ANSI - American National Standards Institute
 Print this article  Previous Next 

Overarching Smart Card Standard Earns ISO and IEC Recognition

New York, Dec 01, 2006

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) have officially approved a highly anticipated smart card interoperability standard. Smart card technology is used in a range of applications to identify people or store financial or personal information. It is the technology behind many debit and credit cards, cell phone SIM cards and personal identification cards.

ISO/IEC 24727-1, Identification cards—Integrated circuit card programming interfaces -- Part 1: Architecture, marks an important step for the identification market toward global interoperability of smart card applications. Smart card technology has faced obstacles in the past due to a lack of interoperability among applications and systems from different vendors. ISO/IEC 24727-1 is the first in a five-part series of standards that will enable applications to be built with a common and consistent approach.

The suite of standards is being developed by the ISO/IEC joint technical committee (JTC 1) on information technology and its subcommittee (SC) 17, cards and personal identification. Work on Part 1, which lays downs the architecture upon which all other parts of the standard will be built, was led by Work Group 4 Task Force 9. The group was convened by the National Institute of Standards and Technology (NIST) with the American National Standards Institute (ANSI) serving as secretariat. Part 1 specifies an overarching system structure and principles of operation, security rationale and a capabilities discovery mechanism that enables interoperability across diverse smart card solutions. The standard applies to cards that transmit information via contacts, close coupling, and radio frequency.

ISO/IEC 24727 is being considered as a potential future framework for the federal government’s personal identity verification (PIV) program under the Homeland Security Presidential Directive 12. The directive called for a government-wide standard for secure and reliable forms of identification that would enhance government security and personal privacy while reducing identity fraud. U.S. federal agencies began issuing PIV cards to their employees and contractors in October; identification cards for state and local government employees will go into effect this January [See related article: Deadline Passes for Federal Agencies to Begin Issuing “Smart” ID cards].

Similarly, the Australian government is proposing the use of ISO/IEC 24727 for several large-scale smart card projects, including a government-wide access card project and electronic driver’s license program. In Europe, the European Citizen Card standard Cent/TS 15480 endorses alignment with ISO/IEC 24727.

When complete, ISO/IEC 24727 will consist of five parts that cover architecture, generic card interface, application interface, administration and testing procedures respectively. Parts 2-4 are expected to be approved in 2007; part 5 will likely be published in 2008.

Standards Portal