Ramanuj Banerjee Director Technical Consultancy

ActivCard, Inc. Headquartered in Fremont, CA Headquartered in Fremont, CA Over 12 years of experience with smart card technology Over 12 years of experience with smart card technology Seasoned management team Seasoned management team Public Company (Nasdaq:ACTI Easdaq:ACTI) with $300 million in cash Public Company (Nasdaq:ACTI Easdaq:ACTI) with $300 million in cash Sold 300,000 ActivCard Gold licenses in 2000 Sold 300,000 ActivCard Gold licenses in 2000 Over 100 installed ActivCard Gold customer sites Over 100 installed ActivCard Gold customer sites

Reference Customers Defense Manpower Data Center (DMDC) – 4.3 million users Defense Manpower Data Center (DMDC) – 4.3 million users Citigroup / Citibank – undetermined millions of users Citigroup / Citibank – undetermined millions of users Sun Microsystems, Inc. – 45,000 users Sun Microsystems, Inc. – 45,000 users DataCard, Inc. – 3,000 users DataCard, Inc. – 3,000 users Barclays Bank – United Kingdom – 4,000 users Barclays Bank – United Kingdom – 4,000 users ForeningsSparbanken – Sweden – 1.2 million users ForeningsSparbanken – Sweden – 1.2 million users NTT – Japan – 5,000 users NTT – Japan – 5,000 users HP – 100,000 users HP – 100,000 users

The “ATM User Experience” + PIN = Jane Johnson 06/03 No Jane Johnson 06/03 No ATM

Internet The “ATM User Experience” for the Internet + PIN = Jane Johnson 06/03 No Jane Johnson 06/03 No Network Service

ActivCard’s role User Terminal Network Server Service GovernmentHealthcareBankingFinanceCorporateEntertainment Issuance & Enrollment OfficeBranchCustomerHomeHotelAirportMobile Post-issuance Management Add, Delete, Modify Digital Identity

LegacySystemsCertificateAuthorityBuildingAccess FinancialServices E-businessServices Where is ActivCard Software? The Mgt Console The Server The Card Java Card WpSC MultOS Cryptoflex The Terminal

Citibank and ActivCard Citibank has licensed ActivCard software Citibank has licensed ActivCard software Citibank delivers “Turn-key” service Citibank delivers “Turn-key” service Multi-application smart card as new corporate badge Multi-application smart card as new corporate badge –Financial Application – Travel & Expense Card, ePurse, purchase card –Physical Access Control –Logical Access –Demographic and Loyalty Applications –Open Platform Card –Card Lifecycle Management Johnson Jane 12345

Picture ID BuildingAccess Remote Access Token DigitalCertificates Passwords No Common Infrastructure Digital Identity – Sun Microsystems NT Login jjohnson ihate SAP jjohnson x4Lo19b C. Schwab jjohnson echo2 Finance jjo echo1 w Jane Johnson S E C U R ID

Johnson Jane Consolidation Digital Identity – Sun Microsystems NT Login jjohnson ihate SAP jjohnson x4Lo19b C. Schwab jjohnson echo2 Finance jjo echo1 w RP C INCORPORATED John Johnson S E C U R ID NT Login jjohnson ihate SAP jjohnson x4Lo19b C. Schwab jjohnson echo2 Finance jjo echo1 w RPCRPC INCORPORATED John Johnson S E C U R ID w NT Login jjohnson ihate SAP jjohnson x4Lo19b C. Schwab jjohnson echo2 Finance jjo echo1 Jane Johnson S E C U R ID

Service Provider Example Federated Smart Card Management Service Provider Customer Domain Login Virtual Private Networking with portal manager approval Certificate Authority

Usage - $1.5 Billion GSA Contract Active Duty U.S. Navy Johnson, Jane Marie Social Security NumberDate of Birth JAN09 Issue DateExpiration Date 1999SEP032003SEP01 Pay GradeGeneva Conv. Cat. LTCOLVI Rank A1 Geneva Conventions Identification Card DMDC New Process ApplicationsNew Process Applications Single Sign OnSingle Sign On Room for new applets post-issuanceRoom for new applets post-issuance SAMPLE

Department of Defense Example Federated Smart Card Management DOD Service Branches

Deploying 4.3 million Cards The GSA Common Access Card (CAC) Program PIN Mgt AppletPIN Mgt Applet Generic Container AppletGeneric Container Applet –Employee ID –Benefits –External Benefits –Healthcare –Utility PKI AppletPKI Applet –Three Key Pairs/Certificates Space for Departmental AppletsSpace for Departmental Applets Active Duty U.S. Navy Johnson, Jane Marie Social Security NumberDate of Birth JAN09 Issue DateExpiration Date 1999SEP032003SEP01 Pay GradeGeneva Conv. Cat. LTCOLVI Rank A1 Geneva Conventions Identification Card DMDC SAMPLE

Defense Manpower Data Center (DMDC) DEERS ID Badge PayHRMedical 23 million records on Oracle Active Duty U.S. Navy Johnson, Jane Marie Social Security NumberDate of Birth JAN09 Issue DateExpiration Date 1999SEP032003SEP01 Pay GradeGeneva Conv. Cat. LTCOLVI Rank A1 Geneva Conventions Identification Card DMDC SAMPLE

Real-time Distributed Issuing DEERS 1900 RAPIDS STATIONS

Rapids Issuance Terminal

Technical Walkthrough

Distributed Issuing DEERS Issuance Portal https Server HSM HSM HSM HSM Netscape Cert Server DISA / National Security Agency RAPIDS Station ActivCard Gold Monterey, CA 23 Million Records Chambersburg, PA

Verification Officer Authentication to DEERS DEERS Netscape Cert Server National Security Agency HSM HSM HSM HSM RAPIDS Station Issuance Portal https Server ActivCard Gold

SSL v3 Session to DEERS DEERS Netscape Cert Server National Security Agency HSM HSM HSM HSM RAPIDS Station Issuance Portal https Server SSL v3 ActivCard Gold

SSL v2 Session with Issuance Portal DEERS Netscape Cert Server National Security Agency HSM HSM HSM HSM RAPIDS Station Issuance Portal https Server SSL v3 SSL v2 ActivCard Gold

VO Authenticates to NSA DEERS Netscape Cert Server National Security Agency HSM HSM HSM HSM RAPIDS Station Issuance Portal https Server SSL v3 SSL v2 SSL v3 ActivCard Gold

OP Secure Channel to New Card DEERS Netscape Cert Server National Security Agency HSM HSM HSM HSM RAPIDS Station Issuance Portal https Server SSL v3 SSL v2 SSL v3 OP Secure Channel ActivCard Gold Pipe also used post-issuance for card update – Unique to ActivCard

Card Application Managers (CAMs) DEERS Netscape Cert Server National Security Agency RAPIDS Station Issuance Portal https Server HSM HSM HSM HSM Card Application Managers (CAMs) ID Generic Container PKI SSL v3 SSL v2 SSL v3 OP Secure Channel ActivCard Gold

Create Card Applets - ID DEERS Netscape Cert Server National Security Agency RAPIDS Station Issuance Portal https Server HSM HSM HSM HSM Card Application Managers (CAMs) IDPKI SSL v3 SSL v2 SSL v3 ActivCard Gold Generic Container

Create Card Applets – Generic Containers DEERS Netscape Cert Server National Security Agency RAPIDS Station Issuance Portal https Server HSM HSM HSM HSM Card Application Managers (CAMs) IDPKI SSL v3 SSL v2 SSL v3 ActivCard Gold Generic Container

Create Card Applets - PKI DEERS Netscape Cert Server National Security Agency RAPIDS Station Issuance Portal https Server HSM HSM HSM HSM Card Application Managers (CAMs) IDPKI SSL v3 SSL v2 SSL v3 ActivCard Gold Generic Container

Instantiate ID Applet DEERS Netscape Cert Server National Security Agency RAPIDS Station Issuance Portal https Server HSM HSM HSM HSM Card Application Managers (CAMs) IDPKI SSL v3 SSL v2 SSL v3 ActivCard Gold Generic Container

Instantiate Generic Container Applet DEERS Netscape Cert Server National Security Agency RAPIDS Station Issuance Portal https Server HSM HSM HSM HSM Card Application Managers (CAMs) IDPKI SSL v3 SSL v2 SSL v3 ActivCard Gold Generic Container

Instantiate PKI Applet DEERS Netscape Cert Server National Security Agency RAPIDS Station Issuance Portal https Server HSM HSM HSM HSM Card Application Managers (CAMs) IDPKI SSL v3 SSL v2 SSL v3 ActivCard Gold Generic Container

SSL v2 Profile, Parameters, PIN Data DEERS Netscape Cert Server National Security Agency RAPIDS Station Issuance Portal https Server HSM HSM HSM HSM Card Application Managers (CAMs) IDPKI SSL v3 ActivCard Gold Generic Container

SSL v2 Generic Container Data DEERS Netscape Cert Server National Security Agency RAPIDS Station Issuance Portal https Server HSM HSM HSM HSM Card Application Managers (CAMs) IDPKI SSL v3 ActivCard Gold Generic Container

Encryption Key DEERS Netscape Cert Server National Security Agency RAPIDS Station Issuance Portal https Server HSM HSM HSM HSM Card Application Managers (CAMs) IDPKI SSL v3 SSL v2 SSL v3 ActivCard Gold Generic Container

First Signature Key DEERS Netscape Cert Server National Security Agency RAPIDS Station Issuance Portal https Server HSM HSM HSM HSM Card Application Managers (CAMs) IDPKI SSL v3 SSL v2 ActivCard Gold Generic Container SSL v3

Second Signature Key DEERS Netscape Cert Server National Security Agency RAPIDS Station Issuance Portal https Server HSM HSM HSM HSM Card Application Managers (CAMs) IDPKI SSL v3 SSL v2 ActivCard Gold Generic Container SSL v3

Print Card DEERS RAPIDS Station Issuance Portal https Server HSM HSM HSM HSM Active Duty U.S. Navy Johnson, Jane Marie Social Security NumberDate of Birth JAN09 Issue DateExpiration Date 1999SEP032003SEP01 Pay GradeGeneva Conv. Cat. LTCOLVI Rank A1 Geneva Conventions Identification Card DMDC Netscape Cert Server National Security Agency ActivCard Gold SAMPLE

Conclusion User Terminal Network Server Service GovernmentHealthcareBankingFinanceCorporateEntertainment Issuance & Enrollment OfficeBranchCustomerHomeHotelAirportMobile Post-issuance Management Add, Delete, Modify Digital Identity

Questions ? ? ?