The “Open Smart Card Infrastructure for Europe” (OSCIE) provides the basic information and common specifications considered necessary to accelerate mass deployment and secure implementation of smart cards in e-services across Europe. It represents the results of one year preparation and two years intensive collaboration by the eEurope Smart Card (eESC) Charter community, an industry and government driven initiative following the European Commission announcement in December 1999 of the eEurope 2002 Action Plan where smartcards is an explicit action line. This management summary describes the context, main goals, achievements and recommendations of eESC OSCIE. Current activities and plans to continue and extend OSCIE, implement wide scale deployments, and achieve international integration in e-authentication and other applications of secure electronic identity via concerted European standardization and continued joint harmonization with Japan and USA are also outlined.

The eEurope Smart Card (eESC) Charter (Smart Cards for Secure Electronic Access, April 2000) is the statement of expectations and commitment agreed by the Smart Card Community to help bring the benefits of the information society to all Europeans by means of mass deployment of smart cards across Europe. The Charter was developed through an open process facilitated by the European Commission DG Information Society and subsequently its realization entrusted to a novel temporary structure comprised of a central steering group and groups of voluntary experts (Trailblazers and Working Groups) each focused on specific goals. The eESC Action Plan for removing barriers to mass deployment was established in December 2000 as the eEurope Smart Cards Common Requirements and the results of the collaboration published two years later as the Open Smart Card Infrastructure for Europe (OSCIE). The entire process was a model of progressive change management. Important ongoing activities remain to be completed especially in the areas of implementation, standardization, dissemination and international harmonization.

Clear collaborative targets and principles framed according to the best-in-class project management practice governed the development of OSCIE and other actions:

eESC Constituency and Communications

An active group of over 250 participants supported by an additional 1000 observers participated in the eESC Work. The active participants were from diverse business and professional backgrounds including Smart Card Issuers (both government and private sector), Smart Card Industry partners, Smart Card Industry Associations, Smart Card Manufacturers, PKI authorities, Consumer Associations, Universities, and consultancy companies. Communication was conducted in face-to-face meetings and electronically via mail reflectors provided by CEN/ISSS, via the general www.eeurope-smartcards.org website provided by ETSI, and via websites established by specific Trailblazers eg Public identity (TB1), MultiApplication (TB7). Additionally information on Contactless Cards (TB6), Protection profiles and Security Certification (TB3) was made available via the Eurosmart website.
This was supported by a quarterly electronic newsletter and press-releases at important mile-stones. The 6-monthly Open Steering Committee Meetings and the bi-monthly management meetings were organized by EUROSMART. The close collaboration with the European Standardization organizations and premier Smart Card Associations is an important feature of this work and has enabled strong links to critical areas of expertise and existing constituencies. For example it has enabled effective dependence on and integration with the valuable related work in the CEN/ISSS Workshops: FINREAD and Embedded FINREAD (TB4), FASTEST (TB9), eURI (TB7 and TB8), and E-Sign Area K (TB2, TB12 and Global Interoperability Framework Group).

Information exchange/integration with specific IST and eTEN projects brought important advantages and quality information to the OSCIE. This included information from closely related projects on contactless cards (SINCE, Smart Meiji), ePayment (Smart@pay), Advanced Electronic Signature (SmartIS) and public electronic identity (Euclid). A full day of the two-day Madrid Open Steering Meeting in June 2002 was dedicated to mutual sharing of results with representative IST smart card research projects then nearing completion. The clustering report and recommendations are included as an Annex in the OSCIE.

Several CD compilations of the earlier drafts of OSCIE (March 2002, November 2002) were prepared and distributed at various conferences and open Steering Committee Meetings. The feedback received from all quarters including substantive insightful inputs from NICSS Japan has been taken into account and resulted in the final version of OSCIE issued in February 2003.

The structure and approach enabled the eESC participants to effectively research the current status, diagnose the barriers, and develop the requirements, specifications, and approaches to practical solutions contained in the OSCIE.

OSCIE

OSCIE is intended to promote the establishment of an open end-to-end Smart Card Infrastructure which enables interoperability between different smart card communities at the level of smart cards, information systems and data.
’Open’ because OSCIE is multi-application, multi-platform and multi-vendor and applicable in each and every present and future member state. The objective is to build user’s trust and confidence by encouraging Smart Card and smart card systems interoperability, supporting innovative applications and services for secure multi-application cards technology. OSCIE comprises over 50 individual parts and is organised into 11 distinct volumes all in all covering more than 2000 pages in print.

	application white papers and background data on deployment of services for e-government, epayments, public transport and healthcare.
	user requirements best practice manual
	global framework for identification, authentication and electronic signature (IAS) interoperability
	Public Electronic Identity, Electronic Signature and PKI
	Practical multi-party multi-application business models and criteria, social and legal pre-requisites, and technology implementation guidelines
	Contactless Technology overview, status and developments
	Generalised Card Reader applicable to multiple e-services
	Security certification and protection profiles
	Referenced standards, regional specifications and industry agreements
	Glossary of terms
	Implementation and deployment boosters i.e. description of existing eESC demonstrators in cooperative introduction of national public identity and city based e-services cards (IST project eEpoch) and pan European Social Services entitlement (Netc@rds)

Annexes provide additional information on OSCIE development, deployment statistics, related R&D work and general tutorial documentation. A management summary of the GIF contents and underlying concepts (Smart card community, e-services community, 3-layer architecture, functional components and interoperability adaptors, mode of operation) is provided in the OSCIE preface.

OSCIE and updates are available from www.eeurope-smartcards.org and from www.eurosmart.com.

Standardization of OSCIE

With the completion of OSCIE, a CEN/ISSS standardisation of selected parts of the specification has been triggered together with a concerted Global Standards Collaboration Forum with Japan and USA on a formal ISO/IEC standardization of common eAuthentication elements. The OSCIE parts being submitted to a CEN/ISSS WS for a CWA qualification process are principally the GIF Framework, Public identity (TB 1) whitebook, multi-application (TB 7) architecture and the user requirements (TB 8) Best Practice Manual design guidelines relating to IAS. It is envisioned that during a second phase the resulting CWA will be converted into a recognised European Standard. Discussions with CEN/TC224 as the relevant body are ongoing.

Because a number of other OSCIE related documents already have a CWA status or are expecting one, the maintenance of OSCIE for the near future is in this way reasonably assured.

Proof of Concept for OSCIE

To prove the validity of the OSCIE produced documentation including the scaling capabilities for mass deployment two demonstrators (eEpoch and Netc@rds) have been initiated. The eEpoch project, co-funded by the European Commission DG INFSO IST programme, went live in November 2002. It focuses on a detailed elaboration of the OSCIE interoperability specifications and an intensive information exchange on the results of implementation under construction at 7 sites for applications incorporating use of identification, authentication and digital signature (IAS) as well as from its university led Action Research Program. eEpoch will not only demonstrate but also be the nucleus for the national roll-outs of eGovernment cards in a number of Member States. By doing so eEpoch sites will be carrying the torch for OSCIE.

The Netc@rds project aims to replace the European health insurance entitlement paper-form (E111, E128) by electronic forms stored in a health insurance smart card or downloaded from a server. Netc@rds is co-funded by the European Commission DG INFSO e-TEN programme. Phase A on “Preparation of the Business Plan and Market Validation” will be completed in 2003. Initial deployment will be conducted in Phase B during 2004-5.

eESC Recommendations

OSCIE as endorsed by the final eESC Open Steering Committee Meeting (Brussels, December 2002) identified some specific issues and in certain cases proposed detailed recommendations some of which are highlighted in this brief summary. Not all of these have received unanimous support and if so this is clearly indicated.

Key OSCIE Outputs

	unanimous set of integrated specifications describing the eESC recommendations for pan-European interoperable implementations of identification, authentication and electronic signature functionalities and technologies.
	unanimous set of clear international agreements (recognized by Common Criteria Board) for security certifications and mutual recognition of smart card protection profiles and system evaluations
	current context and recommended business model and technology provisions required for multi-party multi-application smart cards (contact and contactless)
	a Best Practices Manual containing a wide ranging set of recommendations on User requirements for system interfaces, responses, transaction timing, icons, animations, secure access to card data / final content and card information roll-back facilities according to card personalization rules to ensure privacy and trust.

Other Identified Issues and areas of required additional Work

	Legal (Vol.1 Part 2-1a): there is no legal framework in Europe to govern the 'coming together' of multiple functions in one multi-party multi-application card. Legal limitation of liability in this situation could be the way to improve the business cases.
	eGovernment (Vol.1 Part 1-2): A large programme to encourage enterprises in all members states to use smart cards to authenticate and e-sign over internet B2A applications is strongly recommended to facilitate management of the enterprises and secure the relationships between them and the administrations.
	Standards: differences between EMV and ISO/IEC 7816 although not great, means that card and product certification will be blocked when the item to be certified conforms to one spec or standard, and the scheme mandates conformance with the other spec or standard.
	e-€uro (Vol. 1 Part 2-1b): business model investigation and genuine impact assessment is required and is planned to be conducted by TB5 to ensure the eEuro concept is not hampered by the knee-jerk “no-business case” reasoning in particular now that the first ePurse schemes are beginning to demonstrate profitability.
	Transport 1 (Vol.1 Part 3-1): The EU must support strongly the deployment of multi-party multi-application smart cards for eGovernmental e-applications combined with the T(Transport)-Smart Card for passenger transport systems in all European urban areas.
	Transport 2 (Vol.1 Part 3-1) The Global Interoperability Framework (GIF) for pan- European interoperability has been focused on the functionality of end user identification, authentication and digital signature. These results are not applicable in general for transport - interoperability in transport covers more issues.

Relevance to eEurope2005 and FP6

Other possible activities envisioned by the eESC participants in the context of FP6 and eEurope2005 include encouraging spin off from and assessment of influence on competitiveness, e-services implementation, socio-economic impact, and emerging pervasive networked technologies e.g.

	identify, establish, monitor and apply citizen centric and business metrics for the smart cards value add in the implementation of the user friendly information society and industry competitiveness
	improve the socio-economic impact of smart card based technology on citizen’s life
	apply knowledge management and business models approaches to business case development
	build on results of proposals such as RESET (Smart card technology roadmaps) and RAPID (Privacy and electronic identity) to focus on the future generation of technologies in which computers and networks will be integrated into the everyday environment, rendering accessible a multitude of services and applications through easy-to-use human interfaces.
	build on the extensive range of practical e-services and realistic combinations of multi-applications which can be mounted on transport cards and/or city cards to deliver applications that provide benefit to citizens and demonstratively improve their quality of life.

Future

The eEurope2005 collaboration in smart cards will be determined at the final eESC Public Seminar in Athens, 5-6 June 2003. Discussions are currently underway in each of the Trailblazers and in the other forums (IST eEpoch. eTEN Netc@rds, Porvoo Group of Member State Government bodies active in national electronic ID cards).

The main future focus emerging from the December 2002 Open Steering Committee Meeting is to step from removing the barriers to actual support and R&D for mass deployment and practical usage. In a certain sense it is agreed that paper work is the easy part … the challenges of implementation and deployment must be met or else the work has not been successful. eEpoch and Netc@ards are there but more implementation programs are needed especially in the domain of future coordination mechanisms similar to the Smart Card Charter.

A Draft Mission for a continuation program eESC2 has been proposed.

“Stimulate mass deployment of smart cards in Europe and promote the use of smart cards by European Citizens and organizations by contributing to the realization of a pan-European Open Smart Card interoperable infrastructure which demonstratively meets the requirements for trust, convenience and security and where practicable conforms to international standardization”.

The eESC achievements and proposed new goals/mission as described above are directly in line with key objectives identified in the eEurope 2005 program and FP6 documentation e.g.

It is a permanent and challenging task for the whole of the Smart Card Charter community and interested parties to keep the network alive and in function to address in a cooperative and coordinated way the challenges of both R&D and deployment in the smart card domain. The common theme and objective is to secure benefits and access to the information society for all European Citizens.