Standards body plans to update government smart cards

The National Institute of Standards and Technology (NIST) plans to release an updated version of its interoperability specifications for government smart cards, a senior NIST computer scientist said Tuesday.

"Historically, there has not been much interoperability in the smart card world," Jim Dray, principal scientist for NIST's Government Smart Card program, said during in information security conference sponsored by the MIS Training Institute.

Dray said lack of interoperability has been a stumbling block for many federal agencies that have sought to deploy smart cards as an access control and information security tool. He explained that smart cards manufactured by different vendors often require different types of software and card readers, making it difficult for agencies to link different brands of smart card systems. "You sort of end up getting tied to one vendor's card," Dray said.

Recognizing an industry-wide trend toward smart-card interoperability, NIST released its first government-wide smart card interoperability specifications (GSC-IS) in 2000 and created a Government Smart Card Interagency Advisory Board.

Dray said NIST published an updated version of those specifications last June, and plans to update them again later this year as GSC-IS version 2.1. The newest specifications will align with other international smart card standards, such as those being developed by the European Union's Global Interoperability Framework (GIF).

"Version 2.1 will be the federal government's bridge to the formal standards world," Dray said, adding that the Interoperability Advisory Board was recently restructured to focus less on contracting issues, and more on "what it really takes to get government-wide deployment of smart-card technologies."

Steve Cooper, chief information officer of the Homeland Security Department, has agreed to chair that advisory board, according to Dray.

Dray said the newest government smart card specifications will address biometric applications, as well as "contactless" cards, which can be read from a distance through radio frequency communications.

Many federal agencies are interested in using smart cards for fast, efficient physical access control, "so they're pushing very hard to get a contactless [smart card] technology into the interoperability specifications," Dray said.