GSA forges smart card spec
- By Colleen O'Hara
- Oct 16, 2000
After months of work, the General Services Administration and vendors have
achieved what industry has been unable to do on its own: agree on an interoperability
specification that will allow different smart cards to work together across
GSA, along with vendor and agency representatives, recently drafted
and agreed to an open, interoperable specification to enable smart cards
bought off the governmentwide Smart Access Common ID contract by one agency
to work with applications and smart card readers used by another agency.
GSA has started testing the specification.
"To get all the prime [vendors] to agree on interoperability for applications
I think is a huge step that will help the expansion of smart card technology,"
said Mickey Femino, director of GSA's new Center of Innovative Business
Lack of interoperability has been a major impediment to smart card adoption
in this country, said Mike Brooks, director of GSA's Center for Smart Card
Solutions (see story, Page 52). The specification will be "a catalyst for
smart card technology forging ahead in America," he said. "It will allow
[agencies] to buy a smart card solution from GSA, and they don't have to
be concerned about proprietary systems."
When GSA awarded its estimated $1.5 billion smart card contract in
May to five prime vendors — KPMG Consulting LLC, Litton/PRC Inc., Electronic
Data Systems Corp., 3-G International Inc. and Logicon Inc. — it required
all smart cards to interoperate so that agencies can use cards for multiple
purposes. Because smart card vendors offer proprietary solutions based on
their own specifications, vendors and GSA had to develop a neutral specification
that all can support.
The specification covers five smart card applications: identification;
logical access control, such as access to a computer network; physical access
control, such as access to a building; biometrics, such as fingerprint scans;
and cryptographic services, such as digital signatures.
The original goal was to draft the interoperability specifications within
45 days after the award, but the process proved more complex than anticipated.
Interoperability should bring prices down and make smart cards more
attractive in government, said Rick Pratt, program manager for GSA's smart
card project at EDS. "I think it will make vendors more competitive," he
said. "If it's just your card, then you can ask any price. If you're working
against other vendors, it will bring the price down."
Competition is good for users, said John Moore, chairman of the Federal
Smart Card Users Group and director of smart card studies in GSA's office
of electronic government. "Do you think the United States would work better
if it were a dictatorship or if Microsoft was the only computer vendor?"
he asked. "This has an enormous potential in terms of the size of the market
However, the most difficult part may still lie ahead. The National Institute
of Standards and Technology initially will help GSA test 20 cards with 20
readers — a process expected to last several months. Vendors must also develop
middleware based on the specifications to enable different platforms to
support different cards.
"You could end up with cards that are compatible, but if the middleware
is not done correctly, it makes it useless," said Bill Bialick, technology
director at Spyrus Inc., a subcontractor for two primes.
Donna Farmer, president and chief executive officer of the Smart Card
Forum, said although there are standards in place, that doesn't guarantee
interoperability. "It isn't that the technology is the problem or issue,
it's all about how companies will interact with each other," she said.
Femino said he expects agencies to issue task orders for smart card
services soon. Last week, the Defense Department said it plans to use the
contract to buy about 1 million smart cards in January. The specifications,
meanwhile, will continue to evolve over the 10-year contract.