Smart Card Industry Standards
European Smart Card Standards, Smart Card Applications
EUROSMART is an international association located in Brussels representing the Voice of the Smart Card Industry for multi-sector applications. The Association is a non-profit organization committed to expanding the world`s smart card market, developing European smart card standards and continuously improving quality and security applications. Manufacturers of smart cards, semiconductors, terminals, equipment for smart cards system integrators, application developers and issuers gather and work into dedicated working groups on security, marketing, and communication issues. Through its activities, EUROSMART actively supports the development of the smart card business and acts as a catalyst and forum for the smart card stakeholders. The EUROSMART Association was created to Promote smart cards and smart card systems by: encouraging open system design encouraging interoperability of components and systems promoting high security image around smart card applications defending the reputation and ethics of the smart card industry including by fighting counterfeiting or violations of intellectual property rights Standardize smart cards and smart card systems by: orienting the content of standards and promoting European standards worldwide launching initiatives for building common specifications for future applications Provide a forum for the exchange of marketing and technical data by: generating statistics and market surveys studying specification of common interest Define a consistent range of quality and security levels by: defining test standards for component integrity and quality cooperating with laboratories and certification bodies worldwide Lobby international and national bodies by: writing position papers meeting EU officials EUROSMART Structure Working groups act as proposal forces to achieve EUROSMART`s missions Boards are ad hoc groups gathering members from smart card manufacturers, terminals manufacturers, semiconductors manufacturers and Equipment manufacturers to discuss issues relating to their industry. Decisions are adopted by a Steering Committee and the General Assembly composed of all members, to be implemented by the General Secretary
EUROSMART is an international association located in Brussels representing the Voice of the Smart Card Industry for multi-sector applications. The Association is a non-profit organization committed to expanding the world`s smart card market, developing European smart card standards and continuously improving quality and security applications.
Manufacturers of smart cards, semiconductors, terminals, equipment for smart cards system integrators, application developers and issuers gather and work into dedicated working groups on security, marketing, and communication issues. Through its activities, EUROSMART actively supports the development of the smart card business and acts as a catalyst and forum for the smart card stakeholders.
The EUROSMART Association was created to
Promote smart cards and smart card systems by:
Standardize smart cards and smart card systems by:
Provide a forum for the exchange of marketing and technical data by:
Define a consistent range of quality and security levels by:
Lobby international and national bodies by:
EUROSMART Structure
Common Criteria Methodology Version 3.0, International Security Certification Initiative
EUROSMART Security Working Group The EUROSMART Security Working Group represents a competent body of experts combining knowledge of the major players of the smart card industry in the complete range from the semiconductor, the software development up to the final production and the personalisation. Missions Optimise security efficiency in term of assurance, methodology & cost Sectors to focus on: Banking, Government, Telecom Actions To meet with the main objective regarding security of the product and the system, members are working on: Protection Profile Survey Common Criteria Methodology Version 3.0 in preparation for 2005 ISO follow-up concerning security International Security Certification Initiative follow-up The group is working on the mapping of the security cost: Per Security methodology Per Market Segment Per Country Security Managers responsible for site security are working on: analysing the different certification schemes analysing the audit cost situation for Security Management evaluation and certification developing a concept for a Common Security Certification Scheme for Security Management Systems EUROSMART Communication Working Group Composed of marketing/communication managers and press officers, the Communication WG plays a great role by promoting all EUROSMART activities and organizing main events. The Communication WG is chaired by Clotilde Servajean, Marketing Manager from Schlumberger Sema. She acts as EUROSMART Communication Officer and is member of the Steering Committee. Missions Provide the Association and its working groups with the communication initiatives to support their respective missions and to increase the industry visibility. Promote EUROSMART activities and its image as being ``The Voice of the Smart Card Industry`` Develop EUROSMART participation in smart card related world-wide exhibitions Provide a professional information related to smart card to the press, professional entities and institutional bodies, such as the European institutions Create a professional network between members Update EUROSMART website monthly Actions Official Sponsorship of CARTES exhibition (France) since 1999 Organisation of the annual eSmart Conference Participation to CTST exhibition (USA) Organisation of Press conferences with members` CEOs Close relationship with the European Commission Information Dissemination on EUROSMART Research & development projects Strong participation to eEurope Smart Cards initiative EUROSMART Market and Technology Working Group Missions To research and to promote smart card solutions and related technologies on current markets and for the age of total access The marketing managers of member companies drive EUROSMART coherent and coordinated approach towards other organisations The aim is to build on the strong visibility at EU level and to prepare tools for better knowledge of market and technology opportunities For the Market Lobbying actions at EU level Issue position papers Coordinate figures of the smart card chain For Technology Prioritise requirements in security for the various segments of business Roadmap exercise – RESET document to be updated every year EUROSMART Test Tools Working Group KaSYS and MCO, EUROSMART members, took the initiative to launch in 2004 a new working group called Test Tools to contribute to the quality and efficiency of the smart card industry by: proposing a framework for the recognition of test tools and/or test tool providers, so that the industry could confidently implement integrated test platforms promoting the definition of interoperability certification frameworks for smart card systems, including the definition of test plan(s), test cases and evaluation procedures, in accordance with existing quality standards. The EUROSMART Test Tools Working Group was launched in April 2004 with the following objectives: analyse the market requirements for test tools, propose recommendations based on the findings from the market analysis promote testing frameworks for interoperability invite other test tool providers and test laboratories to participate The first action is to issue a survey to be distributed to the smart card industry and other industry players and laboratories to identify commonly shared requirements about test tools. Results of the survey will be available in 2005.
The EUROSMART Security Working Group represents a competent body of experts combining knowledge of the major players of the smart card industry in the complete range from the semiconductor, the software development up to the final production and the personalisation.
Missions
To meet with the main objective regarding security of the product and the system, members are working on:
The group is working on the mapping of the security cost:
Security Managers responsible for site security are working on:
Composed of marketing/communication managers and press officers, the Communication WG plays a great role by promoting all EUROSMART activities and organizing main events. The Communication WG is chaired by Clotilde Servajean, Marketing Manager from Schlumberger Sema. She acts as EUROSMART Communication Officer and is member of the Steering Committee.
Provide the Association and its working groups with the communication initiatives to support their respective missions and to increase the industry visibility. Promote EUROSMART activities and its image as being ``The Voice of the Smart Card Industry`` Develop EUROSMART participation in smart card related world-wide exhibitions Provide a professional information related to smart card to the press, professional entities and institutional bodies, such as the European institutions Create a professional network between members Update EUROSMART website monthly
Actions
For the Market
For Technology
KaSYS and MCO, EUROSMART members, took the initiative to launch in 2004 a new working group called Test Tools to contribute to the quality and efficiency of the smart card industry by: proposing a framework for the recognition of test tools and/or test tool providers, so that the industry could confidently implement integrated test platforms promoting the definition of interoperability certification frameworks for smart card systems, including the definition of test plan(s), test cases and evaluation procedures, in accordance with existing quality standards.
The EUROSMART Test Tools Working Group was launched in April 2004 with the following objectives:
The first action is to issue a survey to be distributed to the smart card industry and other industry players and laboratories to identify commonly shared requirements about test tools. Results of the survey will be available in 2005.
IST Projects, RESET, SINCE, Smart Cord, Smart IS
Expertise Convinced of the importance of smart cards in the global economy and in societal developments, EUROSMART has developed a strong expertise in strategic domains. The Association provides advice and guidance in technology and is recognised across the world as a competent body of experts. EUROSMART`s objective is to contribute to the development of smart cards standards and to improve the quality and security of smart card applications. Prepare technology roadmaps Develop protection profiles Promote standards for the evaluation and certification of products, systems and related environment Analyse and discuss security aspects Support common criteria Work with standardisation bodies and international stakeholders IST Projects Research and development are crucial to explore future smart cards developments and contribute to security and interoperability. By participating to IST Projects, the EUROSMART objective is to share experiences with other participants and contribute to the technology development. Encourage the co-operation between Europe and Japan: Smart Meiji project Develop a Technology roadmap: RESET Promote contactless technologies: SINCE Structure and promote the eEurope Smart card initiative: Smart Cord Develop a secure identification/ authentication module : Smart IS Networking In a global environment, EUROSMART acknowledges the importance of international cooperation to encourage smart card interoperability. EUROSMART`s objective is to encourage international cooperation, exchange of information and mutual understanding. Exchange experiences and know how with international smart card stakeholders Be present in international forum Encourage smart card associations co-operation through the ISCAN network Communication Smart cards have a special place in the landscape of key technologies that are shaping the Information Society. EUROSMART`s objective is to increase the smart card industry visibility and promote the development of smart cards. Participated in smart card related world-wide exhibitions such as CARTES, CTST. In 2005, EUROSMART supports Omnicard, CardEX 2005, Card Middle East, TOP ID, CTST, CARTES 2005 Organise the yearly eSmart conference. The 5th edition of the eSmart Conference, eSmart 2004, attracted more people than ever and became the high level forum attended by the industry and political decision makers in the smart card sector. The conference gathered more than 280 participants and 65 speakers to exchange technical, marketing and political issues. Through 9 sessions, e-Smart 2004 presented the latest achievements in smart card international cooperation on emerging technologies and applications (contactless, biometrics, TPM, DRM). eSmart 2005 is scheduled to be held on 21-23 September in Sophia-Antipolis Provide professional information related to smart card to the press, professional entities and institutional bodies, such as the European institutions. Lobbying New legislation and regulations at the European and national level are critical for company activities. EUROSMART`s objective is to inform its members about regulatory developments at the EU level and to offer them the opportunity to defend their interests on the European scene. To inform members about the relevant EU legislation through a monthly newsletter To prepare and disseminate position papers To organise meetings with EU officials Education Today, knowledge acquisition and transfer are key to a company`s. As an international smart card association, EUROSMART is willing to play a more important role on the education scene and promote smart card programmes in Europe or across the world. EUROSMART`s objective is to promote and disseminate the smart card technology into schools or universities. Identify the main universities that are offering smart card courses Promote their programme Raise the awareness in some universities that do not offer a smart card programme Encourage the exchange ideas and experiences between universities Provide support for courses development As an international association, EUROSMART plays an important role in anticipating change and raising awareness. One challenge is to help removing obstacles to learning opportunities and meet the educational requirements of our economy.
Convinced of the importance of smart cards in the global economy and in societal developments, EUROSMART has developed a strong expertise in strategic domains. The Association provides advice and guidance in technology and is recognised across the world as a competent body of experts. EUROSMART`s objective is to contribute to the development of smart cards standards and to improve the quality and security of smart card applications.
Research and development are crucial to explore future smart cards developments and contribute to security and interoperability. By participating to IST Projects, the EUROSMART objective is to share experiences with other participants and contribute to the technology development.
In a global environment, EUROSMART acknowledges the importance of international cooperation to encourage smart card interoperability. EUROSMART`s objective is to encourage international cooperation, exchange of information and mutual understanding. Exchange experiences and know how with international smart card stakeholders Be present in international forum Encourage smart card associations co-operation through the ISCAN network
Smart cards have a special place in the landscape of key technologies that are shaping the Information Society. EUROSMART`s objective is to increase the smart card industry visibility and promote the development of smart cards.
New legislation and regulations at the European and national level are critical for company activities. EUROSMART`s objective is to inform its members about regulatory developments at the EU level and to offer them the opportunity to defend their interests on the European scene.
Today, knowledge acquisition and transfer are key to a company`s. As an international smart card association, EUROSMART is willing to play a more important role on the education scene and promote smart card programmes in Europe or across the world. EUROSMART`s objective is to promote and disseminate the smart card technology into schools or universities.
As an international association, EUROSMART plays an important role in anticipating change and raising awareness. One challenge is to help removing obstacles to learning opportunities and meet the educational requirements of our economy.
Protection Profile PP, Target Of Evaluation TOE, Smartcard Integrated Circuit
Protection Profile EUROSMART members developed their first Protection Profile (PP) related to smart cards in 1997. The EUROSMART Security Working Group is dealing with smart card related Protection Profile development since than. Until today about 10 certified and about the same number of known attempts for smart card related Protection Profile exists. Targets of Evaluation, TOE A PP defines an implementation-independent set of IT security requirements for a category of Target of Evaluation (TOE). Such TOEs are intended to meet common consumer needs for IT security. Consumers can therefore construct or cite a PP to express their IT security needs without reference to any specific TOE. Smartcard Integrated Circuit The TOE is a smartcard integrated circuit which is composed of a processing unit, security components, I/O ports (contact and/or contactless) and volatile and non-volatile memories (hardware). The TOE also includes any IC Designer/Manufacturer proprietary IC Dedicated Software as long as it physically exists in the smartcard integrated circuit after being delivered by the IC manufacturer. List of certified smartcard related Protection Profiles: Protection Profile Smart Card Integrated Circuit Platform PP-002, Version 1.0 July 2001; Protection Profile Smart Card Integrated Circuit With Embedded Software CPP9911, Version 2.0 July 1999; Protection Profile Smart Card Integrated Circuit CPP9806, Version 2.0 September 1998; Intersector Electronic Purse and Purchase Device Version for Pilot Schemes Only CPP9808, Version 1.2 February 1999; Intersector Electronic Purse and Purchase Device CPP9909, Version 1.2 February 1999. The increase in the number and complexity of applications in the smartcard market is reflected in the increase of the level of data security required. The security needs for a smart card can be summarised as being able to counter those who want to defraud, gain unauthorised access to data and control a system using a smart card. Therefore it is mandatory to: maintain the integrity and the confidentiality of the content of the smartcard memory as required by the application(s) the smartcard is built for maintain the correct execution of the software residing on the card This requires that the smartcard integrated circuit especially maintains the integrity and the confidentiality of its security enforcing and security relevant architectural components. Protected information is in general secret data such as Personal Identification Numbers, Balance Value (Stored Value Cards), and Personal Data Files. Other protected information includes data representing the access rights such as any cryptographic algorithms and keys needed for accessing and using the services provided by the system through use of the smartcard. The intended environment is very large; and generally once issued the smartcard can be stored and used anywhere in the world, at any time, and no control can be applied to the smartcard and the card operational environment. IC Dedicated Software (also known as IC firmware) is often used for testing purposes only during production but may also provide additional services to facilitate usage of the hardware and/or to provide additional services (for instance in the form of a library). In addition to the IC Dedicated Software, the Smartcard Integrated Circuit may also comprise hardware to perform testing. Other software is called Smartcard Embedded Software and is not part of the TOE. The typical smart card integrated circuit product such as the TOE is composed of a processing unit, security components, I/O ports and volatile and non-volatile memories. The smartcard integrated circuit is a platform to be used by the Smartcard Embedded Software. The smartcard integrated circuit itself may not possess any asset (such as critical data). All assets are those of the Smartcard Embedded Software. However, the hardware platform must maintain the integrity and the confidentiality of the content of the smartcard memory as required by the context of the Smartcard Embedded Software maintain the correct execution of the Smartcard Embedded Software This requires that the smartcard integrated circuit especially maintains the integrity and the confidentiality of its security enforcing and security relevant architectural components. The TOE security mechanisms need to work together in different combinations to counter attacks. Owing to complex dependencies, these combinations are only apparent in the context of a specific attack scenario. Often the composition of a security function only becomes clear when considering a specific attack path during vulnerability analysis. A security mechanism may be needed in different security functions depending on the attack path. This has to be considered during the TOE evaluation.
EUROSMART members developed their first Protection Profile (PP) related to smart cards in 1997. The EUROSMART Security Working Group is dealing with smart card related Protection Profile development since than. Until today about 10 certified and about the same number of known attempts for smart card related Protection Profile exists.
A PP defines an implementation-independent set of IT security requirements for a category of Target of Evaluation (TOE). Such TOEs are intended to meet common consumer needs for IT security. Consumers can therefore construct or cite a PP to express their IT security needs without reference to any specific TOE.
The TOE is a smartcard integrated circuit which is composed of a processing unit, security components, I/O ports (contact and/or contactless) and volatile and non-volatile memories (hardware). The TOE also includes any IC Designer/Manufacturer proprietary IC Dedicated Software as long as it physically exists in the smartcard integrated circuit after being delivered by the IC manufacturer.
List of certified smartcard related Protection Profiles: Protection Profile Smart Card Integrated Circuit Platform PP-002, Version 1.0 July 2001; Protection Profile Smart Card Integrated Circuit With Embedded Software CPP9911, Version 2.0 July 1999; Protection Profile Smart Card Integrated Circuit CPP9806, Version 2.0 September 1998; Intersector Electronic Purse and Purchase Device Version for Pilot Schemes Only CPP9808, Version 1.2 February 1999; Intersector Electronic Purse and Purchase Device CPP9909, Version 1.2 February 1999.
The increase in the number and complexity of applications in the smartcard market is reflected in the increase of the level of data security required. The security needs for a smart card can be summarised as being able to counter those who want to defraud, gain unauthorised access to data and control a system using a smart card. Therefore it is mandatory to:
This requires that the smartcard integrated circuit especially maintains the integrity and the confidentiality of its security enforcing and security relevant architectural components. Protected information is in general secret data such as Personal Identification Numbers, Balance Value (Stored Value Cards), and Personal Data Files. Other protected information includes data representing the access rights such as any cryptographic algorithms and keys needed for accessing and using the services provided by the system through use of the smartcard.
The intended environment is very large; and generally once issued the smartcard can be stored and used anywhere in the world, at any time, and no control can be applied to the smartcard and the card operational environment.
IC Dedicated Software (also known as IC firmware) is often used for testing purposes only during production but may also provide additional services to facilitate usage of the hardware and/or to provide additional services (for instance in the form of a library). In addition to the IC Dedicated Software, the Smartcard Integrated Circuit may also comprise hardware to perform testing. Other software is called Smartcard Embedded Software and is not part of the TOE.
The typical smart card integrated circuit product such as the TOE is composed of a processing unit, security components, I/O ports and volatile and non-volatile memories.
The smartcard integrated circuit is a platform to be used by the Smartcard Embedded Software. The smartcard integrated circuit itself may not possess any asset (such as critical data). All assets are those of the Smartcard Embedded Software. However, the hardware platform must
This requires that the smartcard integrated circuit especially maintains the integrity and the confidentiality of its security enforcing and security relevant architectural components. The TOE security mechanisms need to work together in different combinations to counter attacks. Owing to complex dependencies, these combinations are only apparent in the context of a specific attack scenario. Often the composition of a security function only becomes clear when considering a specific attack path during vulnerability analysis. A security mechanism may be needed in different security functions depending on the attack path. This has to be considered during the TOE evaluation.
Common Criteria (ISO 15408 standard), Machine Readable Transport Document, MRTD, PKI
EUROSMART is working to design products to the state-of-the-art security level in accordance with operators` security level requirements that best fit their application. EUROSMART represents companies with up to 25 years of experience in smart cards. Information leakage has been an area of concern as the security of smart card applications is paramount. EUROSMART created a Security Working Group in 1997 to coordinate standardisation initiatives in this matter. This forum works actively on improving and implementing all security evaluation methods such as FIPS, ITSEC and Common Criteria, with clear evaluation scales to demonstrate the products security. It is in contact with European institutions to discuss privacy protection and electronic transaction security requirements for incorporation in European legal frameworks. EUROSMART recommends evaluating, certifying and maintaining certification of smart card products, in particular using the Common Criteria (ISO 15408 standard) methodology. All Common Criteria Certified Protection Profiles take into account all possible threats on smart cards and security functions to countermeasure potential attacks like site attacks, DFA, DPA, physical attacks, mathematical attacks and many others. Smart cards associated with biometrics is the best technology combination to build cost effective and convenient platforms that meet the requirements of future secure personal ID systems. Smart cards compare favourably with static memory devices, such as 2D bar codes, laser cards or memory cards. The smart card is a unique, portable, personal object that easily combines secure identification and authentication functions for both the physical and the digital worlds. Smart cards are well perceived by citizens, offering convenience, security, and crucial personal information privacy management features. ICAO has adopted recommendations at the end of May 2003 as guidelines for a Machine Readable Transport Document including the use of biometrics technology for faster and more secure control of travellers` identity. US security agencies have also recommended the use of biometrics features for frontier control and the incorporation of Public Key cryptography (PKI) and Digital Signature Standards for future visa systems. The European Commission is now launching the second generation of Schengen Information System and is also recommending biometrics for an EUwide visa system. EUROSMART has made certain recommendations to assist the European Commission in the preparation of this approach. Smart cards associated with biometrics are the best technology combination to build cost effective platforms that meet the requirements of future secure personal ID systems. Coupled with a secure, privacy-sensitive information technology architecture and a strong policy framework, a smart card based secure personal ID system: provides accurate personal identification, through classic identity verification by the authorities using a security document. The card body has demonstrated in many countries and applications its capability to embed advanced security features. provides accurate personal identification in the digital world, using well understood automatic authentication procedures that are commonly used by the banking industry -- e.g. GSM mobile telephony industries. The card enables authorities to use the powerful digital networks to access and verify citizen related information, and also enables the citizen to access e-government online services. protects the individual` s personal information -- that is stored in the card and provided by voluntary action -- and so ensures better acceptance by citizens effectively addresses legal requirements currently being debated in many countries EUROSMART recommendations for generic personal ID systems Many countries have started to study the development and implementation of secure personal ID systems taking into account the following requirements in term of ability to: Provide effective verification of an individual`s identity Guarantee a significant increase of security and trust in respect of currently existing systems Protect the privacy of individual`s identity information Ensure interoperability between various systems of different countries Provide for a given country or a group of countries (like the EU), access to government services. The best suitable Machine Readable Transport Document (MRTD) device is the smart card since it offers all naked eyes control capability, while providing additional security features to reduce fraud and provide security and trust for on-line systems. Smart cards better cover the privacy issues that are essential for European citizens. Smart card based personal ID system have to integrate biometric technology to make the citizens experience at heavy traffic identity verification points a swift and enjoyable one. Any biometric sample fits and can be handled by the smart card technology that exists today. Several such samples would fit easily within a relatively low-end smart card. As the silicon and security technologies continues to evolve rapidly, it is certain that even the highest performance cards of today will be commonplace and relatively low-end in the next few years. The card memory capacity and the CPU computing power must be selected according to the data storage and processing needs, and optimised to meet the best performance/cost ratio at the time of large scale deployment. The smart cards features can also be used in a contactless/wireless environment; however expert design must be applied in this case since these features may come at the expense of privacy. As long as acceptance by public and respect of privacy is ensured, any biometric data can be used in secure personal ID system (face recognition and fingerprint being the most common candidates, but could be complemented by a third or several other techniques if needed). Interoperability between countries needs to be ensured through the use of a standardized Biometric Application Programming Interfaces (API) . EUROSMART, the US based Smart Card Alliance, the JavaCard Forum and several other industry associations have united their efforts towards such standardization. These efforts would be accelerated by the adoption of a smart card combined with biometrics recommendation by the European Community for its visa, passport and e-government initiatives, leading to an ISO standard. A Public Key Infrastructure (PKI) needs to be used to ensure exchanges between multiple countries. Full biometric Match-On-Card process is recommended for One to One verification. This capability ensures that the biometric sample comparison with the reference sample stored in the smart card is made inside the secure smart card without the original sample ever being exposed outside of the smart card. This is true if no official agent is present to control the authentication process. For the One to Many identification, matching can be performed on the central secure database. Associated with a strong PKI architecture, smart card will ensure an acceptable security and privacy level.
EUROSMART is working to design products to the state-of-the-art security level in accordance with operators` security level requirements that best fit their application. EUROSMART represents companies with up to 25 years of experience in smart cards. Information leakage has been an area of concern as the security of smart card applications is paramount.
EUROSMART created a Security Working Group in 1997 to coordinate standardisation initiatives in this matter. This forum works actively on improving and implementing all security evaluation methods such as FIPS, ITSEC and Common Criteria, with clear evaluation scales to demonstrate the products security. It is in contact with European institutions to discuss privacy protection and electronic transaction security requirements for incorporation in European legal frameworks.
EUROSMART recommends evaluating, certifying and maintaining certification of smart card products, in particular using the Common Criteria (ISO 15408 standard) methodology. All Common Criteria Certified Protection Profiles take into account all possible threats on smart cards and security functions to countermeasure potential attacks like site attacks, DFA, DPA, physical attacks, mathematical attacks and many others.
Smart cards associated with biometrics is the best technology combination to build cost effective and convenient platforms that meet the requirements of future secure personal ID systems. Smart cards compare favourably with static memory devices, such as 2D bar codes, laser cards or memory cards.
The smart card is a unique, portable, personal object that easily combines secure identification and authentication functions for both the physical and the digital worlds. Smart cards are well perceived by citizens, offering convenience, security, and crucial personal information privacy management features.
ICAO has adopted recommendations at the end of May 2003 as guidelines for a Machine Readable Transport Document including the use of biometrics technology for faster and more secure control of travellers` identity.
US security agencies have also recommended the use of biometrics features for frontier control and the incorporation of Public Key cryptography (PKI) and Digital Signature Standards for future visa systems.
The European Commission is now launching the second generation of Schengen Information System and is also recommending biometrics for an EUwide visa system. EUROSMART has made certain recommendations to assist the European Commission in the preparation of this approach.
Smart cards associated with biometrics are the best technology combination to build cost effective platforms that meet the requirements of future secure personal ID systems. Coupled with a secure, privacy-sensitive information technology architecture and a strong policy framework, a smart card based secure personal ID system:
Many countries have started to study the development and implementation of secure personal ID systems taking into account the following requirements in term of ability to:
The best suitable Machine Readable Transport Document (MRTD) device is the smart card since it offers all naked eyes control capability, while providing additional security features to reduce fraud and provide security and trust for on-line systems. Smart cards better cover the privacy issues that are essential for European citizens.
Smart card based personal ID system have to integrate biometric technology to make the citizens experience at heavy traffic identity verification points a swift and enjoyable one. Any biometric sample fits and can be handled by the smart card technology that exists today. Several such samples would fit easily within a relatively low-end smart card.
As the silicon and security technologies continues to evolve rapidly, it is certain that even the highest performance cards of today will be commonplace and relatively low-end in the next few years. The card memory capacity and the CPU computing power must be selected according to the data storage and processing needs, and optimised to meet the best performance/cost ratio at the time of large scale deployment.
The smart cards features can also be used in a contactless/wireless environment; however expert design must be applied in this case since these features may come at the expense of privacy.
As long as acceptance by public and respect of privacy is ensured, any biometric data can be used in secure personal ID system (face recognition and fingerprint being the most common candidates, but could be complemented by a third or several other techniques if needed).
Interoperability between countries needs to be ensured through the use of a standardized Biometric Application Programming Interfaces (API) . EUROSMART, the US based Smart Card Alliance, the JavaCard Forum and several other industry associations have united their efforts towards such standardization. These efforts would be accelerated by the adoption of a smart card combined with biometrics recommendation by the European Community for its visa, passport and e-government initiatives, leading to an ISO standard. A Public Key Infrastructure (PKI) needs to be used to ensure exchanges between multiple countries.
Full biometric Match-On-Card process is recommended for One to One verification. This capability ensures that the biometric sample comparison with the reference sample stored in the smart card is made inside the secure smart card without the original sample ever being exposed outside of the smart card. This is true if no official agent is present to control the authentication process.
For the One to Many identification, matching can be performed on the central secure database. Associated with a strong PKI architecture, smart card will ensure an acceptable security and privacy level.
Smart Card Manufacturers, Smart Card Integrated Circuit Manufacturers, Terminals Manufacturers, System Integrators
EUROSMART Membership The Association is made up of full members and associated members. Full members are manufacturers in the smart card area. They are: Smart card manufacturers Smart card integrated circuit manufacturers Manufacturers of terminals smart card accepting devices Manufacturers of equipment accepting smart cards (including personalisation machines) System integrators, software or services houses industrialists To qualify for membership, companies must have been set up in accordance with the laws and customs of their country of origin and operate research and development as well as production and sales unit(s). Associated members can be companies performing activities which are not listed above but are effectively recognised with skills for contributions to specific activities and ad hoc groups to be created by the Steering Committee or the General Assembly. By bringing together the whole chain of the industry and leading companies, EUROSMART works on common issues with the aim of accelerating the widespread use of multi-application smart card technology. Technology issue: EUROSMART provides a forum for the members in the development of secure and interoperable smart card technologies by stimulating the emergence and adoption of standards Industry & Business Trends: EUROSMART activity is upstream ; it forecasts the various trends of the smart card market for the future by identifying the main challenges that the smart card industry has to face Market figures and forecast: EUROSMART issues reliable yearly and from 2002 quarterly data and forecasts as well as context interpretation Networks of excellence: Within EUROSMART, members will establish working relationships through the participation to the working groups and boards and therefore network with key players in the smart card industry Information: EUROSMART organises conferences and workshops, communicates all smart card related information to members, especially information concerning the eEurope Smart card Initiative Participation in EU funded projects in smart card: EUROSMART provides a forum to elaborate smart card R&D projects which can be funded by the European Commission. International partnership and lobbying: EUROSMART works closely with the Japanese smart card industry and develops other international relationships. Permanent contacts are also established with all the international bodies (European Commission, European Central Bank, etc.) and standardisation bodies (ETSI, CEN). Membership Fee For full members:12.5 K€ for companies with a turnover > 50M€7.5K€ for companies with a turnover < 50M€For Associated Members5K€
The Association is made up of full members and associated members. Full members are manufacturers in the smart card area. They are:
To qualify for membership, companies must have been set up in accordance with the laws and customs of their country of origin and operate research and development as well as production and sales unit(s).
Associated members can be companies performing activities which are not listed above but are effectively recognised with skills for contributions to specific activities and ad hoc groups to be created by the Steering Committee or the General Assembly.
By bringing together the whole chain of the industry and leading companies, EUROSMART works on common issues with the aim of accelerating the widespread use of multi-application smart card technology.
For full members:12.5 K€ for companies with a turnover > 50M€7.5K€ for companies with a turnover < 50M€For Associated Members5K€
IDS Emergency Management | IDS Water | IDS Packaging | IDS Environment | IDS-HealthcareManagement | IDS Plastics | IDS Power/Energy
Industry IDS, Inc. – Online Tradeshow, Exhibition, & Buyers Guide Solutions
