Other important standards
- By Heather Harreld
- Dec 10, 2000
There are several industry standards for communicating with a smart card
that agencies could use for applications that fall outside the realm of
PKCS#11 (Cryptographic Token Interface): Specifies an application
program interface with cryptographic functions.
PC/SC (Personal Computing/ Smart Card): Developed for communicating
with smart cards connected to computers operating Microsoft Corp.'s Windows.
OpenCard: A framework for creating smart cards across many hardware
and software platforms; it provides an interface to PC/SC.
JavaCard: Enables Java technology to run on smart cards and other devices
with limited memory.
Multos: An open, high security, multiple application operating system for
smart cards that is designed to allow multiple platform-independent applications
to reside on the card.Dirty secret about standards
The challenge of developing new standards is that the work rarely is done
in a vacuum. Although negotiating competing interests or accommodating
existing standards is never easy, it is a regular part of the job.
For example, requirements laid out in the government's Federal Information
Processing Standard (FIPS) 140-1, which applies to cryptography products,
do not mesh with those in the ISO 7816 smart card standard. The ISO 7816
standard is the basis for the General Services Administration's work, said
Bill Bialick, technology director at Spyrus Inc. FIPS common criteria are
not smart card-centric but apply to the cryptographic tools themselves.
As a result, if users test encryption algorithms and other security
features every time they power up the card as FIPS requires, that process
violates the 7816 standard, Bialick said.
Harreld is a freelance writer based in Cary, N.C.