Heading - SmartCard Networking · Web viewInstallation and Troubleshooting of the NSCP Starter...

Bolton Pilot Specification

Report WP7 – 01cVersion 2.0March 2004

© Bolton Metropolitan Borough Council for the National Smart Card Project

document.doc 06/05/2023

1. Abstract

This section of the National Smart Card Project (NSCP) defines and pilots a Cross-Regional Local Authority Smart Card Scheme. Such a scheme includes use of the smart card for transport across the region (using ITSO Ticketing), use by applications (such as Library and Leisure Systems) that just utilise the smart card for identification and enrolment, and use by applications (such as School Systems) that require an electronic purse. The scheme uses the Card Management System produced as part of the NSCP Starter Pack.

This document defines the infrastructure and software produced and tested to support the pilot, including:

The definition of the Card Scheme The appearance, content and capabilities of the cards The infrastructure supplied in the Data Centre, Back Office and

Service points Requirements on the use and configuration of the NSCP Starter

Pack software Changes required to the enrolment Web site supplied by the

NSCP. Details of the software and documentation to be produced Details of the testing to be done Specifications of work required from suppliers: Smart Card

Solutions and Cornwall CC Specification of the enrolment process that will be supported for

the pilotOne of the outputs of the project is a portable version of the enrolment software that will be used at Service Points. This consists of the Cardholder database and the enrolment application and Web site installed on a notebook PC, with smart card readers, a scanner and a Webcam attached, and can be used for demonstrations.

-3-


Table of Contents

1. Abstract............................................................................................................22. Introduction.......................................................................................................5

2.1 Scope...............................................................................................................52.2 Terminology......................................................................................................52.3 Document Cross References...........................................................................52.4 Overview..........................................................................................................6

3. Scheme Definition............................................................................................73.1 Card Appearance.............................................................................................73.2 Card Services.................................................................................................113.3 Evidence Required.........................................................................................12

4. Card Specification..........................................................................................184.1 Card Contents................................................................................................184.2 CCDA Data.....................................................................................................184.3 Card Internal Layout.......................................................................................224.4 Interfaces Supported......................................................................................22

5. Enrolment Web Site.......................................................................................235.1 Home Pages...................................................................................................235.2 Information pages..........................................................................................255.3 Enrolment Form – Personal Details...............................................................265.4 Enrolment Form – Card Services...................................................................275.5 Enrolment Form - Marketing Information.......................................................285.6 Confirmation...................................................................................................285.7 Citizen Logon.................................................................................................285.8 Service Point User Logon..............................................................................295.9 Taking a Photograph......................................................................................305.10 Scanning a Signature.....................................................................................315.11 Checking Evidence........................................................................................325.12 Changing details before the application is complete......................................335.13 Searching for a user.......................................................................................345.14 Specifying the Issuer......................................................................................355.15 Completed Application Form..........................................................................365.16 Changing the card status...............................................................................375.17 Cascading Stylesheet....................................................................................375.18 Reports...........................................................................................................385.19 Other Enrolment changes..............................................................................39

6. Configuration of the Cardholder database.....................................................397. Print and Personalisation Application.............................................................40

7.1 P&P Components...........................................................................................417.2 Interim P&P process......................................................................................41

8. Infrastructure..................................................................................................428.1 Portable Enrolment Application......................................................................438.2 Pilot Infrastructure.........................................................................................448.3 Smart Card Enrolment Service Point Infrastructure.......................................478.4 Library and Leisure Centre Enrolment Infrastructure.....................................47

-4-


9. Applications supported...................................................................................489.1 ITSO...............................................................................................................489.2 Libraries..........................................................................................................499.3 Leisure Centres..............................................................................................49

10. Software and Documentation Deliverables....................................................5010.1 Software.........................................................................................................5010.2 Documentation...............................................................................................50

11. Testing............................................................................................................5112. Processes.......................................................................................................52

12.1 Definition of Enrolment Process.....................................................................5212.2 Post-Issuance Card Management..................................................................52

13. Third-party requirements................................................................................5313.1 Smart Card Solutions (SCS)..........................................................................5313.2 NSCP.............................................................................................................54

14. Appendix 1 – National Smart Card Project Glossary.....................................55

-5-


2. Introduction

2.1 ScopeThis document describes the creation of tested infrastructure to support a Bolton and Blackburn with Darwen Cross-Regional Local Authority smart card, and software to allow legacy applications to use the smart card for authentication, enrolment and proof of entitlements.

The actual running of the pilot is not covered. Interfacing with Oracle CRM is not included – the pilot infrastructure will be based on use of the NSCP Starter Pack enrolment software. Work on Oracle CRM is an independent project that is proceeding in parallel with developing the pilot. Take on of the final version of the NSCP Card Management software is not included in the deliverables described in this document. The software delivered for supporting the pilot is based on NSCP software obtained in January and February 2004, and, in particular, is based on an interim version of the Print & Personalisation software. Because of this the P&P system is manual and time-consuming to run.

2.2 TerminologyLA Local AuthorityCMS Card Management SystemPKI Public Key InfrastructureCCDA Common Cardholder Data ApplicationPC/SC Standard for PC access to ISO 7816 Standard Smart CardsSCS Scart Card SolutionsUSB Universal Serial BusITSO Integrated Transport Smart Card OrganisationAID Application IdentifierT=0 Character mode ISO 7786-4 interfaceT=CL Contactless ISO 7786-4 interfaceSTR Stored Travel RightsGMPTE Grater Manchester Passenger Transport ExecutiveSAM Security Access ModuleISAM ITSO Security Access ModuleIPE ITSO ProductISA ITSO Shell AccountIPA ITSO Product AccountP&P Print and Personalisation

2.3 Document Cross References[1] WP7 National Smart Card Project Work Package Seven Definition[2] WP9 National Smart Card Project Work Package Nine Definition[3] Bolton MBC: Design and Architecture for a LA Smart Card Scheme[4] Bolton MBC: Smart Card CRM Integration[5] Bolton MBC: Smart Card API for Legacy Integration[6] Work Package 7 – Sub Project: Cross Boundary Smart Card Pilot[7] National Smart Card Project: Smart Card Enrolment & Application

Processing[8] ITSO Early Adopters Pre ISMS Security Arrangements[9] National Smart Card Starter Pack 1.0: Overview

-6-


[10] National Smart Card Starter Pack 1.0: Card Data Displayer[11] National Smart Card Starter Pack 1.0: Journal application[12] National Smart Card Starter Pack 1.0: Citizen Enrolment[13] National Smart Card Starter Pack 1.0: Cardholder Database[14] National Smart Card Starter Pack 1.0: System Requirements[15] ITSO Specification version 2.1 (parts 1 – 10)[16] National Smart Card Project: Smart Card Personalisation and Issuance[17] BMBC Smart Card Pilot: Change Request BMC033[18] National Smart Card Starter Pack 1.0: Smart Card Production

Requirements[19] SCS Quotation: Personalisation Software for Bolton Smart Card Project[20] SCS: National Smart Card Project: ITSO Applet[21] National Smart Card Project: National Smart Card Strategy[22] SCS: National Smart Card Project: New Starters – File and Data

Structures[22] SCS: National Project CCDA Specification[23] SCS: National Project: ISO File Handler Design[24] HMG’s minimum requirements for the verification of the identity of

Individuals

2.4 OverviewThe pilot is intended to demonstrate the use of a Cross Regional LA smart card for:

Bus journeys across the region using the ITSO Ticketing standard Use of the smart card for authentication and enrolment in Libraries

and Leisure Systems in more than one LA area.

The timescales of the pilot are not yet fixed and are dependent on when the Bus companies involved - Lancashire United (owned by Blazefield) and their ticketing equipment supplier (Wayfarer), are ready to start. This in turn is dependent on the progress of the NoWcard ITSO pilot. There is also a dependency on GMPTE supporting use of travel concessions on the card for Bolton residents. However, the ITSO POST and ITSO HOPS components and hence support for ITSO is not available as at the time of writing – see section 7.1.

At the time of writing, the target date for starting the pilot is the second half of June 2004.The pilot uses JCOP30 cards supplied by Cornwall CC. These have only 16kb of EEPROM and fitting the required data in the available memory space is a challenge and has led to some compromises in how much data that can be written to the card. In particular there are compromises in the length of data field labels and what data can potentially be PIN protected – see section 4.1.

-7-


3. Scheme DefinitionThe pilot supports two schemes: one for Bolton and one for Blackburn with Darwen.

3.1 Card Appearance

3.1.1 Card FrontThe personalised aspects of the card front are shown in the diagram below - they are the same for both Bolton and Blackburn. The photograph will have rounded edges. The card number will be in the OCR-A font. The citizen name will be in Arial font

The Bolton card looks like:

and the Blackburn with Darwen one:

-8-


3.1.2 Card BackThe reverse of the Bolton Card is as follows::

The Blackburn equivalent will have Blackburn names, numbers, address and Web site, but will otherwise look the same.

3.1.3 Scheme LogosThere will be no scheme logo, other than the issuer logos and the ITSO Logo.

-9-

Bolton 123 Card Helpdesk – 01024 3341231. For use by person named on the card only2. This card is not a cheque guarantee or credit card3. This card remains the property of Bolton Metro4. Refer to issuer for terms and conditions of use5. If found, please return to:

Bolton 123 Card, Freepost PO Box 123, BL1 1XB

Lost / Stolen Cards 01204 334123

www.bolton.gov.uk/123card

Bolton Metro, ITSO & local e-gov logos here


3.1.4 Issuer Logos

Bolton

Blackburn

Local e-gov

3.1.5 Scheme Details

Bolton

Property Value

Scheme Name Bolton 123Scheme Details Access Bolton (not used)Scheme Footer Text Bolton 123 Card - Be Smart!

Issuer Name Bolton BMBCIssuer IIN 633689Issuer Message Call 01204 334123 for Info

Support Contact Name: Gary Bleads Telephone number: 0870 325 2-85 Email address [email protected] Address Fujitsu, Wenlock Way, West Gorton,

Manchester, M12 5DR

Notes Fujitsu support contact

-10-


General Contact Name: Janet Collinge Telephone number: 01204 334123 Email address [email protected] Address Bolton 123 Card, Freepost PO Box 123, BL1

1XB Notes

Photograph Required?

Yes

Signature Required? Yes

Blackburn

Property Value

Scheme Name BeezScheme Details Blackburn with Darwen Borough Council beez

card (not used)Scheme Footer Text .. be active for life ..

Issuer Name Blackburn with DarwenIssuer IIN 633691

Issuer Message Call 01204 334123 for Info

Support Contact Name: Gary Bleads Telephone number: 0870 325 2-85 Email address [email protected] Address Fujitsu, Wenlock Way, West Gorton,

Manchester, M12 5DR

Notes Fujitsu support contact

General Contact Name: Diane Miller Telephone number: 01254 587249 Email address [email protected] Address Beez card office, 3rd Floor, Blackburn Library,

Town Hall Street, Blackburn, BB2 1AH Notes

-11-


Photograph Required?

Yes

Signature Required? Yes

3.2 Card Services

3.2.1 AuthenticationUsing the card for authentication will be mandatory, but as this cannot be enforced by the NSCP software, it will need to be done by a business process.The only authentication level available for the pilot will be level 1.The evidence accepted for this follows reference [24] and is shown in section 3.3. It is a combined list of the accepted evidence for Identity, Active in the community or third-party collaboration.The date of the evidence is checked and if that evidence has an expiry date, this is also captured and stored on the card.

3.2.2 Eligibility A standard eligibility model is defined for using the smart card as proof of eligibility in any LA smart card-enabled application. (At least TALIS and FLEX, and possibly GLADSTONE MRM and GALAXY, for the pilot).The intention is that that the card can be used during enrolment both to fill in the citizen details and to prove eligibility for concessions. The mapping of eligibility data onto concessions will be different for different applications: a Leisure card for example may have 3 or 4 levels of concession, each requiring different combinations of the eligibility data.Where eligibility has an expiry date, the date is also captured. For the pilot these will all be set to a fixed date (currently 31/7/2005).The categories of eligibility supported for the pilot are:

Student: Y/N and expiry dateProof of age: Y/NProof of Unemployment: Y/N and expiry dateProof of reduced mobility: Levels 1 and 2 and expiry dateProof of special needs: Levels 1 and 2Proof of income level: Levels 1 and 2, and expiry dateThe corresponding proof for the different levels is shown in section 3.3. Each level has its own evidence category.

3.2.3 Travel ConcessionTravel concessions are different for Bolton and Blackburn.Both have an “over 3 miles to school” free pass, proved by authorisation from the LEA.Bolton has a disability free pass with an evidence category of several special needs categories.Bolton has a half price with maximum 40p concession and Blackburn has a half-price travel concession. Bolton’s is for disability (lesser disabilities than the free pass), students, under 16, and senior citizens. Blackburn’s is for disability (different evidence list to Bolton), under 16 and senior citizen.However, for the pilot only the age-related concessions (under 16 and senior citizen) will be available, for both Bolton and Blackburn.

-12-


3.3 Evidence RequiredThe following lists show the evidence required for each “Application”, i.e. for each level of each card service. The authentication evidence follows the recommendations in [24].

Application: Address VerificationEvidence Type : Proof of Address (Active in the community)

Bank / Building Society Statement or passbook

Benefits Book or original B.A. Notification Letter

Confirmed by Electoral Register Search

Court Order

Current Full UK Driving Licence (Old Version)

Current UK Driving Licence (Photo Card Type)

Local Authority Tax Bill

Local Council Rent Card or Tenancy Agreement

Recent Original Mortgage Statement

Recent Utility Bill or Certificate

Record of Home Visit

Application: Authentication Level 1Evidence Type : Authentication - Level 1

3rd Party Corroboration

Adoption Certificate

-13-




Birth Certificate

Building Industry Sub-contractor's Certificate

Certificate of Employment in HM forces


Court Order

Current Firearms Certificate


Current Signed Passport


Divorce or Annulment PapersGV3 form for people who wish to travel in the UK

Home Office Letter IS KOS EX or KOS EX2



Marriage Certificate

Police Registration Document

Recent Inland Revenue Tax Notification




Residence Permit issued by Home Office

Application: Income Level 1Evidence Type : Proof of Income - Level 1

Children's Tax Credit Award Letter + NHS tax credit exemption certificate

Current Notification of Council Tax Benefit

Current Notification of Housing Benefit

Working Tax Credit Award Letter + NHS tax credit exemption certificate

-14-


Application: Income Level 2Evidence Type : Proof of Income - Level 2

Award Letter for Guaranteed Pension Credit

Award Letter for Income Support + bank statement (highlighted)

Award Letter for JSA (Income Based) ES40

Application: Mobility Level 1Evidence Type : Proof of Mobility - Level 1

Disability Living Allowance - Book

Disability Living Allowance Letter + bank statement (highlighted)

Application: Mobility Level 2Evidence Type : Proof of Mobility - Level 2

Disability Living Allowance (Higher rate mobility) - Book

Disability Living Allowance Letter (Higher rate mobility) + bank statement (highlighted)

Incapacity Benefit - Book

Incapacity Benefit Letter + bank statement (highlighted)

Severe Disablement Allowance - Book

Severe Disablement Allowance Letter + bank statement (highlighted)

Application: Proof Of AgeEvidence Type : Proof Of Age

Benefit Book - Retirement

Birth Certificate


-15-


Current Signed PassportCurrent UK Driving Licence (Photo Card Type)

National Blood Transfusion Service Card

NH Medical Card

Old Age Pension Book

Optical or Medical Prescription

Application: Senior Citizen Bus ConcessionEvidence Type : Proof of Address (Active in the community)




Court Order








Evidence Type : Proof Of Age


Birth Certificate




-16-



NH Medical Card



Application: Special Needs Level 1Evidence Type : Proof of Special Needs - Level 1

Learning Disabilities (Letter from GP, LA or LEA)

No Natural Speech (Letter from GP, LA or LEA)

Partially Sighted (Letter from GP, LA or LEA)

Profoundly or Severely Deaf (Letter from GP etc)

Application: Special Needs Level 2Evidence Type : Proof of Special Needs - Level 2

Authorisation Letter/Medical Assessment on Mobility

Letter from Blesma

Registered Blind

Registered Deaf with no Speech

Application: Student VerificationEvidence Type : Student Identification

Stamped Letter from place of Education

Student Union Card

Application: Under 16 Concession

-17-


Evidence Type : Proof of Address (Active in the community)




Court Order








Evidence Type : Proof Of Age


Birth Certificate





NH Medical Card



Application: UnemploymentEvidence Type : Proof Of Unemployment

Job Seekers Allowance (Contribution Based) ES40

-18-


4. Card Specification

4.1 Card ContentsThe cards will include the following Java applets:

Common Cardholder Data Application (CCDA) ISO 7816-4 File Handling Application ITSO Application

The applets and data must fit into 16kb.The full detail including tags and AIDs will be defined by SCS in the latest version of [22].

4.2 CCDA DataThey will include the following personal data:

Card Number (Card Holder ID and Issue number) Name

- Title- Forename- Initials- Surname- Name (requested name)

Address in LLPG-compatible format- House Name/Number (PAON)- Flat or sub-dwelling (PAON)- Street Name (Street Descriptor)- Post Town (Town/Post Town)- County (Administrative Area)- Post Code- Address Valid flag

Personal Details

-19-


- Dob- Gender- Ethnic Origin

Contact details- Email- Home Phone- Mobile Phone- Work Phone and extension number

Resident in Local area flag

The mapping on this data on to the card is given in the following table:

Tag Max.Length

File Id.

Label Length

Data Field Label Data Format

DF23 8 C001 11 Card Number BCDDF31 35 C001 5 Title ASCIIDF32 35 C001 8 Forename ASCIIDF53 13 C001 8 Initials ASCIIDF33 35 C001 7 Surname ASCII5F2B 4 C001 3 DOB DATEDF56 50 DF56 5 House

Number/NameASCII

DF57 8 DF57 8 Postcode ASCIIDF39 8 DF39 8 Home Tel BCDDF59 8 DF59 8 Work Tel BCDDF3A 8 DF3A 6 Mobile BCDDF3C 50 DF3

C 5 Email ASCII

5F20 70 C001 4 Name ASCIIDF64 12 C001 9 Authority ASCII5F35 1 C001 6 Gender BCDDF6B 1 DF6B 9 Ethnicity BCDDF5B 1 C001 8 Resident ASCIIDF66 25 DF66 12 Sub-dwelling ASCIIDF67 50 DF67 11 Street Name ASCIIDF68 35 DF68 8 Locality ASCIIDF69 20 DF69 9 Post Town ASCIIDF6A 20 DF6A 6 County ASCIIDF6B 1 DF6B 13 Address Valid ASCII

-20-


4.2.1 Trust DataAuthentication and Eligibility data (together referred to as Trust Data) is held in a separate service on the card:

Authentication Information- Trust Level- Verified Date- Expiry date (Review required date)

Entitlement Information- Mobility Level and expiry date- Income Level and expiry date- Special Needs Level- Age verified flag- Address verified flag- Student flag and expiry date- Unemployed Flag and expiry date

Issuer Information- Local Authority Name

Note that user and user PIN capability will be available for protecting data fields, but by default, this will be switched off. An application PIN is also being defined that can be used by the API used by legacy applications as an alternative to the user PIN to read PIN-protected data, but again, by default, this will be switched off.

-21-


The mapping on this data on to the card is given in the following table:

Tag Max.Length

File Id.

Label Length

Data Field Label

Data Format

DF01

1 C001 10 Auth Level BCD

DF02

4 C001 13 Verified date DATE

DF03

4 C001 11 Expiry date DATE

DF04

1 C001 12 Age Verified ASCII

DF05

1 C001 7 Student ASCII

DF06

4 C001 16 Student Exp Date

DATE

DF07

1 C001 18 Special Needs Code

BCD

DF08

1 C001 10 Mobil Code BCD

DF09

4 C001 14 Mobil Exp Date DATE

DF0A

1 DF0A 5 Unemp ASCII

DF0B

4 DF0B 14 Unemp Exp Date

DATE

DF0C

1 DF0C

14 Inc Level Code BCD

DF0D

4 DF0D

18 Inc Level Exp Date

DATE

DF0E

1 C001 16 Address Verified ASCII

-22-


4.2.2 ITSO Data

The cards will include the following ITSO data: An ITSO Shell An Stored Travel Rights (STR) IPE A GMPTE Concessionary entitlement IPE (optional) – Bolton Cards

only A NoWcard Concessionary Entitlement IPE (optional) – Blackburn

Cards only

4.3 Card Internal LayoutThe internal layout of the card will be fully specified in the latest version of [22].

4.4 Interfaces Supported

IS0 7816-4 CommandsT=0,T=CL interfaces will be supported, but not T=1.The exact commands that are supported are specified in the SCS specification documents, [20], [22] and [23].

Contactless - ISO 14443 Type AThere are two variants of ISO 14443L Type A and Type B. Type A is licensed from Philips and is the type that MiFare uses. Type A is supported, but Type B is not.MiFare is supported but not currently proposed to be used for Bolton or Blackburn pilots. The same slot is used as the other NSCP new starters (Suffolk and Chester), which means that the card number is available in slot 13, block 0. The T=CL (ISO 14443-4) interface is supported and used for ITSO.

-23-


5. Enrolment Web Site

The NSCP provides a Web Site as part of the Starter Pack software – see [9].The Web site has been tailored for Bolton’s and Blackburn’s requirements – see sections below.

5.1 Home PagesThe Web site home page gets the header, card front, scheme name and scheme information message from the card schemes that have been defined for Bolton and for Blackburn. All Web pages use stylesheets for the selected scheme – see section 5.17.The scheme number is specified in the global.asa file for the Web site.

5.1.1 Bolton Home Page

-24-


5.1.2 Blackburn Home Page

-25-


5.2 Information pages

The various information pages: Uses, Future Plans, Data Protection, Privacy Statement , FAQ, New and Contact need to be defined. The contact details on the contacts page are configured in the cardholder database, and are as defined in section 3.1.5.

It is not strictly necessary for these pages to be defined for the pilot as enrolment will be done by trained council staff at a small number of service points, but it would be helpful to these users if it is supplied. The text has not so far been made available by Bolton or Blackburn.

-26-


5.3 Enrolment Form – Personal DetailsThe personal details have been modified by changing the fields defined in the cardholder database. Changes to the application code were necessary to change the fundamental customer data.

Changes include making the address LLPG-compliant, changing the negative privacy statement to a positive third-party usage opt-in and adding a password clue. There are other minor changes – see [22] for differences in data put on the card to the other early adopter schemes.

Note that the Chester version of the Web site does not use Postcode software. The Bolton scheme will similarly not use Postcode software for address lookup. The Bolton CRM integrated versions will use the Bolton LLPG.

-27-


5.4 Enrolment Form – Card ServicesCard Services have configured by defining the applications associated with the card scheme in the cardholder database. The configuration for the pilot is shown.

-28-


5.5 Enrolment Form - Marketing InformationMarketing information required changes to the code of the Web page. The data is held in XML format in the database. The configuration for Bolton is shown. The Blackburn version is similar but asks about membership of Bolton libraries and leisure centres.

5.6 ConfirmationThe confirmation screen did not require changing. This screen will not be used for citizen registrations during the pilot, as these will be done by a logged on Service Point user. See section 5.12 below for the end of the complete enrolment process.

5.7 Citizen LogonCitizen Logon will not be provided as Bolton are not supplying a public website. Logon by Service point users (who will use this Web site) will be done using the Journal application.

-29-


5.8 Service Point User LogonThe Service point user can Logon to the application using their card number and password. In this version of the software Service Point users will need to go through the enrolment process, and then be manually configured in the database to give them their required roles. This version of the software does not support logon using a smart card.

-30-


5.9 Taking a PhotographNo changes to photograph taking were required. The software has been tested with a Logitech Quickcam 4000 Pro camera.

-31-


5.10 Scanning a SignatureNo changes to signature scanning were required. The software has been tested with an HP Scanjet 4600 scanner.

There is a requirement by Bolton to scan in the whole application form, not just the signature. This change has not been made as part of this development.

-32-


5.11 Checking EvidenceThe screens for evidence checking are configured by linking proof types to card services in the cardholder database, so changes were required to these Web pages. An example evidence screen is shown below, but the full mapping of evidence types to applications is given in section 3.3. The NSCP software would need changing to do evidence in the optimal way for the Bolton requirement.

There is a requirement to scan in documents supplied as authentication evidence – this is required by the Level 1 Authentication process.. Currently there is no way to store them in the database, but the mechanism for storing signatures and photographs could easily be extended to cover this. This change has not been made as part of this development. Scanning in evidence for all the eligibility applications would also be possible, but is not thought necessary.

Note that there is currently a problem that a piece of evidence must be selected for each application even if a suitable piece has been selected for a previous application. Also, if the same piece is specified twice, it is shown twice in the list of supplied evidence for each category that it applies to (on the Journal screen – see section 5.12).

-33-


5.12 Changing details before the application is completeAs with the application form, this is configurable by the database, so no changes to the Web page were necessary. Note that there is currently a problem that when an item is changed, the old value is not shown.

-34-


5.13 Searching for a userThis screen is used to find an existing citizen entry when completing or modifying an application. No changes were required to it.

There is a requirement for the Bolton card management team to be able to review applications that have been completed. The card management team rather than the service point agent will mark the applications as complete and ready for print and personalisation. To support this function a new menu item is required that lists all the outstanding completed applications in the same format as search results. This change has not been done as part of this development.

-35-


5.14 Specifying the IssuerFor the Cornish Key card, sub-organisations such as the Fire Brigade could issue cards, so there was a need to specify the Issuer. As Bolton and Blackburn will have separate enrolment applications, with separate Web sites, the screen is unnecessary for these schemes. This could be removed if required – currently the single possible value must be selected from the drop-down list. The issuer is specified at the bottom of the evidence-checking screen – as shown below.

-36-


5.15 Completed Application FormThis screen required a small change for the size and position of the photograph.

-37-


5.16 Changing the card statusOnce an application is complete, the smart card history is shown on the journal screen, and the card status can be changed. The set of possible status values has been reduced to an agreed set as shown:

5.17 Cascading StylesheetA .CSS file has been produced that defines the fonts and colour scheme for the Bolton Web site. It is based on the Access Bolton Web site. The screenshots in this section are based on the current version for Bolton. The Blackburn styles are shown on the home page – see section 5.1.1.

-38-


5.18 ReportsSome simple bar-chart reports have been added to support reporting on the user population that have enrolled during the pilot. The list of reports and an example are shown below:

-39-


5.19 Other Enrolment changesFujitsu have made the following other changes to the enrolment web site, based on the Beta version of software from the NSCP:

Minor code changes needed to support Bolton and Blackburn Web site styles and images

Removed sending emails to Cornwall Added extra tracing Improved error handling to aid debugging Changed text box sizes to match the size of data items Modified SQL stored procedures and web pages to support the

changes in personal details – see section 5.3

6. Configuration of the Cardholder databaseSee [9] for how the cardholder database fits into the architecture of the solution, and [13] for a definition of the cardholder database.

-40-


The following data has been added to the Cardholder database and where necessary, the Web site changed, to support the pilot:

1. Creation of citizen records for administrators and other roles, and creation of CitizenRole entries to link them to role records. Further administrator or proof-checker users can be added by going through the registration processes and then manually adding CitizenRole entries to the database.

2. Creation of CardScheme records for Bolton and Blackburn.3. Creation of an Issuer record and Contact records linked to the

scheme.4. Creation of Application, AppCat, AccCatProofType, Field, FieldProof,

AppField entries for Bolton and Blackburn Card Services.5. Creation of ProofKindType, ProofType and Proof records for the

scheme.6. Modifications to Field records to change the fixed customer details

fields.7. Modification to the marketing screen and data.

7. Print and Personalisation Application

-41-


7.1 P&P ComponentsAn interim Print and Personalisation application has been developed to support the pilot, as the production P&P software was not available from the NSCP in the required timescales. The interim solution requires software from Smart Card Solutions and from the NSCP. It also needs an ISAM for the scheme to be available.The following diagram from SCS, shows the components involved.

Because of a more stringent requirement for certification by ITSO for the pilot than expected and the unavailability of an ITSO POST integrated with the SCS personalisation software, ITSO personalisation is not yet available.SCS are now expecting to produce a certified ITSO POST for a third-party, and a tentative decision has been made for Bolton to purchase this. There are alternatives such as the ESP Systex ITSO POST, but this will need to be integrated with the NSCP personalisation software. The POST needs to be integrated with the NoWcard and GMPTE HOPS.

The involvement of GMPTE in the pilot has also not been clear. The current position is that Bolton will register for an ITSO OID and be the shell owner and the owner of a concessionary travel IPE, on behalf of GMPTE. This requires the development of simple HOPS functionality integrated with the CMS. This will be the subject of a separate proposal.

For these reasons the P&P solution delivered by this development does not include writing an ITSO Shell, ITSO STR IPE, or concessionary IPE. It does, however, include writing the ITSO applet to the card.7.2 Interim P&P processFujitsu have developed a variant of the “demonstration” solution that the NSCP used for the Suffolk scheme.

-42-


This consists of the following steps, using a variant of the GUI control program developed by The NSCP :

1. Place the scheme SAM into the SAM reader2. Select the record to print and personalise from a drop-down list of

completed applications.3. Click a button to move a blank card to the contactless encoder and

MiFare encode the card4. Move the card to the other contact card reader, and to load the

scheme data and personalise a card5. Move the card from the contact interface to the card input on the card

printer6. Click a button to print the card7. Restart the process...

Fujitsu have undertaken the following developments to support this:

Modified the scheme load to use cap files and scripts provided by SCS.

Adding code to directly access the data from the cardholder database rather than using an Access database. (The Access database is still used for some configuration information).

Modified the code that personalises the card front and back to support the Bolton and Blackburn layouts

Developed a new DLL and associated API for moving the card to the encoders, for the RTP 101 printer, as this, and not the Fargo HDP 820 printer as used at Cornwall, is being used by Bolton.

Supported preview of the card being produced Supported images with rounded corners, as requested by Bolton

marketing. Simplified and partially automated the process.

Note that this whole print and personalisation process takes about 5 minutes per card.To be usable the P&P process should either be replaced by the production version from the NSCP, with the changes for the RTP 101 printer, etc., incorporated, or some changes to the interim P&P software will need to be made.At minimum these changes need to be:

Support of an automated process using the internal contact encoder. (Suitable drivers for the Cream 130 encoder supplied are not available at the time of writing).

Support of a simple batch process that allows separate batches to be printed for Bolton or Blackburn

Printing of welcome letters with mail-merge of appropriate dataThese changes have not been made as part of this development.

8. Infrastructure

-43-


8.1 Portable Enrolment ApplicationA portable enrolment application has been produced to allow demonstration of the prototype functionality and support of the pilot definition process. This runs on a laptop running Windows 2000 (or later) and SQL Server 2000 and consists of:

The Cardholder database, configured for the Bolton and Blackburn schemes

The Visual Basic Enrolment Application A Microsoft ASP technology Web site tailored for Bolton’s and

Blackburn’s requirements (see section 5)

The workstation requires the following peripherals:

A PC/SC USB smart card reader (e.g. the Cornish Key Orga Cardmouse smart card Readers)

An HP Scanjet scanner (e.g. Scanjet 4600) A Logitech 4000 Pro Webcam A 4-way compact USB hub

Setting up this application involved:

Installation and Troubleshooting of the NSCP Starter Pack software

Configuring the cardholder database – see section 6. Production of Card Scheme images etc. – these will be provided

by Bolton and Blackburn Web site tailoring (see section 5 above) Purchasing and installing the scanner and Webcam Installing the smart card readers – to be supplied by Bolton Prototyping the enrolment process

This portable enrolment application has been set up on a Fujitsu-owned laptop, but can be made available to Bolton and Blackburn for demonstration to the scheme’s stakeholders.

-44-


8.2 Pilot InfrastructureThe actual running of the pilot is not covered by this document, which is only concerned with creating and testing the infrastructure to allow such a pilot to be run.To run the pilot a Data Centre Server will be required, together with infrastructure for Card Management, Print and Personalisation, smart card Enrolment, and Library and Leisure Centre enrolment and identification.

8.2.1 Data Centre ServerThe Data Centre server runs a single database with schemes for Bolton and for Blackburn, and separate Web sites for Bolton and for Blackburn.

8.2.2 Web ServersThe NSCP System Requirements document ([14]) specifies a separate Web Server box. However, as the use of the Starter Pack Web site is only a temporary solution for Bolton, and will be replaced by Oracle CRM and the Oracle Portal in the long run, it is proposed to run the Web sites for Blackburn and for Bolton on the database server.[14] also specifies the use of firewalls and demilitarised zones. As the pilot Web site is not available on the Internet, these will not be used. The Web sites will therefore be hosted on the Database Server machine.Service points using the enrolment application (for both Bolton and Blackburn) need to be on the Bolton Intranet. They require http access to the Database Server machine.

8.2.3 Database ServerThe server holds Bolton and Blackburn cardholder data.

The basic requirement for the combined database and Web server is:

2 x 2 GHz CPUs 2Gb memory RAID option for RAID 5 5 x 36GB Disks a tape Drive for database backup.

A Dell Server has been chosen with the following spec:

-45-


System Qty Description Qty

-46-


1 PowerEdge 2650 - AC -Xeon 3.06GHz/512k, 533FSB, Integrated Floppy (AC Powersupply only)English - Support technical sheet, getting started docs, CD, NO Power Cord

1

Bezel Assembly 1ECC DDR Memory, (2X1GB) 1Additional Xeon 3.06GHz/512k, 533FSB cache processor

1

36GB SCSI UItra32O (10,000rpm) 1in 80 pin Hard Drive

5

1 x 5 Hard Disk Drive Hot Plug Backplane (5x1 inch HDDs)

1

PERC 3/DI dual Channel onboard RAID card enabled with 128MB Cache

1

24X IDE CD-ROM Drive 1AC Redundant power option (2 power supplies) 1No Operating System 1OpenManage Server Software - must NOT be ordered with PS Web 2000 Server Solution

1

Upg to Silver 3Y (24x7) Premier Enterprise Support

1

Base warranty 11Y NBD (Next Business Day) 1DELL 4 Post Rack Mount parts, all parts to install a PE2650 into a DELL Rack

1

C04 MR5, RAID 5 using on-board controller 1

1 PV114T Sng Rack Base LTO1, 2U, inc cleaning CartridgeEuropean – Documentation with PDU Cord 1Adaptec SCSI 39160 Controller Card with 4m VHDCI-68 pin cable

1

Upg to Silver 3Y (24x7) Premier Enterprise Support

1

Base warranty 11Y NBD (Next Business Day) 1DELL 4 Post Rack Mount parts, all parts to fit a PV114T into a DELL Rack

1

1 42U Rack 4210 Base with doors, side panels, ground ship packing, Service Tag docUpg to Bronze 3Y NBD Premier Enterprise Support

1

Base warranty 11Y NBD (Next Business Day) 1

1 1U LCD with Rapid Rails (KIT)

1 UK/Irish (QWERTY) – Trackball Keyboard (Kit)

-47-


8.2.4 Card Management Team InfrastructureThe Card management infrastructure supports the Card Management team in checking enrolment and providing help desk functionality. This just requires a subset of the enrolment screens to be available from the enrolment Web site – see section 5.The screens used for Card Management functions include those in section 5.8 (Logon), 5.12 (Journal), 5.13 (Searching for a user, and a new variant to list completed applications, when developed), 5.16 (changing card status).

8.2.5 Card Management WorkstationsFor each help desk operator or administrator, a workstation with the following specification is required

At least 256Mb RAM, 1 disk and CD-ROM drive. 1 X PC/SC USB

Print & Personalisation InfrastructureThe P&P infrastructure supports the fulfilment team in producing and mailing out cards.

8.2.6 Card Printer WorkstationsFor each card printer, a dedicated workstation with the following specification is required:

At least 512Mb RAM, 1 disk and CD-ROM drive. 2 Serial connections (or USB to Serial converters) 3 USB connectors (2 for SAMs, and 1 for the USB to SCSI

connector to the printer). 2 X PC/SC USB smart card readers These are needed for the

security modules (Scheme SAM and ITSO ISAM). The PC needs to be physically co-located with the printers as the

connectors to the encoders are short

A dedicated laser printer with suitable stationery loaded is also needed when P&P is active. A change to the P&P software is possible that batches laser printing and avoids the need for a dedicated laser printer.

8.2.7 Card PrintersThe NSCP Card Production requirements document – [18] – specifies:

Smart Card Printer (Fargo HDP 820) fitted with the following options:

Gem EasyLink 680SP contactless encoder SmartMouse SM1 contact interface. PC/SC Smart Card Reader

However, a more recent printer from ESP Systex, the RTP101, which has an ITSO-compliant POST available for it, and requires much less maintenance has been chosen,.

-48-


2 card printers are required to run the pilot, so that card production can continue if one printer requires maintenance.

The RTP 101 printer uses a Cream 130 PnP PC/SC compatible contact encoder instead of the SmartMouse encoder.

The ITSO-compliant encoder from ESP Systex is not being used for the pilot but is an option for the future.

8.3 Smart Card Enrolment Service Point Infrastructure To run the pilot, enrolment including taking of a photograph, scanning the signature, and checking evidence will take place at a Service point, such as a library, leisure centre, or a town-hall location such as the Leisure shop or the One-Stop-Shop.The Service Point (even for Blackburn) will need to be on Bolton’s intranet, and have fast network access to the Back Office Environment, where the cardholder database will be resident.The software and hardware is the same as the portable enrolment system described above, except that the cardholder database and the enrolment Web site will be hosted in the Bolton Data Centre.

8.3.1 Service Point Hardware SpecificationPCs with the following spec are needed in each Library/Leisure Centre/Leisure shop/One-Stop-Shop, etc. where smart card enrolment is done:

At least 256Mb RAM, 1 disk and CD-ROM drive. 3 USB connectors 1 x Logitech QuickCam 4000 Pro Web Cam 1 x HP Scanjet 4600 Scanner 1 x PC/SC USB smart card reader (e.g. Orga Cardmouse).

A printer also needs to be available for printing application form for signing.

8.4 Library and Leisure Centre Enrolment InfrastructureLibraries and Leisure Centres that support enrolment or identification using smart cards will need a PC with a smart card reader. These access points may or may not be the same as the service point where enrolment takes place. Where they are, the same PC can potentially be used for smart card enrolment and Library or Leisure Centre enrolment.The PC needs at least the following spec:

At least 256Mb RAM, 3 x USB, 1 disk and CD-ROM drive. 1 USB connector 1 x PC/SC USB smart card reader (e.g. Orga Cardmouse).

9. Applications supported

The applications to be supported that have the highest priority are:

-49-


ITSO Ticketing (www.itso.org.uk ) TALIS Library System (www.talis.com ) Leisure Systems for Bolton (www.leisureflex.com ) managed by Serco

(www.serco.com)

Applications that will optionally be supported if available by the time the pilot starts are: Galaxy Library System (www.ds.co.uk ) Leisure Systems for Blackburn (Gladstone www.ge-mrm.com)

9.1 ITSOThe pilot is expected to cover:

Bus companies: Lancashire United (part of Blazefield) and possibly Blue Bus

Bus route: 225 Clitheroe Blackburn Bolton.ISAMs with the necessary keys for the Bolton and Blackburn schemes will be used in the personalisation process.The personalisation process will put the following on the card for all citizens:

An ITSO Shell An ITSO Stored Travel Rights (STR) IPE

For a Blackburn citizen entitled to age related concessionary fares, a NowCard entitlement IPE will be written to the card. This will be an ISO type 16 IPE that defines the citizen’s ID and concession.

For Bolton citizens entitled to age related concessionary fares, a GMPTE entitlement IPE will be written to the card. This will be an ISO type 16 IPE that defines the citizen’s ID and concession.

ITSO Shell Account (ISA) and ITSO Product Account (IPA) records will be written to the cardholder database for the GMPTE shell and products.See section 7.1 for more information on the current state of ITSO support.

9.2 Libraries

BoltonAgreement to integrate with Talis using the API described in [5] has been agreed and work has started.It is proposed that the full 16-digit card holder number which is printed on the card is used as the library number, so that citizens can use it on touchtone phones for renewing books, etc., by telephone. The full card number including the issue number is needed in

-50-

http://www.ge-mrm.com/

http://www.ds.co.uk/

http://www.serco.com/

http://www.leisureflex.com/

http://www.talis.com/

http://www.itso.org.uk/


case a card is stolen, so that the specific issue of the card can be invalidated. This does mean that when the user gets a replacement card they will need to register it with TALIS.Currently it is assumed that a contact reader will be used in libraries. Alternatively a Type A T=CL contactless reader with a PC/SC driver could be used. For identification purposes a MiFare contactless reader could be used, but enrolment cannot be done using MiFare.

BlackburnBlackburn’s Library application supplier is GALAXY. They have been sent the API for evaluation.

9.3 Leisure CentresAs for Libraries, it is currently assumed that contact readers will be used for identification and enrolment, but a Type A, T=CL, contactless reader with a PC/SC driver could be used instead. MiFare contactless readers could be used for reading just the card holder number. For example, such readers could be used to allow entry into different parts of a Leisure Centre.

BoltonBolton Leisure Centres are being upgraded to use the FLEX system from Leisure-Flex.Leisure Flex has been approached to see if they can use the API described in [5] to smart card-enable their FLEX application. This has been agreed and work is in progress.

BlackburnBlackburn Leisure Centres use the Gladstone MRM System. Chester has an application that can write the Gladstone MRM library membership number to the card, but the style of integration needed for the Bolton card is different. Gladstone have read the API spec and sent information on their current smart card support, which includes MiFare readers and Orga contact readers. Further negotiations are needed with Gladstone to agree the approach with them.

10. Software and Documentation Deliverables

10.1 Software

10.1.1 Integration APIAn installable PC software package for the ActiveX version of the Integration API, described in [5], is available.

-51-


10.1.2 InstallersInstallers, and any necessary installation instructions, have been produced for all new and modified software components for each of the supported types of servers and workstation (as described in section 8.2).

10.1.3 Complete Software CDAll the software and related documentation produced by Fujitsu for the pilot is available on a CD. This includes all new and modified code, and a database dump of the SQL Server and Access databases, as modified for the Bolton and Blackburn schemes. The documentation includes a description of all the changes that have been made to the NSCP software.

10.2 Documentation

API Specification for Legacy System Integration – this is a version of [5] with full details of the ActiveX version of the API.

Pilot Specification (this document) including detailed card contents Specification of the Strategic Local Authority Scheme Architecture –

see [3]. This is a “Marketing” document of about 12 pages (excluding document control sections).

11. Testing

The following functional testing has been carried out:

Installation of the software and device drivers on each type of server and workstation

The enrolment process for Bolton and for Blackburn

-52-


Printing and Personalisation of cards that support the pilot functions using the interim P&P software

Sample integration with a test Web application using the ActiveX Integration API

Sample integration with a test PC Win32 application using the ActiveX Integration API

No performance testing or stress testing has been done, as this is not needed for a pilot.Further testing will still be required for:

ITSO integration TALIS integration FLEX Integration GLADSTONE MRM integration GALAXY integration

12. Processes

12.1 Definition of Enrolment ProcessThe expected way that applications will be processed is:

An application form will be posted to the eligible participant’s home address. Application forms will be sent to invited people only, and their families.

-53-


The citizen will fill in the form and take it with proof of identity, and eligibility for concessions, to a Service point (e.g. a library). Bolton residents should take forms to Bolton Services points and Blackburn residents to Blackburn Service Points.

At the Service Point a photograph will be taken, a signature scanned in, and the form details entered into the enrolment application.

Evidence will be inspected and details entered into the application in order to achieve Level 1 authentication, and to prove the eligibility requirements that are applicable to the applicant. Eligibility evidence may include proof of age, disability, low income, residence, and education status.

If the citizen does not bring the required evidence, they can come back and resume their application later.

The Service point will have an online HTTP connection to the Back Office system in Bolton.

The Back Office System for both Blackburn and Bolton Service points will be on the Bolton intranet.

Printing and Personalisation will take place at Bolton Offices. The personalised smart card, together with a personalised letter, will

be sent to citizen’s address, as supplied on the application form.

12.2 Post-Issuance Card ManagementNote that there is currently no capability for post-issuance changes to the applications or the data on the card, other than ITSO IPE data, which can potentially be updated by any ITSO-compliant applications. There may be support for updating data on the card at Service Points in the final NSCP deliverables, but evaluation of this is outside the scope of this development.The NSCP CMS Journal screen does support changing the card status (e.g. for lost and stolen cards) and the card location – see section 5.16.

13. Third-party requirements

13.1 Smart Card Solutions (SCS)Smart Card Solutions are developing the Java Applets for the card.They were required to supply:

1. Java Applets: ISO File Applet, CCDA Applet andITSO Applet.

2. SchemeLoader DLL: A schemeloader DLL to facilitate the

-54-


loading and instantiation of Bolton specific card packages and applets, and an interface specification document.

3. CCDA Script: A personalisation template script toconstruct the files and data fields required by the CCDA applet.

4. ITSO Personalisation DLL: A personalisation DLL which can beused to interface with an ISAM and the JCOP30 to personalise the ITSO applet, and an interface specification document.

5. OpenPlatform DLL: A DLL to provide open platformsecure channel messaging.

6. Personalisation Secure Access Modules: Personalisation SAMs withappropriate keys to secure and enable the personalisation process.

7. Personalisation Master Keys: Scheme specific keys for OpenPlatform and card applets to be used in SAM creation.

8. Issuer PIN and Application PIN: Scheme specific Issuer andApplication PINs to be used inCCDA script.

9. Sufficient support to enable Fujitsu to use these scripts, and other components.

All these other than the ITSO Personalisation DLL have been supplied. An ITSO Personalisation DLL that supports Bolton’s selected ITSO POST will be supplied by SCS when the ITSO POST has been selected and is available. This will not now be in the timescales of this development for the reasons given in section 7.1.

13.2 NSCP

13.2.1 EnrolmentTo support enrolment, beta versions of the following were required from The NSCP:

1. The Cardholder database installer2. The enrolment application installer3. An example Web site (e.g. the one for Chester)4. Sufficient documentation to configure and use these components5. Specification of the Hardware and Software requirements

-55-


These were all delivered by NSCP.

13.2.2 Print & PersonalisationTo support an early capability to print and personalize cards before the relevant starter pack deliverables were available, the following were required:

1. Detailed specification of the Card Printer and encoders required (see [18]).

2. The source code of software that the NSCP is using to print and personalize cards for Suffolk.

3. Sufficient help and information to enable Fujitsu to modify the code to write the personal information to the card that is required for the Bolton Scheme. This was expected to be minimal.

These were all delivered by the NSCP.

-56-


14. Appendix 1 – National Smart Card Project GlossaryThis Glossary is intended to help readers to understand terms used in the National Smart Card Project publications. The primarily purpose is to be useful in this context rather than a precise set of definitions. Numeric3G - Third generation mobile telecommunications technology A ActiveX - A loosely defined set of object-oriented programming technologies and tools developed by Microsoft. The main technology is the

Component Object Model (COM). ActiveX is Microsoft's answer to the Java technology from Sun Microsystems.Algorithm - A sequence of steps used to perform a mathematical operation ANSI - American National Standards Institute: Standardisation coordination body for the USAAPI - Application Programming Interface: A set of routines, protocols (q.v.), and tools for building software applications (q.v.)Applet - A program designed to be executed from within another application (q.v.). Unlike an application, applets cannot be executed

directly from the operating system. On the Web, an applet is a small program that can be sent along with a Web page to a user. Java applets can perform simple tasks without having to send a user request back to the server.

Application - A piece of software that performs business functions. It can reside on a smart card (q.v.)Archiving - Copying data onto a backup storage device ASN.1 - Abstract Syntax Notation One: A language that defines the way data is sent across dissimilar communication systemsAsymmetric Cryptography - Cryptography (q.v.) using a Public Key/Private Key (q.v.) combinationAuthentication - A security process that verifies that a person seeking to use an application (q.v.) on a smart card (q.v.) is the person who is entitled

to use it for the purpose intendedB Biometrics - Biological authentication mechanism such as a fingerprint, iris, voice, facial dimensionsBIOS - Basic Input Output System: Built-in software that determines what a computer can do without accessing programmes from a diskbit - Binary digit: The smallest unit of information on a machine. A single bit can hold only one of two values: 0 or 1. The term was first

used in 1949Block - Action taken by an issuer to prevent the use of a card, or a particular application on a chip cardBluetooth - A short-range radio technology aimed at simplifying communications among Internet (q.v.) devices and between devices and the

Internet BSI - British Standards Institute: National Standards body for the UK responsible for facilitating, drafting, publishing and marketing

British StandardsC C++ - One of the most popular high-level programming language for graphical applications CA - Certificate Authority q.v.Card-to-card - Transaction to transfer something (usually money) from one card to anotherCAT - Cardholder Activated Terminal: A terminal that dispenses a product or service

CCID - Chip Card Interface Device: USB (q.v.) devices that interface with or act as interfaces with chip cards and smart cardsCDMA - Code Division Multiple Access: A generic term that describes the technology on which a wireless air interface is based CD-ROM - Compact Disc - Read Only Memory: A type of optical disk capable of storing large amounts of data. Once stamped by the vendor,

they cannot be erased and filled with new dataCEN - Comité Européen de Normalisation (European Committee for Standardisation): The only recognised European organisation for the

planning, drafting and adoption of European Standards, except for electrotechnology (see CENELEC q.v.) and telecommunications (see ETSI q.v.)

CEN/ISSS - Information Society Standardisation System: Provides market players with a comprehensive and integrated range of standardisation services and products, in order to contribute to the success of the Information Society in Europe

CENELEC - The European organisation for the planning, drafting and adoption of European Standards for electrotechnology CEPS - Common Electronic Purse Specifications: Define requirements for all components needed by an organisation to implement a

globally interoperable electronic purse programme, while maintaining full accountability and auditabilityCertificate Authority A certificate authority (CA) is an authority in a network that issues and manages security credentials and public keys for message

encryption. As part of a public key infrastructure (PKI), a CA checks with a registration authority (RA) to verify information provided by the requestor of a digital certificate. If the RA verifies the requestor's information, the CA can then issue a certificate

CESG - Communications-Electronics Security Group: The Information Assurance arm of the UK’s Government Communications

-57-


Headquarters (GCHQ)Cipher Text - Text that has been encrypted (q.v. encryption)CIPS - Chartered Institute of Purchasing and Supply: Private international education and qualification body representing purchasing and

supply chain professionalsCMS - Card Management SystemContact interface - A means for allowing the exchange of data between a smart card and a reader that requires the card to be in physical contact with

the readerContactless interface - A means for allowing the exchange of data between a smart card and a reader without any physical contact between the card and

the readerCRM - Customer Relationship ManagementCryptogram - Enables chip data exchange in a secure manner Cryptographic Key - Used to encrypt or decrypt a message Cryptography - The relationship between plain text and cipher text (q.v.) that prevents anyone other than the intended recipient from reading the

informationCVM - Cardholder Verification Method: The means to verify the authenticity of a cardholder CWA CEN Workshop Agreement: Published European consensus arising from CEN/ISSS workshopsCyberspace - Networked computers/the Internet (q.v.)

D Decryption - The procedure used in cryptography (q.v.) for converting cipher text (q.v.) to plain text DES - Data Encryption Standard: A popular encryption (q.v.) method developed in 1975 and standardized by ANSI (q.v.) in 1981DfES - (Government) Department for Education and Science (UK)Digital Certificate - An electronic "credit card" that establishes your credentials when doing business or other transactions on the Internet (q.v.). It is

issued by a Certificate Authority (q.v.) Digital ID - Another name for a Digital Certificate (q.v.) Digital Key - Strings of unique bits (q.v.) that allow messages to be scrambled and unscrambled Digital Signature - A digital code that can be attached to an electronically transmitted message that uniquely identifies the senderDPA - Data Protection Act 1998 (UK)Dual interface card - A smart card (q.v.) having both a contact (q.v.) and a contactless (q.v.) interface; see distinction with Hybrid card (q.v.)E e-cash - Electronic cash: Cash stored electronically and readily exchanged into monetary value ECML - Electronic Commerce Modelling Language: A universal format for online commerce Web sites that contains customer information

that is used for purchases made online, formatted through the use of XML (q.v.) tags (q.v.)e-Commerce - Electronic commerce: Transactions that are conducted over an electronic network, where the purchaser and merchant are not at

the same physical locationeESC - The eEurope Smart Card initiative: Launched by the European Commission in 1999 to accelerate and harmonise the development

of smart cards across EuropeEFTPOS - Electronic Fund Transfer at Point Of Sale: Usually a terminal Electronic Wallet - Software that stores information about a cardholders cards. Usually supplied by the issuers and appended to the cardholders web

browsere-mail - Electronic mail Emboss - Print raised data on a card EMV - Europay, MasterCard and Visa: A collaboration between these three organisationsEMVCo - An industry association of the collaborators in EMV (q.v.) for the banking and finance industryEncryption - The procedure used in cryptography (q.v.) for converting plain text to cipher text (q.v.)e-purse - Electronic purse: A function on a chip card that allows e-cash (q.v.) value to be stored e-tailing - Electronic retail ETSI - European Telecommunications Standardisation Institute: Not for profit organisation whose mission is to produce the

telecommunications standards for Europe (see also CEN q.v.)eURI - Extended User-Related Information: Defined in CWA (q.v.) 13987 for Interoperable (q.v.) Citizen Services using Smart Card

(q.v.)Systems

-58-


FFINREAD -

European specifications for an applet-based (q.v.) secure interoperable (q.v.) smart card (q.v.) reader for online transactions implying sensitive data transfers

FIPS - Federal Information Processing Standards: Standards and guidelines issued by NIST (q.v.)

G Gateway - A node or switch that permits communications between two dissimilar networks GPRS - General Packet Radio Service: A standard for wireless communications which runs at speeds up to 115 kilobits per second,

compared with current GSM (q.v.)

GSC-IS - Government Smart Card-Interoperability Specification: Interoperability (q.v.) specification for smart cards (q.v.) in the USA developed by NIST (q.v.)

GSM - Global Systems for Mobile Communications: One of the leading digital cellular systemsH Hash - Message digest. A number generated from a string of text http - Hyper Text Transfer Protocol: The underlying protocol used by the World Wide Web (q.v.)Hybrid card - A smart card (q.v.) that contains two separate and unconnected chips, one with a contact interface (q.v.) and the other with a

contactless interface (q.v.)

I ICAO - International Civil Aviation Authority: A specialized agency of the United Nations, ICAO is the permanent body charged with the

administration of the principles laid out in the Convention on International Civil Aviation, Chicago, 7/12/1944ICC - Integrated Circuit Card, or smart card (q.v.)ICT - Information & Communications TechnologyIDeA - Improvement and Development Agency (UK): Established by and for local government in April 1999 to support self-sustaining

improvement from within local government

IEC - International Electrotechnical Commission: Global standards organisation for all electrical, electronic and related technologies

IFM - Integrated Formal Methods: The rigorous engineering methodology for system development; a conceptual parallel to the industrial standard UML (q.v.)

IIN - Issuer Identification Number: The numbering system that uniquely identifies a card issuing institution in an international interchange environment, specified in ISO/IEC 7812

IKE - Internet Key Exchange Integrity - Information that is free from error, corruption or alteration Internet - A global collection of interconnected networks, used for the purpose of electronic communication Interoperability - The ability for different systems to work together

Information Law Terms See WP8-04 Appendix 1 for definitions of the following terms in context: Data

Data ControllerDPAData ProcessorData SubjectDCAE-Envoy Identity Guidelines

-59-


FOIAHRALCDMandatory/Mandatory Smart Card SchemePersonal DataProcessingPublic AuthoritySensitive Personal Data

Intranet - A private network IOPTA - "InterOperable PT Applications" for smart cards: A revision of CEN (q.v.) standard ENV1545 that defines the codification of data

elements used for public transport

IP - Internet (q.v.) protocol: Specifies the format of packets, also called datagrams, and the addressing schemeIR - Inland Revenue (UK)ISO - International Standardisation Organisation: Body responsible for development of international standards covering a huge range of

issues

Issuer - A financial institution that establishes an account for a cardholder and issues a payment card IT - Information Technology ITSO - Formerly "Integrated Transport Smartcard Organisation": Public sector membership organisation founded in 1998 to build and

maintain specifications for secure end-to-end interoperable ticketing operations in the UK

J Java - A high-level object-oriented programming language developed by Sun MicrosystemsJava Card - An ISO 7816-4 Compliant application (q.v.) environment focused on smart cards (q.v.)

K Key Escrow - Storage of a private key (q.v.) by a neutral third partyKey Management - The process by which cryptographic keys (q.v.) and messages are managed and protected

L LA - Local AuthorityLASSeO - Local Authority Smartcard Standards e-Service Organisation: Created by local government organisations in the UK to define at the

working level the necessary standards, rules and policies needed to provide public services to citizens using smart cards

LDAP - Lightweight Directory Access Protocol: A set of protocols (q.v.) for accessing information directories. Because LDAP is an open protocol, applications (q.v.) need not worry about the type of server hosting the directory

LGOL - Local Government Online (UK): Internet (q.v.) portal to local governmentLinux - A freely-distributable open source operating system that runs on a number of hardware platformsLLPG - Local Land and Property Gazeteer (UK): A definitive, local address list that provides unique identification of properties, conforms to

a British Standard, BS 7666 and feeds the National Land and Property Gazetteer

M Magnetic Stripe Card - A card with a magnetic strip of recording material on which data can be storedMIFARE - A proprietary standard for contactless (q.v.) and dual interface (q.v.) smart cards (q.v.) produced by Philips Semiconductors and

extensively deployed worldwide

MIME - Multipurpose Internet Multimedia Extension: An Internet (q.v.) protocol (q.v.) for sending e-mail (q.v.) and attachments

Mondex - An e-cash application for Smart Cards that stores value as electronic information on a microchip, rather than as physical notes and coins enabling cardholders to carry, store and spend cash

-60-


Multos - A smart card (q.v.) operating system for multi application cards

MUSCLE - Movement for the Use of Smart Cards in a Linux Environment: (q.v. Linux)N NBS - A global leader in card personalisation, payment solutions, and secure processing for financial institutions, healthcare,

governments, entertainment and retail customers

NIC - National Insurance Contributions NIST - National Institute of Standards and Technology (USA): Designs standards and guidelines for Federal computer systems

Not-on-us - Transactions that are carried out in a smart card scheme where one of the parties to the transaction is not a member of the scheme

O OCF - Open Card Framework: A Java (q.v.) API (q.v.) for smart card (q.v.) accessODPM - Office of the Deputy Prime Minister (UK)OeE -

Office of the e-Envoy (UK): Part of the Delivery and Reform team based in the Cabinet Office whose purpose is to improve the delivery of public services and achieve long-term cost savings

OEM - Original Equipment Manufacturers: Misleading term for a company that has a special relationship with computer producers. OEMs buy computers in bulk and customize them for a particular application

OID - Operator Identity: An ITSO (q.v.) term for entities performing specified ITSO rolesOnline - Jargon for the process of obtaining information through access via a computer or terminal to the sourceOpen systems - Systems whose architecture specifications are public. This includes officially approved standards as well as privately designed

architectures whose specifications are made public by the designers

OS X - Computer operating system developed by Apple ComputersP PC/SC - Personal Computer/Smart Card: A standard framework for smart card (q.v.) access on Windows PlatformsPCMCIA - Personal Computer Memory Card International Association: An organisation consisting of some 500 companies that has

developed a standard for smart cards (q.v.). Originally designed for adding memory to portable computers

PDA - Person Digital Assistant: A handheld device that combines computing, telephone/fax, Internet (q.v.) and networking features

PIN - Personal Identification Number PIN Pad - A small keypad on which a cardholder keys in his/her PIN (q.v.)PIN Verification - The security process that confirms the cardholder's PIN (q.v.)PKCS - Public Key Cryptography Standard: (q.v. "Public Key", "cryptography")PKI - Public Key Infrastructure: A certificate system for obtaining an entity's Public Key. (q.v. "Private Key/Public Key"); a networked

system that enables organisations and users to exchange information and money safely and securely

PLCC - Plastic Leaded Chip Carrier: Method of packaging computer chips together Protocol - An agreed-upon format for transmitting data between two devicesPublic Key/Private Key - Cryptographic keys (q.v.) used together. Private Keys are used to encrypt/decrypt messages or files that have been encrypted

using a Public Key. The Private Key is only known to the rightful owner. Public Keys are only used in conjunction with the Private Key and are freely available to defined users.

Public Procurement Terms

See wp8-05 Appendix 1 for definitions of the following terms in context:

-61-


BAFOCCTAConsolidated DirectiveContract NoticeContracting AuthorityECJG-CatITNITTOGCOJPFIPIN [Note: In the procurement context this has a different meaning from that which applies in the technical context]PPPPublic Procurement Directives

Public Services DirectivePublic Supplies DirectivePublic Works DirectiveS-CatSPV

R RA - Registration Authority: q.v.RAM - Random Access Memory: A type of computer memory that can be accessed randomlyRegistration Authority A registration authority (RA) is an authority in a network that verifies user requests for a digital certificate and tells the certificate

authority (CA, q.v.) to issue it. RAs are part of a public key infrastructure (PKI, q.v.)RF - Radio Frequency: Any frequency within the electromagnetic spectrum associated with radio wave propagation

RNG - Random Number GeneratorROM - Read Only Memory: Computer memory on which data has been pre-recorded. Once data has been written onto a ROM chip, it

cannot be removed and can only be read

S S/MIME - Secure/ Multipurpose Internet Mail Extensions: A new version of MIME (q.v.) that supports encrypted (q.v.) messages

SCNF- Smart Card Networking Forum: Not-for-profit organisation consisting of public sector representatives with an interest in the use of smart cards to provide improved services to their customers

SDK - Software Development Kit: A programming package that enables a programmer to develop applications for a specific platform

SET - Secure Electronic Transaction: A security standard that defines how to encrypt (q.v. "encryption") transmissions over public networks

SIM - Subscriber Identification Module: A card-based chip that personalises a mobile phoneSmart card - A portable programmable device conforming to ISO 7816 dimensions and containing an integrated circuit that stores and

processes information

-62-


SMS - Short Message Service: A service for sending short text messages to mobile phonesSSL - Secure Sockets Layer: A protocol (q.v.) developed by Netscape for transmitting private documents via the Internet (q.v.). SSL

works by using a private key (q.v.) to encrypt (q.v.) data that is transferred over the SSL connectionSTIP - Small Terminal Interoperability Platform: The STIP Consortium was founded to develop an interoperable (q.v.) platform

specification for secure transaction devices, including, but not limited to, card accepting devices

T T=CL - Specification of a contactless interface (q.v.) for a smart card (q.v.)Tag - A command inserted in a document that specifies how the document, or a portion of the document, should be formattedTrack - A defined part of a magnetic stripe where data can be written TTP - Trusted Third Party U UML - Unified Modelling Language: A general-purpose notational language for specifying and visualizing complex software, especially

large projects

UMTS - Universal Mobile Telecommunication System: A 3G (q.v.) mobile technology that will deliver broadband information at speeds up to 2Mbits/sec

UNICODE - A standard for representing characters as integers. Unlike ASCII, which uses 7 bits for each character, Unicode uses 16 bits, which means that it can represent more than 65,000 unique characters

UNIX - Open source computer operating system, popular for workstationsURL - Uniform Resource Locator: Website addressUSB - Universal Serial Bus: An external bus standard that supports data transfer rates of 12 Mbps. A single USB port can be used to

connect up to 127 peripheral devices. USB also supports Plug-and-Play installation

USIM - Universal Subscriber Identity Module: (q.v. SIM)

V Visual Basic - A popular programming language; sometimes called an event-driven language because each object can react to different events

such as a mouse click

VPN - Virtual Private Network: A network that is constructed by using public wires to connect nodes; uses encryption (q.v.) and other security mechanisms to ensure that only authorized users can access the network and the data it carries

W

WAP - Wireless Application Protocol: A secure specification that allows users to access information instantly via handheld wireless devices such as mobile phones

WIM - Wireless Identity Module Windows - A computer operating system developed by Microsoft WPKI - Wireless Public Key Infrastructure: (q.v. PKI)WWW - World Wide Web: Part of the Internet (q.v.)

X XML - Extensible Markup Language: Designed especially for Web documents, it allows designers to create their own customized tags

(q.v.), enabling the definition, transmission, validation, and interpretation of data between applications (q.v.) and between organizations

-63-

Heading - SmartCard Networking · Web viewInstallation and Troubleshooting of the NSCP Starter...

Documents

Transcript of Heading - SmartCard Networking · Web viewInstallation and Troubleshooting of the NSCP Starter...