Feds tout interoperability
- By Brian Robinson
- Jul 15, 2002
One of the goals for smart cards is to provide a single card that government workers can use for applications that are similar in all agencies and yet also can work with agency-specific applications. So far, that's been an impossible target because different vendors' cards and card readers do not work with one another.
The picture became clearer when the National Institute of Standards and Technology published Version 2.0 of the Government Smart Card Interoperability Specification (GSC-IS) June 27. A result of the agreement that accompanied the General Services Administration's award of its agencywide smart card contract in May 2000, the GSC-IS assures agencies that cards they buy from one vendor will work with another supplier's equipment.
"This is the first stable version of the specification," said Jim Dray, principal scientist for NIST's government smart card program. "It's a really big deal."
Traditionally, each vendor's smart card has carried its own unique Application Protocol Data Unit (APDU) set, which allows developers to write applications for the card. However, because they are unique, each card presents a different face to the developer, making interoperability among cards all but impossible.
The GSC-IS defines a generic APDU that each card carries and that is mapped to the card's native APDU. That generic APDU then supports Basic Services Interface service modules, which describe core functions that are the same for every use of a smart card.
In effect, the differences among cards are abstracted out so they all look the same to applications.
"It's what we call the Rosetta Stone of smart card architecture," Dray said. "It provides a mapping from a card's native APDU out to the standard card edge interface. All a card needs to do [to be interoperable] is to store a file and be able to follow one of our data models. And those are not stringent requirements for any smart card."
Vendors wanting to sell smart card products to the government in the future will probably have to comply with the new specification.
Officials at the departments of Defense, Transportation and State, the Transportation Security Administration and most of the other government entities that are likely to influence the purchase of smart cards have said they will require that smart cards comply with the specification. And the Office of Management and Budget, which has a mandate to promote e-government in federal agencies, also supports the use of the specification for government smart cards.
The GSC-IS will be an organic vehicle and will adopt new features according to the demand of users, Dray said. In the near future, developers will look for ways to incorporate biometrics with smart cards and to cater for contactless card technology.
Brian Robinson is a freelance writer based in Portland, Ore.