MR. GATES: Well, thanks for coming. It's exciting to have this group together and talk about how we see smart cards exploding and becoming a very key element of authentication in many retail scenarios.

Microsoft's vision goes back 25 years, where when Paul Allen and I talked about a computer being on every desk and in every home. At that time it was kind of a radical statement, and it really drove everything the company's done its entire history.

You could say that the world is about halfway towards realizing that vision; about 60 percent of U.S. homes have a PC today. Obviously, less than that as you move around the world. With knowledge worker desktops in developed countries, over 75 percent are using PCs today. So the vision was a great thing, but we decided that, in a sense, it was too obvious. The idea of a vision is supposed to be to surprise people with something radical that you're going to do. And so, in the last year, we changed it to encompass a much broader role for software.

And so now we talk about empowering people through great software anytime, anyplace on any device. The point here is that the information you're interested in, the kind of collaboration you want to do, isn't just from a single PC. You want all the information across all your devices shared, you want access to that information on your cell phone, your TV, whatever display system you have in your car. So, it's a much more comprehensive set of services where the PC is still playing the primary role in terms of information creation, but all of those things come together. And, of course, the Internet in terms of moving the information around, moving the software around, plays a very key role here, but in a way that you shouldn't have to even think about actually giving explicit commands to make that happen.

Well, in this environment, there's a lot of information about a user. Their preferences, their purchasing behavior, and perhaps most importantly, their identification. So this is the part of our vision that we think smart cards are critical to. Wherever you want to go, even for offline activities, this information that should be available. And for online activities, authentication is very important. And, in fact, the password has been the weak link there. Passwords are easy to get. People use the same password on very insecure systems that they use on secure systems. And, they're easily forgotten, so you can go and get a new password, sometimes when you shouldn't be able to. A lot of problems there that as you get more and more critical information, not only email but business information, behind these systems, companies are going to take authentication a lot more seriously than they have to date.

Also, you have scenarios where you want to authenticate very efficiently, where you just want to walk up to a terminal and quickly see some information in a few seconds after getting to that terminal. So going through a password process is incredibly inconvenient. When people walk away from their machines because it requires a password to re-authenticate, often the machine doesn't timeout the authentication, so that machine is vulnerable to somebody coming along and using it. Whereas, if you have a smart card scenario, you just simply come back, take your smart card out, put your smart card back in as you come back.

There's lots of reasons with security definitely at the top of the list, that when we think about this environment in the future, we see users having smart cards as definitely a key capability.

Well, it's very exciting, all these things that are going to take place. And, there's not a day that goes by without some great new headline about some start-up doing something. Of course, many of us here are really living what we call the Web Lifestyle, taking advantage of these systems to collaborate in better ways, buy things in new ways, work more efficiently, and even making it part of our lifestyle. But to the world at large, still a big confusion. We still have a lot of work to do. And to stay in touch with that confusion or how people are thinking about computers, we often go out and talk to consumers, including just the man on the street. So, I've got a little video that shows interviews of people and what they're thinking about computing and some of these latest developments.

So, let's go ahead and take a look at that.

(Video shown.)

MR. GATES: So there's still a lot of work to do before all these great things are simple to use and broadly understood. And having people really trust the systems and trust the way their data is handled and not have to reenter the same information again and again, those are clearly elements that are very important to get to that big vision.

Microsoft, of course, is providing the software building blocks. Very high volume, standard building blocks that we can put in massive R&D, over $3 billion a year, and yet sell them at very low price because of the incredible volumes involved. PCs today are selling over 100 million units a year, and that's been growing faster than analysts predicted for every year out of the last five years. Again this year, growth both in the business and consumer segments has been beyond expectations. And that's partly because of the cycle where the more power the PC gets, the more software solutions are built for it, the more software solutions you get, the more relevant it is. And the volume, of course, is driving the price down through the miracle of Moore's law, and just the very intense competition.

The computing industry, once it had a clear standard for one operating system, hid the differences of the hardware from hundreds of manufacturers. It allowed innovation in the hardware industry and in the software applications business to proceed in parallel. So, any great printer could work with any software application. Any new portable machine that was designed could run all those existing applications. And, likewise, any new software that was created would run on that installed base of hardware.

So, standards can make a huge difference in terms of opening up a market. And we certainly see this with smart cards. The discussions about smart cards have really been going on for a long time, and yet in most parts of the world they are not yet pervasive. And it's argued that it's because some of the key applications, like corporate authentication, or allowing merchants to use them in loyalty programs, it just hasn't been simple to get the people with the right expertise to come together, and it's partly because the building blocks, and some of the simple standards just haven't been there.

So, for us, making sure this piece can come into the scenario is the logical extension of what we do with Windows. We think through these end-to-end scenarios, the new Internet environment, and say, what software is absolutely necessary? And that's the spirit in which we've put together the programs to do the software that actually runs on the smart card, and then integrate into Windows the software that allows Windows to communicate with the smart card and get any of the information, whether it's logging in or the file system that we create on the card, which is acceptable through the standard Windows API. So, applications don't have to go and learn some special API, they can literally think of it as a file system that they're going after. We do support the idea of logical code down on the card for the byte codes, of course. And yet we've been able to do that without requiring a huge processor because these byte put applications can actually be done with fairly simple processors, and that's important because of the price sensitivity that some of the buyers have if they want to go out and issue millions of these cards for free, or give cards to every employee, or every healthcare patient... that's a very big deal.

So, it's really getting all those pieces to work together, making it easy for Web sites to connect up to smart cards, making it easy for Windows login, making it easy for the applications, and so our efforts go way beyond just what we actually stick onto the card itself. As I said, the whole trust thing is a big part of this, and many mechanisms have been proposed, whether it's fingerprints or voiceprints. And it's our view that there's enough complexity and drawbacks to those approaches that it's really the smart card that's most likely to be very, very pervasive and taken for granted in terms of identity and security. It's great that there's the physical standard so that people aren't worrying about what does it look like to put a smart card reader for the various card form factors into these devices.

People are going to have all their critical information on these systems, whether it's personal information, sending photos around, or planning and organizing things, or the most sensitive business negotiations. And it is kind of fascinating that when we surveyed people using our Web sites, for example, our Expedia travel site, 80 percent of the people go there for information, but then still make the reservation the classic way by picking up the phone. It's really a concern over security that's holding them back from using the Internet to do the full transaction. So, it would obviously be more very straight forward, because once they'll pulled out the information, it's simply a click away to say please make that reservation for me. Obviously a lot simpler than going off and making the separate phone call.

So this concern is already affecting how people think about these systems, and a lot of that is really legitimate because of the weakness of how the password systems are administered. So, a very key problem in the online state, and then a need in the offline space, to have a broader range of information. Now, our model is that we're simply providing the base technology, and just as we did in Windows itself, the vertical applications come from people who understand those particular industries. And smart cards are definitely a case where there's lots of value-added applications that need to be built on top.

And, we think that this whole chain of value-added, the embedder, the application writer and the system integrator, that that chain of partnerships will be very important to create the explosion that we'd like to see take place here. In some ways, like we saw with the PC industry, they'll be increased specialization. And before the PC industry came along, IBM and other companies did everything, and that was really the only choice that was out there was to pick a vertical set of elements so that the sales force, the chips, the systems, the systems software, all came from one company.

Here in the smart card world, we'll see, as the volumes explode, we'll see a bit more specialization in these different areas, particularly the whole systems integration area is one that nobody has really gone after enough to meet the opportunity that we think is out there. We're interested in, of course, working with all the different parts of the industry so that the end solutions actually get put together.

Now, a big part of our business is empowering knowledge workers. Other than Windows, our biggest business and actually about the same size as the Windows business, is Microsoft Office. And so we're constantly going out to knowledge workers and talking about how can we help them work in a better way. How can we reduce the number of meetings, make information sharing a lot better. And a huge number of scenarios now involve sharing documents across corporate boundaries, taking a document and sending it off to a partner who might be located anywhere in the world. And there's a lot of concern about whether that kind of information sharing will create security problems. It comes up again and again. So, part of the idea of really getting behind smart cards is to have that one element, and then build into the user interface of the Office products a simple way of picking who you want to send it to, deciding how, what kind of authentication one would require for that person, and then, of course, being able to encrypt the document and make sure that it hasn't been tampered with anywhere between you and the person that you want to receive it.

Right now, if you think of any of those secure document scenarios, the amount of work you have to go through to do them is simply unacceptable, and so people either don't share the information or they do it in a way that has security risks. Our role here is building this core technology and enabling people, even if you take corporate customers, we see them approaching this in different ways. And right now, it's really the pioneering customers, I think, during next year, who will get literally hundreds, not thousands but hundreds of corporate customers who decide they want to use smart cards on a very broad basis.

And what we'll do is take those examples and use all the visibility we can create around leading edge applications and make sure other people understand that the time has really come and it's pretty straightforward to do these things and get it be common sense that a smart card is part of that PC login scenario.

Well, during this event I'm sure you've seen lots of smart cards that partners are putting together. And some of the ones that are kind of interesting are not just the classic form factor, which is a great thing and will probably be the highest volume, but also some new form factors where people are using a USB connector for authentication. And those USB ports, basically every new PC in the last 12 months or so has that built in. And so it does, for the case where the PC is the prime target, it seems to get rid of the need to have the smart card reader, which is often about a $30 or $40 extra cost.

Another thing that's pretty interesting is, of course, having the smart cards in the cell phones, both having the user ID capability where you actually have it very small and inside the phone, but also the ability for, say, a credit card transaction to go and read the card. You know, plug it in and have it be read. And so some of the cell phone makers are actually putting that kind of external reader capability in, like this is a Ciagem phone here. There's a number of standards that relate to that that we've made sure that smart cards for Windows conforms to all those different standards.

Another place we're seeing a lot of interest in this application is in healthcare applications. Here I've got a machine that's, say, running in a doctor's office. When you come in, you can get onto the system as a doctor and then you can see what patients are checking in. So, when the patient comes into the waiting room, they actually swipe their smart cards here, and then there's not only the patient ID, but in this case all the medical information. Oh, yes, I need to push "check in." There we go. Then it will go out and read the card.

Now, on that card is all the different information, medications, history, eligibility, lab tests, in this case it's a smart card with quite a bit of memory on it. And so as you're being checked in one thing you can do is take all this information, and go out to the Internet, and check eligibility. And so what's actually going on here is that the information off the smart card is being transmitted to the provider, and they're verifying what kind of eligibility this patient has, and giving a transaction code. And so now anything that the doctor's office starts they can simply transmit back, using this ID code. And you have a paperless system for all of the medical charts that are involved there.

So it simplifies the check in. It makes sure that key patient information is available to the doctor, and then it gets rid of the back end paperwork that's been there. And so we see in the health environment that, again, smart cards should just be common sense. The potential savings and efficiencies benefit everyone. The government, who is the biggest payer, all the medical institutions that have had to deal with the paperwork, have the information where they want it. And then, of course, the patient, as well. So we'd really like to see that take off, and we think there are some key partnerships to make sure that the right elements come together for that kind of capability.

In the medical environment there's a lot going on, whether it's some of the new speech recognition software we're building, wireless devices, this is actually a wireless tablet-type device that you can carry around in a medical environment. And because these wireless networks are now cheap enough that you're online and in touch with all the information that's interesting. So the smart card is part of that scenario, but all the other pieces come together to make that a lot more efficient than it's ever been before.

Well, today we're announcing a couple of new things. Of course, the toolkit, the Smart Card for Windows toolkit is something that's new out there. The toolkit is supporting the GSM standards, 11.11.14, we make it easy to create the logic using Visual Basic, which is just a simple tool for people to get involved in. Then, of course, it's got the simulator in the toolkit. So if you've got a PC you can go in and run the applications, make sure they do exactly what you want. The toolkit with all its features will be in final form first quarter next year, although we've got, of course, testing versions of all this that are out now. And we're getting a lot of feedback from the people here and others, to make sure we get that in exactly the right form.

So the bottom line is that we're committed to smart cards, partly because of the problems of passwords, but also because of other benefits that the smart card brings. And the architecture we've got here is quite flexible for the different applications, and really fits into our overall programming environment. And so we're really pleased to see the attendance here, and we're excited to see the solutions that come together, taking this as a building block.