Module 9: Bibliography - Smart Card Alliance · Smart Card Alliance © 2015 CSCIP Module 9 -...
Transcript of Module 9: Bibliography - Smart Card Alliance · Smart Card Alliance © 2015 CSCIP Module 9 -...
Smart Card Alliance © 2015 CSCIP Module 9 - Bibliography
1 FINAL - Version 5 – May 2015 For CSCIP Applicant Use Only
Module 9: Bibliography
Smart Card Alliance Certified Smart Card Industry Professional
Accreditation Program
Smart Card Alliance © 2015 CSCIP Module 9 - Bibliography
2 FINAL - Version 5 – May 2015 For CSCIP Applicant Use Only
About the Smart Card Alliance
The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology. Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.smartcardalliance.org.
Important note: The CSCIP training modules are only available to LEAP members who have applied and paid for CSCIP certification. The modules are for CSCIP applicants ONLY for use in preparing for the CSCIP exam. These documents may be downloaded and printed by the CSCIP applicant. Further reproduction or distribution of these modules in any form is forbidden.
Copyright © 2015 Smart Card Alliance, Inc. All rights reserved. Reproduction or distribution of this publication in any form is forbidden without prior permission from the Smart Card Alliance. The Smart Card Alliance has used best efforts to ensure, but cannot guarantee, that the information described in this report is accurate as of the publication date. The Smart Card Alliance disclaims all warranties as to the accuracy, completeness or adequacy of information in this report.
Smart Card Alliance © 2015 CSCIP Module 9 - Bibliography
3 FINAL - Version 5 – May 2015 For CSCIP Applicant Use Only
TABLE OF CONTENTS
1 INTRODUCTION ................................................................................................................................. 4
2 SMART CARD BIBLIOGRAPHY ...................................................................................................... 5
2.1 MODULE 1 -- SMART CARD TECHNOLOGY AND APPLICATIONS .........................................................5 2.2 MODULE 2 -- SECURITY .....................................................................................................................5 2.3 MODULE 3 -- SMART CARD APPLICATION AND DATA MANAGEMENT ...............................................6 2.4 MODULE 4 -- SMART CARD USAGE MODELS: IDENTITY AND SECURITY ...........................................8 2.5 MODULE 5/G -- FIPS 201, PIV CARD AND FEDERAL IDENTITY MANAGEMENT ............................... 12
2.5.1 Standards .......................................................................................................................... 12 2.5.2 Policy Documents ............................................................................................................. 13 2.5.3 Other References ............................................................................................................... 14
2.6 MODULE 5 -- SMART CARD USAGE MODELS: PAYMENTS AND FINANCIAL TRANSACTIONS ............ 16 2.7 MODULE 6 -- SMART CARD USAGE MODELS: MOBILE AND NFCERROR! BOOKMARK NOT DEFINED. 2.8 MODULE 7 -- OTHER TOPICS ............................................................................................................ 18 2.9 REFERENCES FOR STANDARDS, SPECIFICATIONS AND INDUSTRY ASSOCIATIONS ............................ 19
3 ACKNOWLEDGEMENTS ................................................................................................................ 21
Smart Card Alliance © 2015 CSCIP Module 9 - Bibliography
4 FINAL - Version 5 – May 2015 For CSCIP Applicant Use Only
1 Introduction
The Smart Card Alliance compiled this bibliography of resources for applicants preparing for the CSCIP certification exam. The resources are organized according to the subject areas covered in the CSCIP program and include books, white papers, recorded Smart Card Alliance tutorials and web-based resources.
Links to the Smart Card Alliance documents that are available to CSCIP applicants have been included in the bibliography. CSCIP applicants will need their LEAP member site login credentials to access these links.
The resources included in this bibliography are not required for study for the CSCIP exam (unless noted in the subject module), but are recommended as supplements for exam preparation.
Smart Card Alliance © 2015 CSCIP Module 9 - Bibliography
5 FINAL - Version 5 – May 2015 For CSCIP Applicant Use Only
2 Smart Card Bibliography
2.1 Module 1 – Smart Card Technology and Applications
Contactless Technology for Secure Physical Access: Technology and Standards Choices, Smart Card Alliance white paper, October 2002, http://www.smartcardalliance.org/secure/reports/Contactless_Technology_Report.pdf
Eurosmart web site, http://www.eurosmart.com
Government Smart Card Handbook, General Services Administration, February 2004, http://www.smartcard.gov/information/smartcardhandbook.pdf
Smart Card Alliance web site, http://www.smartcardalliance.org
Smart Card Handbook, by Wolfgang Rankl and Wolfgang Effing, (Wiley, 2010), http://www.wrankl.de/SCH/SCH.html
Smart Cards, by Jose Luis Zoreda and Jose Manuel Oton (Boston: Artech House, Inc., 1994)
Smart Cards: The Global Information Passport, by Jack M. Kaplan (New York: International Thomson Computer Press, 1996)
Smart Cards & Payments: Technology, Standards and Transactions, by Gilles Lisimaque, Smart Card Alliance webinar presentation, November 18, 2008
What Makes a Smart Card Secure?, Smart Card Alliance white paper, October 2008, http://www.smartcardalliance.org/download/pdf/Smart_Card_Security_WP_20081013.pdf
2.2 Module 2 – Security
3GPP, http://www.3gpp.org
Application of Attack Potential to Smartcard, version 2.5, Joint Interpretation Library, November 2007, http://www.ssi.gouv.fr/site_documents/JIL/JIL-Application-of-Attack-Potential-to-Smartcards-V2-5.pdf
Applied Cryptography: Protocols, Algorithms and Source Code in C, by Bruce Schneier, Wiley 1996
CertiPath web site, http://www.certipath.com
Common Criteria, http://www.commoncriteriaportal.org/
Contactless Technology Security Issues, Smart Card Security, Helena Handschuh, Information Security Bulletin, Volume 9, April 2004, http://www.chi-publishing.com/samples/ISB0903HH.pdf
EMVCO web site, http://www.emvco.com
Federal Bridge Certificate Authority, http://www.idmanagement.gov/fpkia/
FIPS 180-3, Secure Hash Standards (SHS), October 2008, http://csrc.nist.gov/publications/fips/fips180-3/fips180-3_final.pdf
FIPS 197, Advanced Encryption Standard, November 2001, http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
Federal Information Processing Standard (FIPS) 201 Personal Identity Verification (PIV) of Federal Employees and Contractors, http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf
Godzilla Crypto Tutorial, by Peter Gutmann, http://www.cs.auckland.ac.nz/~pgut001/tutorial/index.html
IETF RFC 3675, Internet X.509 Public Key Infrastructure, Certificate Policy and Certification Practices Framework, http://www.ietf.org/rfc/rfc3647.txt
NIST FIPS publications, http://csrc.nist.gov/publications/PubsFIPS.html
Smart Card Alliance © 2015 CSCIP Module 9 - Bibliography
6 FINAL - Version 5 – May 2015 For CSCIP Applicant Use Only
NIST PIV web site, http://csrc.nist.gov/groups/SNS/piv/index.html
NIST SP800-21-1, Guideline for Implementing Cryptography In the Federal Government, Second Edition, December 2005, http://csrc.nist.gov/publications/nistpubs/800-21-1/sp800-21-1_Dec2005.pdf
NIST SP800-57, Recommendation for Key Management, Parts 1 and 2, August, 2005, http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf, http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part2.pdf
NIST SP 800-67, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, May 2008, http://csrc.nist.gov/publications/nistpubs/800-67/SP800-67.pdf
NIST SP 800-78, Cryptographic Algorithms and Key Sizes for Personal Identity Verification, August 2007, http://csrc.nist.gov/publications/nistpubs/800-78-1/SP-800-78-1_final2.pdf
Smart Card Handbook, by Wolfgang Rankl and Wolfgang Effing, http://www.wrankl.de/SCH/SCH.html, Wiley 2010
Transit Payment System Security, Smart Card Alliance white paper, August 2008, http://www.smartcardalliance.org/download/pdf/Transit_Payment_System_Security_WP.pdf
Understanding Secure Contactless Device versus RFID Tag, Eurosmart, http://www.eurosmart.com/4-Documents/PositionPapers.htm
What Makes a Smart Card Secure?, Smart Card Alliance white paper, October 2008, http://www.smartcardalliance.org/download/pdf/Smart_Card_Security_WP_20081013.pdf
2.3 Module 3 – Smart Card Application and Data Management
BasicCard web site, http://www.basiccard.com
Java Card specifications, available at http://java.sun.com/javacard/specs.html
Mobile Application Development with SMS and the SIM Toolkit, by Scott Guthery and Mary Cronin, McGraw Hill Professional, 2001
MULTOS specifications, available at http://www.multos.com
Smart Cards: The Developer’s Toolkit, by Timothy M. Jurgensen and Scott B. Guthery, Prentice Hall, 2002
Smart Cards, Tokens, Security and Applications, by Keith Mayes (editor) and Konstantinos Markantonakis (editor), Springer, 2008
2.4 Module 4 – Smart Card Usage Models: Mobile and NFC1 1 in 5 Smartphones will have NFC by 2014, Spurred by Recent Breakthroughs: New Juniper Research Report, Juniper Research press release, April 14, 2011
2008 Global Mobile Communications - Statistics, Trends and Forecasts, Paul Budde Communication Pty Ltd.
3GPP, http://www.3gpp.org
The Case for Using Mobile Phones for Payments, Deloitte & Touche report, August 2004
Chip-Enabled Mobile Marketing, Smart Card Alliance white paper, October 2010, http://www.smartcardalliance.org
Essentials for Successful NFC Mobile Ecosystem, NFC Forum white paper, October 2008, http://www.nfc-forum.org
1 Module 6 is only available for the general CSCIP certification program.
Smart Card Alliance © 2015 CSCIP Module 9 - Bibliography
7 FINAL - Version 5 – May 2015 For CSCIP Applicant Use Only
ETSI Technical Standard 100 977 V8.14.0 (2007-06), Digital cellular telecommunications system (Phase 2+);Specification of the Subscriber Identity Module -Mobile Equipment (SIM-ME) Interface, (3GPP TS 11.11 version 8.14.0 Release 1999)
Eurosmart, Worldwide Smart Card Shipments 2008, http://www.eurosmart.com/index.php/publications/market-overview.html
Forging the Link between Global Interoperability and New Business Opportunities, Debbie Arnold, NFC Forum, presentation, WIMA USA, November 30, 2011
Fundamentals of NFC, Reid Holmes, INSIDE Secure, Smart Card Alliance Contactless Payments Workshop, 2012 Payments Summit, February 7, 2012
GSM Association, Market Data Summary, August 7, 2009, http://www.gsmworld.com/newsroom/market-data/market_data_summary.htm
GSM Technology: LTE, GSM Association, http://gsmworld.com/technology/lte.htm#nav-6
The Keys to Truly Interoperable Communications, NFC Forum white paper, http://www.nfc-forum.org/resources/white_papers/nfc_forum_marketing_white_paper.pdf
List of NFC Phones, NFC World, SJB Research, 13 June 2011, http://www.nearfieldcommunicationsworld.com/nfc-phones-list/
LTE, UICC and the Future of Mobile Communications, Gemalto.com, by Jean-Louis Carrara, http://www.gemalto.com/lte/index.html
Mobile Application Development with SMS and the SIM Toolkit, by Scott Guthery and Mary Cronin, McGraw Hill Professional, 2001
The Mobile Payments and NFC Landscape: A U.S. Perspective, Smart Card Alliance Payments Council white paper, September 2011, http://www.smartcardalliance.org/pages/publications-the-mobile-payments-and-nfc-landscape-a-us-perspective
Mobile Retailing: A Comprehensive Guide for Navigating the Mobile Landscape, National Retail Federation white paper, July 2010, http://www.nrf.com/modules.php?name=Documents&op=viewlive&sp_id=5122
Near Field Communication (NFC) Forum, http://www.nfc-forum.org
NFC Forum Technical FAQ, http://www.nfc-forum.org/resources/faqs/
NFC Trends, Eurosmart position paper, October 2009, http://www.eurosmart.com/images/doc/WorkingGroups/e-ID/Papers/ecc-position-paper-final.pdf
One Year after Launch, NFC Forum Membership hits 70 Organizations Worldwide, NFC Forum press release, February 22, 2006
Phones as Credit Cards? Americans Must Wait, The New York Times, January 25, 2009
Privacy and Secure Identification Systems: The Role of Smart Cards as a Privacy-Enabling Technology, Smart Card Alliance white paper, http://www.smartcardalliance.org/secure/reports/Privacy_White_Paper.pdf
Proximity Mobile Payments: Leveraging NFC and the Contactless Financial Payments Infrastructure, Smart Card Alliance white paper, September 2007, http://www.smartcardalliance.org/download/pdf/Proximity_Mobile_Payments_200709.pdf
Proximity Mobile Payments Business Scenarios: Research Report on Stakeholder Perspectives, July 2008, http://www.smartcardalliance.org/download/pdf/Mobile_Payment_Business_Model_Research_Report.pdf
Reference Material for Assessing Forensic SIM Tools, Wayne A. Jansen, Aurelien Delaitre, National Institute of Standards and Technology, Paper No. ICCST 2007-74,
Smart Card Alliance © 2015 CSCIP Module 9 - Bibliography
8 FINAL - Version 5 – May 2015 For CSCIP Applicant Use Only
http://csrc.nist.gov/groups/SNS/mobile_security/documents/mobile_forensics/Reference%20Mat-final-a.pdf
Security of Proximity Mobile Payments, Smart Card Alliance white paper, May 2009, http://www.smartcardalliance.org/resources/pdf/Security_of_Proximity_Mobile_Payments.pdf
SIM Toolkit, Gemalto, http://www.gemalto.com/techno/stk/
Universal Access, GSM Association report, http://gsmworld.com/documents/universal_access_full_report.pdf
Verizon Wireless Fosters Global LTE Ecosystem as Verizon CTO Dick Lynch Announces Deployment Plans, Verizon Wireless Inc. news release, Feb. 18, 2009, http://news.vzw.com/news/2009/02/pr2009-02-18.html
What is a UICC and how is it different from a SIM card?, Just.AskGemalto.com, http://www.justaskgemalto.com/en/communicating/tips/what-uicc-and-how-it-different-sim-card
Why NFC IS Bigger than Paying with your Mobile Phone, Koichi Tagawa, Sony and NFC Forum, presentation, 4G World NFC Summit, October 26, 201
2.5 Module 5 – Smart Card Usage Models: Identity and Security
39 Myths about ePassports: Part I, ICAO MRTD Report, Vol. 5, No. 1, 2010, http://www2.icao.int/en/MRTD2/ReportsPastIssues/ICAO%20MRTD%20Report%20Vol.5%20No.1,%202010.pdf#page=24
Authentication Mechanisms for Physical Access Control Systems, Physical Access Council white paper, October 2009, http://www.smartcardalliance.org
Chip-Based ID: Promise or Peril, Roger Clarke, Proc. Int'l Conf. on Privacy, Montreal, September 1997
Colorado State First Responder Authentication Credential Standards: Best Practice Standard, Colorado Governor's Office of Information Technology, April 10, 2008, https://publish.colorado.gov/cs/Satellite/OIT-New/OITX/1200536168031?rendermode=preview-lplunkett-1165692952165
The Commercial Identity Verification (CIV) Credential – Leveraging FIPS 201 and the PIV Specifications: Is the CIV Credential Right for You?, Smart Card Alliance Access Control Council white paper, October 2011, http://www.smartcardalliance.org
Commonwealth of Virginia First Responder Authentication Credential (FRAC) Program, Mike McAllister, Governor's Office of Commonwealth Preparedness, Smart Cards in Government Conference, October 2009
A Comparison of PIV, PIV-I and CIV Credentials, Smart Card Alliance Access Control Council publication, March 2012, http://www.smartcardalliance.org
Complementary Smart Card Guidance for the WEDI Health Identification Card Implementation Guide, Smart Card Alliance Healthcare Council publication, October 2011, http://www.smartcardalliance.org/pages/publications-complementary-smart-card-guidance-for-the-wedi-health-identification-card-implementation-guide
DoD Implementation of Homeland Security Presidential Directive-12, Inspector General, U.S. Department of Defense, Report No. D-2008-104, June 23, 2008, http://www.dodig.mil/audit/reports/fy08/08-104.pdf
Electronic Driving Licence -- A Pan-European Long Term Solution, Eurosmart position paper, September 2008, http://www.eurosmart.com/images/doc/WorkingGroups/e-ID/Papers/eurosmart_position_paper_driving_licences_final.pdf
EPC Gen 2 RFID Tags vs. Contactless Smart Cards: Frequently Asked Questions, Smart Card Alliance FAQ, July 2006, http://www.smartcardalliance.org/resources/pdf/EPC_Gen_2_FAQ_FINAL.pdf
Smart Card Alliance © 2015 CSCIP Module 9 - Bibliography
9 FINAL - Version 5 – May 2015 For CSCIP Applicant Use Only
Electronic Privacy Information Center, http://www.epic.org
Emergency Response Official Credentials: An Approach to Attain Trust in Credentials across Multiple Jurisdictions for Disaster Response and Recovery, Smart Card Alliance white paper, October 2008, http://www.smartcardalliance.org/download/pdf/ERO_Credentials.pdf
European Citizen Card: One Pillar of Interoperable eID Success, Eurosmart position paper, November 2009, http://www.eurosmart.com/images/doc/WorkingGroups/e-ID/Papers/ecc-position-paper-final.pdf
ePassport Frequently Asked Questions, Smart Card Alliance publication, March 2009, http://www.smartcardalliance.org/resources/pdf/ePassport_FAQ.pdf
Federal Identity Management Handbook, Federal Identity Credentialing Committee (FICC), December 2005, http://www.cio.gov/ficc/documents/FederalIdentityManagementHandbook.pdf
Gemalto M2M web site, http://www.gemalto.com/telecom/m2m/
The German Citizen ID Card: 1st Anniversary – Lessons Learned, Dietmar Wendling, SCM Microsystems, presentation, Smart Cards and Government Conference, November 3, 2011
The German Health Card, Fabiola Bellersheim, Giesecke & Devrient, presentation, Smart Cards and Government Conference, November 18, 2010
The Global Wireless M2M Market, Berg Insight, http://www.berginsight.com/ReportPDF/ProductSheet/bi-gwm2m-ps.pdf
Giesecke & Devrient M2M web site, http://www.gi-de.com/en/products_and_solutions/solutions/machine_to_machine/machine-to-machine-solutions.jsp
Government Smart Card Handbook, General Services Administration, February 2004, http://www.smartcardalliance.org/resources/pdf/smartcardhandbook.pdf
Health Security Information Card, Dr. James J. James, AMA Center for Public Health Preparedness and Disaster Response, presentation, Smart Card Alliance webinar, September 13, 2011, http://www.smartcardalliance.org/resources/webinars/Smart_Health_ID_Webinar_091311.pdf
A Healthcare CFO's Guide to Smart Card Technology and Applications, Smart Card Alliance white paper, February 2009, http://www.smartcardalliance.org/download/pdf/Healthcare_CFO_Guide_to_Smart_Cards_FINAL_012809.pdf
Healthcare Identity Management: The Foundation for a Secure and Trusted National Health Information Network, Smart Card Alliance Healthcare Council and Identity Council brief, September 2009, http://www.smartcardalliance.org
HIPAA Compliance and Smart Cards: Solutions to Privacy and Security Requirements, Smart Card Alliance white paper, September 2003, http://www.smartcardalliance.org/secure/reports/HIPAA_and_Smart_Cards_Report.pdf
ICAO Doc 9303 Machine Readable Travel Documents, Part 1 Machine Readable Passports, Volume 2 Specifications for Electronically Enabled Passports with Biometric Identification Capability, Sixth Edition 2006
Identifiers and Authentication – Smart Credential Choices to Protect Digital Identity, Smart Card Alliance Identity Council position paper, September 2009, http://www.smartcardalliance.org
Identity Crisis, Robin Hess, For the Record, January 17, 2005
Identity Theft: Prevalence and Cost Appear to be Growing, GAO-02-063, March 2002, http://www.gao.gov/new.items/d02363.pdf
Identity Theft in Florida, State-wide Grand Jury Report, November 2002
Smart Card Alliance © 2015 CSCIP Module 9 - Bibliography
10 FINAL - Version 5 – May 2015 For CSCIP Applicant Use Only
Infineon Technologies M2M web site, http://www.infineon.com/cms/en/product/applications/chip-card-and-security/communications
In-Hospital Deaths From Medical Errors at 195,000 per Year, Health Grades Study Finds, Health Grades, July 2004
Information and Privacy Commission of Ontario, http://www.ipc.on.ca
Initiative for Open Authentication, http://www.openauthentication.org/
International Civil Aviation Organization (ICAO), http://www.icao.int
Inter-agency Advisory Board (IAB), http://www.smart.gov/IAB/
An Introduction to Biometric Recognition, by Anil K. Jain, Arun Ross, & Salil Prabhakar, IEEE Invited Paper, 2004, http://biometrics.cse.msu.edu/Publications/GeneralBiometrics/JainRossPrabhakar_BiometricIntro_CSVT04.pdf
Logical Access Security: The Role of Smart Cards in Strong Authentication, Smart Card Alliance white paper, October 2004, http://www.smartcardalliance.org/secure/reports/Smart_Cards_and_Logical_Access_Report.pdf
M2M challenges for further development, Eurosmart, November 2011, http://www.eurosmart.com/images/doc/WorkingGroups/NewFF/Papers/m2m%20challenges%20for%20further%20development_november%202011.pdf
The Machine-to-Machine Market: A High Growth Opportunity for MNOs, Pyramid Research, October 2011, http://www.pyramidreseach.com
NIST Computer Security Division web site, http://csrc.nist.gov
NIST FIPS publications web site, http://csrc.nist.gov/publications/PubsFIPS.html
NIST MINEX II web site, http://fingerprint.nist.gov/minexII/
NIST NSTIC web site, http://www.nist.gov/nstic/
NIST PIV web site, http://csrc.nist.gov/groups/SNS/piv/index.html
NIST Special Publication 800-63, Electronic Authentication Guideline, Version 1.0, June 2004, http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf
NIST Special Publication 800-116, A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS), November 2008, http://csrc.nist.gov/publications/nistpubs/800-116/SP800-116.pdf
NSTIC Frequently Asked Questions, Smart Card Alliance FAQ, http://www.smartcardalliance.org/pages/publications-nstic-faq
Personal Identity Verification Interoperability for Non-Federal Issuers, CIO Council, May 2009, http://www.idmanagement.gov/documents/PIV_IO_NonFed_Issuers_May2009.pdf
Oberthur Technologies M2M web site, http://www.oberthur.com/content/253/telecom
Open Security Exchange (OSE), http://www.opensecurityexchange.org/
Overview: The ICAO Public Key Directory, ICAO, http://www2.icao.int/en/MRTD/Downloads/PKD%20Documents/Overview%20-%20The%20ICAO%20Public%20Key%20Directory.pdf
PC/SC Work Group web site, http://www.pcscworkgroup.com/
Privacy, Consumers and Costs, by Robert Gellman, March 2002, http://epic.org/reports/dmfprivacy.html
Privacy and Freedom, by Alan F. Westin, (Atheneum, 1967)
Smart Card Alliance © 2015 CSCIP Module 9 - Bibliography
11 FINAL - Version 5 – May 2015 For CSCIP Applicant Use Only
Privacy Rights Clearing House, http://www.privacyrights.org/
Privacy and Secure Identification Systems: The Role of Smart Cards as a Privacy-Enabling Technology, Smart Card Alliance white paper, February 2003, http://www.smartcardalliance.org/secure/reports/Privacy_White_Paper.pdf
The REAL ID Act: Why Real ID Cards Should Be Based on Smart Card Technology, Smart Card Alliance white paper, July 2006, http://www.smartcardalliance.org/secure/reports/REAL_ID_Act_Position_Paper_FINAL.pdf
RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards, Smart Card Alliance white paper, January 2007, http://www.smartcardalliance.org/resources/pdf/RFID_vs_RF-Enabled_Smart_Cards.pdf
The Right to Privacy, by Samuel Warren and Louis Brandies, Harvard Law Review 193 [1890], http://www.lawrence.edu/fast/BOARDMAW/Privacy_brand_warr2.html
Secure Identification Systems: Building a Chain of Trust, Smart Card Alliance white paper, March 2004, http://www.smartcardalliance.org/secure/reports/Secure_ID_Systems.pdf
Security Industry Association (SIA), http://www.siaonline.org/
Smart Card Technology: The Right Choice for REAL ID, Smart Card Alliance white paper, http://www.smartcardalliance.org/resources/pdf/The_Right_Choice_for_REAL_ID.pdf
Smart Card Technology in Healthcare: Frequently Asked Questions, Smart Card Alliance publication, May 2009, http://www.smartcardalliance.org/resources/pdf/Smart_Card_Technology_in_Healthcare_FAQ_FINAL_051509.pdf
Smart Cards and Biometrics in Privacy-Sensitive Secure Personal Identification Systems, Smart Card Alliance report, May 2002, http://www.smartcardalliance.org/secure/reports/Biometrics_and_Smart_Cards_Report.pdf
Smart.Gov, GSA smart card web site, http://www.smart.gov/
Smart! M2M – New Markets, New Opportunities, New Requirements, Giesecke & Devrient publication, http://www.gi-de.com/gd_media/media/documents/complementary_material/smart__newsletter/smart_issue1_2010.pdf
Smart M2M Module, Eurosmart, November 2009, http://www.eurosmart.com/images/doc/WorkingGroups/NewFF/Papers/m2m_whitepaper_versionfinale.pdf
Stanching Hospitals’ Financial Hemorrhage with Information Technology, J.Pesce, Health Management Technology, August 2003
Transportation Worker Identification Credential (TWIC), CDR David Murk (USCG) presentation, National Petroleum and Refiners Association, March 2010
Transportation Worker Identification Credential: An Overview of TWIC Reader Hardware and Card Application Specification, Walter Hamilton, IBIA, presentation, Smart Cards in Government Conference, October 2008
TWIC Reader Hardware and Card Application Specification, TSA, May 30, 2008, http://www.tsa.gov/assets/pdf/twic_reader_card_app_spec.pdf
The U.S. Electronic Passport Frequently Asked Questions, U.S. Department of State web site, http://travel.state.gov/passport/eppt/eppt_2788.html#Eleven
USB Implementer's Forum web site, http://www.usb.org
Smart Card Alliance © 2015 CSCIP Module 9 - Bibliography
12 FINAL - Version 5 – May 2015 For CSCIP Applicant Use Only
Using FIPS 201 and the PIV Card for the Corporate Enterprise, Smart Card Alliance white paper, October 2008, http://www.smartcardalliance.org/download/pdf/PIV_Corporate_Enterprise.pdf
Using Smart Cards for Secure Physical Access, Smart Card Alliance white paper, July 2003, http://www.smartcardalliance.org/secure/reports/Physical_Access_Report.pdf
2.6 Module 6/G – FIPS 201, PIV Card and Federal Identity Management2
2.6.1 Standards
This section lists the NIST standards and special publications and other standards referenced in Module 5/G that are relevant to FIPS 201 and Federal identity management.
ANSI INCITS 322 Information Technology, Card Durability Test Methods, ANSI, 2002
ANSI INCITS 378-2004, "Information technology - Finger Minutiae Format for Data Interchange," ANSI, 2004
FIPS 140-2, Federal Information Processing Standard Publication 140-2 (FIPS 140-2), Security Requirements for Cryptographic Modules, May 2001, http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
FIPS 199, Federal Information Processing Standard 199 (FIPS 199), “Standards for Security Categorization of Federal Information and Information Systems,” February 2004, http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf
FIPS 201-1, Federal Information Processing Standard Publication 201 (FIPS 201), Personal Identity Verification (PIV) of Federal Employees and Contractors, March 2006, http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf
ISO/IEC 7810, Identification Cards – Physical Characteristics
ISO/IEC 7816, Identification Cards – Integrated Circuit Cards
ISO/IEC 10373, Identification Cards – Test Methods
ISO/IEC 14443, Identification Cards – Contactless Integrated Circuit(s) Cards – Proximity Cards
NIST Interagency Report 6887 (NISTIR 6887), "Government Smart Card Interoperability Specification," Version 2.1, July 2003, http://csrc.nist.gov/publications/nistir/nistir-6887.pdf
NIST Interagency Report 7123 (NISTIR 7123), "Fingerprint Vendor Technology Evaluation 2003: Summary of Results and Analysis Report, NIST," June 2004, http://fpvte.nist.gov/report/ir_7123_summary.pdf
NIST Interagency Report 7452, (NISTIR 7452), "Secure Biometric Match-on-Card Feasibility Report," November 2007, http://csrc.nist.gov/publications/nistir/ir7452/NISTIR-7452.pdf
NIST Interagency Report 7477 (NISTIR 7477), "Performance of Fingerprint Match-on-Card Algorithms Phase II/III Report," May 21, 2009, http://fingerprint.nist.gov/minexII/minex_report.pdf
NIST Special Publication 800-53 (SP 800-53), "Recommended Security Controls for Federal Information Systems," August 2009, http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final-errata.pdf
NIST Special Publication 800-57 (SP 800-57, "Recommendation for Key Management," March 2007, http://csrc.nist.gov/publications/PubsSPs.html
2 Module 5/G is only available for the CSCIP/Government certification.
Smart Card Alliance © 2015 CSCIP Module 9 - Bibliography
13 FINAL - Version 5 – May 2015 For CSCIP Applicant Use Only
NIST Special Publication 800-73-3 (SP 800-73-3), "Interfaces for Personal Identity Verification (4 Parts)," February 2010, http://csrc.nist.gov/publications/PubsSPs.html
NIST Special Publication 800-63 (SP 800-63), "Electronic Authentication Guideline," December 8, 2008, http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf
NIST Special Publication 800-76-1, "Biometric Data Specification for Personal Identity Verification," (SP 800-76), January 2007, http://csrc.nist.gov/publications/nistpubs/800-76-1/SP800-76-1_012407.pdf
NIST Special Publication 800-78-2 (SP 800-78-2), "Cryptographic Algorithms and Key Sizes for Personal Identity Verification," (SP 800-78), February 2010, http://csrc.nist.gov/publications/nistpubs/800-78-2/sp800-78-2.pdf
NIST Special Publication 800-85 A-1 (SP 800-85 A-1), "PIV Card Application and Middleware Test Guidelines," March 2009, http://csrc.nist.gov/publications/nistpubs/800-85A-1/nist-sp800-85A-1.pdf
NIST Special Publication 800-85 A-1 (SP 800-85 B), "PIV Data Model Test Guidelines," July 2006, http://csrc.nist.gov/publications/nistpubs/800-85B/SP800-85b-072406-final.pdf
NIST Special Publication 800-87 (SP 800-87), "Codes for Identification of Federal and Federally-Assisted Organizations," April 2008, http://csrc.nist.gov/publications/nistpubs/800-87-Rev1/SP800-87_Rev1-April2008Final.pdf
NIST Special Publication 800-116 (SP 800-116), "A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)," November 2008, http://csrc.nist.gov/publications/nistpubs/800-116/SP800-116.pdf
Personal Computer/Smart Card (PC/SC) Specification, http://www.pcscworkgroup.com/
"PKI for Machine Readable Travel Documents Offering ICC Read-Only Access Version 1.1, published by the authority of the Secretary General, International Civil Aviation Organization, October 1, 2004, http://www.csca-si.gov.si/TR-PKI_mrtds_ICC_read-only_access_v1_1.pdf
RFC 2560, "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol (OCSP)," Internet Engineering Task Force (IETF), http://www.ietf.org/rfc/rfc2560.txt
RFC 4122, "A Universally Unique Identifier (UUID) URN Namespace," Internet Engineering Task Force, July 2005, http://www.ietf.org/rfc/rfc4122.txt
"Technical Implementation Guidance: Smart Card Enabled Physical Access Control Systems" (TIG SCEPACS), Physical Access Interagency Interoperability Working Group, Government Smart Card Interagency Advisory Board, July 30, 2004, http://fips201ep.cio.gov/documents/TIG_SCEPACS_v2.2.pdf
2.6.2 Policy Documents
This section lists the U.S. policy mandates and guidance documents that have been issued that are relevant to FIPS 201 and Federal identity management and that were referenced in Module 5/G.
"Acquisition of Products and Services for Implementation of HSPD-12," OMB Memorandum M06-18, June 30, 2006, http://www.whitehouse.gov/OMB/memoranda/fy2006/m06-18.pdf
"E-Authentication Guidance for Federal Agencies," OMB Memorandum M04-04, December 16, 2003, http://www.whitehouse.gov/OMB/memoranda/fy04/m04-04.pdf
"Electronic Signatures: How to Mitigate the Risk of Commercial Managed Services," OMB Memorandum M05-05, December 20, 2004, http://www.whitehouse.gov/omb/memoranda/fy2005/m05-05.pdf
Smart Card Alliance © 2015 CSCIP Module 9 - Bibliography
14 FINAL - Version 5 – May 2015 For CSCIP Applicant Use Only
Electronic Signatures in Global and National Commerce Act (the E-Sign Act), http://www.ftc.gov/os/2001/06/esign7.htm
"Federal Identity, Credential and Access Management (FICAM) Roadmap and Implementation Guidance," Version 1.0, Identity, Credential and Access Management Subcommittee (ICAMSC), Federal CIO Council, November 10, 2009, http://www.idmanagement.gov/documents/FICAM_Roadmap_Implementation_Guidance.pdf
FIPS 201 Evaluation Program - Supplier Policies and Procedures Handbook," Version 5.0.0, December 12, 2008, http://fips201ep.cio.gov/documents/Suppliers_Handbook_v5.0.0.pdf
Government Paperwork Elimination Act, http://www.cio.gov/documents/paperwork_elimination_act.html
"Implementation of Homeland Security Presidential Directive (HSPD) 12 – Policy for a Common Identification Standard for Federal Employees and Contractors," OMB Memorandum M-05-24, August 5, 2005, http://www.whitehouse.gov/omb/memoranda/fy2005/m05-24.pdf
"Personal Identity Verification Interoperability for Non-Federal Issuers," CIO Council, May 2009, http://www.idmanagement.gov/documents/PIV_IO_NonFed_Issuers_May2009.pdf
"Policy for a Common Identification Standard for Federal Employees and Contractors," Homeland Security Presidential Directive 12 (HSPD-12), August 27, 2004, http://www.idmanagement.gov/documents/HSPD-12.htm
"OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002," Office of Management and Budget (OMB) Memorandum M-03-22, September 26, 2003, http://www.whitehouse.gov/omb/memoranda_m03-22/
"Protection of Sensitive Agency Information," OMB Memorandum M06-06, June 23, 2006, http://www.whitehouse.gov/OMB/memoranda/fy2006/m06-16.pdf
"Shared Service Provider Repository Service Requirements," Federal Public Key Infrastructure Policy Authority, http://www.idmanagement.gov/fpkipa/documents/SSPrepositoryRqmts.pdf
"Streamlining Authentication and Identity Management within the Federal Government," OMB Memorandum, July 3, 2003, http://www.whitehouse.gov/OMB/inforeg/eauth.pdf
"X.509 Certificate and CRL Profile for the Common Policy," Version 1.1, Federal Public Key Infrastructure Policy Authority, July 8, 2004
X.509 Certificate Policy for the E-Governance Certification Authorities, http://www.idmanagement.gov/fpkipa/documents/EGovCA-CP.pdf
"X.509 Certificate Policy for the U.S. Federal PKI Common Policy Framework," Federal Public Key Infrastructure Policy Authority, http://www.idmanagement.gov/fpkipa/documents/CommonPolicy.pdf
2.6.3 Other References
This section lists other references used for Module 5/G.
"Access America: Reengineering through Information Technology," report of the National Performance Review and the Government Information Technology Services Board and Vice President Al Gore, February 3, 1997
"Authentication Mechanisms for Physical Access Control," Smart Card Alliance Physical Access Council white paper, October 2009
"Current Status – HSPD-12," December 1, 2009, www.idmanagement.gov/presentations/HSPD12_Current_Status.pdf
Smart Card Alliance © 2015 CSCIP Module 9 - Bibliography
15 FINAL - Version 5 – May 2015 For CSCIP Applicant Use Only
"Cybersecurity Efforts within the DoD," Bob Gilson, DMDC, presentation, Smart Cards in Government Conference, October 2009
"DoD Implementation of Homeland Security Presidential Directive-12," Inspector General, U.S. Department of Defense, Report No. D-2008-104, June 23, 2008, p. 38, http://www.dodig.osd.mil/Audit/reports/fy08/08-104.pdf
E-Government Act of 2002, http://www.gpo.gov/fdsys/pkg/PLAW-107publ347/content-detail.html
"Emergency Response Official Credentials: An Approach to Attain Trust in Credentials across Multiple Jurisdictions for Disaster Response and Recovery," Smart Card Alliance white paper, October 2008, http://www.smartcardalliance.org/pages/publications-emergency-response-official-credentials
"The Evolving Federal Public Key Infrastructure," Federal Public Key Infrastructure Steering Committee, Federal CIO Council, June 2000, http://www.idmanagement.gov/fpkisc/library/pki_brochure.pdf
Federal Public Key Infrastructure Policy Authority, http://www.idmanagement.gov/fpkipa/
Form I-9, OMB No. 1115-0136, Employment Eligibility Verification
GSA FIPS 201 Evaluation Program Approved Products List, http://fips201ep.cio.gov/apl.php
GSA USAccess web site, http://www.fedidcard.gov/
"HSPD-12: Defining a Federal PKI Framework," Judith Spencer presentation, Smart Cards in Government Conference, April 2006
"HSPD-12 Implementation Status Reports," OMB, http://www.whitehouse.gov/omb/e-gov/hspd12_reports/
"Levels of Authentication Brief," Smart Card Alliance Identity Council brief, March 2010, http://www.smartcardalliance.org/pages/publications-assurance-levels-overview-and-recommendations
The Comprehensive National Cybersecurity Initiative, http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative
NIST Cryptographic Module Validation Program (CMVP), http://csrc.nist.gov/groups/STM/cmvp/index.html
NIST National Voluntary Laboratory Accreditation Program (NVLAP), http://ts.nist.gov/standards/accreditation/index.cfm
NIST PIV Program web site, http://csrc.nist.gov/piv-program/
NIST Personal Identity Verification Program (NVIVP), http://csrc.nist.gov/groups/SNS/piv/npivp/index.html
The Open Government Initiative, http://www.whitehouse.gov/open/
"Physical Access Control: An Overview of the Impact of FIPS 201 on Federal Physical Access Control Systems," Smart Card Alliance white paper, September 2005, http://www.smartcardalliance.org/pages/publications-fips-201-impact
"Physical Access Control System Migration Options for Using FIPS 201-1 Compliant Credentials," Smart Card Alliance Physical Access Council white paper, September 2007, http://www.smartcardalliance.org/pages/publications-pacs-migration-options Privacy Act of 1974, http://www.justice.gov/opcl/privstat.htm
Smart Card Alliance © 2015 CSCIP Module 9 - Bibliography
16 FINAL - Version 5 – May 2015 For CSCIP Applicant Use Only
"The Realized Value of the Federal Public Key Infrastructure," Identity, Credential and Access Management Sub Committee (ICAMSC), January 29, 2010, http://www.idmanagement.gov/documents/RealizedValueFederalPKI.pdf
"Transportation Worker Identification Credential (TWIC), John Schwartz, TSA, presentation, CTST 2008, May 2008
"Transportation Worker Identification Credential: An Overview of TWIC Reader Hardware and Card Application Specification," Walter Hamilton, IBIA, presentation, Smart Cards in Government Conference, October 2008
"TWIC Reader Hardware and Card Application Specification," TSA, May 30, 2008, http://www.tsa.gov/assets/pdf/twic_reader_card_app_spec.pdf
"Using FIPS 201 and the PIV Card for the Corporate Enterprise," Smart Card Alliance white paper, October 2008, http://www.smartcardalliance.org/pages/publications-piv-corporate-enterprise
"Using PIV for Network Access," Anna Fernezian, ActivIdentity, presentation during Using PIV for Physical and Logical Access Workshop at Smart Cards in Government Conference, October, 2008
"What Makes a Smart Card Secure?," Smart Card Alliance white paper, October 2008, http:/www.smartcardalliance.org
2.7 Module 6 and Module 6/P – Smart Card Usage Models: Payments and Financial Transactions3
American Express ExpressPay, http://www.americanexpress.com/expresspay
American Public Transportation Association (APTA) web site, http://www.apta.com/
Accepting Contactless Payments: A Merchant Guide, Smart Card Alliance Contactless and Mobile Payments Council white paper, July 2007, http://www.smartcardalliance.org/download/pdf/Merchant_Implementation_Guide_WP_20070822.pdf
APTA Asia Fare Collection Study Mission, Ging Ging Fernandez, Booz Allen Hamilton, presentation, 2009 Payments Councils Summit, February 24, 2009
APTA Manual of Standards and Recommended Practices for Universal Transit Fare Cards, http://www.aptastandards.com/PublishedDocuments/PublishedStandards/UTFS/tabid/191/Default.aspx
Banking Payments Pilot: MTA New York City Transit, Steve Frazzini, NYC Transit, presentation, 2008 Payments Councils Summit, February 28, 2008
Barclaycard OnePulse card web site, http://www.barclaycard-onepulse.co.uk
Card Payments Roadmap in the U.S.: How Will EMV and Contactless Impact the Future Payments Infrastructure?, Smart Card Alliance white paper, February 2011
Co-Branded Multi-Application Contactless Cards for Transit and Financial Payment, Smart Card Alliance Transportation Council white paper, February 2008, http://www.smartcardalliance.org/download/pdf/Co-Branded_Multi-Application_Contactless_Cards_WP.pdf
Common Electronic Purse Specification (CEP),
http://www.irisa.fr/vertecs/Equipe/Rusu/FME02/functionalrequirements6-3.pdf
Contactless & Mobile Payments, Sandy Thaw, Visa presentation, 2009 Payments Councils Summit, February 24, 2009
3 Module 5 is only available for the general CSCIP certification program.
Smart Card Alliance © 2015 CSCIP Module 9 - Bibliography
17 FINAL - Version 5 – May 2015 For CSCIP Applicant Use Only
Contactless Payments: Frequently Asked Questions, Smart Card Alliance Contactless and Mobile Payments Council publication, February 2007, http://www.smartcardalliance.org/resources/pdf/Contactless_Payments_FAQ.pdf
Discover, http://www.discovernetwork.com/discovernetwork/discovernetwork.html
Dynamic Passcode Authentication: Overview Guide, Visa publication, http://www.visaeurope.com/documents/aboutvisa/dynamicpasscodeauthentication.pdf?d=070207
Electronic Fare the Future for UTA, UTA press release, January 2, 2009, http://www.rideuta.com/mediaRoom/pressReleases.aspx
The Electronic Purse, by John Wenninger and David Laster, Federal Reserve Bank of New York, April 1995, http://www.newyorkfed.org/research/current_issues/ci1-1.pdf
EMVCO web site, http://www.emvco.com
EMVCo: Creating Global Standards for Proximity Payments, Brian Byrne (EMVCo) presentation, Smart Card Alliance Annual Conference, May 18, 2010
EMVCo Common Contactless Terminal Roadmap, EMVCo General Bulletin No. 43, First Edition, November 2009, http://www.emvco.com/news.aspx?id=46
End-to-End Encryption and Chip Cards in the U.S. Payments Industry, Smart Card Alliance Contactless and Mobile Payments Council position paper, September 2009, http://www.smartcardalliance.org
Evolution of E-payments in Public Transport--Singapore's Experience, Silvester Prakasam, LTA, Journeys, Nov. 2009, http://www.lta.gov.sg/corp_info/doc/Singapore_Saikou_080901.pdf
Fraud in the U.S. Payments Industry: Fraud Mitigation and Prevention Measures in Use and Chip Card Technology Impact on Fraud, Smart Card Alliance Contactless and Mobile Payments Council white paper, October 2009, http://www.smartcardalliance.org
A Guide to EMV, Version 1.0, EMVCo white paper, May 2011, http://www.emvco.com/best_practices.aspx?id=217
Hong Kong Octopus Card web site, http://www.octopuscards.com/enindex.jsp
Intelligent Transportation Society of America, http://www.itsa.org/
International Parking Institute, http://www.new.parking.org/
Issuer and Merchant Best Practices: Promoting Contactless Payments Usage and Acceptance, Smart Card Alliance Contactless and Mobile Payments Council white paper, July 2009, http://www.smartcardalliance.org
ITSO web site, http://www.itso.org.uk/
JCB web site, http://www.jcbusa.com/
MasterCard PayPass, http://www.mastercard.com/us/personal/en/aboutourcards/paypass/index.html, http://www.paypass.com/performance_insights.html
The Mobile Payments and NFC Landscape: A U.S. Perspective, Smart Card Alliance Payments Council white paper, September 2011, http://www.smartcardalliance.org/pages/publications-the-mobile-payments-and-nfc-landscape-a-us-perspective
National Parking Association, http://www.npapark.org/
NFC and Transit, Smart Card Alliance Transportation Council white paper, February 2012, http://www.smartcardalliance.org/pages/activities-councils-transportation
OneSMART Authentication, MasterCard, https://mol.mastercard.net/mol/molbe/public/login/ebusiness/smart_cards/one_smart_card/biz_opportunity/cap/index.jsp
Smart Card Alliance © 2015 CSCIP Module 9 - Bibliography
18 FINAL - Version 5 – May 2015 For CSCIP Applicant Use Only
Open Payment Standards Approach to Fare Payment: NYCT Pilot Phase II Update, Steve Frazzini, MTA NYC Transit, presentation, Payments Summit 2009, February 25, 2009
Open Standard for Public Transit (OSPT) Alliance, http://www.osptalliance.org/
Over One Million Barclays Customers Bank Online with Gemalto's Solution in the UK, Gemalto press release, July 9, 2008, http://www.gemalto.com/php/pr_view.php?id=367
PayPass Update: MasterCard PayPass Consumer Benchmark Survey, 2008, Burt Wilhelm presentation, 2009 Payments Councils Summit, February 25, 2009
Serving Unbanked Consumers in the Transit Industry with Prepaid Cards, Smart Card Alliance Transportation Council white paper, June 2008, http://www.smartcardalliance.org/download/pdf/Serving_Unbanked_Transit_Riders_White_Paper.pdf
Smart Card Handbook, Wolfgang Rankl and Wolfgang Effing, Fourth Edition, John Wiley and Sons, Ltd., 2010
Smart Card Standards 101, William Gostkowski presentation, CTST 2009 Smart Card Technology and Payments Applications Workshop, May 4, 2009
Smart Cards and Parking, Smart Card Alliance Transportation Council white paper, January 2006, http://www.smartcardalliance.org/secure/reports/SmartCards_Parking_FINAL_123005.pdf
Smart Cards and Payments: Technology, Standards and Transaction, Gilles Lisimaque presentation, Smart Card Alliance webinar, November 18, 2008
Transit and Contactless Financial Payments: New Opportunities for Collaboration and Convergence, Smart Card Alliance Transportation Council white paper, October 2006, http://www.smartcardalliance.org/download/pdf/Transit_Financial_Linkages_WP.pdf
Transit and Contactless Open Payments: An Emerging Approach for Fare Collection, Smart Card Alliance Transportation Council white paper, November 2011, http://www.smartcardalliance.org
Transit and Retail Payment: Opportunities for Collaboration and Convergence, Smart Card Alliance Transportation Council white paper, October 2003, http://www.smartcardalliance.org/secure/reports/Transit-Retail_Pmt_Report.pdf
Transit Payment System Security, Smart Card Alliance white paper, August 2008, http://www.smartcardalliance.org/download/pdf/Transit_Payment_System_Security_WP.pdf
TransLink Program Update, David Weir, Metropolitan Transportation Commission, presentation, 2009 Payments Councils Summit, February 25, 2009
UTA Electronic Fare Collection System: Development Progress Report, Craig Roberts, UTA, presentation, 2009 Payments Councils Summit, February 25, 2009
Verband Deutscher Verkehrsunternehmen (Association of German Transport Undertakings – VDV) web site, http://www.vdv.de/en/index.html.
Visa payWave, http://usa.visa.com/personal/cards/paywave/index.html, http://usa.visa.com/personal/cards/paywave/issuers_offering.html, http://usa.visa.com/paywave-merchants/
Visa TAP Co-Branded Card, Jane Matsumoto, LACMTA, presentation, 2009 Payments Councils Summit, February 24, 2009
Washington Metropolitan Transit Authority (WMATA) SmarTrip, http://www.wmata.com/fares/smartrip/
2.8 Module 7 – Other Topics
Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions, Smart Card Alliance FAQ, July 2006, http://www.smartcardalliance.org
Smart Card Alliance © 2015 CSCIP Module 9 - Bibliography
19 FINAL - Version 5 – May 2015 For CSCIP Applicant Use Only
Government Smart Card Handbook, General Services Administration, February 2004, http://www.smartcardalliance.org/resources/pdf/smartcardhandbook.pdf
HIPAA Compliance and Smart Cards: Solutions to Privacy and Security Requirements, Smart Card Alliance white paper, September 2003, http://www.smartcardalliance.org
RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards, Smart Card Alliance white paper, January 2007, http://www.smartcardalliance.org
2.9 References for Standards, Specifications and Industry Associations
3GPP, http://www.3gpp.org
ACT Canada, http://www.actcda.com/
American Public Transportation Association (APTA), http://www.apta.com/
American National Standards Institute (ANSI), http://www.ansi.org
ANSI INCITS, http://www.incits.org/
Common Criteria, http://www.commoncriteriaportal.org/
EMVCO, http://www.emvco.com
European Telecommunications Standards Institute (ETSI), http://www.etsi.com
Eurosmart, http://www.eurosmart.com
GlobalPlatform, http://www.globalplatform.org/
GSMA, http://www.gsmworld.com
IATA, http://www.iata.org/
ICAO, http://www.icao.int/mrtd
Initiative for Open Authentication, http://www.openauthentication.org/
ISO/IEC, http://www.iso.org
Liberty Alliance, http://www.projectliberty.org/
Movement for the Use of Smart Cards in a Linux Environment (MUSCLE), http://www.musclecard.com/
NACHA - The Electronics Payments Association, http://www.nacha.org/
National Association of Campus Card Users, http://www.naccu.org/
Near Field Communication (NFC) Forum, http://www.nfc-forum.org
NIST Computer Security Division, http://csrc.nist.gov
NIST FIPS publications, http://csrc.nist.gov/publications/PubsFIPS.html
NIST MINEX II, http://fingerprint.nist.gov/minexII/
NIST PIV web site, http://csrc.nist.gov/groups/SNS/piv/index.html
Open Security Exchange (OSE), http://www.opensecurityexchange.org/
Open Standard for Public Transport (OSPT) Alliance, http://www.osptalliance.org/
PC/SC Work Group, http://www.pcscworkgroup.com/
Security Industry Association (SIA), http://www.siaonline.org/
Smart Card Alliance © 2015 CSCIP Module 9 - Bibliography
20 FINAL - Version 5 – May 2015 For CSCIP Applicant Use Only
Smart Card Alliance, http://www.smartcardalliance.org
USB Implementers Forum, http://www.usb.org/
Smart Card Alliance © 2015 CSCIP Module 9 - Bibliography
21 FINAL - Version 5 – May 2015 For CSCIP Applicant Use Only
3 Acknowledgements
This bibliography was developed by the Smart Card Alliance for the Certified Smart Card Industry Professional (CSCIP) program. Publication of this document by the Smart Card Alliance does not imply the endorsement of any of the member organizations of the Alliance.
About LEAP and the CSCIP Program
The Smart Card Alliance Leadership, Education and Advancement Program (LEAP) was formed to: offer a new individual members-only organization for smart card professional; advance education and professional development for individuals working in the smart card industry; manage and confer, based on a standardized body-of-knowledge examination, the Certified Smart Card Industry Professional (CSCIP) designation.
LEAP members who wish to achieve certification as experts in smart card technology may do so at any time. Certification requires that LEAP members meet specific educational and professional criteria prior to acceptance into the certification program.
A series of educational modules forming the CSCIP certification body of knowledge has been developed by leading smart card industry professionals and is updated regularly. These educational modules prepare applicants for the multi-part CSCIP exam administered by the Smart Card Alliance. The exam requires demonstrated proficiency in a broad body of industry knowledge, as opposed to expertise in specialized smart card disciplines. Applicants must receive a passing grade on all parts of the exam to receive the CSCIP certification.
LEAP membership in good standing is required to sustain the certification, and documentation of a required level of continuing education activities must be submitted every three years for CSCIP re-certification.
Additional information on LEAP and the CSCIP accreditation program can be found at http://www.smartcardalliance.org.