- Email: [email protected]
Europe’s Open Smart Card Infrastructure
May_ctt.qxd
16/05/2003
14:02
Page 7
chip talk
Chip Talk Where leaders of the smart card revolution air their views
Europe’s Open Smart Card Infrastructure The European smart community has launched the Open Smart Card Infrastructure for Europe. David Jones, CTT’s Consulting Editor, questioned Jan van Arkel, co-chair of the e-Europe Smart Card Charter, about the new initiative.
Just what is the purpose of the new initiative? The Open Smart Card Infrastructure for Europe (OSCIE) contains the basic information and common specifications that are necessary to accelerate the mass deployment and secure implementation of smart cards for e-services across Europe. The aim, put quite simply, is to use smart cards to improve the life of Euro-citizens. The infrastructure has been put together over a period of two years by an active group of 250 participants, supported by an additional 1000 observers from all the European Member States. The initiative really does represent all the interested parties: smart card vendors and issuers (both government and private sector), smart card industry partners, smart card industry associations, smart card manufacturers, PKI authorities, consumer associations, universities and consultancy companies. How committed are the governments of the EU countries to e-government? I think they are very committed. The EU aims to be one of the most competitive economies in the world; an important element in this is to bring government on-line. Smart cards are a major building block in this approach, because they offer the trust, convenience and strong identification required to support e-Government services. How many cards do you envisage the EU citizen of the future carrying? I think four is a good guess for the medium term – one for ID and e-Government, one for health, one for banking services and one for mass transit. Of course, there is no problem, technically, with combining these services on one card; the hard part is getting different organisations to agree to co-brand their services. So, one card for all services is a long way off. This is where the OSCIE comes in. It contains secure identification and authentication modules and also mechanisms for post-issuance loading and deleting applications on multi-function cards. In other words, the OSCIE provides a
Card Technology Today May 2003
common toolbox for different smart card communities. Just as important, perhaps even more so, are the terminals. In the Finread project, the Smart Card Charter has specified a secure card reader for the end-user, to accommodate all the cards that he will wish to activate and use. What effect will the accession of ten new countries to the EU have on getting e-Government cards accepted? This will be positive in two ways. First, you have to realise that these countries are by no means backwards as far as smart cards are concerned. Estonia is, for instance, the leading country in Europe in the field of national electronic ID cards; they have now issued more than 150,000 e-IDcards, which carry a digital signature function, and they are on their way to a nationwide roll-out. What is more, Estonia has e-Government web services in place; citizens can already retrieve information and carry out transactions electronically with the government. Another example is Slovenia, where a smart card-based national health card has been fully deployed. Some of the ‘old’ EU countries can learn from the new entrants. Second, the accession of ten new countries, each with their own needs and requirements, is giving a boost to the smart card industry of the ‘old’ EU. We are already welcoming their representatives to our Smart Card Charter activities and working groups and, in turn, we are participating in their meetings and conferences. Do you think that e-ID cards should be compulsory? If so, who should pay – citizen or government? Well it’s always the citizen who pays the bill, either directly or through their taxes. However, I think that because of the privacy issues it is best if these cards are not made compulsory. They should be something that the citizen really appreciates and wants to have. Do you envisage an e-ID card replacing a passport? No, not as long as we have a worldwide
harmonised passport system in the form of a booklet with pages for stamped or glued visas. And since the majority of countries in the world cannot yet read the machine-readable zone of the present passport, we are a long way off universal use of an e-ID card. However, the introduction of biometrics in passports, which is now beginning to take off, may prove to be a step in that direction. And within Europe, it is already technically and practically possible to use national ID cards for border crossing. Finland provides a good example of this approach. Where do these plans leave the forthcoming EU Health Passport? The EU Health Passport is not really a passport; it is just an entitlement document for the reimbursement of cross-border health care costs. It will replace the present administrative reimbursement system, the family of E111 forms. It may eventually be carried on a smart card. Where do these plans leave the existing national health cards of France and Germany? Fully in place. Both the Sesame Vitale Card and the Versicherten karte already offer the required functionality; and this has now been tested in pilots between the two countries. Another multi-country test-bed is under construction in the so-called Netcards project. Every European country has to implement the health insurance card in their own way. France, Germany, Belgium and Slovenia have already more or less done their part and will only have to make minor adjustments. How easy will it be to persuade vendors to cease from promoting their own proprietary systems? Standardisation by definition affects the real assets of IT companies. Nevertheless, there is a common understanding that a certain level of standardisation is necessary to create both a market and a seamless end-user experience. So basically we are doing a balancing act. The OSCIE offers a ‘product line’ of support for interoperability. This will meet ‘high level’ requirements from the service providers – governments, banks, health insurers, health care professionals and mass transport operators – without interfering with technical solutions at the ‘lower levels’ where the proprietary systems sit. In this way we aim to combine the best of two worlds. But the industry is also working together on some technology issues. For instance, the European smart card industry as a whole has jointly defined the R&D topics that have to be worked on to create the smart card of the year 2010. We are now constructing a large-scale integrated project to bring this road map to life. Contact: Jan van Arkel at e-Europe, Tel: + 31 70 387 5305, e-mail: [email protected], www.eeurope-smartcards.org
7
16/05/2003
14:02
Page 7
chip talk
Chip Talk Where leaders of the smart card revolution air their views
Europe’s Open Smart Card Infrastructure The European smart community has launched the Open Smart Card Infrastructure for Europe. David Jones, CTT’s Consulting Editor, questioned Jan van Arkel, co-chair of the e-Europe Smart Card Charter, about the new initiative.
Just what is the purpose of the new initiative? The Open Smart Card Infrastructure for Europe (OSCIE) contains the basic information and common specifications that are necessary to accelerate the mass deployment and secure implementation of smart cards for e-services across Europe. The aim, put quite simply, is to use smart cards to improve the life of Euro-citizens. The infrastructure has been put together over a period of two years by an active group of 250 participants, supported by an additional 1000 observers from all the European Member States. The initiative really does represent all the interested parties: smart card vendors and issuers (both government and private sector), smart card industry partners, smart card industry associations, smart card manufacturers, PKI authorities, consumer associations, universities and consultancy companies. How committed are the governments of the EU countries to e-government? I think they are very committed. The EU aims to be one of the most competitive economies in the world; an important element in this is to bring government on-line. Smart cards are a major building block in this approach, because they offer the trust, convenience and strong identification required to support e-Government services. How many cards do you envisage the EU citizen of the future carrying? I think four is a good guess for the medium term – one for ID and e-Government, one for health, one for banking services and one for mass transit. Of course, there is no problem, technically, with combining these services on one card; the hard part is getting different organisations to agree to co-brand their services. So, one card for all services is a long way off. This is where the OSCIE comes in. It contains secure identification and authentication modules and also mechanisms for post-issuance loading and deleting applications on multi-function cards. In other words, the OSCIE provides a
Card Technology Today May 2003
common toolbox for different smart card communities. Just as important, perhaps even more so, are the terminals. In the Finread project, the Smart Card Charter has specified a secure card reader for the end-user, to accommodate all the cards that he will wish to activate and use. What effect will the accession of ten new countries to the EU have on getting e-Government cards accepted? This will be positive in two ways. First, you have to realise that these countries are by no means backwards as far as smart cards are concerned. Estonia is, for instance, the leading country in Europe in the field of national electronic ID cards; they have now issued more than 150,000 e-IDcards, which carry a digital signature function, and they are on their way to a nationwide roll-out. What is more, Estonia has e-Government web services in place; citizens can already retrieve information and carry out transactions electronically with the government. Another example is Slovenia, where a smart card-based national health card has been fully deployed. Some of the ‘old’ EU countries can learn from the new entrants. Second, the accession of ten new countries, each with their own needs and requirements, is giving a boost to the smart card industry of the ‘old’ EU. We are already welcoming their representatives to our Smart Card Charter activities and working groups and, in turn, we are participating in their meetings and conferences. Do you think that e-ID cards should be compulsory? If so, who should pay – citizen or government? Well it’s always the citizen who pays the bill, either directly or through their taxes. However, I think that because of the privacy issues it is best if these cards are not made compulsory. They should be something that the citizen really appreciates and wants to have. Do you envisage an e-ID card replacing a passport? No, not as long as we have a worldwide
harmonised passport system in the form of a booklet with pages for stamped or glued visas. And since the majority of countries in the world cannot yet read the machine-readable zone of the present passport, we are a long way off universal use of an e-ID card. However, the introduction of biometrics in passports, which is now beginning to take off, may prove to be a step in that direction. And within Europe, it is already technically and practically possible to use national ID cards for border crossing. Finland provides a good example of this approach. Where do these plans leave the forthcoming EU Health Passport? The EU Health Passport is not really a passport; it is just an entitlement document for the reimbursement of cross-border health care costs. It will replace the present administrative reimbursement system, the family of E111 forms. It may eventually be carried on a smart card. Where do these plans leave the existing national health cards of France and Germany? Fully in place. Both the Sesame Vitale Card and the Versicherten karte already offer the required functionality; and this has now been tested in pilots between the two countries. Another multi-country test-bed is under construction in the so-called Netcards project. Every European country has to implement the health insurance card in their own way. France, Germany, Belgium and Slovenia have already more or less done their part and will only have to make minor adjustments. How easy will it be to persuade vendors to cease from promoting their own proprietary systems? Standardisation by definition affects the real assets of IT companies. Nevertheless, there is a common understanding that a certain level of standardisation is necessary to create both a market and a seamless end-user experience. So basically we are doing a balancing act. The OSCIE offers a ‘product line’ of support for interoperability. This will meet ‘high level’ requirements from the service providers – governments, banks, health insurers, health care professionals and mass transport operators – without interfering with technical solutions at the ‘lower levels’ where the proprietary systems sit. In this way we aim to combine the best of two worlds. But the industry is also working together on some technology issues. For instance, the European smart card industry as a whole has jointly defined the R&D topics that have to be worked on to create the smart card of the year 2010. We are now constructing a large-scale integrated project to bring this road map to life. Contact: Jan van Arkel at e-Europe, Tel: + 31 70 387 5305, e-mail: [email protected], www.eeurope-smartcards.org
7