Other important standards

There are several industry standards for communicating with a smart card

that agencies could use for applications that fall outside the realm of

GSA specifications.

PKCS#11 (Cryptographic Token Interface): Specifies an application

program interface with cryptographic functions.

PC/SC (Personal Computing/ Smart Card): Developed for communicating

with smart cards connected to computers operating Microsoft Corp.'s Windows.

OpenCard: A framework for creating smart cards across many hardware

and software platforms; it provides an interface to PC/SC.

JavaCard: Enables Java technology to run on smart cards and other devices

with limited memory.

Multos: An open, high security, multiple application operating system for

smart cards that is designed to allow multiple platform-independent applications

to reside on the card.Dirty secret about standards

The challenge of developing new standards is that the work rarely is done

in a vacuum. Although negotiating competing interests or accommodating

existing standards is never easy, it is a regular part of the job.

For example, requirements laid out in the government's Federal Information

Processing Standard (FIPS) 140-1, which applies to cryptography products,

do not mesh with those in the ISO 7816 smart card standard. The ISO 7816

standard is the basis for the General Services Administration's work, said

Bill Bialick, technology director at Spyrus Inc. FIPS common criteria are

not smart card-centric but apply to the cryptographic tools themselves.

As a result, if users test encryption algorithms and other security

features every time they power up the card as FIPS requires, that process

violates the 7816 standard, Bialick said.

Harreld is a freelance writer based in Cary, N.C.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.