New NIST spec brings contactless smart cards into the fold

The National Institute of Standards and Technology wants agencies to be able to use the same cards for several purposes but different smart cards for the same purpose.

To that end, it has released the Government Smart Card Interoperability Specification Version 2.1, replacing the year-old Version 2.0.

The latest specification should make it easier for agencies to use smart-card systems developed by different vendors, NIST officials said.

To address a growing trend among agencies, the new standard includes a common interface for contactless smart cards, or cards that use radio frequency waves rather than physical contact to share information with a reader device.

The new specification, detailed in the 229-page Interagency Report 6887-2003 Edition, 'establishes the foundation for achieving interoperability for both contact and contactless cards,' said Teresa Schwarzhoff, of NIST's Computer Security Division.

To assure interoperability, contactless cards must adhere to parts 1 through 4 of the ISO 14443 standard. Any cryptography must use algorithms approved under Federal Information Processing Standard 140-2.

The specification holds smart-card vendors to interoperability requirements for the application program interfaces that communicate a smart-card service to the client application on a host computer.

What this means is that agencies will no longer be beholden to a vendor's proprietary smart-card software or hardware, Schwarzhoff said.

The Defense Department intends to implement the new standard for its next deployment under the Common Access Card program, she said. DOD has scheduled the next rollout for fiscal 2004.

The Transportation Security Administration also plans to include the new specification for its Transportation Worker Identification Card project. TSA began two TWIC pilots over the past two weeks.

'The TWIC program is committed to the Government Smart Card Interoperability Specification,' Paul Hunter, deputy director of the TSA project, said in a statement. 'Version 2.1 will help us immensely.'

The NIST revision is one step of several toward standardization. Next month, NIST will submit the latest smart-card specification to the International Committee of Information Technology Standards' Advisory Group on Smart Cards for consideration to become an ISO standard.

To link to an Adobe Portable Document Format version of the NIST specification, click here.


inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group