GSA forges smart card spec

After months of work, the General Services Administration and vendors have

achieved what industry has been unable to do on its own: agree on an interoperability

specification that will allow different smart cards to work together across

government.

GSA, along with vendor and agency representatives, recently drafted

and agreed to an open, interoperable specification to enable smart cards

bought off the governmentwide Smart Access Common ID contract by one agency

to work with applications and smart card readers used by another agency.

GSA has started testing the specification.

"To get all the prime [vendors] to agree on interoperability for applications

I think is a huge step that will help the expansion of smart card technology,"

said Mickey Femino, director of GSA's new Center of Innovative Business

Solutions.

Lack of interoperability has been a major impediment to smart card adoption

in this country, said Mike Brooks, director of GSA's Center for Smart Card

Solutions (see story, Page 52). The specification will be "a catalyst for

smart card technology forging ahead in America," he said. "It will allow

[agencies] to buy a smart card solution from GSA, and they don't have to

be concerned about proprietary systems."

When GSA awarded its estimated $1.5 billion smart card contract in

May to five prime vendors — KPMG Consulting LLC, Litton/PRC Inc., Electronic

Data Systems Corp., 3-G International Inc. and Logicon Inc. — it required

all smart cards to interoperate so that agencies can use cards for multiple

purposes. Because smart card vendors offer proprietary solutions based on

their own specifications, vendors and GSA had to develop a neutral specification

that all can support.

The specification covers five smart card applications: identification;

logical access control, such as access to a computer network; physical access

control, such as access to a building; biometrics, such as fingerprint scans;

and cryptographic services, such as digital signatures.

The original goal was to draft the interoperability specifications within

45 days after the award, but the process proved more complex than anticipated.

Interoperability should bring prices down and make smart cards more

attractive in government, said Rick Pratt, program manager for GSA's smart

card project at EDS. "I think it will make vendors more competitive," he

said. "If it's just your card, then you can ask any price. If you're working

against other vendors, it will bring the price down."

Competition is good for users, said John Moore, chairman of the Federal

Smart Card Users Group and director of smart card studies in GSA's office

of electronic government. "Do you think the United States would work better

if it were a dictatorship or if Microsoft was the only computer vendor?"

he asked. "This has an enormous potential in terms of the size of the market

that exists."

However, the most difficult part may still lie ahead. The National Institute

of Standards and Technology initially will help GSA test 20 cards with 20

readers — a process expected to last several months. Vendors must also develop

middleware based on the specifications to enable different platforms to

support different cards.

"You could end up with cards that are compatible, but if the middleware

is not done correctly, it makes it useless," said Bill Bialick, technology

director at Spyrus Inc., a subcontractor for two primes.

Donna Farmer, president and chief executive officer of the Smart Card

Forum, said although there are standards in place, that doesn't guarantee

interoperability. "It isn't that the technology is the problem or issue,

it's all about how companies will interact with each other," she said.

Femino said he expects agencies to issue task orders for smart card

services soon. Last week, the Defense Department said it plans to use the

contract to buy about 1 million smart cards in January. The specifications,

meanwhile, will continue to evolve over the 10-year contract.