7.4 Standards

See ``The Smart Card - A Standardized Security Device Dedicated to Public Cryptology'' (by Louis Claude Guillou, Michel Ugon, and Jean-Jacques Quisquater, in Gustavus Simmons, ``Contemporary Cryptology - The Science of Information Integrity'', IEEE Press, pp.561-614, 1992) for an excellent discussion of the international status of smart card standardization which is still fairly current. Several parallel, overlapping ISO standardization efforts exist:

1.

ISO/IEC JTC1/SC17/WG4 (Information Systems -- Identification Cards -- Integrated Circuit Cards with Contacts) has produced specifications of the physical characteristics ISO 7816-1,2 and physical communication protocols ISO 7816-3 that are International Standards. The specification of the file system layer ISO 7816-4 is still a Committee Draft, but is currently undergoing balloting. Other standards are still in Working Draft stage.
The following standards apply for ISO SC17/WG4 contact cards:

Standard Scope

7816-6 Common Data Elements (unpublished)

IS 7816-5 Registration for Applications

CD 7816-4.2 Commands for Interchange

IS 7816-3 Transmission Protocol

IS 7816-2 Contact Location

IS 7816-1 Physical Characteristics

As long as the lower layers conform to ISO 7816-4 and the transmission protocol is T=0 (asynchronous, half-duplex character transmission protocol) or T=1 (asynchronous, half-duplex block transmission protocol), the link between the card reader and the host system can be implemented via RS232, PCMCIA, Infra-Red, etc.

2.

ISO TC68/SC6 (Banking - Financial Transaction Cards, Related Media and Operations) has two working groups: WG5 (Messages Exchanged with Integrated Circuit Cards) has produced a Draft International Standard and a Working Draft ISO 9992 dealing with messages and data elements. WG7 (Security Architecture of Banking Systems Using Integrated Circuit Cards) has produced a Draft International Standard and a Working Draft covering card life cycle, keys, and algorithms.

3.

ISO/IEC JTC1/SC17/WG8 (Information Systems -- Identification Cards -- Contactless Integrated Circuit Cards) has not produced standards to date in the ISO 10536 series.

4.

Specific ANSI X3B10.x groups cover contactless cards. The ANSI X3B10.1 group covers IC cards with contacts.ANSI is circulating a slightly modified version of ISO 7816-3.

5.

The FIPS on Security Requirements for Cryptographic Modules, which is in draft status, specifies general physical, functional, and process requirements for four increasing levels of security, but does not specify interfaces or protocols. This standard applies to government applications using cryptographic functions of smart cards.

6.

There are a few other standards bodies that have developed smart card standards for specific industry segments or applications.

Due to the state of standardization, it is not possible to specify a standard interface to smart cards or smart card devices except at the physical layer. The draft for the file system layer, however, at least provides us with a general picture. Based on this, it is possible to specify an abstract usage model and high-level interface that should be implementable with minimal software ``glue'' using cards from most vendors.