Smart Card Standards

By Dr. Brad Paulson, Thor Engineering, ICMA Standards Representative

A smart card is a device that includes an embedded integrated circuit chip (ICC) that can be either a secure microcontroller with internal memory or a memory chip alone; the card connects to a reader through direct physical contact or with a remote contactless radio frequency interface. With an embedded microcontroller, smart cards have the unique ability to store large amounts of data, carry out their own on-card functions (e.g., encryption and mutual authentication), and interact intelligently with a smart card reader. Smart card technology is available in a variety of form factors, including plastic cards, fobs, subscriber identification modules (SIMs) used in GSM mobile phones, and USB-based tokens.

Over the past several years, industry groups implementing smart cards have developed a number of standards and specifications. These standards are voluntary, but in the interest of achieving conformity and interoperability, are generally followed. Adherence to smart card usage and system design standards can significantly enhance the ability to:
• Provide a clear and concise definition of terms so that all agencies have a common understanding and common criteria for evaluation.
• Provide the standards and specifications that are required for a trusted multi-agency credential and for credential information to be used across a defined infrastructure.
• Drive requirements and recognition of the total cost of ownership of a complete ID system architecture.
• Allow convergence of disparate identity and authentication media (e.g., cards) to a common credential token that can be used and trusted across the defined enterprise.
• Provide the flexibility to meet additional agency needs to use legacy tokens, as well as safeguarding the individual’s right to privacy.

The International Standardization Organization (ISO), together with the International Electrotechnical Commission (IEC), is one of the worldwide standard-setting bodies for technology, including plastic cards. These organizations facilitate the creation of voluntary standards through a process that is open to all parties. The primary standards for smart cards are ISO/IEC 7816, ISO/IEC 14443, ISO/IEC 15693, and ISO/IEC 7501.

ISO/IEC 7816 Identification cards – Integrated circuit(s) cards with contacts is a multi-part international standard broken into fourteen parts: 
• Parts 1, 2 and 3 deal only with contact smart cards and define the various aspects of the card and interfaces, including physical dimensions, the electrical interface and the communications protocols. 
• Parts 4, 5, 6, 8, 9, 11, 13 and 15 are relevant to all types of smart cards (contactless, as well as contact).  These parts define the card logical structure (files and data elements), various commands used by the application-programming interface for basic use, application management, biometric verification, cryptographic services and application naming.
• Part 7 defines a secure relational database approach for smart cards based on the SQL interfaces (SCQL).
• Part 10 is used by memory cards for applications such as pre-paid telephone cards or vending machines. 

ISO/IEC 14443 Identification cards – Contactless integrated circuit(s) cards – Proximity cards is an international standard that defines the interfaces of “close proximity” contactless smart cards, and is broken into four parts:
• Part 1 deals with physical characteristics
• Part 2 deals with the radio frequency (RF) interface and the electrical interface
• Parts 3 and 4 deal with the communications and anti-collision protocols. 

ISO/IEC 14443 compliant cards operate at 13.56 MHz and have an operational range of up to 10 centimeters (approximately 4 inches). ISO/IEC 14443 is the primary contactless smart card standard being used for transit, financial, and access control applications. It is also used in electronic passports and in the FIPS 201 PIV card.

ISO/IEC 15693 Identification cards – Contactless integrated circuit(s) cards – Vicinity cards describes standards for “vicinity” cards.  Specifically, it establishes standards for vicinity cards that operate to a maximum of 1 meter (approximately 3.3 feet), and is composed of three parts:
• Part 1 deals with physical characteristics
• Part 2 deals with radio frequency power and signal interface. 
• Part 3 covers anticollision and transmission protocols. 

ISO/IEC 7501 Identification cards – Machine readable documents describes standards for machine-readable travel documents and has made a clear recommendation on smart card topology.  ISO/IEC 7501 is composed of three parts:
• Part 1 deals with machine readable passports.
• Part 2 deals with machine readable visas. 
• Part 3 deals with official travel documents. 

Primarily, smart card standards govern physical properties, communication characteristics, and application identifiers of the embedded chip and data, and almost all standards refer to the ISO/IEC 7816 as a base reference.  Application-specific properties are also in development, with many large organizations and groups proposing standards. However, open system card interoperability should apply at several levels: 
1. To the card itself, 
2. The card access terminals or readers,
3. The networks, and
4. The card issuers’ own systems.

Open system card interoperability will only be achieved by conformance to international standards. Anyone interested in obtaining a technical understanding of smart cards needs to become familiar with what the standards do not cover, as well as what they do cover.

Brad Paulson, Ph.D., is the ICMA Official Standards Representative and concurrently serves as principal and founder of Thor Engineering, a consulting company he started in 2001 to test and evaluate media and materials to determine failure modes and recommend material and process improvements. Views expressed here are his own. Questions? Contact Brad at Tpaulson@rconnect.com.

International Card Manufacturers Association © 2007
This site is Designed and Maintained By Creative Marketing Alliance