New Smart Card Registration Authority

Issue 25 – March 2011

The appointment of a worldwide Smart Card Registration Authority for smart card authentication protocols conforming to the ISO/IEC 24727 Standard will ensure greater interoperability and security in smart card technology. The authority offers both developers and adoptersof smart card technology internationally a world first – the ability to publicly register authentication protocolsunder a single ISO/IEC registration authority.

'There are perhaps thousands of variants on hundreds of smart card authentication protocols in use globally,' says Graeme Freedman, a leading international expert in smart card and related technology and the ISO editor of the Standard. 'For the first time, ISO/IEC 24727 provides a standardised, but flexible language for explicitly describing these authentication protocols. The new registration authority further improves interoperability by providing a methodology for rapidly communicating the details of both existing and new authentication protocols via its website.'

Smart card technology plays a vital role in establishing identity so that services such as healthcare, banking, and transport go to the right person. Smart cards are also used by governments and by public and private sector organisations for identification in critical areas such as security access and border controls.

ISO/IEC 24727 provides a globally harmonised approach to the widely recognised need for consistency in the way smart card technology – specifically, their crucial authentication protocols – are standardised. The new registration component is contained in Part 6 of the Standard. SAI Global in Australia has been appointed as the ISO/IEC 24727-6 Smart Card Registration Authority.

From now on, there is a central repository where any authentication protocol can be publicly registered. This will enable the specific authentication protocol to be explicitly referenced by its unique ISO/IEC compliant object identifier (OID).

Before ISO/IEC 24727 and the new registration authority, most smart card authentication protocols were either proprietary, not publicly documented, or there was no definitive publicly available reference document for them. Minor protocol differences can cause major interoperability issues.

This new approach has been long awaited and is welcomed by both developers and adopters of smart card technology. It has been designed to provide greater extensibility, efficiency, and interoperability for smart card schemes – with associated benefits to the entire international community.

This is especially the case for governments and other major organisations that are looking for ways to interoperate between local, national, and international smart card schemes in an increasingly globalised world.

Because new authentication protocols can be registered in real time, the registration authority also opens the door for the latest and most innovative technology to come to market sooner.

For more information visit the Smart Card Registration Authority ( website.

Related Standard

  • ISO/IEC 24727-6:2010 Identification cards – Integrated circuit card programming interfaces – Part 6: Registration authority procedures for the authentication protocols for interoperability

Published in business and ICT.