OpenCard and PC / SC - Two New Industry Initiatives for Smart Cards

With OpenCard and PC/SC, we see two new industry initiatives in the chip card world of today, which are currently developing into defacto standards and might eventually evolve to formal international standards. This document tries to give an overview of both initiatives and to explain their relationship and positioning to each other. About the Author Frank Seliger’s current responsibility is software architect in IBM’s Global Smart Card Solutions (GSCS) unit. IBM GSCS is an active member of both, the OpenCard and the PC/SC initiative. Frank Seliger is working on the architecture of the OpenCard Framework and has contributed to the PC/SC specification. Introduction “The nice thing about standards is that you have so many to chose from” Andrew Tanenbaum The smart card industry is currently in a transition from the gold rush atmosphere of a new technology towards a mature technology with more established products and processes. Increasingly we see industry initiatives for standardized protocols and solutions replacing the diversity and proliferation of isolated solutions. This trend makes it less of an adventure and thus more attractive to invest into solutions that use and exploit smart cards. A strong force for standardization and interoperability arises from the belief, that almost all new smart card solutions will have several applications on one card and several possible card types carrying one kind of application. This is commonly called "multi-application card" [Cart97]. The physical level and the lower layer protocol-levels have been governed by the formal ISO 7816 standard for several years now [ISO-97]. This standard leaves enough room for variation and interpretation that components from different manufacturers are often not compatible with one another although they conform to the ISO 7816 standard. The higher layers of programming, which an application programmer using a smart card is preferably dealing with, are barely regulated by ISO 7816. Besides ISO 7816 there are several specifications that emerged from specific application domains. Examples are EN 726 from the telecommunication domain [EN726], EMV’96 3.0 from the finance domain [EMV-96], EU/G7 WG7 from the health care domain [G7-97], just to mention a few. OpenCard and PC/SC, which we will look at more closely in the following, are both not business domain specific. The two initiatives have a different scope and focus. OpenCard as a specification is concerned with an object oriented framework located in the computer to which the smart card is attached. The reference implementation has been developed using the Java programming language and execution system and lends itself to be used for application development in Java. For regulation of the smart card itself, OpenCard relies on ISO 7816. Therefore, OpenCard can be used together with any smart card. PC/SC as a specification is focussing on the Personal Computer and the card terminal