A soon-to-be-released specification from the National Institute of Standards and Technology (NIST) has major implications for the use of contactless technology in U.S federal government agencies. NSIT is an organization established within the United States Department of Commerce to “develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life.”
The pending document titled NISTIR 6887 is the 2003 Edition of the Government Smart Card Interoperability Standard version 2.1 (GSC 2.1). According to Jim Dray, NIST Smart Card Project Manager, GSC 2.1 is scheduled to be released on July 18. Plans are for the document to be submitted to the International Organization for Standards (ISO) to begin the process by which GSC 2.1 can be considered for global standardization.
The previous versions of the GSC-IS built upon the ISO 7816 standards for contact chip cards in an attempt to bring interoperability of cards and readers closer to reality. Key to this goal of interoperability was the definition of a generic ISO 7816-4 command set that is mapped to the native command set of a card. In essence it specifies a file on the card that provides information on that card’s native command set such that these native commands can be translated into the GSC-IS’s generic commands. The original versions of the GSC-IS provided a significant advancement toward contact smart card interoperability.
Version 2.1 promises to further advance this process and widen its scope. According to Mr. Dray, GSC 2.1 enhancements include “the addition of contactless interface, biometric hooks, ‘ISOization’ of the card edge (API), and a revised access control model.”
The document will, for the first time, address a contactless interface in its specifications. This should help to pave the way for more rapid and robust adoption of contactless or dual-interface smart cards among US government agencies. And if NIST is successful in its attempt to gain ISO standardization for the GSC-IS, the implications extend worldwide.
In Appendix G, NIST specifies ISO 14443 standard technology for contactless interface. It does not delineate between Type A and Type B, but rather leaves this decision open to the issuer. Because the document requires that the chip on the card must directly implement the GSC 2.1 command set, most manufacturers will need to rework their existing products to make them compliant.
Says Mr. Dray, “it will require a silicon-level change since the IC (integrated circuit) must directly implement the APDU.” Sources indicate that it will likely take 6 to 8 months for these products to be made available. The single noted exception is likely to be existing contactless Java cards that, according to Mr. Dray, are capable of supporting GSC 2.1 now.
NIST is also working with counterparts in other regions to address worldwide interoperability. Ongoing discussions with Japan, the European Community, and others are underway.
When the GSC 2.1 document is released later this month, more information will be available and more details uncovered. Check the NIST web site at http://smartcard.nist.org to download a copy.