• Application Scope







    Uncheck

    Search text
    Technology






exceet Card Group

Smart City Solution in Stuttgart: One Card - Plenty of Possibilities

Use Cases | By exceet Card Group | 13 November 2015
The city of Stuttgart pioneers a way of accessing transport and leisure services and purchasing in Germany. The city of Stuttgart pioneers a way of accessing transport and leisure services and purchasing in Germany.

Visit the Exceet Card Group at the Cartes 2015, Booth 4 L 020

The city of Stuttgart pioneers a way of accessing transport and leisure services and purchasing in Germany

Anyone who travels regularly by public transport requires a ticket. Anyone who wants to use a car-sharing vehicle requires a card, and if you want to pay you need a card, too. And with each card the thickness of your wallet increases. Working with numerous partners, the city of Stuttgart has adopted an ambitious project to enable a single smart card to make payments and access transport and other services – this has been developed by the company Exceet for the Smart City project. Fabian Rau of Exceet talked to “RFID im Blick” about the aims of the project, the functionality of the application and the future potential of a newly developed security token.

Fabian Rau, Head of Segment Logical Access Solutions, Exceet Card Group, in an interview with „RFID im Blick“

Mobility almost without limitation

In the German city of Stuttgart, more than 100 people are testing this unique idea. The userfriendliness of the product is under careful scrutiny: with the new Stuttgart Service Card the user can make credit and debit card transactions for different services at POS terminals using the certified MasterCard feature. 22 partners are currently involved in the ‘Stuttgart Service Card‘ project. “What makes the card so special is the combined functionality of ticketing and payment. This single card service is the only one of its kind in Germany, if not in the whole of Europe,“ says Fabian Rau.

Fabian RauFabian Rau “For the first time we have a VDV core application combined with Master- Card functionality in a smart card. The technological significance of the Stuttgart Service Card is to combine two applications in one card.“

Two applications on one card

The technological significance of the Stuttgart Service Card is to combine two applications in one card: EMV standard is used to implement the MasterCard certified payment, as well as the VDV core application – the technical standard of the Verband Deutscher Verkehrsunternehmen (VDV) for all forms of electronic tickets – which allows ticketing in public transport in Stuttgart. “We benefit from our engineering team’s years of experience – they have been able to transfer their expertise in the field of contactless cards, for banks or car-sharing providers, and develop the Stuttgart card. For the company Exceet it was the first time that a VDV core application has been combined with a MasterCard functionality in a smart card,“ says Fabian Rau.

A possible model for other cities

“As a service provider we develop, produce and personalise smart cards for many cities, banks and mobility services. From our point of view there is enormous potential outside Stuttgart to combine different services and contactless payment on one card. Multi-function cards can have a positive effect on urban tourism because they increase the convenience of a city trip and visitors only have to deal with one product,“ Fabian Rau says.

Smartphone: not (yet) an alternative to Smart Card

To apply the functions of a multi-function card such as the Stuttgart Service Card to a smartphone is definitely not feasible at the moment, says Fabian Rau: “Unfortunately, it is still impossible to integrate a MasterCard application safely and functionally into a smartphone. Therefore this approach was not pursued by the project partners during the development process. The card became the only sensible usable device. If a smartphone could be applied with a two-factor authentication, then it would be feasible to have the Stuttgart card application working on the phone, too.“

One password for all applications!

Often there are a huge number of different combinations for usernames and passwords for both personal and professional purposes – we use them to log on to our work laptops as well as for authentication in online banking or shopping web portals. For simplicity, many users of online services and authentication systems don’t choose to replace the passwords regularly, a measure that is urgently recommended to ensure maximum safety. Even worse: a large number of people use the same password for multiple services. This significant lack of security can be quickly and safely eliminated with the EMIS token, according to Fabian Rau: “The token uses a crypto processor that basically cannot be manipulated. With this token a user does not need to regularly change passwords any more, a measure recommended by providers and online vendors with good reason. Changing passwords is not only time-consuming and annoying for private users, but, if users forget their login information, also requires significant support time from the IT management services of professional providers. Using the token, the user merely memorises a PIN, so not even a password has to be remembered. The level of security is significantly improved by the token and at the same time it is much more comfortable for the user.“

Two-factor authentication allows smartphone usage

“Exceet has developed a token for such scenarios called Exceet Multi ID Solution (EMIS). A single identity number on the token can be used to create multiple applications – opening a door, logging in to a PC or authenticating a smart phone,“ says Fabian Rau. This way some form of security is guaranteed, which clearly improves on a simple password entry, according to Rau: “Even in the case of a stolen smart phone, the stored data would remain secure because it is automatically encrypted by the token. All access authorisation to the smartphone can then be removed by Exceet at the click of a mouse.“ From our point of view, the token is a crucial development allowing financial institutions, such as MasterCard or Visa, to obtain the required security to allow payment applications through a smartphone. Also SMS-TAN procedures for online banking, which are anticipated to be critical to safety, could be replaced by the interaction of tokens with a tablet or smartphone. This could become an absolutely reliable payment method.“

Comfort and security by single sign-on

“A single sign-on, as permitted by EMIS, brings comfort and safety to password-protected applications,“ says Fabian Rau. “We presented the first prototypes of the token in mid-December 2014. We are confident that we can fill a gap in the IT security with this solution, which is safer and more comfortable for the user.“ In healthcare, there is the potential for a wide range of applications for the newly developed security token with RFID/NFC and Bluetooth in contactless communication to devices such as laptops, smartphones or tablets, according to Fabian Rau: “Let‘s look at a doctor‘s office: no patient wants his medical record to be seen on the doctor‘s screen when the next patient enters the examination room. If the physician uses an EMIS token and the patient has an ID chip, all data would appear on the screen only when doctor and patient are in close proximity to the computer.

This technology does not make more work for those using it – quite the opposite. The increasing automation gives doctors and nurses more time for treatment and care.

Last modified on Friday, 13 November 2015 15:30