Other important standards

There are several industry standards for communicating with a smart card

that agencies could use for applications that fall outside the realm of

GSA specifications.

PKCS#11 (Cryptographic Token Interface): Specifies an application

program interface with cryptographic functions.

PC/SC (Personal Computing/ Smart Card): Developed for communicating

with smart cards connected to computers operating Microsoft Corp.'s Windows.

OpenCard: A framework for creating smart cards across many hardware

and software platforms; it provides an interface to PC/SC.

JavaCard: Enables Java technology to run on smart cards and other devices

with limited memory.

Multos: An open, high security, multiple application operating system for

smart cards that is designed to allow multiple platform-independent applications

to reside on the card.Dirty secret about standards

The challenge of developing new standards is that the work rarely is done

in a vacuum. Although negotiating competing interests or accommodating

existing standards is never easy, it is a regular part of the job.

For example, requirements laid out in the government's Federal Information

Processing Standard (FIPS) 140-1, which applies to cryptography products,

do not mesh with those in the ISO 7816 smart card standard. The ISO 7816

standard is the basis for the General Services Administration's work, said

Bill Bialick, technology director at Spyrus Inc. FIPS common criteria are

not smart card-centric but apply to the cryptographic tools themselves.

As a result, if users test encryption algorithms and other security

features every time they power up the card as FIPS requires, that process

violates the 7816 standard, Bialick said.

Harreld is a freelance writer based in Cary, N.C.