By Joseph A. Naujokas, Naujokas & Associates
The stage is now set for development of International Interoperability
Standards for integrated circuit cards. Since 2002, the US National
Institute for Standards and Technology (NIST) has been laying the groundwork
for this significant effort.
The New Work Proposal was approved by ISO/IEC JTC1 SC17 (ISO/IEC Joint
Technical Committee One, Subcommittee 17, ID Cards and Personal Identification).
They quickly held a special meeting where they established a new Task
Force under the Integrated Circuit Cards Working Group 4 (WG4/TF9) and
appointed Teresa Schwarzhoff of NIST as the Convenor and the US as the
Secretariat.
WG4/TF9 will produce a new standard or suite of standards, ISO/IEC
24727 that will include the capability of IAS (Identification, Authentication
and Signature services).
In at least the following areas:
By the time you read this, the first meeting of WG4/TF9 will have taken
place on July 12-14, 2004 which is after this is written.
NIST has been at the fore front of US Federal government smart card
applications providing Identification and access control for US Government
employees. Much work, that included both industry participants and Federal
agencies, has already been accomplished. NIST also recognizes that the
International effort will take a minimum of 2-3 years so they have started
a similar effort at the US level to quickly establish an ANSI (America
National Standards Institute, a non-governmental agency) standard for
interoperability.
NIST submitted a new work proposal for an ANSI standard which is based
on NIST Interagency Report 6887, July 2003. The report is in the public
domain and is available on the Web at http://smartcard.nist.gov.
This strategy of pursuing both a National and International standard
simultaneously, can have at least two possible negative scenarios. The
first is the reaction of the International standards community who could
view this as a possible end run by NIST to ensure their views will prevail
in the International standard. The perception would be that the National
standard will be quickly adopted as is.
In the other scenario a significant player in the US standards could
raise an objection to the NIST proposal stalling NIST's National efforts
and thus weakening their International position.
Think this can't happen? A similar scenario just happened just 3 or
4 years ago. The State Governments through AAMVA (American Association
of Motor Vehicle Administrators) tried to transpose a government card
specification (driver's licenses) into an ANSI standard. US retailing
trade organizations strongly objected to one part of the standard. AAMVA
would not budge from their specification and it never became a National
Standard.
Frankly I don't understand why NIST wants to transpose their government
specification into a National Standard. At this time, the US government
is by far the largest procurer of smart cards in the US. Credible suppliers
would be sure to offer products that comply with the NIST specifications.
Report 6887 would probably become a de-facto standard on its own until
the international standard is completed.
The Smart Card is an excellent application for government employee's
identification and access control. Government employees have access
to sensitive information and facilities that are critical to the safety
and well being of its citizens. Also, citizens need to be confident
that the person they are dealing with is a bona fide government employee/representative.
I believe that this function is more important than identity cards for
its citizens. So we should first have all government employees and their
contractors securely identified with secure ID cards before we worry
about ID cards for its citizens.
What do you think?