French smart card manufacturer Gemplus SA is turning to software to generate an additional stream of revenue. The company is today launching a new smart card system designed to increase network security and use digital certificates in a more effective and secure manner. GemSafe uses the public key infrastructure on a smart card to heighten personal computer security and is aimed specifically at intranets, web and email systems. At the moment digital certificates reside on PCs, but they can be easily stolen and copied. GemSafe consists of a smart card, smart card reader and software that sits on the PC. The public and private keys are generated and stored on the smart card, which can then be removed from the machine meaning the digital identity is safe if the hardware should be stolen. If the card itself is lost or stolen, in order to access the digital identity held on it, a personal identification number is required. If the PIN is entered incorrectly it will automatically shut down after three failed attempts. Gemplus is particularly proud of GemSafe’s ability to generate the keys required to conduct secure cryptography, on the card itself, instead of in an external environment. Every GemSafe user, and indeed digital certificate holder has a public and a private key. The private key, which can be thought of as a secret key resides only on the holder’s smart card. The public key is held in a directory, which is stored online. If someone wants to send a securely encrypted message to another digital identity holder, they will go to the public key directory and attach the particular key to the message and send it to the desired recipient. The recipient will then have to access their private key to decrypt the public key. Both keys are linked and unique. In order for a sender of a message to be sure it is going to reach an authentic key holder, a third party certificate authority will stamp it to ensure it is genuine. The stamp combined with the key is a digital certificate. The GemSafe software is compatible with Netscape Communications Corp’s Navigator and Microsoft Corp’s Internet Explorer, as well as both of their electronic mail systems, meaning the system is compatible with the majority of users existing applications. The smart card reader can be easily connected to a computer’s serial port and the software can be installed in any Windows 95 or Windows NT-based machine. Gemplus is one of the more powerful forces in the smart card manufacturing space, but analysts are suggesting at the moment, that such manufacturers are soon to lose out to software developers (CI No 3,410). Gemplus’ UK business manager Andrew Leigh says the company is well aware of this and while it still believes that it will maintain a strong position for many years to come, it will be looking increasingly towards developing smart card software. GemSafe will be available on a worldwide basis as of today, priced at $100.
