Department for Work and Pensions


From business case to procurement - the complete National Smart Card Project archive.

only search SCNF
 


Strategy Formulation
Planning

Are there different types of smart cards, and how should we choose which one is right for us?

Smart cards contain information that in order to be useful needs to be read by some sort of device and thereby gaining access to a display device or a network. There are two ways of doing this. Cards can either be plugged into, and therefore make physical contact with a reader, commonly referred to as a card terminal, or they can be read using RF radio frequencies. The way a smart card can be read is a key smart card differentiator:
  • Contact smart cards - are read when the reader contacts a small gold chip on the front of the card.
  • Contactless smart cards - are read via an antenna, eliminating the need to insert and remove the card by hand. Once such a card is in close proximity to a reader receiver, the card will begin communicating with it. Contactless cards can be used in applications in which card insertion/removal may be impractical or in which speed is important, for example almost all smart cards used for transport user applications are contactless - using a contact card would seriously slow down the loading of a bus.

Some cards ("hybrids) have two chips imbedded in them, one of each type, and there are now "Dual Interface Cards" that have one chip which can function either as contact or contactless, or both for different applications. Other key card differentiators are related to their capacity to hold information and their ability to process information or not. Some cards (memory) have a similar function to a floppy disc, they just store information, and others (microprocessor) are able to process information and run small programmes, such as Java Applets on contact cards.

What standards should we take into account for a smart card scheme?

WP3-03 - "Applicable Standards" focuses on this issue. It says: "Technical standards and operating rules are necessary to allow local authorities to purchase cost-effectively and with confidence that they will not be locked in to a restricted supply situation or implement systems that will become obsolete. Common sets of standards and rules are important to define and enable interoperability between local authority systems across the UK where such interoperability is felt to be desirable. Standards are needed as base level building blocks for the development of products and services; they are not detailed specifications. This is to encourage competition, diversity of design and new initiatives among suppliers. The balance between generality and detailed specification in standards is one which is difficult to achieve and different standards take different approaches. Nevertheless, a standard is not normally a specification." It goes on to describe those standards that apply to local authority smart card schemes.

WP3-02 - "Interoperability within the local authority sector" explains the need for standards in achieving interoperability. It says: "Interoperability requires both technical and business interoperability. The former can be derived from using common technical standards and specifications.."

WP3-10 - "Routemap Overview" offers a number recommendations related to standards including "The use of standards is highly desirable so as to avoid becoming locked in to any particular supplier and to ensure interoperability of services. In government work, where formal procurement takes place, standards should be mandated."

WP7-11 - "Analysis of Potential for Federating Identities" deals with the issue of standards compliance in this context.

WP9-03m - "Standards" is part of the NSCP Starter Pack and provides guidance for the use of standards at the implementation level.

What hardware and software is required and what products and services are available from which suppliers?

Depending on how your Local Authority chooses to implement their Smart card scheme, the quantity of hardware and software can vary. If the scheme is deployed as per the recommended guidelines there will be specific hardware required for each stage, for example: Database Server (Cardholder database), Web Server (National Smartcard website), Service Point outlets (Enrolment application, website), Smart card production bureaux (Print and Perso).

The National Smart Card Project Starter Pack will function effectively with different hardware, such as servers, Smart card readers and TWAIN compliant imaging devices. Smart card printers (Print and Perso) will require some tailoring of the software. Brands used during development and testing included: Microsoft Windows XP, 2000 Server, Compaq (Servers and clients), Fargo (Smart card printer), Orga (Smart card readers), Hewlett Packard and Logitech (TWAIN compliant imaging devices).

How can we benefit from the experience gained and investments made by other local authorities in smart card schemes?

Local authorities that have already been involved in planning and implementing smart card schemes are sources of enormous amounts of knowledge that could be valuable to other local authorities. The value may lie in general lessons learned but it could also be in the form of relevant products that have been developed. A local authority that uses a particular library system may have developed a smart card interface that could be used by other local authorities. Costly duplication could be avoided. Any local authority considering embarking on a smart card scheme should therefore initially consider joining an existing e-government partnership that is involved in smart cards, or even forming one, and identifying those local authorities that have or may have created relevant values.

WP2-01 - "Business Case including social, political and commercial considerations" - in Section 3 describes the background to smart card use, some multi -application schemes.

WP9-02 - a market research report, list some of the local authority smart card schemes that were in progress in mid-2003.

WP5-05 - lists central government smart card schemes.

WP7-04 - describes existing smart card with e-purse schemes.

What should be the business objectives of the scheme, and how should we prepare a business case?

The whole of the business case section of the National Smart Card Scheme was devoted to addressing these issues.

WP2-01 - "Business Case including social, political and commercial considerations" - covers the subject in broad terms. It says "Smart cards have, for some time, offered a potential way of improving the delivery of services in a number of sectors. With the advent of widely available, lower priced, high capability cards, this potential is now beginning to be realised. Analysis of existing deployments shows that large schemes have both the capacity to address service delivery issues, and the potential to do this in a way that the investment can be recouped over a time period which makes schemes sustainable.

WP2-03 - consists of a spreadsheet and a report "Financial Model - Assumptions and Commentary" that illustrates in details the elements of cost and revenue that should be built into smart card scheme financial models. It says "This document accompanies the Financial Model, which is presented as a spreadsheet. It highlights a number of assumptions and considerations that should be well understood before using the spreadsheet model. It can also be used for reference when inputting data to the model.

WP2-04 - "Financial report on implementation set-up costs" says: "This document sets out the basic costs of an "entry level" local authority instigated multi-application smart card scheme. It is designed to inform local government decision makers and strategists of the cost involved for initiating a local scheme to the point that a single card can be issued to citizens for access to a "typical" range of local services. The selection of card applications is intended to be indicative rather than prescriptive, and is based upon information gathered from consultation and research conducted within the National Smart Card Project.

WP2-05 - "Business Models" provides a strategic business model approach, discusses options facing individual local authorities and sets out a practical business model approach for local authority instigated multi-application smart card schemes.

WP3-01 - "Considerations for Multi Application Multi Sector Smart Cards" describes policy issues.

WP4-08 - "Sources of Help and Information" provides valuable sources related to business case development assistance.

WP6-01 - "Commercial applications" considers the business case for private sector involvement.

What are the key legal issues we should take into account for our smart card scheme?

The Legal and Data Protection section of the National Smart Card Project deals in detail with legal issues, the main ones being indicated by the following report subject matter:

  • WP8-01 - "Financial Services Regulation
  • WP8-02 - "Card Governance"
  • WP8-03 - "Securities Issues, incorporating electronic signatures, PKI and certification issues
  • WP8-04 - "Information Law, incorporating Data Protection Toolkit"
  • WP8-05 - "Public Procurement Regulations"
  • WP8-07 - "Corporate Structures"
  • WP8-08 - "Risk Register"
  • WP8-09 - "Commercial Conditions of Contract"

Are there data protection issues related to smart card schemes?

E-Government policy recognises the need to safeguard citizens' rights in respect of Data held about them. There could be a complex web of relationships involved in a Smart Card Scheme. A Card Issuer needs to establish the data protection relationships involved in a Smart Card Scheme and deal with these appropriately by contracts with Data Processors or contracts or protocols with others, ensuring at the same time that Data Subjects are aware which Data Controllers Process their information. WP8-04 - "Data Protection and Information Law" deals with this subject in detail.

Data protection is also taken into account in WP7-11 - "Analysis of Potential for Federating Identities.

Can our smart card schemes enable holders to make payments (e-purse)?

Smart card E-purses are able to hold electronic money and can be used to pay for goods or services in particular smart card schemes. Several of the National Smart Card Project reports deal with various aspects of using smart cards to make payments and the nature of e-purses.

WP7-03 - "E-purse Basics" - describes what e-purses are the types of e-purse available. It says: "E-purses divide into "Open" and "Closed" types. E-purses described as open are ones that can be used for a wide variety of transactions just like money, for example to pay for school meals and library rental and leisure activities etc. E-purses that are described as closed, on the other hand, are ones with their use restricted to only school meals or only travel etc, and therefore are more like tokens than money.

WP7-04 - "Existing E-Purse Schemes" - says: "The UK banks have incurred excessive costs in proprietary e-purse schemes with little or no return and can only be described as currently being very averse to hearing the word ‘e-purse’.

WP7-05 - "E-Purse Cross Regional E-Payments" - says "any Local Authority local or cross border e-payment scheme that represents cash values as opposed to tokens, must allow the cardholder to use that value in payment for a wide range of services and goods. A failure to do so will lead to the "ghetto-isation" of the payment method and ultimately its failure.

WP7-14 - "Retail Payments Sector Considerations" documents the business, operational, regulatory and payment system considerations that will affect the decisions of the retail banks, building societies and other financial institutions when they consider involvement in the provision of payment services to Local Authorities. It also highlights any obstacles to their involvement and describes potential means by which these may be overcome. Finally it identifies key requirements of any adopted national smart card scheme that would facilitate and encourage retail financial institutional involvement.

WP8-01 - "Financial Services Regulation" covers legal issues relating to e-purse and WP8-08 - "Risk Register" details risks associated with e-purse.

What legal issues are there related to smart card financial transactions (FSA)?

WP8-01 - "Financial Services Regulation" is the main National Smart Card Project report dealing with the subject. It investigates the key legal issues surrounding financial services regulation and consumer protection as it may impact on e-money, debit facilities and credit facilities if they were to be made available on a Local Authority Smartcard.

WP7-03 - "E-purse Basics" - describes the Financial Services Authority’s role in controlling who is able to issue e-money. Organisations issuing cards with open e-purses are in effect operating as banks and may be regulated similarly.

WP714 - "Retail Payments Sector Considerations" - says "With regard to the Regulatory Environment, Local Authorities need to be aware of the controls which will be exerted upon them if they wish to provide financial card products. Card products must conform to the legislation and requirements of controlling bodies. These include the Financial Services Authority - an independent body that regulates the financial services industry within the UK, the Consumer Credit Act 1974 - requires most businesses that offer goods or services on credit or lend money to consumers to be licensed by the OFT and compliance - The rules which govern the usage of the card are controlled and enforced by a number of bodies, all with different areas of responsibility and accountability.

Is information available on security issues such as authentication and Public Key Infrastructure?

WP8-03 - "Security Issues" - considers the legal issues connected with electronic signatures, PKI, biometric identifiers and the security measures set out in ISO 17799. It charts the legal background to the above issues, and considers the current position under English law. Section 7 of this report considers the issues in the context of a Smart Card Scheme and the way in which certain risks may be managed by means of contract.

WP3-04 - "Accessibility and Social Inclusion" deals with the subject of authentication in Section 5. It says: Authentication provides users with a secure way to prove their identity during a transaction. It can also prove the identity of the other participant (card reader and service provider) back to the user. However it is important that the level of authentication is appropriate to the application; users will get frustrated if they are required to provide information which they deem unnecessary.

WP7-09 - "Authentication" is a series of reports about the subject covering the requirements, which need to be met before a digital certificate can be issued; how the Certificate Policy will be practically implemented; the requirements for registering a citizen, organisation or application/device; an agreement whereby the citizen acknowledges that they too have responsibilities associated with holding and using a smart card; Local Authorities Application Form for Registration Authority and Local Registration Authority Officials; Local Authorities Endorser Agreement, which enables help to be gained by utilising "endorsers" in the process of signing up users in certain circumstances and Local Authorities Certificate Profile.

WP7-11 - "Analysis of Potential for Federating Identities" deals with the issue of authentication and PKI in this context.

WP7-01c - "Bolton Pilot Specification" deals with authentication in Section 3.

Implementation

What are the likely human resource requirements for implementing and operating our smart card scheme?

Depending on how your Local Authority intends to deploy their Smart card scheme - If the server side deployment is all contained in the same office and handled by existing IT or SA's instead of dedicated scheme operators, this will have an impact on resource requirements. On the client side the level of human resources depends on how many Service Points (for example: Libraries) will be required to process Smart card applications and whether sufficient training will be given to keep the Service Points 'self sustaining', for example: Training new user's using existing staff.

What guidance is available on training and user testing in smart card schemes?

Training and Testing can be carried out using the Starter Pack End-User Guides.

What general guidance is available on procurement in smart card schemes?

An entire section of the National Smart Card Project was devoted to providing advice and assistance on procurement.

WP4-01 - "Procurement Good Practice Checklist" says: The objective of this National Smart Card Project paper is to provide robust procurement guidance to maximise opportunities for exploiting purchasing economies of scale and delivering best-value for public expenditure on smart card schemes deployed in the local authority sector. It is also intended to provide help and guidance to ensure that important standards development in this area is matched by good practice in deployment of smart cards and associated infrastructures by giving advice and guidance on best practice procurement specification.

WP4-03 - "Guidance Notes on the use of G-Cat" says: The purpose of this paper is to set down guidance notes for local authorities and the NSCP on how to use the G-CAT procurement route to enable them to fast track procurements where necessary, whilst complying with public procurement rules and maintaining best value. The paper specifically addresses the G-CAT Route only. Similar guidance for S-CAT is provided in WP4-07.

WP4-08 - "Sources of Help and Information" focuses on procurement assistance.

The Legal section of the NSCP also provides assistance on procurement.

WP8-05 - "Public Procurement" concentrates on the public procurement law issues for a Local Authority procuring works, supplies or services for the purposes of a Smart Card Scheme.

WP8-09 - "Commercial Conditions Checklist" provides checklists in which details of the main commercial terms to be included in certain of the contracts to be entered into by the Card Issuer are described. The checklists are designed to provide guidance to commercial members of the Card Issuer's contracts teams as to the key terms which the Card Issuer may wish to include in each of the relevant agreements. In addition the checklists may act as an aide memoir for the lawyers acting on behalf on the Card Issuer.

WP8-08 - "Risk Register" - covers risks associated with procurement.

Is a procurement check list available?

WP4-01 - "Procurement Good Practice Checklist" says: The objective of this National Smart Card Project paper is to provide robust procurement guidance to maximise opportunities for exploiting purchasing economies of scale and delivering best-value for public expenditure on smart card schemes deployed in the local authority sector. It is also intended to provide help and guidance to ensure that important standards development in this area is matched by good practice in deployment of smart cards and associated infrastructures by giving advice and guidance on best practice procurement specification.

What guidance is available on S-CAT and G-CAT procurement models?

WP4-03 - "Guidance Notes on the use of G-Cat" says: The purpose of this paper is to set down guidance notes for local authorities and the NSCP on how to use the G-CAT procurement route to enable them to fast track procurements where necessary, whilst complying with public procurement rules and maintaining best value. The paper specifically addresses the G-CAT Route only. Similar guidance for S-CAT is provided in WP4-07.

Are there draft model procurement contracts available?

WP8-09 - "Commercial Conditions Checklist" provides checklists in which details of the main commercial terms to be included in certain of the contracts to be entered into by the Card Issuer are described. The checklists are designed to provide guidance to commercial members of the Card Issuer's contracts teams as to the key terms which the Card Issuer may wish to include in each of the relevant agreements. In addition the checklists may act as an aide memoir for the lawyers acting on behalf on the Card Issuer.

NSCP - FAQs
NSCP - Presentations
Business Case (WP2)

Financial Model - Assumptions and Commentary

Thursday, 18 November 2004

This document is part of WP2-05 and accompanies the Financial Model, which is presented as a spreadsheet. It highlights a number of assumptions and considerations that should be well understood before using the spreadsheet model. It can also be used for reference when inputting data to the model.

WordAssumptions and Commentary - Financial Model (339.00kb)

Business Models WP2-05v2.0

Tuesday, 4 May 2004

An understanding of the current situation and guidance on how smart card technology might be utilised.

WordWP2-05 - Business Models v2.0 Release (868.50kb)

The National Smart Card Project (NSCP) has covered considerable ground in developing a greater understanding of the possibilities presented by smart card technology and how it might be utilised by local authorities for the benefit of their citizens.  The over-arching conclusion that must be drawn from the work undertaken within the NSCP is that there is not a standard model for all local authorities to adopt for the instigation of multi-application citizen card schemes.  That is not to undermine the potential benefits of the technology, but more to emphasise the breadth of opportunities that it has to offer.  This document is intended to give decision makers both an understanding of the current situation and guidance on how smart card technology might be utilised for sustainable citizen benefit now and in the future.

The background to the approach taken to business models is that smart cards offer the local authority sector:

  • An opportunity to build closer relationships with citizens and to offer them new and enhanced experiences;
  • A delivery tool for electronic government and the joining up of services;
  • A catalyst for process review; promoting rationalisation; greater process security and better service delivery;
  • An opportunity to develop mutually beneficial relationships with other public and private sector bodies.

The NSCP has also done much to raise the profile of smart cards.  Over and above the software outputs developed within the project, there is considerable movement in the market place to adapt and tailor products to the needs of the local authority sector. 

However, the picture is not fixed and the learning process will continue for some time, certainly until standardisation processes are completed. 

Citizen smart card implementations require considerable planning in order to maximise both the benefits of the technology and the business process improvements that any change programme requires.  The card is not a single answer in itself - it must be considered with other technologies and aligned to the delivery of services to the citizen.

That said, the convergence between the multi-application card concept and the realisation that secure authentication can be most economically delivered by means of a local authority issued citizen card, suggests that adopters of the technology are no longer buying into a vision, but a practical solution for the near future.

The sustainability of the business model is based upon these two congruous objectives - the shorter-term operational delivery of existing services in a new way, within a strategic programme for the provision and development of electronic government.

Financial Report WP2-04v2.0

Tuesday, 4 May 2004

Financial Report on Implementation / Set-up Costs

WordWP2-04 Financial reportv 2.0 Release (2.10mb)

This document sets out the basic costs of an "entry level" local authority instigated multi-application smart card scheme. It is designed to inform local government decision makers and strategists of the cost involved for initiating a local scheme to the point that a single card can be issued to citizens for access to a "typical" range of local services. The selection of card applications is intended to be indicative rather than prescriptive, and is based upon information gathered from consultation and research conducted within the National Smart Card Project.

While providing ranges of costs, it indicates that the low figures are becoming achievable, especially as the market is adapting to provide for the specific needs of the local authority sector. It also gives an indication of costs for bureau services and details how these and fuller 'managed service' offers might present an alternative to "in-house" scheme operation.

Financial Model WP2-03v1.0

Tuesday, 4 May 2004

This spreadsheet allows you to estimate the cost of introducing and maintaining a multi-application smartcard over a 5 year period. The spreadsheet has a number of worksheets which feed into this Summary worksheet.

ExcelWP2-03 NSCP Financial Model V1.0 Release (162.50kb)

Business Case WP2-01v3.0

Tuesday, 4 May 2004

Business Case including Social, Political & Commercial Considerations

WordWP2-01 Business case v3.0 Release (813.00kb)

Smart cards have, for some time, offered a potential way of improving the delivery of services in a number of sectors.  With the advent of widely available, lower priced, high capability cards, this potential is now beginning to be realised.  Analysis of existing deployments shows that large schemes have both the capacity to address service delivery issues, and the potential to do this in a way that the investment can be recouped over a time period which makes schemes sustainable. 

The drivers for a local authority instigated multi-application scheme are extensive, as are the potential applications, services and uses for a local citizen card.  While there are a number of models that might be adopted in terms of configuration, for schemes to become a reality in the near future, it is apparent that local authorities must play a pivotal role to ensure that their own strategic objectives are to be met. 

The importance of engaging with the technology now is made imperative by the ongoing implementation of electronic government, with its citizen focus and attendant CRM capabilities, that provides both a platform and a genuine requirement for a multiple entry point identification and authentication device.

While existing deployments provide some persuasive evidence that effective multi-application schemes are realisable, they also show that the full benefit of multi-application aspects of a scheme will only be achieved if complex issues relating to scheme organisation and governance can be resolved.  Indeed, these are even more emphasised in a local authority environment.  Education campus and central government ID card schemes benefit from the control that they can exert over the behaviour of the population.  To a lesser extent this is also true of the Octopus transit scheme (see section 3.1), which has the advantage of operating in a sector vital to a relatively small geographical area.  Local authority instigated schemes need to achieve a difficult balance in securing a sustainable application mix and ensuring citizen take up. 

The key attributes of a card scheme (outlined at Table 1) are important in that they can help guide how the objectives for an implementation project might be framed.  While there are implications for the generic business case, they also emphasise that decision makers must have a clear vision of how a scheme will achieve the sometimes diverse objectives of the providers of services and facilities that are available on a multi-application card.

Standards (WP3)

Routemap WP3-10v2.0

Tuesday, 4 May 2004

Smart Card Routemap Overview

Word WP3-10 Routemap Overview v2.0 Release (819.00kb)

This overview report is mainly based upon a piece of work commissioned from Consult Hyperion to map out and draw inferences from technical, political, social, standards and business drivers and inhibitors over the medium to long term and to provide guidance to Local Authorities making investment decisions in an uncertain world. The underlying Consult Hyperion report has been exposed to extensive critical review, has stimulated considerable discussion, and was taken as input to this overview.  It is being published by the project as a detailed technical paper. Both documents outline drivers, barriers, trends and make predictions.  This work represents a snapshot of current thinking that needs to be maintained over time if it is to continue to have value.   The underlying report also contains introductory material that will be of great interest to newcomers to smart cards. This overview concentrates on the general guidance and over thirty recommendations arising from this work.  It is true to say that there are no "right" answers to a number of issues that this work has raised but where there have been comments and observations, this paper sets out to raise the issues that need to be considered and to offer general guidance.  

Accessibilty WP3-04v3.0

Tuesday, 4 May 2004

Accessibility & Social Inclusion

Word WP3-04 Accessibility V3.0 Release (655.50kb)

Consumers want user friendly systems which have the appropriate level of security, but are simple to use.  Local authorities want to optimise their service level, and to maximise their market penetration.  If local authorities do not understand the needs of their consumers, they are likely to find consumers reluctant to use smart card based systems.

Cardholder identification should involve the consent of the user who may wish to withdraw their consent at a later date.  Authentication provides the user with a secure way to prove their identity during a transaction, but does not necessarily mean that they are authorised to access a specific service. 

The Disability Discrimination Act requires local authorities to give consideration to needs of people with disabilities but there is a wider agenda of people with special needs.  This includes older people, children, people whose primary language is not English, as well as people with disabilities.  However the introduction of smart card systems offers exciting possibilities for making life easier for all these groups, and those who are presently socially excluded, if their needs are considered before new systems are introduced. 

The take-up of smart card based services will be affected by the users’ perceptions of:

  • the confidentiality of any data on the card or in a related computer system
  • ease of use
  • confidence that there is a simple system for handling lost or stolen cards

Applicable Standards WP3-03v4.0

Tuesday, 4 May 2004

Definition of standards that apply to Local Authority smart cards used in different applications.


Word WP3-03 - Applicable Standards Paper - v4.0 release (829.00kb)

Technical standards and operating rules are necessary to allow local authorities to purchase cost-effectively and with confidence that they will not be locked in to a restricted supply situation or implement systems that will become obsolete.   Common sets of standards and rules are important to define and enable interoperability between local authority systems across the UK where such interoperability is felt to be desirable Standards are needed as base level building blocks for the development of products and services; they are not detailed specifications.  This is to encourage competition, diversity of design and new initiatives among suppliers.  The balance between generality and detailed specification in standards is one which is difficult to achieve and different standards take different approaches.  Nevertheless, a standard is not normally a specification. 

This paper defines those standards that apply to Local Authority smart cards used in different applications.  The initial selection of applicable standards are taken from the e-GIF specification produced by the Office of the e-Envoy, augmented by additional application level standards not included in e-GIF but seen by LASSeO to be applicable.  Other "standards" may also be included based upon industry generated, de facto standards as well as CEN/ISSS Workshop Agreements.   Unfortunately, at this time all necessary standards are not defined, which only serves to add to the complications in defining baseline standards and accompanying business rules.  Developing standards in other parts of the world could well have a long term effect upon standards in the UK and Europe and are considered.  The paper covers microprocessor cards with contact interfaces, with proximity contactless interfaces and cards with both (dual interface cards).   It addresses Baseline standards for cards, Test standards for cards, Relevant consortium and industry de facto standards and specifications, Application level standards and specifications, and, Security standards and specifications.  These standards are listed with commentary and crucially, a table is provided of de facto and de jure standards that should be reviewed before implementing any card scheme.  It is to be noted that this paper is just a starting point.  Technology does not stand still and standards continue to develop.  Therefore, the recommended list of standards, coupled with the policies and rules to fill the gaps, will require constant revision and such a process needs to be designed and maintained.  It is suggested that LASSeO is the right organisation to carry out this work, feeding the e-GIF with information about newly developed de facto and de jure standards as they appear.

Interoperability within the Local Authority Sector WP3-02v3.0

Tuesday, 4 May 2004

Interoperability within the local authority sector:
Approaches to standards; defining and classifying interoperability; typical applications.

Word WP3-02 - Interoperability within the local authority sector - v3.0 Release (301.50kb)

Interoperability is the cornerstone of “Anywhere, Anytime, for Anyone” card use and this paper introduces the subject and sets out some definitions. It classifies technical and business interoperability from the citizens’ perspective and proposes appropriate levels for typical local authority services.

It introduces the need for technical standards and suggests what is required to sustain them; develops a view of the relationships between technical and business interoperability and attributes values; and considers what this means for a variety of local authority applications.

The value of interoperability level combinations is shown in a matrix and a second table shows a range of services with preferred and minimum values.

In summary:

  • Technical interoperability is needed to ensure that cards can be read anywhere and this means using standards and common specifications;
  • Business interoperability is needed to deliver services across organisational and geographical boundaries and this means developing common business rules, policies and commercial arrangements.
  • Each card scheme needs a Card Community to develop its own character, ethics, policies, and rules, but must be interoperable with other schemes to have any practical value for card users.
The paper draws upon other detailed work from the National Smart Card Project (NSCP)

Considerations for Multi Application Multi Sector Smart Cards WP3-01v5.0

Tuesday, 4 May 2004

Guidance for local authorities as they contemplate setting-up card schemes.

Word WP3-01 - Considerations for Multi Application Multi Sector Smart Cards - v5.0 Release (632.50kb)

This paper is intended to provide guidance to local authorities as they contemplate setting-up card schemes. It is intended that this document should be a starting point for new entrants to this area as it sets out the policy management issues that need to be considered for both large and small schemes.   It is also a fundamental tool in the continuing development of policies, rules and standards for public sector use of smart cards. In this context, Policy Management is primarily about governance of a scheme, including directing the operation of a scheme. The paper sets down and describes a series of applicable policies and for each one, indicates where specific rules are required or where flexibility is allowed which will enable the scheme operator to apply its own rules It sets out the key items requiring attention and indicates whether rules should be centrally or locally defined and controlled. The purpose of this is to identify the relationship between policy, rules and standards, required to support a degree of interoperability within and between Local Authority Smart card schemes without unnecessarily restricting freedom of choice at the local scheme level. The approach has been validated against two schemes and is ready for use for new schemes where this thinking should bring significant benefits to would-be implementers.  It has great value even if only used as a check list of issues that need to be addressed before getting a scheme off the ground.
Procurement Models (WP4)
Government Initiatives (WP5)
Commercial Applications (WP6)
Cross-Region Applications (WP7)
Legal/Data Privacy (WP8)

Introductory Report WP8-13v2.0

Friday, 7 May 2004

Introduction to the Legal and Data Protection section of the National Smart Card Project

Word WP8-13 Introductory Report v2.0 Release (542.50kb)

1. Introduction

This paper introduces a series of reports prepared by the Legal and Data Protection section of the National Smart Card Project.
1.1 The Reports consist of the following:

  •  WP8-01 Financial Services Regulation Report
  •  WP8-02 Card Governance Report
  • WP8-03 Security Issues Report (incorporating electronic signatures, PKI and certification issues)
  • WP8-04 Information Law Report (incorporating Data Protection Toolkit)
  •  WP8-05 Public Procurement Regulations Report
  • WP8-07 Corporate Report
  • WP8-08 Risk Register
  • WP8-09 Commercial Conditions of Contract
  • WP8-10 Review of the outputs of the Procurement section of the NSCP
  • Constitutional Documents

This report functions as an over-arching introduction that should be read in conjunction with each of the Reports. 

Cross Certification Certification WP 8-12v2.0

Friday, 7 May 2004

A sample cross certification agreement between a joint public sector body such as LASSeO and any Certification Authority.

Word WP8-12 - Cross Certification Agreement -V2.0 Release (367.00kb)

This document has been prepared as a sample cross certification agreement between a joint public sector body such as LASSeO and any Certification Authority. It has therefore been preserved in form as a legal document. It is not intended to be prescriptive and although it refers specifically to LASSeO, it could, suitably amended, be used between any two Certification Authorities. 

In preparing the Cross Certification Agreement assumptions have been made about the following;

  • Ownership & Maintenance
  • Legal personality
  • Charges
  • BS7799 compliance
  • Indemnity
  • Competence of Certification Authorities
  • Personal data - data processing

Intellectual Property Report WP8-11v

Friday, 7 May 2004

This report covers the most common forms of Intellectual Property Rights.

Powerpoint IP Slides (108.50kb)
Word WP8-11 Intellectual Property Report v2.0 Release (526.50kb)

Ownership of ideas and information is inherently difficult to protect.  However, this is exactly what the law seeks to preserve through Intellectual Property Rights (IPR).  The most common forms of IPR are: copyright, trade marks, patents, design rights and database rights, but this is by no means an exhaustive list.  All of the IPRs mentioned are governed by statute.  Which form of IPR is most appropriate in any given context will depend on the exact nature of what is being protected. This document covers the following;

  • Copyright
  • Trade Marks
  • Patents
  • Joint Ownership of IPR
  • Joint Buying Groups
  • Crown Copyright
  • Open Source Software

Commercial Conditions Checklist WP8-09v

Friday, 7 May 2004

This document provides checklists in which details of the main commercial terms to be included in certain of the contracts to be entered into by the Card Issuer are described

Word WP8-09 - Commercial Conditions Checklist - v3.0 Release (1.07mb)

This document provides checklists in which details of the main commercial terms to be included in certain of the contracts to be entered into by the Card Issuer are described.  The checklists are designed to provide guidance to commercial members of the Card Issuer's contracts teams as to the key terms which the Card Issuer may wish to include in each of the relevant agreements.  In addition the checklists may act as an aide memoire  for the lawyers acting on behalf on the Card Issuer.

Risk Register WP8-08v3.0

Friday, 7 May 2004

The Risk Register identifies the key legal risks that may arise in relation to a Smart Card Scheme.

Powerpoint Risk Register1.ppt (94.00KB)
Word WP8-08 Risk Register V3.0 release (863.50kb)

The Risk Register identifies the key legal risks that may arise in relation to a Smart Card Scheme and the methods by which those risks can be mitigated by the Card Issuer, where applicable.

The Risk Register has been designed for use by Card Issuers both during the evaluation phase of a proposed Scheme to assess potential risks, and when faced with a problem during the live operation of a Scheme.

Corporate Structures WP8-07v3.0

Friday, 7 May 2004

There are a number of different types of business entity that may be used in the UK. Some of these factors are outlined in this report

Corporate Structures1.ppt (132.50kb)

Word WP8-07 Corporate structures V3.0 Release (728.00kb)

1.1 General
There are a number of different types of business entity that may be used in the UK.  The choice of business entity decided upon in any given situation will be driven by many factors - some of these factors are outlined in the relevant following sections of this report.

The various entities fall broadly into the following categories:

  • A company
  •  A limited liability partnership (or LLP)
  • A partnership
  • A joint venture
  • A non-profit distributing organisation (or NPDO)

Companies, LLPs and partnerships are entities legally defined under UK law.  In contrast, a joint venture is a general term used to describe the joining forces of two (or more) entities, either for a specific project or on a more general ongoing basis.  In a joint venture, the legal entity could be a company or a partnership, or the joint venture could simply be on a contractual basis.  Similarly, an NPDO is not a legally defined entity and usually takes the form of a company limited by guarantee or an industrial and provident society.
1.2 Companies
A UK company can take one of the following forms:

· A company limited by shares
· A company limited by guarantee
· An unlimited company.
A company limited by shares or limited by guarantee can be either a private company or a public company.  Only a public company is able to offer its shares to the public, and it is the ability to raise finance in this way that often leads a company to seek public company status. 
1.3 Partnerships
A business may be carried on in the UK as a partnership.  Individuals, companies and other entities may be partners.  A distinction is drawn between:

  • general partnerships, where the partners have an unlimited liability for the debts and obligations of the partnership, and;
  • limited partnerships, where one or more general partners have unlimited liability and limited partners are liable up to the amount of their capital contributions.

Limited partnerships are not used a great deal in the UK.
1.4 Limited Liability Partnerships
A limited liability partnership, or LLP, is a body corporate with a legal personality separate from that of its partners (who are known as members).  An LLP is essentially a corporate business vehicle that combines the flexible structure of a partnership with the benefits for its members of limited liability.  However, unlike limited liability companies, LLPs have no share capital and are not subject to any capital maintenance requirements.
1.5 Joint ventures
A joint venture, which may be structured in a number of ways, can be characterised as an enterprise or venture between two or more parties to carry out and share the profits of a designated business or project.  The venture can take the form of a partnership or a company in which the joint venturers are shareholders.  A third alternative is that the venture could simply be the subject of contractual arrangements between the relevant parties.
1.6 Non-profit distributing organisations
An NPDO will usually take the form of a company limited by guarantee (see part 4.2 c) or an industrial and provident society.  An industrial and provident society is a corporate entity, they key legislation on which can be found in the Industrial and Provident Societies Act 1965.  NPDOs can provide efficient mechanisms for providing services although historically such entities have not featured strongly across the board in relation to Local Authorities.

Public Procurement WP8-05v3.0

Thursday, 6 May 2004

Public procurement law issues for a Local Authority procuring works, supplies or services for the purposes of a Smart Card Scheme.


Word WP8-05 - Public Procurement - v3.0 Release (725.00kb)

This report concentrates on the public procurement law issues for a Local Authority procuring works, supplies or services for the purposes of a Smart Card Scheme.

No recommendation is made in this report as to the most appropriate procurement model to be adopted as this will depend on the particular circumstances of the Scheme.

Data Protection and Information Law WP8-04v3.0

Thursday, 6 May 2004

This report considers the information law issues connected with a Smart Card Scheme.

Powerpoint Information Law1.ppt (114.00kb)
Word WP8-04 data protection and info law V3.0 release (1.17mb)

This report considers the information law issues connected with a Smart Card Scheme.  It applies the general information law issues to the specific circumstances of a Smart Card Scheme.  An overview of information law issues is set out in Appendix 2.  However, as the design of a Smart Card Scheme is something that will vary in each case this report is designed as a starting point for raising awareness of the issues to be considered.  It is not a substitute for taking specific legal advice on each Scheme.

The Office of the e-Envoy draft policy framework "Smart Cards: Enabling e-Government" cites four principal hurdles to the successful delivery of smart card services and their take-up by citizens.  Of these, two are directly relevant to information law - the need to safeguard citizens' rights in respect of Data held about them and the requirement to demonstrate someone is who they say they are, online. In addition, a MORI survey commissioned by the DCA in 2003 revealed that 60% of the public are very or fairly concerned about public services sharing their personal information. It is therefore vitally important that Card Issuers build in a consideration of the information law issues when establishing a Smart Card Scheme and that they build in compliance throughout the lifecycle of a Scheme.

Security Issues WP8-03v3.0

Thursday, 6 May 2004

This report considers the legal issues connected with electronic signatures, PKI, biometric identifiers and the security measures set out in ISO 17799

Powerpoint Security Issues1.ppt (128.50kb)
Word WP8-03 Security issues V3.0 Release (882.00kb)

This report considers the legal issues connected with electronic signatures, PKI, biometric identifiers and the security measures set out in ISO 17799. It charts the legal background to the above issues, and considers the current position under English law. Section 7 of this report considers the issues in the context of a Smart Card Scheme and the way in which certain risks may be managed by means of contract.

Card Governance WP8-02v2.0

Thursday, 6 May 2004

This report considers the legal issues connected with the card governance aspects of a Smart Card Scheme.

Powerpoint Card Governance (158.00kb)
Word WP8-02 Card Governance v2.0 Release (933.00kb)

This report considers the legal issues connected with the card governance aspects of a Smart Card Scheme. It looks at the legal issues that may arise in the establishment and operation of a Smart Card Scheme and the way in which certain issues may be managed by means of contract. An overview of the basic principles of contract law is set out in Appendix 2.

Financial Services Report WP8-01v5.0

Thursday, 6 May 2004

Key legal issues surrounding financial services regulation and consumer protection.

Powerpoint FSMA1.ppt (111.50kb)
Word WP8-01 Financial Services Report V5.0 Release (598.00kb)

This report sets out to investigate the key legal issues surrounding financial services regulation and consumer protection as it may impact on e-money, debit facilities and credit facilities if they were to be made available on a Local Authority Smartcard.
Smartcard Starter Pack (WP9)
Case Studies (WP10)
LASSeO Mifare ® 4k Specification

This document is intended as specification for the provision of local authority services on a Mifare ® 4K Classic card.

Intended Readership
Developers requiring to integrate with a Mifare ® 4K card encoded in accordance with this specification.

NSCP_Mifare4k_Spec_V3.1.pdf 417 kb

LASSeO Services Data Definition

This document is intended as a single reference for all NSCP services regardless of the card platform.

Intended Readership
Developers requiring to integrate with cards providing NSCP services.

Services and Data Definitions V2 0.pdf - 234kb

LASSeO Mifare ® DESFIRE Specification

 

 

Website maintained by The WWW Company  

Copyright © 2011 Smart Card Networking Forum - All Rights Reserved

Lasseo Kalypton Consulting Smart Unicard Smartran Smart Citizen Smart Connect Department for Communities and Local Government Improvement and Development Agency SOCITM