Hi Dave,
In the beginning of the Internet, there was a guy (whose name I can't
remember) who published a periodical (I wouldn't call it a magazine but
sort of) called 'ConneXions'... It featured articles (papers) by such
luminaries as Marshall Rose, Vint Cerf, etc. discussing layers and
protocols. It's theme was 'interoperability' and in fact it was the
pre-cursor of the 'Interop' trade show.... The guy that started ConneXions
also started the Interop...
I think that the same model could easily be applied to smartcards and
that this is a good forum for doing so...
Dave Sims
**********************************************************************
On Wed, 17 May 2000, David Corcoran wrote:
> Hi, here is a bit that I wrote up to vent on my lack of standards in the
> smartcard industry. Let me know if you agree or not.
>
> One of the biggest obstacles in the smartcard industry today is the lack
> of standardization between different cards, readers, and even the platform
> in which they are used. Back in the early days of the internet many
> different standards existed like token ring, Dec Net, and others making
> the existance of a single infrastructure in which anyone could plug into
> difficult. Eventually the players began to see the light and one standard
> emerged as the godfather of all internet connectivity standards: ethernet
> and TCP/IP. Now anyone can plug into the internet and connect with nearly
> everyone else in a simple and seamless manner. It is no wonder why
> companies such as Cisco are doing as well as they are. Do you think that
> these companies would be doing as well if many networking standards still
> existed today ? The Internet would not be growing as quickly if not a
> single standard emerged from the struggle because users need a seamless
> way of connectivity. The same must exist for smartcards. Although
> magnetic stripe cards are of a much simpler nature, it is still possible
> for myself to travel to France and use an Automatic Teller Machine to gain
> access to money. I can even use my VISA card in almost every terminal
> that exists. Do you think that these cards would be as useful if every
> bank issued their own proprietary location of information on the magnetic
> stripe ?
>
> Smartcards must also develop such standards to make communication to them
> in a seamless manner. The following is a list of what I consider to be
> necessary for the smartcard industry:
>
> 1) One communication protocol should be used. Currently there are
> several: T=0, T=1, Synchronous, and others. My personal feeling is that
> all cards should communicate in the T=1 block protocol. It is much more
> efficient, and gives the card a way of communicating back to the reader to
> establish resynchronization or to communicate the need for more waiting
> time. T=0 does this through the ATR so if the card needs more time it has
> to change the ATR to notify the host of this. I feel this is a poor way
> of doing this.
>
> 2) The ATR should be used as a means for card identification. It is
> ridiculous that much of the ATR can be changed except the protocol
> information. I think the ATR should have 6 historical bytes reserved for
> identification. 2 for manufacturer id, 2 for manufacturer mask, and 2 for
> user definition. That makes 65,000 manufacturers, 65,000 masks and 65,000
> user defines. The user can only change their 2 bytes. Thus the card can
> still be identified by it's core OS 2 bytes manufactuer/2 bytes mask.
>
> 3) ISO-7816 should include a command for the creation of a
> transparent file and a command for the listing of files.
>
> 4) Card manufacturers need to be ISO compliant. Class instructions
> should be standardized to either 00 or C0 or whatever. I should be able
> to list the directory of files on the card in 1 way on any card.
>
> 5) There must be a standard for putting the keys on the card. If RSA is
> used then do pq... whatever but in the same order on each card. Also,
> cards should have the same endianness. This is crazy that people haven't
> learned their lessons on this one yet.
>
> This is just a few for now. I'll post more as my frustrations build up.
> Is there a forum for these kind of requests ?
>
> Let me know if you have any suggestions. I have about 1.5 months off
> right now as I take one class so I should have some free time.
>
> Hope all is well,
> Dave
>
> *************************************************************
> David Corcoran Internet Security/Smartcards
>
> Home: Purdue University
> 1008 Cherry Lane Department of Computer Science
> West Lafayette, IN 47906
> Home: (765) 463-0096
> Cell: (317) 514-4797
>
> http://www.linuxnet.com
>
> *************************************************************
>
> ***************************************************************
> Linux Smart Card Developers - M.U.S.C.L.E.
> (Movement for the Use of Smart Cards in a Linux Environment)
> http://www.linuxnet.com/smartcard/index.html
> ***************************************************************
>
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
