MONDEX ON MULTOS WINS HIGHEST SECURITY RATING EVER Submitted by: Pleon Thursday, 9 September 1999
Mondex electronic cash and the MULTOS operating system have� become the first commercial products to have ever attained� an ITSEC Level E6 assurance and security rating� � Mondex International announced today that the Mondex� electronic cash product and the MULTOS operating system on� the Hitachi H8/3112 MULTOS chip - have been awarded a� security rating of ITSEC Level E6, - the highest possible� rating achievable in ITSEC (Information Technology Security� Evaluation Criteria), the globally recognised security� evaluation standard. This represents a major milestone in� smart card security with Mondex becoming the first� commercial product ever to have achieved this security� rating level.� � Mondex's unique security architecture allows for� person-to-person payments using a personal wallet device,� telephone line or Internet service. The cash-like nature of� Mondex means that there are no processing costs, making it� significantly less expensive than other systems. Mondex is� globally interoperable and is under development in 60� countries worldwide.� � ITSEC (Information Technology Security Evaluation Criteria)� is a set of criteria for evaluating computer security, which� was originally published in 1990. It represents a single� uniform standard adopted across Europe and Australia. ITSEC� operates on a scale that represents ascending levels of� assurance (Levels E0 to E6) that can be placed in the� security functions and determines the rigour of the� evaluation.� � The ITSEC Level E6 rating gives card issuers assurance that� Mondex electronic cash and MULTOS on the H8/3112 Hitachi� chip fulfils their security claims* (see note to editors)� and have been thoroughly tested against those claims by an� independent and expert third party.� � To date, the highest ITSEC evaluation for a commercial� product has been E4. Mondex electronic cash and MULTOS are� the first commercial products to complete ITSEC Level E6� evaluation.�
Page 1 � MULTOS is a high-security, industry-controlled,� multi-application operating system for smart cards. MULTOS� includes unique end-to-end card management to simplify the� process and reinforce the business case for smart card� issuers. It is available on a non-proprietary open systems� basis to ensure that it becomes a standard for smart cards.� � The MULTOS implementation on the Hitachi H8/3112 chip is the� first output resulting from the joint activity between� Hitachi, Dai Nippon Printing (DNP) and Mondex International� to deliver highly secure advanced MULTOS microcomputer� devices.� � Michael Keegan, Mondex International's Chief Executive� Officer explains, "It is hard to emphasise enough the scale� of this success. Achieving such a high level of assurance as� ITSEC Level E6, allows card issuers to manage product risk� with the greatest degree of understanding as to where that� risk lies, which remains fundamental to any financial� product.� � "Achieving an ITSEC Level E6 rating is the ultimate accolade� for any high security product; however, while this� represents a major milestone, Mondex's security continues to� evolve to ensure that it remains at the forefront of� smartcard security going forward".� � Graham Higgins, Head of platform seven and co-inventor of� the Mondex electronic cash system said: "platform seven,� formerly the NatWest Development Team, was responsible for� the original technical design and development of both Mondex� and MULTOS. Together with Mondex International, we have� achieved a world first in the certification of these� products to ITSEC Level E6. As such this announcement� represents not only a milestone in smart card security, but� also a major milestone for platform seven.� � "Security must always be the critical factor for any� financial services product and with ITSEC Level E6, Mondex� electronic cash has achieved the highest rating for any� smart card system on the market today".� � David Braidwood, Royal Bank of Canada, commented, "Consumers� and merchants will not use these products, however clever�
Page 2 they may seem, if they don't trust them to be safe. By� successfully meeting the ITSEC Level E6 criteria Mondex on� MULTOS has proven it is a product that the industry and more� importantly our customers can rely on. In addition, we would� encourage all other electronic cash providers to join MXI in� certifying their products to this level."� � "In a world where any issuer of a card-based financial� product, invests huge resources in assurance and security� evaluation, ITSEC Level E6 offers a proven method of� providing assurance to issuers from an independent third� party. With Mondex, card issuers now have a pre-supplied� mark of assurance and a process which makes product� evaluations much easier."� � Kunihiko Misaki, General Manager, New Financial Systems,� Services and Products Division of Hitachi said:"We are proud� of this outstanding achievement, and are pleased that Mondex� on MULTOS has achieved the highest ITSEC rating. The ITSEC� Level E6 rating proves our product (the Hitachi H8/3112� chip) to be the front runner in the rapidly growing smart� card market."� � Mr Hidenori Nokubo, Director of Dai Nippon Printing, said:� "As a co-developer of this MULTOS implementation, DNP is� very proud of the ITSEC Level E6 rating. We are particularly� pleased that the evaluation strategy also includes Mondex� electronic cash and view this as an important achievement� for the smart card industry. We are certain that Mondex on� MULTOS will contribute greatly to the increased use of smart� cards not only in financial services but also in the area of� secured network communications."� � Dr Robin Pizer, Head of the UK Certification Body which� granted the certificates, said: "UK ITSEC was established in� 1990, and has now certified the security claims of over 200� IT products and systems against both ITSEC and Common� Criteria. The resultant certifications are recognised� throughout Europe, enhancing their value to evaluation� sponsors. Increasing reliance on smart card technology in� electronic commerce has led customers to demand high levels� of security. The certification of Mondex electronic cash and� MULTOS to ITSEC Level E6 demonstrates a fundamental advance� in the assurance that customers can expect , and need in� smart card products."�
Page 3 � William I Jacobs, Senior Executive Vice President,� MasterCard International said, "As an enabler of secure,� high assurance financial products, we are extremely pleased� to see both Mondex electronic cash and MULTOS achieve this� world first. Our members can have the highest possible� confidence that all our products on the MULTOS platform -� Mondex, MasterCard and Maestro - are fit for purpose, highly� reliable and provide them with a significant competitive� advantage."� � Notes to Editors� � * Mondex Security Claims tested in ITSEC can be summarised� as follows: · No value is created ie sum of balances before� and after a transaction does not increase · Authentic purses� will only engage in value transfer with authentic purses ·� All value is accounted (incomplete transactions offer a� protected audit trail which allows secure reimbursement of� lost value)� � *MULTOS Security Claims tested in ITSEC can be summarised as� follows: · Application load process must be able to check� the authenticity and integrity of an application being� loaded and to ensure the confidentiality of the application� code and data. · Applications are to be segregated from� other applications - an application may not read from or� write to another application's code or data.� � About ITSEC� � In May 1990, France, Germany, the Netherlands, and the� United Kingdom published the Information Security Evaluation� Criteria (ITSEC), a structured set of criteria for� evaluating computer security within products and systems.� � Each evaluation of ITSEC involves a detailed examination of� technology security features. This is conducted through an� examination of the relevant documentation and comprehensive� and informed functional and penetration testing which� ensures that a product or system meets its security� specification. ITSEC operates on a scale that represents� ascending levels of confidence (Levels E0 to E6) that can be� placed in the security functions and determines the rigour� of the evaluation. Since its launch, a number of other�
Page 4 European countries have agreed to recognise the validity of� ITSEC evaluations.� � The UK ITSEC Scheme is managed by the� Communications-Electronics Security Group which is the UK� Government's National Technical Authority for the use of� cryptography and for Information Security (Infosec) more� generally. For more information visit the ITSEC website at:� www. itsec.gov.uk.� � About Hitachi H8/3112 chip� � In 1998, Hitachi Ltd, in co-operation with Dai Nippon� Printing Co Ltd and Mondex International launched the� Hitachi H8/3112 (MULTOS) chip - a new high security chip� enabled by MULTOS.� � The Hitachi H8/3112 contains 8Kbytes of EEPROM and 24Kbytes� of ROM and uses the industry standard H8/300 microcomputer� core. The device also contains a powerful co-processor to� hardware accelerate the complex cryptographic calculations� necessary to support MULTOS and Mondex.� � About Mondex International� � Mondex International Limited (MXI) is a world leader in the� provision of smart-card based products and services. The� company is a subsidiary of MasterCard International� Incorporated and employs over 180 people at its London� headquarters and technology centres around the world. Mondex� is the most "cash-like" of the electronic cash smart cards� to be available around the world, as a more efficient� alternative to cash.� � Mondex electronic cash is designed for use in both the� physical and the virtual worlds, with the advantage of� allowing retailers and consumers to send and receive Mondex� value securely down a telephone line, through a mobile phone� or over the Internet. Further information regarding Mondex� is available on its web sites at: www.mondex.com /� www.mondexinternational.com� � About MasterCard International� � MasterCard International has the most comprehensive�
Page 5 portfolio of payment brands in the world. With 23,000 member� financial institutions, serving consumers in 220 countries� and territories, MasterCard is the industry leader in� quality and innovation. Nearly 700 million MasterCardâ,� Maestroâ, Cirrusâ and MondexÔ cards are in circulation� today. With more than 16.2 million locations, no card is� accepted in more places and by more merchants than the� MasterCard Card. In 1998, gross dollar volume exceeded $650� billion. MasterCard can be reached through its World Wide� Web site at http://www.mastercard.com.� � About Hitachi� � Hitachi, Ltd., headquartered in Tokyo, Japan, is one of the� world's leading global electronics companies, with fiscal� 1998 (ended March 31, 1999) consolidated sales of 7,977� billion yen ($65.9 billion*). The company manufactures and� markets a wide range of products, including computers,� semiconductors, consumer products and power and industrial� equipment. For more information on Hitachi, Ltd., please� visit Hitachi's Web site at http://www.hitachi.co.jp. * At� an exchange rate of 121 yen to the dollar.� � Dai Nippon Printing Co (DNP)� � Dai Nippon Printing Co Ltd. is one of the world's leading� printing companies with a world wide turnover of USD10� billion in the 1998 fiscal year. DNP was the first company� to implement the MULTOS operating system bringing a number� of MULTOS chips to market in partnership with Hitachi. DNP� has also been involved in the development of operating� systems for Mondex e-cash smart cards and has supplied over� 500,000 smart cards for the Mondex Scheme around the world� since 1991.� � About platform seven� � platform seven is a leading independent provider of smart� card and e-commerce security products, solutions and� services. Although part of Nat West, a leading UK bank, the� team is independent and operates with strict client� confidentiality procedures in place. The team currently� numbers over 100 of the world's leading smart card and� e-commerce experts based in Europe, North America and Asia� Pacific. For more information, please visit platform seven's�
Page 6 website at http://www.platform7.com.
Page 7
Distributed via Press Release Wire (https://pressreleases.responsesource.com/) on behalf of Pleon
Copyright © 1999-2021 ResponseSource, The Johnson Building, 79 Hatton Garden, London, EC1N 8AW, UK e: [email protected] t: 020 3426 4051 f: 0345 370 7776 w: https://www.responsesource.com