- Email: [email protected]
Everything as standard
SURVEY
Everything as standard
and first published in 1995, ISO 10536 is now very rarely used. The more commonly used contactless standard is ISO 14443. This has four parts:
The development and use of standards is generally regarded as demonstrating the maturity of an industry. By that measure, the smart cards industry has left its infant and teenage years long behind and has now entered adult-hood as a mature technology that can be applied to a diverse mix of application sectors. This month, in the first of a two-part feature, we look at some of the most important technical and application standards and recommendations that are shaping the future of the ‘smart’ world.
•
Standards are an essential part of ensuring smart card technology both works and is economical. A number of organisations including the International Organization for Standardization (ISO) (see breakout box 1) and the European Committee for Standardization (Comité Européen de Normalisation – CEN), develop the standards used by the industry. ISO emphasises its importance, saying: “When products and services meet our expectation, we tend to take this for granted and be unaware of the role of standards. However, when standards are absent, we soon notice. We soon care when products turn out to be incompatible with equipment we already have, are unreliable or dangerous.”
About ISO The ISO is actually a network of the national standards institutes of 157 countries, and is the world’s largest developer and publisher of international standards. This non-governmental organisation forms a bridge between the public and the private sectors. Many of its member institutes are part of the governmental structure of their countries, or are mandated by government. Others come from the private sector and represent industry associations.
Standards on the cards The main standards of interest to the smart cards industry are the ISO ones for the cards themselves. The best-known standard is ISO 7816, which applies to contact-based cards. This is edited by the Joint Technical Committee (JTC) 1/Sub-Committee (SC) 17, Cards and personal identification. This comprises: • •
Part 1: 7816-1 Physical characteristics; Part 2: 7816-2 Cards with contacts – dimensions and location of the contacts;
February 2008
•
• • • • • • • • • • •
Part 3: 7816-3: Cards with contacts – Electrical interface and transmission protocols; Part 4: 7816-4 Organisation, security and commands for interchange; Part 5: 7816-5 Registration of application providers; Part 6: 7816-6 Inter-industry data elements for interchange; Part 7: 7916-7 Inter-industry commands for Structured Card Query Language (SCQL); Part 8: 7916-8 Commands for security operations; Part 9: 7916-9 Commands for card management; Part 10: Electronic signals and answer to reset for synchronous cards; Part 11: Personal verification through biometric methods; Part 12: Cards with contacts -- USB electrical interface and operating procedures; Part 13: Commands for application management in a multi-application environment; Part 15: Cryptographic information application.
Contactless standards Other ISO standards that are gaining traction in the industry govern the development of contactless cards. They include ISO 10536 for closecoupled cards (working at approximately 0-1mm from the reader), ISO 14443 governing proximity cards (0-10 cm from the reader) and ISO 15693 covering vicinity cards and smart labels. There are three parts to ISO 10536: • • •
Part 1 10536-1 Physical characteristics; Part 2 10536-2 Dimensions and location of coupling areas; Part 3 10536-3 Electronic signals and reset procedures.
Originally intended to be a direct replacement for the standard covering contact cards,
• •
•
Part 1 14443-1 Physical characteristics; Part 2 14443-2 Radio frequency power and signal interface; Part 3 14443-3 Initialisation and anticollision; Part 4 14443-4 Transmission protocol.
It describes two types of card: type A and type B, with the former a direct derivative of Philips (now NXP) Mifare technology. The Calypso contactless standard complies with ISO 14443 parts 1, 2, 3 and 4 type B. The main difference between types A and B are the modulation methods, coding schemes (part 2) and protocol initialisation procedures (part 3). Both types of card use the same high-level protocol – T=CL – described in part 4 of ISO 14443. The T=CL protocol specifies data block exchange and related mechanisms: • • •
1 data block chaining; 2 waiting time extension; 3 multi-activation.
ISO 15693 is important for companies involved in the smart tagging industry. This governs vicinity cards operating at a frequency of 13.56 MHz with a maximum read distance of 1-1.5 metres. Because vicinity cards have to operate at a greater distance, the necessary magnetic field is less (0.15 to 5 A/m) than that for a proximity card (1.5 to 7.5 A/m). This standard is broken down into three parts: • • •
Part 1 15693-1 Physical characteristics; Part 2 15693-2 Air interface and initialisation; Part 3 15693-3 Anti-collision and transmission protocols.
Into applications ISO has also been behind a series of application standards of interest to the smart cards industry. For example, ISO/IEC 7501 covers machinereadable travel documents. Part 1 of this standard is for passports, part 2 for visas and part 3 for travel documents. ISO/IEC 18013 specifies an ISO-compliant driving licence. This is now being used in countries such as Japan to combat counterfeiting, streamline license administration, improve driver convenience and protect driver privacy. The standard is broken down into three parts:
Card Technology Today
13
SURVEY •
Part 1 18013-1 Physical characteristics and basic data set; Part 2 18013-2 Machine readable technologies; Part 3 18013-3 Access control, authentication and integrity validation.
• •
CEN standards The CEN is contributing to the objectives of the European Union (EU) and the European Economic Area (EEA) with voluntary technical standards to promote interoperability. The work of most interest to the smart cards industry is undertaken through Technical Committee 224 (TC224), which covers personal identification, electronic signature and cards and their related systems and operations (bank, transport, telecoms and eGovernment). According to the CEN, Europe represents nearly 50% of the world market for IC cards, which are used in a number of application sectors including banking, telecoms, healthcare, pay TV, shopping, access control and eGovernment. Its role is to define the standards necessary to ensure the desired level of commercial interoperability in Europe. Its goals include helping European governments to strengthen European citizen ID following the enlargement of the EU; and harmonising
some payments-related transactions, reinforced by the use of the euro. To achieve them, a number of working groups (WG) within TC224 are tackling some of the standards challenges (see Table 1). The CEN has now published a number of standards covering applications such as ID card systems, the European Citizen Card, accessible card-activated devices, machine-readable cards, healthcare, inter-sector thin flexible cards, IC cards for payphones, man-machine interfaces, card formats, public transport, transport and travel payment-related data, and ePurse. More information on these standards can be found at www.cen.eu. In addition to the standards already published, a number are still being developed (see Table 2). CEN Technical Specification 15480, Identification card systems – European Citizen Card, physical, electrical and transport protocol characteristics, was published in May 2007. Covering ID cards, smart cards, identification methods, travel and administrative documents, data processing, data security, and cryptography for eID cards issued in Europe, it has four parts: • •
Part 1: Physical, electrical properties and transport protocols; Part 2: Logical data structures and card services;
SC/WG
Title
CEN/TC 224/WG 6
User Interface
CEN/TC 224/WG 9
Telecommunication applications
CEN/TC 224/WG 11
Transport applications
CEN/TC 224/WG 15
European citizen card
CEN/TC 224/WG 16
Application Interface for smart cards used as Secure Signature Creation Devices
CEN/TC 224/WG 17
Protection Profiles in the context of SSCD
Table 1: TC 224 Working groups' activities.
Project reference
Title
Current status
prEN 1332-3
Identification card systems – Man-machine interface – Part 3: Key pads
Under approval
prEN 14890-1
Application Interface for smart cards used as secure Under approval signature creation devices – Part 1: Basic services
prEN 14890-2
Application Interface for smart cards used as secure signature creation devices – Part 2: Additional Under approval services
prCEN/TS 13987-1
Identification card systems – Interoperable Citizen Services – User Related Information – Part 1: Definition of User Related Information and Implementation
Under development
prEN 1332-1
Identification card systems – Human-machine interface – Part 1: Design principles for the user interface
Under approval
Table 2: Standards under development.
14
Card Technology Today
• •
Part 3: Middleware and interoperability; Part 4: Application profiles.
It describes the ID card as a chip card conforming to ISO/IEC 7186-1 and -2 standards for the contact interface and ISO/IEC 14443 for the contactless interface. The usual T=0 or T=1 transport protocols can be used, meaning that connection via USB is already supported.
Focused approach A number of specialist groups and organisations have also been established to address the need for specifications. For example, the ISO’s SC7 WG3 has been working with the International Civil Aviation Organization (ICAO) to develop the global standard for ePassports. These specifications are set out in ICAO Document No 9303 (Doc9303). The European Commission (EC) is also involved in defining standards for ePassports issued by member states. For example, its regulation 2252/2004 defines the standards for the security features and biometrics in passports and travel documents, and also sets out the rules governing the introduction of ePassports in all member states. It introduced technical specifications to enable biometric markers to be included on travel documents under regulation 2252/2004 in 2004. This was followed in 2005 with the first phase of the ePassport technical specifications, which gave member states until 8 August 2006 to include facial biometric images on all new ePassports. It also specified that the image stored on the chip must be protected by Basic Access Control (BAC) and Passive Authentication (PA) security protocols. In the middle of 2006, the second phase of the technical specifications were adopted, with the EC calling for the use of fingerprints as a second biometric marker in ePassports. It also specified that information stored in the second generation of ePassports must be protected by Extended Access Control (EAC). Member states must comply with this by 28 June 2009. Other regulations defined by the EC include 14351/2001, which specifies the requirements for national ID cards that many EU citizens use; and 1030/2002, which provides standards for residence permit cards for foreigners who stay in the EU for extended periods of more than 90 days, and specifies a chip-based card with biometric data. International standards for eHealth cards have already been finalised in ISO TC 715. In the EU, work is continuing on turning the E111 card – which is used by citizens to obtain emergency medical treatment when traveling cross-border within member states – into an 8KB contact-based card. This could be rolled out as early as 2010.
February 2008
SURVEY
Commercial backing for standards Meanwhile, several industry bodies representing the interests of vendors are getting on with the business of driving interoperability in specialist areas. GlobalPlatform continues to drive adoption of standards that enable an open and interoperable infrastructure for smart cards, devices and systems. Some of its most recent developments include, in March 2006, the publication of Card Specification v2.2, which defines card components, command sets, transaction sequences and interfaces. It is hardware, operating system and vendor-neutral, application-independent, and applicable to any type of application and industry. It provides postissuance card management, including dynamic addition and modification of applications. In October 2007, GlobalPlatform published Confidential Card Content Management – Card specification v2.2 – Amendment A. This defines how an application provider can confidentially manage its application, loading, installing and personalising using a third party communication network. It has also published GlobalPlatform Card v2.1.1 to v2.2 Mapping Guidelines for existing 2.1.1 implementations. This provides guidelines for mapping a card based on Card Specification version 2.1.1 to one compliant with version 2.2. It defines a subset of features specified in version 2.1.1 and so describes only a sample implementation. These guidelines are based on Java Card 2.1.1 or Java Card 2.2 specifications and implement the Java Card 2.1.1 or Java Card 2.2 API. The document provides special clarification for guidelines that do not apply to all implementations or apply only to a particular implementation. In July 2007, GlobalPlatform published GPC Benchmark v1.0 specifications. Available to members of the organisation only, this document and its corresponding sample code are intended to evaluate the execution speed and certain implementation characteristics. It can be used during product development or for final product evaluation by card issuers or application providers. The benchmark test aims to measure the execution speed of individual functions as well as provide an overall indication of the implementation characteristics (such as buffers size) and execution speed in general.
Java Card Forum The Java Card Forum (JCF) was established 10 years ago to promote and develop interoperable Java Card technology products. Since then, Sun Microsystems has published six releases of the Java Card specification. The JCF claims this
February 2008
had led to more than 3 billion Java technologybased smart cards being deployed around the world, making it the most used IT platform in the world. The JCF is continuing to work with Sun Microsystems on the Next Generation Java Card. It says this new platform, with its direct web connectivity and a more powerful Java technology engine, aims to become the benchmark smart secure platform for industries such as telecoms and IT. The Next Generation Java Card platform will embed features such as direct support of IP-based protocols for Internet connectivity, a richer Java technology-based environment so it provides greater openness for developer communities, and true multitasking/multithreading for a seamless, real-time, multi-service delivery. In addition, it will provide full backward compatibility with the Java Card 2 technology family, preserving existing investments and facilitating migration. “The next-generation Java Card technology marks a move from smart cards to smart devices, offering the potential of using one personal and secure device for multiple smart services, while reducing infrastructure costs,” says Christian Goire, president of the JCF. “These smart devices add convenience to everyday life – and could play a role in everything from reserving a ticket to entering a train station. We’re moving from a series of e-applications working on independent devices to a more holistic process enabling ‘eDays’ to become a reality.”
MULTOS The MULTOS Consortium also comprises a group of international organisations. Its objective is to promote MULTOS – an open, nonproprietary all inclusive smart card operating system – to all smart card-related markets as the smart card industry standard. Consortium members are responsible for the maintenance and development of MULTOS, which consists of two unique technologies that deliver the secure architecture: • •
the on-card virtual machine that securely executes applications; and the MULTOS security scheme, an implementation of STEP technology, which secures the smart card, application code and application data.
The MULTOS Consortium says its applications are developed in high-level languages such as ‘C’ or Java (or in low-level assembly language) and compiled into MEL bytecodes that are executed by the virtual machine. When an
application executes, the virtual machine checks each and every bytecode instruction to ensure it is valid and properly formed. All memory areas accessed by the instructions are also checked to ensure they are within the memory area of that application. Any invalid instructions or attempted memory accesses are rejected by the virtual machine and all smart card application execution will stop. The group says: “The execution-time checking ensures the complete safety of application execution and data – it is not possible for an application to access the data of another application on the smart card. As application data sharing is not permitted, application providers can be assured that their data is safe from other applications that may reside alongside theirs in the smart card. The MEL bytecode instruction set is limited to data manipulation and simple arithmetic operations. However, MULTOS operating systems provide a wide range of additional built-in functions, termed primitives, that provide more complex operations such as cryptography or operating system data access. The same memory access checking applies to memory areas manipulated by the primitives, ensuring applications cannot even unintentionally access memory outside their permitted space.” It adds: “All MULTOS OS implementations include the standard virtual machine and a standard set of primitive functions. There are a number of optional primitive functions, usually related to specific hardware features that may be present, such as a contactless interface. This ensures that applications are 100% compatible between different MULTOS and MULTOS step/one products from different vendors. All products undergo rigorous type approval to ensure compliance with specification and security of implementation.”
Banking and payments The deployment of smart cards for banking and payments-based applications has been helped by the standards work of organisations such as MasterCard and Visa, which have worked together to define specifications that apply purely to the financial sector. EMVCo LLC was formed in 1999 by Europay International, MasterCard International and Visa International to manage, maintain and enhance the EMV Integrated Circuit Card specifications for payment systems. The organisation is now operated by JCB International, MasterCard International and Visa International. Since it was formed, EMVCo has been responsible for managing, maintaining and enhancing the EMV specifications to ensure interoperability and acceptance of payment
Card Technology Today
15
SURVEY / VIEWPOINT ...continued from page 15 system integrated circuit cards worldwide. It is also responsible for a type approval process that defines the test requirements and cases used for compliance evaluation. This testing ensures that single terminal and card approval processes are developed at a level that will allow crosspayment system interoperability through compliance with the EMV specifications. The organisation has now published a range of specifications including EMV Common Payment Application Specification (CPA) 1.0, which was last updated in July 2007. Its EMV 4.1 specification includes all EMV 2000 (version 4.0) related application notes and specification update bulletins posted to the EMVCo website up to and including May 2004, as well as recently announced Common Core Definitions. EMV 4.1 comprises four books: • • • •
Book 1 – Application Independent ICC to Terminal Interface Requirement; Book 2 – Security and Key Management; Book 3 – Application Specification; Book 4 – Cardholder, Attendant and Acquirer Interface Requirements.
With developments in contactless technology providing more opportunities for the payments business, EMVCo is also working on EMV contactless specifications for payment systems. In October 2007, it published its entry point specification v1.0. This defines the terminal for application selection so a terminal can recognise already existing JCB, MasterCard and Visa Applications in addition to the future EMV contactless application. In the same month, it published its Framework for Contactless Evolution v1.0, which explains its approach to contactless payment. EMVCo has also published a contactless communication protocol specification v2.0 and PayPass ISO/IEC 14443 Implementation Specification v1.1.
Moving into NFC… With a plethora of industry bodies and government organisations working on specifications that cover everything from devices to applications, even more milestones look set to be reached in the year ahead. The basic technology standards are in place, with work continuing to help drive interoperability and competitiveness between firms. As smart card technology evolves and smart card players embrace Near Field Communication (NFC) technology, even more new specifications will be needed. The NFC Forum is working on technical specifications that will help drive interoperability of the technology in all market sectors. 16
Card Technology Today
Viewpoint Is the UK about to jettison compulsory ID cards? The continuing fiasco over the disappearance of personal data held by government departments and agencies has bitten deep into the UK government’s soul. One result is a distinct cooling on the topic of compulsory ID cards. A leaked Home Office briefing document suggests that Phase Two of the scheme, bringing in cards for all UK citizens, will not start until 2012, i.e. after the next General Election. If the Conservative Opposition won that election, they have said that they would not introduce a universal ID card scheme. Officially the Home Office continues to insist that the first ID cards will be issued to foreign nationals this year, and the first ID cards to British citizens in 2009. For card suppliers involved in the procurement process the next few months will be a time of great uncertainty. Looming in the background to this drama is the powerful figure of Prime Minister Gordon Brown. Unlike his predecessor he is deeply uneasy about the project. He recently suggested, in the course of a wide-ranging interview with The Observer, that the principal reason for the introduction of ID cards was to issue them to foreign nationals. “When it comes to foreign nationals coming into the country and the danger that there is illegal immigration into the country, I think most people would support there being some form of identification that people are asked to produce. So I think you know as a general sort of proposition I think people would say that we are right to introduce the cards for foreign nationals.” But he then went on to say, “If we were giving a better means by which people could protect their identity, then in the private sector as well as in the public sector people are looking at biometrics…the very fact that you’ve got biometrics now in a way that you didn’t have two centuries ago gives you opportunities to protect people’s identity in a way that you could not have done two centuries ago and I don’t think we should rule out the use of that. In fact I don’t actually think most of the general public think that the use of biometrics is in itself wrong, either for private transactions or for passports or whatever.” “So are you committed to ID cards?” asked his questioners. Gordon Brown’s answer was gnomic. “We’re committed to the proposals that we put forward which are essentially this, that the passport information that you now use to get your passport, linked to the biometrics that are now
available give you a better form of protection as an individual. But I’m happy that this debate continues because I believe that over the course of the debate some of the preconceptions about cards and everything will be dealt with.” “If you are saying that ID cards are aimed at people coming into this country…” continued his questioners. The Prime Minister broke in: “No, I said two things. One is I think most people would think that if you were a foreign national coming into this country that to distinguish between those who are legally here and not legally here it made some sense to have the identity card. And I think as far as individual British citizens are concerned, I don’t think that people are philosophically against the use of biometrics for their private transactions or for passports, and that is essentially identity management.” “So it would be that British citizens and nonBritish citizens would need them,” said the interviewers. “Yes, but under our proposals there is no compulsion for existing British citizens.” So Mr Brown is still in favour of issuing foreign nationals with ID cards. And he believes that the British people as a whole have no very great objection to securing private transactions, with their banks for instance, by means of biometrics. But he is distancing himself from the universal requirement for UK citizens to hold ID cards which would be linked to a national database. In Parliament, a few days after The Observer interview, the Prime Minister continued to stonewall. “It is the Government’s policy to move ahead with this,” he said, “but subject to a vote of Parliament, and depending on how the voluntary scheme works.” Yet compulsory registration on the database was the core of the scheme devised by Mr Blair and his then Home Secretary, David Blunkett. It looks as if Gordon Brown is now seeking a means of retreat from a compulsory universal ID card scheme linked to a national database. Perhaps he fears that this measure could be as unpopular and politically damaging as Prime Minister Thatcher’s Poll Tax. Lastly, to thicken the cloud of confusion, we now hear that the US government is in the process of constructing an international “wanted” database to share biometric data on a grand scale. Each participating country would manage and secure its own data. Given the recent difficulties experienced in this country over the security of benefit, bank and other data, the idea of pooling personal data on an international scale – which will be even more vulnerable to theft or leakage than a national scheme – is going to be difficult to sell to Parliament, let alone to the British people. David Jones
February 2008
Everything as standard
and first published in 1995, ISO 10536 is now very rarely used. The more commonly used contactless standard is ISO 14443. This has four parts:
The development and use of standards is generally regarded as demonstrating the maturity of an industry. By that measure, the smart cards industry has left its infant and teenage years long behind and has now entered adult-hood as a mature technology that can be applied to a diverse mix of application sectors. This month, in the first of a two-part feature, we look at some of the most important technical and application standards and recommendations that are shaping the future of the ‘smart’ world.
•
Standards are an essential part of ensuring smart card technology both works and is economical. A number of organisations including the International Organization for Standardization (ISO) (see breakout box 1) and the European Committee for Standardization (Comité Européen de Normalisation – CEN), develop the standards used by the industry. ISO emphasises its importance, saying: “When products and services meet our expectation, we tend to take this for granted and be unaware of the role of standards. However, when standards are absent, we soon notice. We soon care when products turn out to be incompatible with equipment we already have, are unreliable or dangerous.”
About ISO The ISO is actually a network of the national standards institutes of 157 countries, and is the world’s largest developer and publisher of international standards. This non-governmental organisation forms a bridge between the public and the private sectors. Many of its member institutes are part of the governmental structure of their countries, or are mandated by government. Others come from the private sector and represent industry associations.
Standards on the cards The main standards of interest to the smart cards industry are the ISO ones for the cards themselves. The best-known standard is ISO 7816, which applies to contact-based cards. This is edited by the Joint Technical Committee (JTC) 1/Sub-Committee (SC) 17, Cards and personal identification. This comprises: • •
Part 1: 7816-1 Physical characteristics; Part 2: 7816-2 Cards with contacts – dimensions and location of the contacts;
February 2008
•
• • • • • • • • • • •
Part 3: 7816-3: Cards with contacts – Electrical interface and transmission protocols; Part 4: 7816-4 Organisation, security and commands for interchange; Part 5: 7816-5 Registration of application providers; Part 6: 7816-6 Inter-industry data elements for interchange; Part 7: 7916-7 Inter-industry commands for Structured Card Query Language (SCQL); Part 8: 7916-8 Commands for security operations; Part 9: 7916-9 Commands for card management; Part 10: Electronic signals and answer to reset for synchronous cards; Part 11: Personal verification through biometric methods; Part 12: Cards with contacts -- USB electrical interface and operating procedures; Part 13: Commands for application management in a multi-application environment; Part 15: Cryptographic information application.
Contactless standards Other ISO standards that are gaining traction in the industry govern the development of contactless cards. They include ISO 10536 for closecoupled cards (working at approximately 0-1mm from the reader), ISO 14443 governing proximity cards (0-10 cm from the reader) and ISO 15693 covering vicinity cards and smart labels. There are three parts to ISO 10536: • • •
Part 1 10536-1 Physical characteristics; Part 2 10536-2 Dimensions and location of coupling areas; Part 3 10536-3 Electronic signals and reset procedures.
Originally intended to be a direct replacement for the standard covering contact cards,
• •
•
Part 1 14443-1 Physical characteristics; Part 2 14443-2 Radio frequency power and signal interface; Part 3 14443-3 Initialisation and anticollision; Part 4 14443-4 Transmission protocol.
It describes two types of card: type A and type B, with the former a direct derivative of Philips (now NXP) Mifare technology. The Calypso contactless standard complies with ISO 14443 parts 1, 2, 3 and 4 type B. The main difference between types A and B are the modulation methods, coding schemes (part 2) and protocol initialisation procedures (part 3). Both types of card use the same high-level protocol – T=CL – described in part 4 of ISO 14443. The T=CL protocol specifies data block exchange and related mechanisms: • • •
1 data block chaining; 2 waiting time extension; 3 multi-activation.
ISO 15693 is important for companies involved in the smart tagging industry. This governs vicinity cards operating at a frequency of 13.56 MHz with a maximum read distance of 1-1.5 metres. Because vicinity cards have to operate at a greater distance, the necessary magnetic field is less (0.15 to 5 A/m) than that for a proximity card (1.5 to 7.5 A/m). This standard is broken down into three parts: • • •
Part 1 15693-1 Physical characteristics; Part 2 15693-2 Air interface and initialisation; Part 3 15693-3 Anti-collision and transmission protocols.
Into applications ISO has also been behind a series of application standards of interest to the smart cards industry. For example, ISO/IEC 7501 covers machinereadable travel documents. Part 1 of this standard is for passports, part 2 for visas and part 3 for travel documents. ISO/IEC 18013 specifies an ISO-compliant driving licence. This is now being used in countries such as Japan to combat counterfeiting, streamline license administration, improve driver convenience and protect driver privacy. The standard is broken down into three parts:
Card Technology Today
13
SURVEY •
Part 1 18013-1 Physical characteristics and basic data set; Part 2 18013-2 Machine readable technologies; Part 3 18013-3 Access control, authentication and integrity validation.
• •
CEN standards The CEN is contributing to the objectives of the European Union (EU) and the European Economic Area (EEA) with voluntary technical standards to promote interoperability. The work of most interest to the smart cards industry is undertaken through Technical Committee 224 (TC224), which covers personal identification, electronic signature and cards and their related systems and operations (bank, transport, telecoms and eGovernment). According to the CEN, Europe represents nearly 50% of the world market for IC cards, which are used in a number of application sectors including banking, telecoms, healthcare, pay TV, shopping, access control and eGovernment. Its role is to define the standards necessary to ensure the desired level of commercial interoperability in Europe. Its goals include helping European governments to strengthen European citizen ID following the enlargement of the EU; and harmonising
some payments-related transactions, reinforced by the use of the euro. To achieve them, a number of working groups (WG) within TC224 are tackling some of the standards challenges (see Table 1). The CEN has now published a number of standards covering applications such as ID card systems, the European Citizen Card, accessible card-activated devices, machine-readable cards, healthcare, inter-sector thin flexible cards, IC cards for payphones, man-machine interfaces, card formats, public transport, transport and travel payment-related data, and ePurse. More information on these standards can be found at www.cen.eu. In addition to the standards already published, a number are still being developed (see Table 2). CEN Technical Specification 15480, Identification card systems – European Citizen Card, physical, electrical and transport protocol characteristics, was published in May 2007. Covering ID cards, smart cards, identification methods, travel and administrative documents, data processing, data security, and cryptography for eID cards issued in Europe, it has four parts: • •
Part 1: Physical, electrical properties and transport protocols; Part 2: Logical data structures and card services;
SC/WG
Title
CEN/TC 224/WG 6
User Interface
CEN/TC 224/WG 9
Telecommunication applications
CEN/TC 224/WG 11
Transport applications
CEN/TC 224/WG 15
European citizen card
CEN/TC 224/WG 16
Application Interface for smart cards used as Secure Signature Creation Devices
CEN/TC 224/WG 17
Protection Profiles in the context of SSCD
Table 1: TC 224 Working groups' activities.
Project reference
Title
Current status
prEN 1332-3
Identification card systems – Man-machine interface – Part 3: Key pads
Under approval
prEN 14890-1
Application Interface for smart cards used as secure Under approval signature creation devices – Part 1: Basic services
prEN 14890-2
Application Interface for smart cards used as secure signature creation devices – Part 2: Additional Under approval services
prCEN/TS 13987-1
Identification card systems – Interoperable Citizen Services – User Related Information – Part 1: Definition of User Related Information and Implementation
Under development
prEN 1332-1
Identification card systems – Human-machine interface – Part 1: Design principles for the user interface
Under approval
Table 2: Standards under development.
14
Card Technology Today
• •
Part 3: Middleware and interoperability; Part 4: Application profiles.
It describes the ID card as a chip card conforming to ISO/IEC 7186-1 and -2 standards for the contact interface and ISO/IEC 14443 for the contactless interface. The usual T=0 or T=1 transport protocols can be used, meaning that connection via USB is already supported.
Focused approach A number of specialist groups and organisations have also been established to address the need for specifications. For example, the ISO’s SC7 WG3 has been working with the International Civil Aviation Organization (ICAO) to develop the global standard for ePassports. These specifications are set out in ICAO Document No 9303 (Doc9303). The European Commission (EC) is also involved in defining standards for ePassports issued by member states. For example, its regulation 2252/2004 defines the standards for the security features and biometrics in passports and travel documents, and also sets out the rules governing the introduction of ePassports in all member states. It introduced technical specifications to enable biometric markers to be included on travel documents under regulation 2252/2004 in 2004. This was followed in 2005 with the first phase of the ePassport technical specifications, which gave member states until 8 August 2006 to include facial biometric images on all new ePassports. It also specified that the image stored on the chip must be protected by Basic Access Control (BAC) and Passive Authentication (PA) security protocols. In the middle of 2006, the second phase of the technical specifications were adopted, with the EC calling for the use of fingerprints as a second biometric marker in ePassports. It also specified that information stored in the second generation of ePassports must be protected by Extended Access Control (EAC). Member states must comply with this by 28 June 2009. Other regulations defined by the EC include 14351/2001, which specifies the requirements for national ID cards that many EU citizens use; and 1030/2002, which provides standards for residence permit cards for foreigners who stay in the EU for extended periods of more than 90 days, and specifies a chip-based card with biometric data. International standards for eHealth cards have already been finalised in ISO TC 715. In the EU, work is continuing on turning the E111 card – which is used by citizens to obtain emergency medical treatment when traveling cross-border within member states – into an 8KB contact-based card. This could be rolled out as early as 2010.
February 2008
SURVEY
Commercial backing for standards Meanwhile, several industry bodies representing the interests of vendors are getting on with the business of driving interoperability in specialist areas. GlobalPlatform continues to drive adoption of standards that enable an open and interoperable infrastructure for smart cards, devices and systems. Some of its most recent developments include, in March 2006, the publication of Card Specification v2.2, which defines card components, command sets, transaction sequences and interfaces. It is hardware, operating system and vendor-neutral, application-independent, and applicable to any type of application and industry. It provides postissuance card management, including dynamic addition and modification of applications. In October 2007, GlobalPlatform published Confidential Card Content Management – Card specification v2.2 – Amendment A. This defines how an application provider can confidentially manage its application, loading, installing and personalising using a third party communication network. It has also published GlobalPlatform Card v2.1.1 to v2.2 Mapping Guidelines for existing 2.1.1 implementations. This provides guidelines for mapping a card based on Card Specification version 2.1.1 to one compliant with version 2.2. It defines a subset of features specified in version 2.1.1 and so describes only a sample implementation. These guidelines are based on Java Card 2.1.1 or Java Card 2.2 specifications and implement the Java Card 2.1.1 or Java Card 2.2 API. The document provides special clarification for guidelines that do not apply to all implementations or apply only to a particular implementation. In July 2007, GlobalPlatform published GPC Benchmark v1.0 specifications. Available to members of the organisation only, this document and its corresponding sample code are intended to evaluate the execution speed and certain implementation characteristics. It can be used during product development or for final product evaluation by card issuers or application providers. The benchmark test aims to measure the execution speed of individual functions as well as provide an overall indication of the implementation characteristics (such as buffers size) and execution speed in general.
Java Card Forum The Java Card Forum (JCF) was established 10 years ago to promote and develop interoperable Java Card technology products. Since then, Sun Microsystems has published six releases of the Java Card specification. The JCF claims this
February 2008
had led to more than 3 billion Java technologybased smart cards being deployed around the world, making it the most used IT platform in the world. The JCF is continuing to work with Sun Microsystems on the Next Generation Java Card. It says this new platform, with its direct web connectivity and a more powerful Java technology engine, aims to become the benchmark smart secure platform for industries such as telecoms and IT. The Next Generation Java Card platform will embed features such as direct support of IP-based protocols for Internet connectivity, a richer Java technology-based environment so it provides greater openness for developer communities, and true multitasking/multithreading for a seamless, real-time, multi-service delivery. In addition, it will provide full backward compatibility with the Java Card 2 technology family, preserving existing investments and facilitating migration. “The next-generation Java Card technology marks a move from smart cards to smart devices, offering the potential of using one personal and secure device for multiple smart services, while reducing infrastructure costs,” says Christian Goire, president of the JCF. “These smart devices add convenience to everyday life – and could play a role in everything from reserving a ticket to entering a train station. We’re moving from a series of e-applications working on independent devices to a more holistic process enabling ‘eDays’ to become a reality.”
MULTOS The MULTOS Consortium also comprises a group of international organisations. Its objective is to promote MULTOS – an open, nonproprietary all inclusive smart card operating system – to all smart card-related markets as the smart card industry standard. Consortium members are responsible for the maintenance and development of MULTOS, which consists of two unique technologies that deliver the secure architecture: • •
the on-card virtual machine that securely executes applications; and the MULTOS security scheme, an implementation of STEP technology, which secures the smart card, application code and application data.
The MULTOS Consortium says its applications are developed in high-level languages such as ‘C’ or Java (or in low-level assembly language) and compiled into MEL bytecodes that are executed by the virtual machine. When an
application executes, the virtual machine checks each and every bytecode instruction to ensure it is valid and properly formed. All memory areas accessed by the instructions are also checked to ensure they are within the memory area of that application. Any invalid instructions or attempted memory accesses are rejected by the virtual machine and all smart card application execution will stop. The group says: “The execution-time checking ensures the complete safety of application execution and data – it is not possible for an application to access the data of another application on the smart card. As application data sharing is not permitted, application providers can be assured that their data is safe from other applications that may reside alongside theirs in the smart card. The MEL bytecode instruction set is limited to data manipulation and simple arithmetic operations. However, MULTOS operating systems provide a wide range of additional built-in functions, termed primitives, that provide more complex operations such as cryptography or operating system data access. The same memory access checking applies to memory areas manipulated by the primitives, ensuring applications cannot even unintentionally access memory outside their permitted space.” It adds: “All MULTOS OS implementations include the standard virtual machine and a standard set of primitive functions. There are a number of optional primitive functions, usually related to specific hardware features that may be present, such as a contactless interface. This ensures that applications are 100% compatible between different MULTOS and MULTOS step/one products from different vendors. All products undergo rigorous type approval to ensure compliance with specification and security of implementation.”
Banking and payments The deployment of smart cards for banking and payments-based applications has been helped by the standards work of organisations such as MasterCard and Visa, which have worked together to define specifications that apply purely to the financial sector. EMVCo LLC was formed in 1999 by Europay International, MasterCard International and Visa International to manage, maintain and enhance the EMV Integrated Circuit Card specifications for payment systems. The organisation is now operated by JCB International, MasterCard International and Visa International. Since it was formed, EMVCo has been responsible for managing, maintaining and enhancing the EMV specifications to ensure interoperability and acceptance of payment
Card Technology Today
15
SURVEY / VIEWPOINT ...continued from page 15 system integrated circuit cards worldwide. It is also responsible for a type approval process that defines the test requirements and cases used for compliance evaluation. This testing ensures that single terminal and card approval processes are developed at a level that will allow crosspayment system interoperability through compliance with the EMV specifications. The organisation has now published a range of specifications including EMV Common Payment Application Specification (CPA) 1.0, which was last updated in July 2007. Its EMV 4.1 specification includes all EMV 2000 (version 4.0) related application notes and specification update bulletins posted to the EMVCo website up to and including May 2004, as well as recently announced Common Core Definitions. EMV 4.1 comprises four books: • • • •
Book 1 – Application Independent ICC to Terminal Interface Requirement; Book 2 – Security and Key Management; Book 3 – Application Specification; Book 4 – Cardholder, Attendant and Acquirer Interface Requirements.
With developments in contactless technology providing more opportunities for the payments business, EMVCo is also working on EMV contactless specifications for payment systems. In October 2007, it published its entry point specification v1.0. This defines the terminal for application selection so a terminal can recognise already existing JCB, MasterCard and Visa Applications in addition to the future EMV contactless application. In the same month, it published its Framework for Contactless Evolution v1.0, which explains its approach to contactless payment. EMVCo has also published a contactless communication protocol specification v2.0 and PayPass ISO/IEC 14443 Implementation Specification v1.1.
Moving into NFC… With a plethora of industry bodies and government organisations working on specifications that cover everything from devices to applications, even more milestones look set to be reached in the year ahead. The basic technology standards are in place, with work continuing to help drive interoperability and competitiveness between firms. As smart card technology evolves and smart card players embrace Near Field Communication (NFC) technology, even more new specifications will be needed. The NFC Forum is working on technical specifications that will help drive interoperability of the technology in all market sectors. 16
Card Technology Today
Viewpoint Is the UK about to jettison compulsory ID cards? The continuing fiasco over the disappearance of personal data held by government departments and agencies has bitten deep into the UK government’s soul. One result is a distinct cooling on the topic of compulsory ID cards. A leaked Home Office briefing document suggests that Phase Two of the scheme, bringing in cards for all UK citizens, will not start until 2012, i.e. after the next General Election. If the Conservative Opposition won that election, they have said that they would not introduce a universal ID card scheme. Officially the Home Office continues to insist that the first ID cards will be issued to foreign nationals this year, and the first ID cards to British citizens in 2009. For card suppliers involved in the procurement process the next few months will be a time of great uncertainty. Looming in the background to this drama is the powerful figure of Prime Minister Gordon Brown. Unlike his predecessor he is deeply uneasy about the project. He recently suggested, in the course of a wide-ranging interview with The Observer, that the principal reason for the introduction of ID cards was to issue them to foreign nationals. “When it comes to foreign nationals coming into the country and the danger that there is illegal immigration into the country, I think most people would support there being some form of identification that people are asked to produce. So I think you know as a general sort of proposition I think people would say that we are right to introduce the cards for foreign nationals.” But he then went on to say, “If we were giving a better means by which people could protect their identity, then in the private sector as well as in the public sector people are looking at biometrics…the very fact that you’ve got biometrics now in a way that you didn’t have two centuries ago gives you opportunities to protect people’s identity in a way that you could not have done two centuries ago and I don’t think we should rule out the use of that. In fact I don’t actually think most of the general public think that the use of biometrics is in itself wrong, either for private transactions or for passports or whatever.” “So are you committed to ID cards?” asked his questioners. Gordon Brown’s answer was gnomic. “We’re committed to the proposals that we put forward which are essentially this, that the passport information that you now use to get your passport, linked to the biometrics that are now
available give you a better form of protection as an individual. But I’m happy that this debate continues because I believe that over the course of the debate some of the preconceptions about cards and everything will be dealt with.” “If you are saying that ID cards are aimed at people coming into this country…” continued his questioners. The Prime Minister broke in: “No, I said two things. One is I think most people would think that if you were a foreign national coming into this country that to distinguish between those who are legally here and not legally here it made some sense to have the identity card. And I think as far as individual British citizens are concerned, I don’t think that people are philosophically against the use of biometrics for their private transactions or for passports, and that is essentially identity management.” “So it would be that British citizens and nonBritish citizens would need them,” said the interviewers. “Yes, but under our proposals there is no compulsion for existing British citizens.” So Mr Brown is still in favour of issuing foreign nationals with ID cards. And he believes that the British people as a whole have no very great objection to securing private transactions, with their banks for instance, by means of biometrics. But he is distancing himself from the universal requirement for UK citizens to hold ID cards which would be linked to a national database. In Parliament, a few days after The Observer interview, the Prime Minister continued to stonewall. “It is the Government’s policy to move ahead with this,” he said, “but subject to a vote of Parliament, and depending on how the voluntary scheme works.” Yet compulsory registration on the database was the core of the scheme devised by Mr Blair and his then Home Secretary, David Blunkett. It looks as if Gordon Brown is now seeking a means of retreat from a compulsory universal ID card scheme linked to a national database. Perhaps he fears that this measure could be as unpopular and politically damaging as Prime Minister Thatcher’s Poll Tax. Lastly, to thicken the cloud of confusion, we now hear that the US government is in the process of constructing an international “wanted” database to share biometric data on a grand scale. Each participating country would manage and secure its own data. Given the recent difficulties experienced in this country over the security of benefit, bank and other data, the idea of pooling personal data on an international scale – which will be even more vulnerable to theft or leakage than a national scheme – is going to be difficult to sell to Parliament, let alone to the British people. David Jones
February 2008