The prerequisite for the worldwide penetration of smart cards into everyday life, such as their current use in Germany in the form of telephone cards, health insurance cards and bank cards, has been the creation of national and international standards. Due to the special significance of such standards, in this book we repeatedly refer to currently applicable standards and those that are in preparation. Why are standards so important for expanding the use of smart cards? A smart card is normally one component of a complex system. This means that the interfaces between the card and the rest of the system must be precisely specified and matched to teach other. Of course, this could be done for each system on a case-by-case basis, without regard to other systems. However, this would mean that a different type of smart card would be needed for each system. Users would thus have to carry a separate card for each application. In order to avoid this, an attempt has been made to generate application-independent standards that allow multifunctional cards to be developed.

Since the smart card is usually the only component of the system that the user holds in his or her hand, it is enormously important with regard to the recognition and acceptance of the entire system. Nonetheless, from a technical and organizational perspective, the smart card is usually only the tip of the iceberg, since complex systems (which are usually networked) are quite often hidden behind the card terminal, and it is these systems that make the services possible in the first place.

Let us take telephone cards as an example. In technical terms, they are fairly simple objects. By themselves, they are almost worthless, except perhaps as collector’s items. Their true function, which is to allow public telephones to be used without coins, can be realized only after umpteen thousand card phones have been installed throughout a region and connected to a network. The large investments required for this can only be justified if the long-term viability of the system is ensured by appropriate standards and specifications. Standards are also an indispensable prerequisite for multifunctional smart cards used for several applications, such as telephony, electronic purses, electronic tickets and so on.

What are standards
This question is not as trivial as it may appear at first glance, since the terms ‘standard’ and ‘specification’ are often used fairly indiscriminately. To make things clear, let us consider the ISO/IEC definition:

Standard: a document that is produced by consensus and adopted by a recognized organization, and which, for general and recurring applications, defines rules, guidelines or features for activities or their results, with the objective of achieving an optimum degree of regulation in a given context.
Note: standards should be based on the established results of science, technology and experience, and their objective should be the promotion of optimized benefits for society.
International standards should thus help make life easier and increase the reliability and usefulness of products and services. In order to avoid confusion, ISO/IEC have also defined the term ‘consensus’ as follows:

Consensus: general agreement, characterized by the absence of continuing objections to essential elements on the part of any significant portion of the interested parties, and achieved by a procedure that attempts to consider the views of all relevant parties and address all counterarguments.
Note: consensus does not necessarily mean unanimity.

Although unanimity is not required for consensus, the democratic process naturally takes time. This is in particular due to the fact that it is necessary to consider not only the views of the technical specialists, but also the views of all relevant parties, since the objective of a standard is the promotion of optimum benefits for the whole of society. Hence, the preparation of an ISO or CEN standard usually takes several years. A frequent consequence of the slowness of this process is that a small group of interested parties, such as commercial firms, generates its own specification (‘industry standard’) in order to hasten the development of new systems. This is particularly true in the field of information technology, which is characterized by especially fast development and correspondingly short innovation cycles. Although industry standards and specifications have the advantage that they can be developed significantly faster than ‘true’ standards, they carry the risk of ignoring the interests of the parties that are not involved in their development. For this reason, ISO attempts to create possibilities for retroactively incorporating significant publicly accessible specifications into international standards.

What does ISO/IEC mean?
The ISO/IEC standards are especially significant for smart cards, since they define the basic properties of smart cards. What lies behind the abbreviations ‘ISO’ and ‘IEC’? ‘ISO’ stands for the International Organization for Standardization, while ‘IEC’ stands for the International Electrotechnical Commission.

The International Organization for Standardization (ISO) is a worldwide association of around 100 national standards agencies, with one per country. ISO was founded in 1948 and
is a non-national organization. Its task is to promote the development of standards throughout the world, with the objective of simplifying the international exchange of goods and services and developing cooperation in the fields of science, technology and economy. The results of the activities of ISO are agreements that are published as ISO standards. Incidentally, ‘ISO’ is not an abbreviation (the abbreviation of the official name would of course be ‘IOS’). The name ‘ISO’ is derived from the Greek word isos, which means ‘equal’ or ‘the same’. The prefix iso-, derived from the Greek isos, is commonly used in the three official languages of ISO (English, French and Russian), as well as in many other languages.

As already noted, the members of ISO are the national standards bodies of the individual countries, and only one such body per country is allowed to be a member. The member
organizations have four basic tasks, as follows:
–to inform potentially interested parties in their own countries about relevant activities and possibilities of international standardization,
–to form national opinions on a democratic basis and represent these opinions in international negotiations,
–to set up a secretariat for ISO committees in which the country has a particular interest,
–to pay the country’s financial contribution in support of the central ISO organization.
The IEC is a standardization organization whose scope of activity covers the areas of electrical technology and electronics. The first card standards were published by the IEC.
After the introduction of smart cards, a difference of focus arose between the ISO and the IEC. In order to avoid duplication of effort, standards are developed in joint technical committees and published as ISO/IEC standards.

How is an ISO standard generated?
The need for a standard is usually reported to a national standards organization by an industrial sector. The national organization then proposes this to ISO as a new working theme. If the proposal is accepted by the responsible working group, which consists of technical experts from countries that are interested in the theme, the first thing that is done is to define the objective of the future standard.

After agreement has been reached with regard to the technical aspects to be considered in the standard, the detailed specifications of the standard are discussed and negotiated among the various countries. This is the second phase in the development of the standard. The objective of this phase is to arrive at a consensus of all participating countries, if possible. The outcome of this phase is a ‘Draft International Standard’ (DIS).

The final phase consists of a formal vote on the proposed standard. Acceptance of a standard requires the approval of two-thirds of the ISO members that actively participated in drafting the standard, as well as three-quarters of all members participating in the vote. Once the text has been accepted, it is published as an ISO standard.

To prevent standards from becoming outdated as the result of ongoing development, ISO rules state that standards should be reviewed, and if necessary revised, after an interval of at most five years.

Cooperation with the IEC and the CEN
ISO is not the only international standards organization. In order to avoid duplication of effort, ISO cooperates closely with the IEC (International Electrotechnical Commission). The areas of responsibility are defined as follows: the IEC covers the fields of electrical technology and electronics, while ISO covers all other fields. Combined working groups are formed to deal with themes of common interest, and these groups produce combined ISO/IEC standards. Most standards for smart cards belong to this category.

ISO and the European standardization committeeCEN(Comit′e Europ′een de Normalisation) also agree on rules for the development of standards that are recognized as both European and international standards. This leads to time and cost savings.

International standardization of smart cards
International standards for smart cards are developed under the auspices of ISO/IEC, and on the European level by the CEN. The major industrial countries are represented in all relevant committees, and they generally also maintain ‘mirror’ committees in the form of national working groups and voting committees. In Germany, this responsibility is borne by the DIN.
Figure 1.2 shows an overview of the structure of the relevant ISO and IEC working groups and the standards for which they are responsible.

Mifare DESFire 8K Pre-printed cards,Mifare DESFire EV1 8K Offset Printing Cards,

Figure 1.2 Overview and organization of the working groups for international smart card standards

As can be seen, there are two technical committees that are concerned with the standardization of smart cards. The first is ISO TC68/SC6, which is responsible for the standardization of cards used in the financial transaction area, while the second is ISO/IEC JTC1/SC17, which is responsible for general applications. This division has historical roots, since the first international applications were for identification cards used for financial transactions. The number of applications has naturally increased enormously since then, so the general standards, which are looked after by the SC17 committee, have taken on greater significance. The standards specifically related to financial transactions can thus be regarded as a subset of the general standards. Brief descriptions of the standards listed in Figure 1.2, including their current status, can be found in Chapter 16, ‘Appendix’.

Within CEN, the general subject of smart cards is dealt with by the TC224 committee (‘Machine-readable Cards, Related Device Interfaces and Procedures’). The activities of CEN
complement those of ISO. ISO standards are adopted as CEN standards where possible, which means they must be translated into the three official CEN languages (English, French and German). They may also be enlarged or reduced as necessary to comply with specific European conditions. TheCENworking groups also produce application-specific standards, whichwould not be possible as such within ISO.

An additional European standardization body, the European Telecommunications Standards Institute (ETSI), has made a significant contribution to the widespread international use of smart cards. ETSI is the standardization body of the European telecommunications companies and telecommunication industry. The GSM 11.11 family of standards specifies the interface between the smart card (referred to as the ‘subscriber identity module’ (SIM) in the GSM system) and the mobile telephone. This family of standards is based on the ISO/IEC standards.

With the international proliferation of GSM systems beyond the boundaries of Europe, the ETSI standards have become highly important for the smart card industry. After more than 20 years of standardization effort, the most important basic ISO standards for smart cards are now complete. They form the basis for further, application-specific standards,
which are currently being prepared by ISO and CEN. These standards are based on prior ISO standards in the 7810, 7811, 7812 and 7813 families, which define the properties of
identification cards in the ID-1 format. These standards include embossed cards and cards with magnetic stripes, which we all know in the form of credit cards.

Compatibility with these existing standards was a criterion from the very beginning in the development of standards for smart cards (which are called ‘integrated circuit(s) cards’, or ‘ICC’, in the ISO standards), in order to provide a smooth transition from embossed cards and magnetic-stripe cards to smart cards. Such a transition is possible because all functional components, such as embossing, magnetic stripes, contacts and interface components for contactless interfaces, can be integrated into a single card. Of course, a consequence of this is that the integrated circuits, which are sensitive electronic components, are exposed to high stresses during the embossing process and recurrent impact stresses when the embossed characters are printed onto paper. This makes heavy demands on the packaging of the integrated circuits and the manner in which they are embedded in the card.

A summary of the currently available standards, with brief descriptions of their contents, can be found in the Appendix. In the last few years, an increasing number of specifications have been prepared and published by industrial organizations and other non-public groups, with no attempt being made to incorporate them into the standardization activities of ISO. The argument most commonly offered for this manner of working is that the way ISO operates is too slow to keep pace with the short innovation cycles of the informatics and telecommunication industries. Since frequently only a few companies are involved in drafting these ‘industry standards’, there is a large risk that the interests of smaller companies, and especially the interests of the general public, will be ignored in the process. It is a major challenge to the future of ISO to devise a working method that can safeguard general interests without hampering the pace of innovation.