Other important standards

There are several industry standards for communicating with a smart card

that agencies could use for applications that fall outside the realm of

GSA specifications.

PKCS#11 (Cryptographic Token Interface): Specifies an application

program interface with cryptographic functions.

PC/SC (Personal Computing/ Smart Card): Developed for communicating

with smart cards connected to computers operating Microsoft Corp.'s Windows.

OpenCard: A framework for creating smart cards across many hardware

and software platforms; it provides an interface to PC/SC.

JavaCard: Enables Java technology to run on smart cards and other devices

with limited memory.

Multos: An open, high security, multiple application operating system for

smart cards that is designed to allow multiple platform-independent applications

to reside on the card.Dirty secret about standards

The challenge of developing new standards is that the work rarely is done

in a vacuum. Although negotiating competing interests or accommodating

existing standards is never easy, it is a regular part of the job.

For example, requirements laid out in the government's Federal Information

Processing Standard (FIPS) 140-1, which applies to cryptography products,

do not mesh with those in the ISO 7816 smart card standard. The ISO 7816

standard is the basis for the General Services Administration's work, said

Bill Bialick, technology director at Spyrus Inc. FIPS common criteria are

not smart card-centric but apply to the cryptographic tools themselves.

As a result, if users test encryption algorithms and other security

features every time they power up the card as FIPS requires, that process

violates the 7816 standard, Bialick said.

Harreld is a freelance writer based in Cary, N.C.

Featured

  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/Shutterstock.com)

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected