Smart Card Interoperability Standards

by Dr. Brad Paulson, Thor Engineering, ICMA Standards Representative

Smart cards are credit card-sized devices containing a microprocessor and semiconductor memory. Offering portability and security, smart cards provide a cost-effective and highly secure mechanism for automated systems to verify the identity of human users. While the market for smart cards is growing, large-scale implementation and market growth require interoperability of readers, cards and the software applications that are programmed in the chips.

Prior to standardization of the location of smart card contacts, interoperability held an entirely different connotation. At that time, two smart card configurations were available; one with the chip located in the upper left-hand corner of the card and one with the chip where it currently resides, more along the centerline of the card. Clearly, cards were not interoperable in readers of the alternative configuration, creating chaos and uncertainty. Furthermore, the corner position could place the chip opposite the magnetic stripe, creating difficulties with encoding and reading multiple use cards that held information on both the magnetic stripe and the integrated circuit. The concern was for interoperability of smart cards in readers globally and the interoperability of coexistent magnetic stripe and integrated circuit technology on the same card.

By standardizing the integrated circuit chip and contacts, in ISO/IEC 7816-2 Identification cards – Integrated circuit(s) cards with contacts – Part 2: Dimensions and location of the contacts, smart cards became globally interoperable in readers and with coexistent magnetic stripe technology. However, programming for the applications became linked to the integrated circuit that was selected. This necessitated programmers to know the intended application and build the card accordingly. Thus, each smart card product line had a characteristic language, was intended for a particular application, and was able to interact exclusively within defined systems. To remove barriers for smart card deployment, adoption of a common interoperability platform was necessary. This allows smart card manufacturers and issuers to select appropriate software products from different vendors, encouraging innovation and accelerating development.

In response to this need, a new suite of smart card interoperability standards, ISO/IEC 24727: Identification Cards – Integrated Circuit Cards Programming Interfaces, has been under development to produce a framework to enable interoperation of applications such as transportation cards of adjacent systems, identity cards of federated jurisdictions, loyalty cards of co-branding merchants, and payment cards of alternative standards, to name a few. The basis of the Standard is that the Application Programming Interface (API) resides on the host and client side of the system, and does not reside on the card. This is a fundamental change of philosophy in a technology that is accustomed to dealing with ‘on-card’ commands. Currently, three standards are under development:

• ISO/IEC 24727-1: Identification Cards – Integrated Circuit Cards Programming Interfaces: Architecture, which is approved to go forward for a Final Draft International Standard (FDIS) ballot.

• ISO/IEC 24727-2: Identification Cards – Integrated Circuit Cards Programming Interfaces: Generic Card Interface, which is expected to go forward as a Final Draft International Standard (FDIS) ballot.

• ISO/IEC 24727-3: Identification Cards – Integrated Circuit Cards Programming Interfaces: Application Interface, which is expected to proceed to a second Committee Draft (CD) ballot.

Also, two additional work items have been approved for development:

• ISO/IEC 24727-4: Identification Cards – Integrated Circuit Cards Programming Interfaces: API administration and

• ISO/IEC 24727-5: Identification Cards – Integrated Circuit Cards Programming Interfaces: Testing.

Recently, an ANSI proposal has been submitted to conduct a case study and produce a technical report, making use of ISO/IEC 24727, of two applications currently used in the United States, on a single smart chip card—Personal Identity Verification (PIV) and transportation fare cards. The goal of this technical evaluation is to help identify and remedy possible deficiencies, or areas in need of improvements, in ISO/IEC 24727 documents.
To sum up, compared to other integrated circuit card standards, the set of ISO/IEC 24727 standards is large, complex, and technical.

However, it has attracted attention from groups building federated smart card systems, where the system must interoperate between issuers and interoperate with other card systems. Some examples include electronic passport and driver license systems, payment systems such as PayPass, RIS, and EMV, and the multitude of proprietary physical access control systems. The initiative has been embraced in the United States from inception, and recently, the European Union has adopted ISO/IEC 24727 for the EU citizen card initiative, and Australia has similarly adopted this work for chip based driver license.

 

 

International Card Manufacturers Association © 2007
This site is Designed and Maintained By Creative Marketing Alliance