About the Standards & Metrics ProjectBiometrics - Interoperabilty, Quality, & Access
Technical inquiries: ITL Inquiries Information Technology Laboratory General
NIST inquiries: Date Created: 28-Aug-2007 |
Project GoalCreating, editing, and shepherding through official processes a new series of smart card interoperability standards entitled ISO/IEC 24727, Identification cards – Integrated circuit cards programming interfaces. ISO/IEC 24727 is a multipart standard aimed at achieving interoperability among various smart card systems. The goal is to provide the necessary interfaces and services to enable interoperability among divergent systems, with a particular focus on identification, authentication, and signature services, and removing the dependence on vendor specific implementations. BackgroundOne of the challenges of implementing systems is that the existing integrated circuit cards standards offer a great degree of flexibility and interoperability is problematic. Another challenge is the lack of standardized set of services and security architecture. Existing standards are tool sets that allow enough variability to enable disparate implementations that are not interchangeable and the lack of common APIs cause difficulties for programming developers by requiring that they have knowledge on the various card manufacturer command sets. The ISO/IEC 24727 suite of standards sets limits on the allowable options and introduces a set of common services for routine actions, such as connection and cryptographic actions, that are required by typical implementations taking advantage of smart card based credentials, in particular the ability to employ cryptographic functionality. TasksThe tasks in support of the program goals are accomplished with the development of an international a multi-part standard. This standard establishes a framework that can be used by identification systems without requiring implementers to have card specific knowledge of the identity credential token or application. Task 2: Establish a card interface for interoperable cards and card applications ISO/IEC 24727 Identification cards – Integrated circuit cards programming interfaces – Part 2: Generic card interface details the functionality and related information structures required for card edge interoperability. This part of ISO/IEC 24727 maximizes the use of existing standards to establish a common interface by minimize the number of options provided. It also provides discovery mechanisms for card capabilities and supported applications, whether on or off card. Task 3: Establish API that provides a set of services for common actions to include identification, authentication, and signature services ISO/IEC 24727 Identification cards – Integrated circuit cards programming interfaces – Part 3: Application interface defines a common set of services and action responses to be supported at the client application interface. The services are described in a programming language independent way. ISO/IEC 24727-3 is the application interface of the OSI Reference Model. It provides a high-level interface for a client-application making use of information storage and processing operations on a card as viewed on the generic card interface. This part also includes a standard set of authentication protocols, ranging from PIN to biometric authentication schemes. Task 4: Establish secure interface and API administration ISO/IEC 24727 Identification cards – Integrated circuit cards programming interfaces – Part 4: API Administration standardizes the connectivity, security and discovery mechanisms between the client-application and the card-application. This part allows the realization of interoperable implementations of ISO/IEC 24727-2 and ISO/IEC 24727-3. The security architecture is complex but the very first attempt at establishing a standardized set to security mechanisms for achieving a level of trust for identity credentials. Task 5: Ensure interoperability is achieved as prescribed ISO/IEC 24727 Identification cards – Integrated circuit cards programming interfaces – Part 5: Testing develops the conformance testing required to assert ISO/IEC 24727 compliance. This part will be developed in such a way that compliance levels can be asserted. Task 6: Ensure efficient maintainability of standard ISO/IEC 24727 Identification cards – Integrated circuit cards programming interfaces – Part 6: Registration Authority for Authentication Protocols establishes a registration authority activity for additional ISO/IEC 24727-3 authentication protocols. A RA mechanism provides for additional authentication protocols without the need to exercise the ISO/IEC amendment process. The RA duties and Internet portals are hosted by Standards Australia. Task 7: Measure progress of identity based systems The ability to uniformly or otherwise measure the success factors of identity management systems is somewhat limited. The development of IDMS models and supporting metrics to assess performance will enable the business value of IDMS investments to be quantifiably reviewed and evaluated. Key components of an IDMS model and metrics should involve value-based factors. Alignment of IDMS features with Federal security requirements and customers’ needs should provide the basis for establishing the core elements of an IDMS metrics measurement system. An assessment of current trends, systems, and user perceptions and requirements will be considered. AdministrationTasks 1 - 6 of this project are under the purview of Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 17, Cards and personal identification. The project is assigned by ISO/IEC JTC 1 SC 17 to Task Force 9 in Work Group 4. The TF9 convener is provided by the US, through the national committee B10. The TF9 Secretariat is held by ANSI. Project ContactsMs. Teresa Schwarzhoff |
U.S. Department of Commerce
|