards such as E-URI.

Sharing your chips ITSO and Oyster Legacy systems Open e-purse Approaches have been made to both ITSO and Oyster to establish a basis for co-residence on the same card. The Mifare 4k specification provides a number of scenarios for sharing a platform with ITSO formats. This can also be done in Javacards. TFL have also been approached and have indicated a willingness to explore a common approach. We have established that there is no technical obstacle to this. Other legacy systems can be accommodated within the SmartConnect directory system. Suppliers of leisure and school systems are talking to us about compatibility.Provision has been made for existing systems such as libraries, leisure, schools etc to fit within the SmartConnect directory system. 3. There are a number of initiatives to develop an open e-purse. TFL have tendered for an e-purse development, and Government Connect are involved in discussions with financial institutions to the same end. SmartConnect supports a Mifare purse, and any other purse written as a javacard applet. Even if a bespoke contact purse is developed this could still be accommodated on a combi card. 4. The Cambridgeshire configuration incorporates an e-purse, citizen data and support for library and leisure systems. It can also co-reside with ITSO, Oyster or other legacy transport applications.

The card with everything Citizen Data       Javacard Mifare Oyster   The card with everything Javacard Mifare PKI (Digital Certificates) Other Applications ITSO (FVC2) E-purse Oyster Citizen Data It is possible to create a card now with all the functionality shown here. A dual interface javacard with 4k of Mifare emulation and 64k Eeprom can hold all the applications indicated. The java applets can be accessed either contact or contactlessly. Many of these itens can be located in either Mifare or Java memory. The citizen data can be placed in either Mifare or Java, as can the ITSO applet and an e-purse. As a generalisation though, location in the java provides more security options as well as more space.   ROM  

Government Connect Set up Citizen Accounts Use SmartConnect products Implement Government Policy Citizen Account On of the key objectives of Government Coonects is to establish citizen accounts. These would enable local authorities to enrol citizen once and to use this database for all subsequent authentication purposes. Citizen cards would also carry the level of authentication acquired by the citizen. Citizen accounts would be transferable between authorities. 2. Government Connect has indicated its preference for the use of SmartConnect software as the mechanism for citizen registration for those wishing to use smartcards for authentication as it already copes requirements such as the presentation and recording of prrofs and the issuing of cards. 3. Ultimate objective is to implement government policy to encourage positive behaviour, reward good citizenship etc. This could be done by card based schemes.

The Holy Grail The vision of Government Connect is very ambitious. However, there are pressures within government to use government developed and owned products for the infrastructure. This includes SmartConnect and possibly ITSO.

SmartConnect.. ..is scalable ..is not platform specific ..is based on standards ..is able to accommodate legacy systems ..is compatible with ITSO/Oyster ..is part of the Government Connect solution Good for pilots or full rollout. Can add new services over time. Can use a variety of cards. More can be added Standards have been adhered to wherever possible The support of legacy is built in to the specifications There are no technical reasons why SmartConnect citizen data cannot co-reside with both ITSO and Oyster Government Connect plans include SmartConnect components