Bolton Pilot Specification
Report WP7 – 01c
Version 2.0
March 2004
© Bolton Metropolitan Borough Council for the National Smart Card
Project
81902352
1.
31/07/2017
Abstract
This section of the National Smart Card Project (NSCP) defines and pilots a CrossRegional Local Authority Smart Card Scheme. Such a scheme includes use of the smart
card for transport across the region (using ITSO Ticketing), use by applications (such as
Library and Leisure Systems) that just utilise the smart card for identification and
enrolment, and use by applications (such as School Systems) that require an electronic
purse. The scheme uses the Card Management System produced as part of the NSCP
Starter Pack.
This document defines the infrastructure and software produced and tested to support
the pilot, including:

The definition of the Card Scheme

The appearance, content and capabilities of the cards

The infrastructure supplied in the Data Centre, Back Office and
Service points

Requirements on the use and configuration of the NSCP Starter
Pack software

Changes required to the enrolment Web site supplied by the
NSCP.

Details of the software and documentation to be produced

Details of the testing to be done

Specifications of work required from suppliers: Smart Card
Solutions and Cornwall CC

Specification of the enrolment process that will be supported for
the pilot
One of the outputs of the project is a portable version of the enrolment software that will
be used at Service Points. This consists of the Cardholder database and the enrolment
application and Web site installed on a notebook PC, with smart card readers, a scanner
and a Webcam attached, and can be used for demonstrations.
-2-
81902352
31/07/2017
Table of Contents
1.
2.
2.1
2.2
2.3
2.4
3.
3.1
3.2
3.3
4.
4.1
4.2
4.3
4.4
5.
5.1
5.2
5.3
5.4
5.5
5.6
5.7
5.8
5.9
5.10
5.11
5.12
5.13
5.14
5.15
5.16
5.17
5.18
5.19
6.
7.
7.1
7.2
8.
8.1
8.2
8.3
8.4
Abstract ......................................................................................................... 2
Introduction .................................................................................................... 5
Scope ............................................................................................................ 5
Terminology ................................................................................................... 5
Document Cross References ......................................................................... 5
Overview ........................................................................................................ 6
Scheme Definition .......................................................................................... 7
Card Appearance ........................................................................................... 7
Card Services .............................................................................................. 11
Evidence Required....................................................................................... 12
Card Specification ........................................................................................ 18
Card Contents .............................................................................................. 18
CCDA Data .................................................................................................. 18
Card Internal Layout .................................................................................... 22
Interfaces Supported .................................................................................... 22
Enrolment Web Site ..................................................................................... 23
Home Pages ................................................................................................ 23
Information pages ........................................................................................ 25
Enrolment Form – Personal Details.............................................................. 26
Enrolment Form – Card Services ................................................................. 27
Enrolment Form - Marketing Information ...................................................... 28
Confirmation ................................................................................................ 28
Citizen Logon ............................................................................................... 28
Service Point User Logon ............................................................................ 29
Taking a Photograph .................................................................................... 30
Scanning a Signature ................................................................................... 31
Checking Evidence ...................................................................................... 32
Changing details before the application is complete ..................................... 33
Searching for a user ..................................................................................... 34
Specifying the Issuer .................................................................................... 35
Completed Application Form ........................................................................ 36
Changing the card status ............................................................................. 37
Cascading Stylesheet .................................................................................. 37
Reports ........................................................................................................ 38
Other Enrolment changes ............................................................................ 39
Configuration of the Cardholder database .................................................... 39
Print and Personalisation Application ........................................................... 40
P&P Components ........................................................................................ 41
Interim P&P process .................................................................................... 41
Infrastructure................................................................................................ 42
Portable Enrolment Application .................................................................... 43
Pilot Infrastructure ....................................................................................... 44
Smart Card Enrolment Service Point Infrastructure ...................................... 47
Library and Leisure Centre Enrolment Infrastructure .................................... 47
-3-
81902352
9.
9.1
9.2
9.3
10.
10.1
10.2
11.
12.
12.1
12.2
13.
13.1
13.2
14.
31/07/2017
Applications supported ................................................................................. 48
ITSO ............................................................................................................ 48
Libraries ....................................................................................................... 49
Leisure Centres............................................................................................ 49
Software and Documentation Deliverables................................................... 50
Software ...................................................................................................... 50
Documentation ............................................................................................. 50
Testing ......................................................................................................... 51
Processes .................................................................................................... 52
Definition of Enrolment Process ................................................................... 52
Post-Issuance Card Management ................................................................ 52
Third-party requirements .............................................................................. 53
Smart Card Solutions (SCS) ........................................................................ 53
NSCP........................................................................................................... 54
Appendix 1 – National Smart Card Project Glossary .................................... 55
-4-
81902352
2.
31/07/2017
Introduction
2.1 Scope
This document describes the creation of tested infrastructure to support a Bolton and
Blackburn with Darwen Cross-Regional Local Authority smart card, and software to allow
legacy applications to use the smart card for authentication, enrolment and proof of
entitlements.
The actual running of the pilot is not covered. Interfacing with Oracle CRM is not
included – the pilot infrastructure will be based on use of the NSCP Starter Pack
enrolment software. Work on Oracle CRM is an independent project that is proceeding
in parallel with developing the pilot. Take on of the final version of the NSCP Card
Management software is not included in the deliverables described in this document.
The software delivered for supporting the pilot is based on NSCP software obtained in
January and February 2004, and, in particular, is based on an interim version of the Print
& Personalisation software. Because of this the P&P system is manual and timeconsuming to run.
2.2 Terminology
LA
Local Authority
CMS Card Management System
PKI
Public Key Infrastructure
CCDA Common Cardholder Data Application
PC/SC Standard for PC access to ISO 7816 Standard Smart Cards
SCS Scart Card Solutions
USB Universal Serial Bus
ITSO Integrated Transport Smart Card Organisation
AID
Application Identifier
T=0
Character mode ISO 7786-4 interface
T=CL Contactless ISO 7786-4 interface
STR Stored Travel Rights
GMPTE
Grater Manchester Passenger Transport Executive
SAM Security Access Module
ISAM ITSO Security Access Module
IPE
ITSO Product
ISA
ITSO Shell Account
IPA
ITSO Product Account
P&P Print and Personalisation
2.3
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
Document Cross References
WP7 National Smart Card Project Work Package Seven Definition
WP9 National Smart Card Project Work Package Nine Definition
Bolton MBC: Design and Architecture for a LA Smart Card Scheme
Bolton MBC: Smart Card CRM Integration
Bolton MBC: Smart Card API for Legacy Integration
Work Package 7 – Sub Project: Cross Boundary Smart Card Pilot
National Smart Card Project: Smart Card Enrolment & Application
Processing
ITSO Early Adopters Pre ISMS Security Arrangements
National Smart Card Starter Pack 1.0: Overview
-5-
81902352
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
[18]
[19]
[20]
[21]
[22]
[22]
[23]
[24]
31/07/2017
National Smart Card Starter Pack 1.0: Card Data Displayer
National Smart Card Starter Pack 1.0: Journal application
National Smart Card Starter Pack 1.0: Citizen Enrolment
National Smart Card Starter Pack 1.0: Cardholder Database
National Smart Card Starter Pack 1.0: System Requirements
ITSO Specification version 2.1 (parts 1 – 10)
National Smart Card Project: Smart Card Personalisation and Issuance
BMBC Smart Card Pilot: Change Request BMC033
National Smart Card Starter Pack 1.0: Smart Card Production
Requirements
SCS Quotation: Personalisation Software for Bolton Smart Card Project
SCS: National Smart Card Project: ITSO Applet
National Smart Card Project: National Smart Card Strategy
SCS: National Smart Card Project: New Starters – File and Data
Structures
SCS: National Project CCDA Specification
SCS: National Project: ISO File Handler Design
HMG’s minimum requirements for the verification of the identity of
Individuals
2.4 Overview
The pilot is intended to demonstrate the use of a Cross Regional LA smart card for:

Bus journeys across the region using the ITSO Ticketing standard

Use of the smart card for authentication and enrolment in Libraries
and Leisure Systems in more than one LA area.
The timescales of the pilot are not yet fixed and are dependent on when the Bus
companies involved - Lancashire United (owned by Blazefield) and their ticketing
equipment supplier (Wayfarer), are ready to start. This in turn is dependent on the
progress of the NoWcard ITSO pilot. There is also a dependency on GMPTE supporting
use of travel concessions on the card for Bolton residents. However, the ITSO POST
and ITSO HOPS components and hence support for ITSO is not available as at the time
of writing – see section 7.1.
At the time of writing, the target date for starting the pilot is the second half of June 2004.
The pilot uses JCOP30 cards supplied by Cornwall CC. These have only 16kb of
EEPROM and fitting the required data in the available memory space is a challenge and
has led to some compromises in how much data that can be written to the card. In
particular there are compromises in the length of data field labels and what data can
potentially be PIN protected – see section 4.1.
-6-
81902352
3.
31/07/2017
Scheme Definition
The pilot supports two schemes: one for Bolton and one for Blackburn with Darwen.
3.1
Card Appearance
3.1.1 Card Front
The personalised aspects of the card front are shown in the diagram below - they are the
same for both Bolton and Blackburn. The photograph will have rounded edges. The
card number will be in the OCR-A font. The citizen name will be in Arial font
Chip
Photograph
Citizen Name
633689 01234567C NN
The Bolton card looks like:
and the Blackburn with Darwen one:
-7-
81902352
31/07/2017
3.1.2 Card Back
The reverse of the Bolton Card is as follows::
Bolton 123 Card Helpdesk – 01024 334123
1. For use by person named on the card only
2. This card is not a cheque guarantee or credit card
3. This card remains the property of Bolton Metro
4. Refer to issuer for terms and conditions of use
5. If found, please return to:
Bolton 123 Card, Freepost PO Box 123, BL1 1XB
Bolton Metro, ITSO & local e-gov logos
here
Lost / Stolen Cards
01204 334123
www.bolton.gov.uk/123card
The Blackburn equivalent will have Blackburn names, numbers, address and Web site,
but will otherwise look the same.
3.1.3 Scheme Logos
There will be no scheme logo, other than the issuer logos and the ITSO Logo.
-8-
81902352
31/07/2017
3.1.4 Issuer Logos
Bolton
Blackburn
Local e-gov
3.1.5 Scheme Details
Bolton
Property
Value
Scheme Name
Scheme Details
Scheme Footer Text
Bolton 123
Access Bolton (not used)
Bolton 123 Card - Be Smart!
Issuer Name
Issuer IIN
Issuer Message
Bolton BMBC
633689
Call 01204 334123 for Info
Support Contact
Name:
Telephone number:
Email address
Address
Notes
Gary Bleads
0870 325 2-85
[email protected]
Fujitsu, Wenlock Way, West Gorton,
Manchester,
M12 5DR
Fujitsu support contact
-9-
81902352
31/07/2017
General Contact
Name:
Telephone number:
Email address
Address
Janet Collinge
01204 334123
[email protected]
Bolton 123 Card, Freepost PO Box 123, BL1
1XB
Notes
Photograph
Required?
Signature Required?
Yes
Yes
Blackburn
Property
Scheme Name
Scheme Details
Value
Scheme Footer Text
Beez
Blackburn with Darwen Borough Council beez
card (not used)
.. be active for life ..
Issuer Name
Issuer IIN
Blackburn with Darwen
633691
Issuer Message
Call 01204 334123 for Info
Support Contact
Name:
Telephone number:
Email address
Address
Notes
General Contact
Name:
Telephone number:
Email address
Address
Gary Bleads
0870 325 2-85
[email protected]
Fujitsu, Wenlock Way, West Gorton,
Manchester,
M12 5DR
Fujitsu support contact
Diane Miller
01254 587249
[email protected]
Beez card office, 3rd Floor, Blackburn Library,
Town Hall Street, Blackburn, BB2 1AH
Notes
-10-
81902352
31/07/2017
Photograph
Required?
Signature Required?
3.2
Yes
Yes
Card Services
3.2.1 Authentication
Using the card for authentication will be mandatory, but as this cannot be enforced by
the NSCP software, it will need to be done by a business process.
The only authentication level available for the pilot will be level 1.
The evidence accepted for this follows reference [24] and is shown in section 3.3. It is a
combined list of the accepted evidence for Identity, Active in the community or third-party
collaboration.
The date of the evidence is checked and if that evidence has an expiry date, this is also
captured and stored on the card.
3.2.2 Eligibility
A standard eligibility model is defined for using the smart card as proof of eligibility in any
LA smart card-enabled application. (At least TALIS and FLEX, and possibly
GLADSTONE MRM and GALAXY, for the pilot).
The intention is that that the card can be used during enrolment both to fill in the citizen
details and to prove eligibility for concessions. The mapping of eligibility data onto
concessions will be different for different applications: a Leisure card for example may
have 3 or 4 levels of concession, each requiring different combinations of the eligibility
data.
Where eligibility has an expiry date, the date is also captured. For the pilot these will all
be set to a fixed date (currently 31/7/2005).
The categories of eligibility supported for the pilot are:
Student: Y/N and expiry date
Proof of age: Y/N
Proof of Unemployment: Y/N and expiry date
Proof of reduced mobility: Levels 1 and 2 and expiry date
Proof of special needs: Levels 1 and 2
Proof of income level: Levels 1 and 2, and expiry date
The corresponding proof for the different levels is shown in section 3.3. Each level has
its own evidence category.
3.2.3 Travel Concession
Travel concessions are different for Bolton and Blackburn.
Both have an “over 3 miles to school” free pass, proved by authorisation from the LEA.
Bolton has a disability free pass with an evidence category of several special needs
categories.
Bolton has a half price with maximum 40p concession and Blackburn has a half-price
travel concession. Bolton’s is for disability (lesser disabilities than the free pass),
students, under 16, and senior citizens. Blackburn’s is for disability (different evidence
list to Bolton), under 16 and senior citizen.
However, for the pilot only the age-related concessions (under 16 and senior citizen) will
be available, for both Bolton and Blackburn.
-11-
81902352
31/07/2017
3.3 Evidence Required
The following lists show the evidence required for each “Application”, i.e. for each level
of each card service. The authentication evidence follows the recommendations in [24].
Application:
Address Verification
Evidence Type :
Proof of Address (Active in the community)
Bank / Building Society Statement or passbook
Benefits Book or original B.A. Notification Letter
Confirmed by Electoral Register Search
Court Order
Current Full UK Driving Licence (Old Version)
Current UK Driving Licence (Photo Card Type)
Local Authority Tax Bill
Local Council Rent Card or Tenancy Agreement
Recent Original Mortgage Statement
Recent Utility Bill or Certificate
Record of Home Visit
Application:
Authentication Level 1
Evidence Type :
Authentication - Level 1
3rd Party Corroboration
Adoption Certificate
-12-
81902352
31/07/2017
Bank / Building Society Statement or passbook
Benefits Book or original B.A. Notification Letter
Birth Certificate
Building Industry Sub-contractor's Certificate
Certificate of Employment in HM forces
Confirmed by Electoral Register Search
Court Order
Current Firearms Certificate
Current Full UK Driving Licence (Old Version)
Current Signed Passport
Current UK Driving Licence (Photo Card Type)
Divorce or Annulment Papers
GV3 form for people who wish to travel in the UK
Home Office Letter IS KOS EX or KOS EX2
Local Authority Tax Bill
Local Council Rent Card or Tenancy Agreement
Marriage Certificate
Police Registration Document
Recent Inland Revenue Tax Notification
Recent Original Mortgage Statement
Recent Utility Bill or Certificate
Record of Home Visit
Residence Permit issued by Home Office
Application:
Evidence Type :
Income Level 1
Proof of Income - Level 1
Children's Tax Credit Award Letter + NHS tax credit exemption certificate
Current Notification of Council Tax Benefit
Current Notification of Housing Benefit
Working Tax Credit Award Letter + NHS tax credit exemption certificate
-13-
81902352
31/07/2017
Application:
Evidence Type :
Income Level 2
Proof of Income - Level 2
Award Letter for Guaranteed Pension Credit
Award Letter for Income Support + bank statement (highlighted)
Award Letter for JSA (Income Based) ES40
Application:
Evidence Type :
Mobility Level 1
Proof of Mobility - Level 1
Disability Living Allowance - Book
Disability Living Allowance Letter + bank statement (highlighted)
Application:
Evidence Type :
Mobility Level 2
Proof of Mobility - Level 2
Disability Living Allowance (Higher rate mobility) - Book
Disability Living Allowance Letter (Higher rate mobility) + bank statement
(highlighted)
Incapacity Benefit - Book
Incapacity Benefit Letter + bank statement (highlighted)
Severe Disablement Allowance - Book
Severe Disablement Allowance Letter + bank statement (highlighted)
Application:
Evidence Type :
Proof Of Age
Proof Of Age
Benefit Book - Retirement
Birth Certificate
Current Full UK Driving Licence (Old Version)
-14-
81902352
31/07/2017
Current Signed Passport
Current UK Driving Licence (Photo Card Type)
National Blood Transfusion Service Card
NH Medical Card
Old Age Pension Book
Optical or Medical Prescription
Application:
Evidence Type :
Senior Citizen Bus Concession
Proof of Address (Active in the community)
Bank / Building Society Statement or passbook
Benefits Book or original B.A. Notification Letter
Confirmed by Electoral Register Search
Court Order
Current Full UK Driving Licence (Old Version)
Current UK Driving Licence (Photo Card Type)
Local Authority Tax Bill
Local Council Rent Card or Tenancy Agreement
Recent Original Mortgage Statement
Recent Utility Bill or Certificate
Record of Home Visit
Evidence Type :
Proof Of Age
Benefit Book - Retirement
Birth Certificate
Current Full UK Driving Licence (Old Version)
Current Signed Passport
Current UK Driving Licence (Photo Card Type)
-15-
81902352
31/07/2017
National Blood Transfusion Service Card
NH Medical Card
Old Age Pension Book
Optical or Medical Prescription
Application:
Evidence Type :
Special Needs Level 1
Proof of Special Needs - Level 1
Learning Disabilities (Letter from GP, LA or LEA)
No Natural Speech (Letter from GP, LA or LEA)
Partially Sighted (Letter from GP, LA or LEA)
Profoundly or Severely Deaf (Letter from GP etc)
Application:
Special Needs Level 2
Evidence Type :
Proof of Special Needs - Level 2
Authorisation Letter/Medical Assessment on Mobility
Letter from Blesma
Registered Blind
Registered Deaf with no Speech
Application:
Evidence Type :
Student Verification
Student Identification
Stamped Letter from place of Education
Student Union Card
Application:
Under 16 Concession
-16-
81902352
31/07/2017
Evidence Type :
Proof of Address (Active in the community)
Bank / Building Society Statement or passbook
Benefits Book or original B.A. Notification Letter
Confirmed by Electoral Register Search
Court Order
Current Full UK Driving Licence (Old Version)
Current UK Driving Licence (Photo Card Type)
Local Authority Tax Bill
Local Council Rent Card or Tenancy Agreement
Recent Original Mortgage Statement
Recent Utility Bill or Certificate
Record of Home Visit
Evidence Type :
Proof Of Age
Benefit Book - Retirement
Birth Certificate
Current Full UK Driving Licence (Old Version)
Current Signed Passport
Current UK Driving Licence (Photo Card Type)
National Blood Transfusion Service Card
NH Medical Card
Old Age Pension Book
Optical or Medical Prescription
Application:
Evidence Type :
Unemployment
Proof Of Unemployment
Job Seekers Allowance (Contribution Based) ES40
-17-
81902352
4.
31/07/2017
Card Specification
4.1 Card Contents
The cards will include the following Java applets:

Common Cardholder Data Application (CCDA)

ISO 7816-4 File Handling Application

ITSO Application
The applets and data must fit into 16kb.
The full detail including tags and AIDs will be defined by SCS in the latest version of [22].
4.2 CCDA Data
They will include the following personal data:
 Card Number (Card Holder ID and Issue number)



Name
- Title
-
Forename
-
Initials
-
Surname
Name (requested name)
Address in LLPG-compatible format
-
House Name/Number (PAON)
-
Flat or sub-dwelling (PAON)
-
Street Name (Street Descriptor)
Post Town (Town/Post Town)
-
County (Administrative Area)
-
Post Code
-
Address Valid flag
Personal Details
-18-
81902352
31/07/2017


-
Dob
-
Gender
-
Ethnic Origin
Contact details
-
Email
-
Home Phone
-
Mobile Phone
-
Work Phone and extension number
Resident in Local area flag
The mapping on this data on to the card is given in the following table:
Tag
Max. File
Lengt Id.
h
Label
Length
Data Field Label
Data
Format
DF23
DF31
DF32
DF53
DF33
5F2B
DF56
8
35
35
13
35
4
50
C001
C001
C001
C001
C001
C001
DF56
11
5
8
8
7
3
5
BCD
ASCII
ASCII
ASCII
ASCII
DATE
ASCII
DF57
DF39
DF59
DF3A
DF3C
8
8
8
8
50
8
8
8
6
5
5F20
DF64
5F35
DF6B
DF5B
DF66
DF67
DF68
DF69
DF6A
DF6B
70
12
1
1
1
25
50
35
20
20
1
DF57
DF39
DF59
DF3A
DF3
C
C001
C001
C001
DF6B
C001
DF66
DF67
DF68
DF69
DF6A
DF6B
Card Number
Title
Forename
Initials
Surname
DOB
House
Number/Name
Postcode
Home Tel
Work Tel
Mobile
Email
4
9
6
9
8
12
11
8
9
6
13
Name
Authority
Gender
Ethnicity
Resident
Sub-dwelling
Street Name
Locality
Post Town
County
Address Valid
ASCII
ASCII
BCD
BCD
ASCII
ASCII
ASCII
ASCII
ASCII
ASCII
ASCII
-19-
ASCII
BCD
BCD
BCD
ASCII
81902352
31/07/2017
4.2.1 Trust Data
Authentication and Eligibility data (together referred to as Trust Data) is held in a
separate service on the card:



Authentication Information
- Trust Level
-
Verified Date
-
Expiry date (Review required date)
Entitlement Information
-
Mobility Level and expiry date
-
Income Level and expiry date
-
Special Needs Level
-
Age verified flag
-
Address verified flag
-
Student flag and expiry date
-
Unemployed Flag and expiry date
Issuer Information
-
Local Authority Name
Note that user and user PIN capability will be available for protecting data fields, but by
default, this will be switched off. An application PIN is also being defined that can be
used by the API used by legacy applications as an alternative to the user PIN to read
PIN-protected data, but again, by default, this will be switched off.
-20-
81902352
31/07/2017
The mapping on this data on to the card is given in the following table:
Tag
Max. File
Lengt Id.
h
Label
Length
Data Field
Label
Data
Format
DF0
1
DF0
2
DF0
3
DF0
4
DF0
5
DF0
6
DF0
7
DF0
8
DF0
9
DF0
A
DF0
B
DF0
C
DF0
D
DF0
E
1
C001
10
Auth Level
BCD
4
C001
13
Verified date
DATE
4
C001
11
Expiry date
DATE
1
C001
12
Age Verified
ASCII
1
C001
7
Student
ASCII
4
C001
16
DATE
1
C001
18
1
C001
10
Student Exp
Date
Special Needs
Code
Mobil Code
4
C001
14
Mobil Exp Date
DATE
1
DF0A
5
Unemp
ASCII
4
DF0B
14
DATE
1
DF0
C
DF0
D
C001
14
Unemp Exp
Date
Inc Level Code
Inc Level Exp
Date
Address Verified
DATE
4
1
18
16
-21-
BCD
BCD
BCD
ASCII
81902352
31/07/2017
4.2.2 ITSO Data
The cards will include the following ITSO data:
 An ITSO Shell

An Stored Travel Rights (STR) IPE

A GMPTE Concessionary entitlement IPE (optional) – Bolton Cards
only

A NoWcard Concessionary Entitlement IPE (optional) – Blackburn
Cards only
4.3 Card Internal Layout
The internal layout of the card will be fully specified in the latest version of [22].
4.4
Interfaces Supported
IS0 7816-4 Commands
T=0,T=CL interfaces will be supported, but not T=1.
The exact commands that are supported are specified in the SCS specification
documents, [20], [22] and [23].
Contactless - ISO 14443 Type A
There are two variants of ISO 14443L Type A and Type B. Type A is licensed from
Philips and is the type that MiFare uses. Type A is supported, but Type B is not.
MiFare is supported but not currently proposed to be used for Bolton or Blackburn pilots.
The same slot is used as the other NSCP new starters (Suffolk and Chester), which
means that the card number is available in slot 13, block 0. The T=CL (ISO 14443-4)
interface is supported and used for ITSO.
-22-
81902352
5.
31/07/2017
Enrolment Web Site
The NSCP provides a Web Site as part of the Starter Pack software – see [9].
The Web site has been tailored for Bolton’s and Blackburn’s requirements – see sections
below.
5.1 Home Pages
The Web site home page gets the header, card front, scheme name and scheme
information message from the card schemes that have been defined for Bolton and for
Blackburn. All Web pages use stylesheets for the selected scheme – see section 5.17.
The scheme number is specified in the global.asa file for the Web site.
5.1.1 Bolton Home Page
-23-
81902352
31/07/2017
5.1.2 Blackburn Home Page
-24-
81902352
5.2
31/07/2017
Information pages
The various information pages: Uses, Future Plans, Data Protection, Privacy Statement ,
FAQ, New and Contact need to be defined. The contact details on the contacts page
are configured in the cardholder database, and are as defined in section 3.1.5.
It is not strictly necessary for these pages to be defined for the pilot as enrolment will be
done by trained council staff at a small number of service points, but it would be helpful
to these users if it is supplied. The text has not so far been made available by Bolton or
Blackburn.
-25-
81902352
31/07/2017
5.3 Enrolment Form – Personal Details
The personal details have been modified by changing the fields defined in the cardholder
database. Changes to the application code were necessary to change the fundamental
customer data.
Changes include making the address LLPG-compliant, changing the negative privacy
statement to a positive third-party usage opt-in and adding a password clue. There are
other minor changes – see [22] for differences in data put on the card to the other early
adopter schemes.
Note that the Chester version of the Web site does not use Postcode software. The
Bolton scheme will similarly not use Postcode software for address lookup. The Bolton
CRM integrated versions will use the Bolton LLPG.
-26-
81902352
31/07/2017
5.4 Enrolment Form – Card Services
Card Services have configured by defining the applications associated with the card
scheme in the cardholder database. The configuration for the pilot is shown.
-27-
81902352
31/07/2017
5.5 Enrolment Form - Marketing Information
Marketing information required changes to the code of the Web page. The data is held
in XML format in the database. The configuration for Bolton is shown. The Blackburn
version is similar but asks about membership of Bolton libraries and leisure centres.
5.6 Confirmation
The confirmation screen did not require changing. This screen will not be used for
citizen registrations during the pilot, as these will be done by a logged on Service Point
user. See section 5.12 below for the end of the complete enrolment process.
5.7 Citizen Logon
Citizen Logon will not be provided as Bolton are not supplying a public website. Logon
by Service point users (who will use this Web site) will be done using the Journal
application.
-28-
81902352
31/07/2017
5.8 Service Point User Logon
The Service point user can Logon to the application using their card number and
password. In this version of the software Service Point users will need to go through the
enrolment process, and then be manually configured in the database to give them their
required roles. This version of the software does not support logon using a smart card.
-29-
81902352
31/07/2017
5.9 Taking a Photograph
No changes to photograph taking were required. The software has been tested with a
Logitech Quickcam 4000 Pro camera.
-30-
81902352
31/07/2017
5.10 Scanning a Signature
No changes to signature scanning were required. The software has been tested with an
HP Scanjet 4600 scanner.
There is a requirement by Bolton to scan in the whole application form, not just the
signature. This change has not been made as part of this development.
-31-
81902352
31/07/2017
5.11 Checking Evidence
The screens for evidence checking are configured by linking proof types to card services
in the cardholder database, so changes were required to these Web pages. An example
evidence screen is shown below, but the full mapping of evidence types to applications
is given in section 3.3. The NSCP software would need changing to do evidence in the
optimal way for the Bolton requirement.
There is a requirement to scan in documents supplied as authentication evidence – this
is required by the Level 1 Authentication process.. Currently there is no way to store
them in the database, but the mechanism for storing signatures and photographs could
easily be extended to cover this. This change has not been made as part of this
development. Scanning in evidence for all the eligibility applications would also be
possible, but is not thought necessary.
Note that there is currently a problem that a piece of evidence must be selected for each
application even if a suitable piece has been selected for a previous application. Also, if
the same piece is specified twice, it is shown twice in the list of supplied evidence for
each category that it applies to (on the Journal screen – see section 5.12).
-32-
81902352
31/07/2017
5.12 Changing details before the application is complete
As with the application form, this is configurable by the database, so no changes to the
Web page were necessary. Note that there is currently a problem that when an item is
changed, the old value is not shown.
-33-
81902352
31/07/2017
5.13 Searching for a user
This screen is used to find an existing citizen entry when completing or modifying an
application. No changes were required to it.
There is a requirement for the Bolton card management team to be able to review
applications that have been completed. The card management team rather than the
service point agent will mark the applications as complete and ready for print and
personalisation. To support this function a new menu item is required that lists all the
outstanding completed applications in the same format as search results. This change
has not been done as part of this development.
-34-
81902352
31/07/2017
5.14 Specifying the Issuer
For the Cornish Key card, sub-organisations such as the Fire Brigade could issue cards,
so there was a need to specify the Issuer. As Bolton and Blackburn will have separate
enrolment applications, with separate Web sites, the screen is unnecessary for these
schemes. This could be removed if required – currently the single possible value must
be selected from the drop-down list. The issuer is specified at the bottom of the
evidence-checking screen – as shown below.
-35-
81902352
31/07/2017
5.15 Completed Application Form
This screen required a small change for the size and position of the photograph.
-36-
81902352
31/07/2017
5.16 Changing the card status
Once an application is complete, the smart card history is shown on the journal screen,
and the card status can be changed. The set of possible status values has been
reduced to an agreed set as shown:
5.17 Cascading Stylesheet
A .CSS file has been produced that defines the fonts and colour scheme for the Bolton
Web site. It is based on the Access Bolton Web site. The screenshots in this section
are based on the current version for Bolton. The Blackburn styles are shown on the
home page – see section 5.1.1.
-37-
81902352
31/07/2017
5.18 Reports
Some simple bar-chart reports have been added to support reporting on the user
population that have enrolled during the pilot. The list of reports and an example are
shown below:
-38-
81902352
31/07/2017
5.19 Other Enrolment changes
Fujitsu have made the following other changes to the enrolment web site, based on the
Beta version of software from the NSCP:
 Minor code changes needed to support Bolton and Blackburn Web
site styles and images
6.

Removed sending emails to Cornwall

Added extra tracing

Improved error handling to aid debugging

Changed text box sizes to match the size of data items

Modified SQL stored procedures and web pages to support the
changes in personal details – see section 5.3
Configuration of the Cardholder database
See [9] for how the cardholder database fits into the architecture of the solution, and [13]
for a definition of the cardholder database.
-39-
81902352
31/07/2017
The following data has been added to the Cardholder database and where necessary,
the Web site changed, to support the pilot:
1. Creation of citizen records for administrators and other roles, and
creation of CitizenRole entries to link them to role records. Further
administrator or proof-checker users can be added by going through
the registration processes and then manually adding CitizenRole
entries to the database.
2. Creation of CardScheme records for Bolton and Blackburn.
3. Creation of an Issuer record and Contact records linked to the
scheme.
4. Creation of Application, AppCat, AccCatProofType, Field, FieldProof,
AppField entries for Bolton and Blackburn Card Services.
5. Creation of ProofKindType, ProofType and Proof records for the
scheme.
6. Modifications to Field records to change the fixed customer details
fields.
7. Modification to the marketing screen and data.
7.
Print and Personalisation Application
-40-
81902352
31/07/2017
7.1 P&P Components
An interim Print and Personalisation application has been developed to support the pilot,
as the production P&P software was not available from the NSCP in the required
timescales. The interim solution requires software from Smart Card Solutions and from
the NSCP. It also needs an ISAM for the scheme to be available.
The following diagram from SCS, shows the components involved.
Because of a more stringent requirement for certification by ITSO for the pilot than
expected and the unavailability of an ITSO POST integrated with the SCS
personalisation software, ITSO personalisation is not yet available.
SCS are now expecting to produce a certified ITSO POST for a third-party, and a
tentative decision has been made for Bolton to purchase this. There are alternatives
such as the ESP Systex ITSO POST, but this will need to be integrated with the NSCP
personalisation software. The POST needs to be integrated with the NoWcard and
GMPTE HOPS.
The involvement of GMPTE in the pilot has also not been clear. The current position is
that Bolton will register for an ITSO OID and be the shell owner and the owner of a
concessionary travel IPE, on behalf of GMPTE. This requires the development of simple
HOPS functionality integrated with the CMS. This will be the subject of a separate
proposal.
For these reasons the P&P solution delivered by this development does not include
writing an ITSO Shell, ITSO STR IPE, or concessionary IPE. It does, however, include
writing the ITSO applet to the card.
7.2 Interim P&P process
Fujitsu have developed a variant of the “demonstration” solution that the NSCP used for
the Suffolk scheme.
-41-
81902352
31/07/2017
This consists of the following steps, using a variant of the GUI control program
developed by The NSCP :
1. Place the scheme SAM into the SAM reader
2. Select the record to print and personalise from a drop-down list of
completed applications.
3. Click a button to move a blank card to the contactless encoder and
MiFare encode the card
4. Move the card to the other contact card reader, and to load the
scheme data and personalise a card
5. Move the card from the contact interface to the card input on the card
printer
6. Click a button to print the card
7. Restart the process...
Fujitsu have undertaken the following developments to support this:

Modified the scheme load to use cap files and scripts provided by
SCS.
 Adding code to directly access the data from the cardholder database
rather than using an Access database. (The Access database is still
used for some configuration information).
 Modified the code that personalises the card front and back to support
the Bolton and Blackburn layouts
 Developed a new DLL and associated API for moving the card to the
encoders, for the RTP 101 printer, as this, and not the Fargo HDP 820
printer as used at Cornwall, is being used by Bolton.
 Supported preview of the card being produced
 Supported images with rounded corners, as requested by Bolton
marketing.
 Simplified and partially automated the process.
Note that this whole print and personalisation process takes about 5 minutes per card.
To be usable the P&P process should either be replaced by the production version from
the NSCP, with the changes for the RTP 101 printer, etc., incorporated, or some
changes to the interim P&P software will need to be made.
At minimum these changes need to be:

Support of an automated process using the internal contact encoder.
(Suitable drivers for the Cream 130 encoder supplied are not available
at the time of writing).

Support of a simple batch process that allows separate batches to be
printed for Bolton or Blackburn

Printing of welcome letters with mail-merge of appropriate data
These changes have not been made as part of this development.
8.
Infrastructure
-42-
81902352
31/07/2017
8.1 Portable Enrolment Application
A portable enrolment application has been produced to allow demonstration of the
prototype functionality and support of the pilot definition process. This runs on a laptop
running Windows 2000 (or later) and SQL Server 2000 and consists of:

The Cardholder database, configured for the Bolton and Blackburn
schemes

The Visual Basic Enrolment Application

A Microsoft ASP technology Web site tailored for Bolton’s and
Blackburn’s requirements (see section 5)
The workstation requires the following peripherals:

A PC/SC USB smart card reader (e.g. the Cornish Key Orga
Cardmouse smart card Readers)

An HP Scanjet scanner (e.g. Scanjet 4600)

A Logitech 4000 Pro Webcam

A 4-way compact USB hub
Setting up this application involved:

Installation and Troubleshooting of the NSCP Starter Pack
software

Configuring the cardholder database – see section 6.

Production of Card Scheme images etc. – these will be provided
by Bolton and Blackburn

Web site tailoring (see section 5 above)

Purchasing and installing the scanner and Webcam

Installing the smart card readers – to be supplied by Bolton

Prototyping the enrolment process
This portable enrolment application has been set up on a Fujitsu-owned laptop, but can
be made available to Bolton and Blackburn for demonstration to the scheme’s
stakeholders.
-43-
81902352
31/07/2017
8.2 Pilot Infrastructure
The actual running of the pilot is not covered by this document, which is only concerned
with creating and testing the infrastructure to allow such a pilot to be run.
To run the pilot a Data Centre Server will be required, together with infrastructure for
Card Management, Print and Personalisation, smart card Enrolment, and Library and
Leisure Centre enrolment and identification.
8.2.1 Data Centre Server
The Data Centre server runs a single database with schemes for Bolton and for
Blackburn, and separate Web sites for Bolton and for Blackburn.
8.2.2 Web Servers
The NSCP System Requirements document ([14]) specifies a separate Web Server box.
However, as the use of the Starter Pack Web site is only a temporary solution for Bolton,
and will be replaced by Oracle CRM and the Oracle Portal in the long run, it is proposed
to run the Web sites for Blackburn and for Bolton on the database server.
[14] also specifies the use of firewalls and demilitarised zones. As the pilot Web site is
not available on the Internet, these will not be used.
The Web sites will therefore be hosted on the Database Server machine.
Service points using the enrolment application (for both Bolton and Blackburn) need to
be on the Bolton Intranet. They require http access to the Database Server machine.
8.2.3 Database Server
The server holds Bolton and Blackburn cardholder data.
The basic requirement for the combined database and Web server is:

2 x 2 GHz CPUs

2Gb memory

RAID option for RAID 5

5 x 36GB Disks

a tape Drive for database backup.
A Dell Server has been chosen with the following spec:
-44-
81902352
31/07/2017
System Qty
1
1
1
Description
PowerEdge 2650 - AC -Xeon 3.06GHz/512k,
533FSB, Integrated Floppy (AC Powersupply
only)
English - Support technical sheet, getting started
docs, CD, NO Power Cord
Bezel Assembly
ECC DDR Memory, (2X1GB)
Additional Xeon 3.06GHz/512k, 533FSB cache
processor
36GB SCSI UItra32O (10,000rpm) 1in 80 pin
Hard Drive
1 x 5 Hard Disk Drive Hot Plug Backplane (5x1
inch HDDs)
PERC 3/DI dual Channel onboard RAID card
enabled with 128MB Cache
24X IDE CD-ROM Drive
AC Redundant power option (2 power supplies)
No Operating System
OpenManage Server Software - must NOT be
ordered with PS Web 2000 Server Solution
Upg to Silver 3Y (24x7) Premier Enterprise
Support
Base warranty
1Y NBD (Next Business Day)
DELL 4 Post Rack Mount parts, all parts to install
a PE2650 into a DELL Rack
C04 MR5, RAID 5 using on-board controller
PV114T Sng Rack Base LTO1, 2U, inc
cleaning Cartridge
European – Documentation with PDU Cord
Adaptec SCSI 39160 Controller Card with 4m
VHDCI-68 pin cable
Upg to Silver 3Y (24x7) Premier Enterprise
Support
Base warranty
1Y NBD (Next Business Day)
DELL 4 Post Rack Mount parts, all parts to fit a
PV114T into a DELL Rack
42U Rack 4210 Base with doors, side panels,
ground ship packing, Service Tag doc
Upg to Bronze 3Y NBD Premier Enterprise
Support
Base warranty
1Y NBD (Next Business Day)
1
1U LCD with Rapid Rails (KIT)
1
UK/Irish (QWERTY) – Trackball Keyboard
(Kit)
-45-
Qty
1
1
1
1
5
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
81902352
31/07/2017
8.2.4 Card Management Team Infrastructure
The Card management infrastructure supports the Card Management team in checking
enrolment and providing help desk functionality.
This just requires a subset of the enrolment screens to be available from the enrolment
Web site – see section 5.
The screens used for Card Management functions include those in section 5.8 (Logon),
5.12 (Journal), 5.13 (Searching for a user, and a new variant to list completed
applications, when developed), 5.16 (changing card status).
8.2.5 Card Management Workstations
For each help desk operator or administrator, a workstation with the following
specification is required
 At least 256Mb RAM, 1 disk and CD-ROM drive.

1 X PC/SC USB
Print & Personalisation Infrastructure
The P&P infrastructure supports the fulfilment team in producing and mailing out cards.
8.2.6 Card Printer Workstations
For each card printer, a dedicated workstation with the following specification is required:

At least 512Mb RAM, 1 disk and CD-ROM drive.

2 Serial connections (or USB to Serial converters)

3 USB connectors (2 for SAMs, and 1 for the USB to SCSI
connector to the printer).

2 X PC/SC USB smart card readers These are needed for the
security modules (Scheme SAM and ITSO ISAM).

The PC needs to be physically co-located with the printers as the
connectors to the encoders are short
A dedicated laser printer with suitable stationery loaded is also needed when P&P is
active. A change to the P&P software is possible that batches laser printing and avoids
the need for a dedicated laser printer.
8.2.7 Card Printers
The NSCP Card Production requirements document – [18] – specifies:
Smart Card Printer (Fargo HDP 820) fitted with the following options:



Gem EasyLink 680SP contactless encoder
SmartMouse SM1 contact interface.
PC/SC Smart Card Reader
-46-
81902352
31/07/2017
However, a more recent printer from ESP Systex, the RTP101, which has an ITSOcompliant POST available for it, and requires much less maintenance has been chosen,.
2 card printers are required to run the pilot, so that card production can continue if one
printer requires maintenance.
The RTP 101 printer uses a Cream 130 PnP PC/SC compatible contact encoder instead
of the SmartMouse encoder.
The ITSO-compliant encoder from ESP Systex is not being used for the pilot but is an
option for the future.
8.3 Smart Card Enrolment Service Point Infrastructure
To run the pilot, enrolment including taking of a photograph, scanning the signature, and
checking evidence will take place at a Service point, such as a library, leisure centre, or
a town-hall location such as the Leisure shop or the One-Stop-Shop.
The Service Point (even for Blackburn) will need to be on Bolton’s intranet, and have fast
network access to the Back Office Environment, where the cardholder database will be
resident.
The software and hardware is the same as the portable enrolment system described
above, except that the cardholder database and the enrolment Web site will be hosted in
the Bolton Data Centre.
8.3.1 Service Point Hardware Specification
PCs with the following spec are needed in each Library/Leisure Centre/Leisure
shop/One-Stop-Shop, etc. where smart card enrolment is done:

At least 256Mb RAM, 1 disk and CD-ROM drive.

3 USB connectors

1 x Logitech QuickCam 4000 Pro Web Cam

1 x HP Scanjet 4600 Scanner

1 x PC/SC USB smart card reader (e.g. Orga Cardmouse).

A printer also needs to be available for printing application form for signing.
8.4 Library and Leisure Centre Enrolment Infrastructure
Libraries and Leisure Centres that support enrolment or identification using smart cards
will need a PC with a smart card reader. These access points may or may not be the
same as the service point where enrolment takes place. Where they are, the same PC
can potentially be used for smart card enrolment and Library or Leisure Centre
enrolment.
The PC needs at least the following spec:

At least 256Mb RAM, 3 x USB, 1 disk and CD-ROM drive.

1 USB connector

1 x PC/SC USB smart card reader (e.g. Orga Cardmouse).
-47-
81902352
9.
31/07/2017
Applications supported
The applications to be supported that have the highest priority are:
 ITSO Ticketing (www.itso.org.uk )

TALIS Library System (www.talis.com )

Leisure Systems for Bolton (www.leisureflex.com ) managed by Serco
(www.serco.com)
Applications that will optionally be supported if available by the time the pilot starts are:
 Galaxy Library System (www.ds.co.uk )

Leisure Systems for Blackburn (Gladstone www.ge-mrm.com)
9.1 ITSO
The pilot is expected to cover:
 Bus companies: Lancashire United (part of Blazefield) and
possibly Blue Bus

Bus route: 225 Clitheroe Blackburn Bolton.
ISAMs with the necessary keys for the Bolton and Blackburn schemes will be used in the
personalisation process.
The personalisation process will put the following on the card for all citizens:
 An ITSO Shell

An ITSO Stored Travel Rights (STR) IPE
For a Blackburn citizen entitled to age related concessionary fares, a NowCard
entitlement IPE will be written to the card. This will be an ISO type 16 IPE that defines
the citizen’s ID and concession.
For Bolton citizens entitled to age related concessionary fares, a GMPTE entitlement IPE
will be written to the card. This will be an ISO type 16 IPE that defines the citizen’s ID
and concession.
ITSO Shell Account (ISA) and ITSO Product Account (IPA) records will be written to the
cardholder database for the GMPTE shell and products.
See section 7.1 for more information on the current state of ITSO support.
-48-
81902352
9.2
31/07/2017
Libraries
Bolton
Agreement to integrate with Talis using the API described in [5] has been agreed and
work has started.
It is proposed that the full 16-digit card holder number which is printed on the card is
used as the library number, so that citizens can use it on touchtone phones for renewing
books, etc., by telephone. The full card number including the issue number is needed in
case a card is stolen, so that the specific issue of the card can be invalidated. This does
mean that when the user gets a replacement card they will need to register it with TALIS.
Currently it is assumed that a contact reader will be used in libraries. Alternatively a
Type A T=CL contactless reader with a PC/SC driver could be used. For identification
purposes a MiFare contactless reader could be used, but enrolment cannot be done
using MiFare.
Blackburn
Blackburn’s Library application supplier is GALAXY. They have been sent the API for
evaluation.
9.3 Leisure Centres
As for Libraries, it is currently assumed that contact readers will be used for identification
and enrolment, but a Type A, T=CL, contactless reader with a PC/SC driver could be
used instead.
MiFare contactless readers could be used for reading just the card holder number. For
example, such readers could be used to allow entry into different parts of a Leisure
Centre.
Bolton
Bolton Leisure Centres are being upgraded to use the FLEX system from Leisure-Flex.
Leisure Flex has been approached to see if they can use the API described in [5] to
smart card-enable their FLEX application. This has been agreed and work is in
progress.
Blackburn
Blackburn Leisure Centres use the Gladstone MRM System. Chester has an application
that can write the Gladstone MRM library membership number to the card, but the style
of integration needed for the Bolton card is different.
Gladstone have read the API spec and sent information on their current smart card
support, which includes MiFare readers and Orga contact readers. Further negotiations
are needed with Gladstone to agree the approach with them.
-49-
81902352
31/07/2017
10. Software and Documentation Deliverables
10.1 Software
10.1.1 Integration API
An installable PC software package for the ActiveX version of the Integration API,
described in [5], is available.
10.1.2 Installers
Installers, and any necessary installation instructions, have been produced for all new
and modified software components for each of the supported types of servers and
workstation (as described in section 8.2).
10.1.3 Complete Software CD
All the software and related documentation produced by Fujitsu for the pilot is available
on a CD. This includes all new and modified code, and a database dump of the SQL
Server and Access databases, as modified for the Bolton and Blackburn schemes.
The documentation includes a description of all the changes that have been made to the
NSCP software.
10.2 Documentation

API Specification for Legacy System Integration – this is a version of
[5] with full details of the ActiveX version of the API.

Pilot Specification (this document) including detailed card contents

Specification of the Strategic Local Authority Scheme Architecture –
see [3]. This is a “Marketing” document of about 12 pages (excluding
document control sections).
-50-
81902352
31/07/2017
11. Testing
The following functional testing has been carried out:

Installation of the software and device drivers on each type of server
and workstation

The enrolment process for Bolton and for Blackburn

Printing and Personalisation of cards that support the pilot functions
using the interim P&P software

Sample integration with a test Web application using the ActiveX
Integration API

Sample integration with a test PC Win32 application using the ActiveX
Integration API
No performance testing or stress testing has been done, as this is not needed for a pilot.
Further testing will still be required for:

ITSO integration

TALIS integration

FLEX Integration

GLADSTONE MRM integration

GALAXY integration
-51-
81902352
31/07/2017
12. Processes
12.1 Definition of Enrolment Process
The expected way that applications will be processed is:

An application form will be posted to the eligible participant’s home
address. Application forms will be sent to invited people only, and
their families.

The citizen will fill in the form and take it with proof of identity, and
eligibility for concessions, to a Service point (e.g. a library). Bolton
residents should take forms to Bolton Services points and Blackburn
residents to Blackburn Service Points.

At the Service Point a photograph will be taken, a signature scanned
in, and the form details entered into the enrolment application.

Evidence will be inspected and details entered into the application in
order to achieve Level 1 authentication, and to prove the eligibility
requirements that are applicable to the applicant. Eligibility evidence
may include proof of age, disability, low income, residence, and
education status.

If the citizen does not bring the required evidence, they can come
back and resume their application later.

The Service point will have an online HTTP connection to the Back
Office system in Bolton.

The Back Office System for both Blackburn and Bolton Service points
will be on the Bolton intranet.

Printing and Personalisation will take place at Bolton Offices.

The personalised smart card, together with a personalised letter, will
be sent to citizen’s address, as supplied on the application form.
12.2 Post-Issuance Card Management
Note that there is currently no capability for post-issuance changes to the applications or
the data on the card, other than ITSO IPE data, which can potentially be updated by any
ITSO-compliant applications. There may be support for updating data on the card at
Service Points in the final NSCP deliverables, but evaluation of this is outside the scope
of this development.
The NSCP CMS Journal screen does support changing the card status (e.g. for lost and
stolen cards) and the card location – see section 5.16.
-52-
81902352
31/07/2017
13. Third-party requirements
13.1 Smart Card Solutions (SCS)
Smart Card Solutions are developing the Java Applets for the card.
They were required to supply:
1.
Java Applets:
ISO File Applet, CCDA Applet and
ITSO Applet.
2.
SchemeLoader DLL:
A schemeloader DLL to facilitate the
loading and instantiation of Bolton
specific card packages and applets,
and an interface specification
document.
3.
CCDA Script:
A personalisation template script to
construct the files and data fields
required by the CCDA applet.
4.
ITSO Personalisation DLL:
A personalisation DLL which can be
used to interface with an ISAM and
the JCOP30 to personalise the ITSO
applet, and an interface specification
document.
5.
OpenPlatform DLL:
A DLL to provide open platform
secure channel messaging.
6.
Personalisation Secure Access Modules:
Personalisation SAMs with
appropriate keys to secure and
enable the personalisation process.
7.
Personalisation Master Keys:
Scheme specific keys for Open
Platform and card applets to be used
in SAM creation.
8.
Issuer PIN and Application PIN:
Scheme specific Issuer and
Application PINs to be used in
CCDA script.
9.
Sufficient support to enable Fujitsu to use these scripts, and other components.
All these other than the ITSO Personalisation DLL have been supplied. An ITSO
Personalisation DLL that supports Bolton’s selected ITSO POST will be supplied by SCS
when the ITSO POST has been selected and is available. This will not now be in the
timescales of this development for the reasons given in section 7.1.
-53-
81902352
31/07/2017
13.2 NSCP
13.2.1 Enrolment
To support enrolment, beta versions of the following were required from The NSCP:
1. The Cardholder database installer
2. The enrolment application installer
3. An example Web site (e.g. the one for Chester)
4. Sufficient documentation to configure and use these components
5. Specification of the Hardware and Software requirements
These were all delivered by NSCP.
13.2.2 Print & Personalisation
To support an early capability to print and personalize cards before the relevant starter
pack deliverables were available, the following were required:
1. Detailed specification of the Card Printer and encoders required (see
[18]).
2. The source code of software that the NSCP is using to print and
personalize cards for Suffolk.
3. Sufficient help and information to enable Fujitsu to modify the code to
write the personal information to the card that is required for the
Bolton Scheme. This was expected to be minimal.
These were all delivered by the NSCP.
-54-
81902352
31/07/2017
14. Appendix 1 – National Smart Card Project Glossary
This Glossary is intended to help readers to understand terms used in the National Smart Card Project publications. The primarily purpose is to be
useful in this context rather than a precise set of definitions.
Numeric
3G A
ActiveX -
Third generation mobile telecommunications technology
A loosely defined set of object-oriented programming technologies and tools developed by Microsoft. The main technology is the
Component Object Model (COM). ActiveX is Microsoft's answer to the Java technology from Sun Microsystems.
Algorithm A sequence of steps used to perform a mathematical operation
ANSI American National Standards Institute: Standardisation coordination body for the USA
API Application Programming Interface: A set of routines, protocols (q.v.), and tools for building software applications (q.v.)
Applet A program designed to be executed from within another application (q.v.). Unlike an application, applets cannot be executed
directly from the operating system. On the Web, an applet is a small program that can be sent along with a Web page to a user.
Java applets can perform simple tasks without having to send a user request back to the server.
Application A piece of software that performs business functions. It can reside on a smart card (q.v.)
Archiving Copying data onto a backup storage device
ASN.1 Abstract Syntax Notation One: A language that defines the way data is sent across dissimilar communication systems
Asymmetric Cryptography - Cryptography (q.v.) using a Public Key/Private Key (q.v.) combination
Authentication A security process that verifies that a person seeking to use an application (q.v.) on a smart card (q.v.) is the person who is
entitled to use it for the purpose intended
B
Biometrics Biological authentication mechanism such as a fingerprint, iris, voice, facial dimensions
BIOS Basic Input Output System: Built-in software that determines what a computer can do without accessing programmes from a disk
bit Binary digit: The smallest unit of information on a machine. A single bit can hold only one of two values: 0 or 1. The term was first
used in 1949
Block Action taken by an issuer to prevent the use of a card, or a particular application on a chip card
Bluetooth A short-range radio technology aimed at simplifying communications among Internet (q.v.) devices and between devices and the
Internet
BSI British Standards Institute: National Standards body for the UK responsible for facilitating, drafting, publishing and marketing
British Standards
C
C++ One of the most popular high-level programming language for graphical applications
Certificate Authority q.v.
CA Card-to-card Transaction to transfer something (usually money) from one card to another
-55-
81902352
31/07/2017
CAT -
Cardholder Activated Terminal: A terminal that dispenses a product or service
CCID CDMA CD-ROM -
Chip Card Interface Device: USB (q.v.) devices that interface with or act as interfaces with chip cards and smart cards
Code Division Multiple Access: A generic term that describes the technology on which a wireless air interface is based
Compact Disc - Read Only Memory: A type of optical disk capable of storing large amounts of data. Once stamped by the vendor,
they cannot be erased and filled with new data
Comité Européen de Normalisation (European Committee for Standardisation): The only recognised European organisation for the
planning, drafting and adoption of European Standards, except for electrotechnology (see CENELEC q.v.) and
telecommunications (see ETSI q.v.)
Information Society Standardisation System: Provides market players with a comprehensive and integrated range of
standardisation services and products, in order to contribute to the success of the Information Society in Europe
The European organisation for the planning, drafting and adoption of European Standards for electrotechnology
Common Electronic Purse Specifications: Define requirements for all components needed by an organisation to implement a
globally interoperable electronic purse programme, while maintaining full accountability and auditability
A certificate authority (CA) is an authority in a network that issues and manages security credentials and public keys for message
encryption. As part of a public key infrastructure (PKI), a CA checks with a registration authority (RA) to verify information provided
by the requestor of a digital certificate. If the RA verifies the requestor's information, the CA can then issue a certificate
Communications-Electronics Security Group: The Information Assurance arm of the UK’s Government Communications
Headquarters (GCHQ)
Text that has been encrypted (q.v. encryption)
Chartered Institute of Purchasing and Supply: Private international education and qualification body representing purchasing and
supply chain professionals
Card Management System
A means for allowing the exchange of data between a smart card and a reader that requires the card to be in physical contact with
the reader
A means for allowing the exchange of data between a smart card and a reader without any physical contact between the card and
the reader
Customer Relationship Management
Enables chip data exchange in a secure manner
Used to encrypt or decrypt a message
The relationship between plain text and cipher text (q.v.) that prevents anyone other than the intended recipient from reading the
information
Cardholder Verification Method: The means to verify the authenticity of a cardholder
CEN Workshop Agreement: Published European consensus arising from CEN/ISSS workshops
Networked computers/the Internet (q.v.)
CEN -
CEN/ISSS CENELEC CEPS Certificate Authority
CESG Cipher Text CIPS CMS Contact interface Contactless interface CRM Cryptogram Cryptographic Key Cryptography CVM CWA
Cyberspace -
-56-
81902352
D
Decryption DES DfES Digital Certificate Digital ID Digital Key Digital Signature DPA Dual interface card E
e-cash ECML e-Commerce eESC EFTPOS Electronic Wallet e-mail Emboss EMV EMVCo Encryption e-purse e-tailing ETSI eURI -
31/07/2017
The procedure used in cryptography (q.v.) for converting cipher text (q.v.) to plain text
Data Encryption Standard: A popular encryption (q.v.) method developed in 1975 and standardized by ANSI (q.v.) in 1981
(Government) Department for Education and Science (UK)
An electronic "credit card" that establishes your credentials when doing business or other transactions on the Internet (q.v.). It is
issued by a Certificate Authority (q.v.)
Another name for a Digital Certificate (q.v.)
Strings of unique bits (q.v.) that allow messages to be scrambled and unscrambled
A digital code that can be attached to an electronically transmitted message that uniquely identifies the sender
Data Protection Act 1998 (UK)
A smart card (q.v.) having both a contact (q.v.) and a contactless (q.v.) interface; see distinction with Hybrid card (q.v.)
Electronic cash: Cash stored electronically and readily exchanged into monetary value
Electronic Commerce Modelling Language: A universal format for online commerce Web sites that contains customer information
that is used for purchases made online, formatted through the use of XML (q.v.) tags (q.v.)
Electronic commerce: Transactions that are conducted over an electronic network, where the purchaser and merchant are not at
the same physical location
The eEurope Smart Card initiative: Launched by the European Commission in 1999 to accelerate and harmonise the development
of smart cards across Europe
Electronic Fund Transfer at Point Of Sale: Usually a terminal
Software that stores information about a cardholders cards. Usually supplied by the issuers and appended to the cardholders web
browser
Electronic mail
Print raised data on a card
Europay, MasterCard and Visa: A collaboration between these three organisations
An industry association of the collaborators in EMV (q.v.) for the banking and finance industry
The procedure used in cryptography (q.v.) for converting plain text to cipher text (q.v.)
Electronic purse: A function on a chip card that allows e-cash (q.v.) value to be stored
Electronic retail
European Telecommunications Standardisation Institute: Not for profit organisation whose mission is to produce the
telecommunications standards for Europe (see also CEN q.v.)
Extended User-Related Information: Defined in CWA (q.v.) 13987 for Interoperable (q.v.) Citizen Services using Smart Card
(q.v.)Systems
-57-
81902352
31/07/2017
F
FINREAD -
European specifications for an applet-based (q.v.) secure interoperable (q.v.) smart card (q.v.) reader for online transactions
implying sensitive data transfers
FIPS -
Federal Information Processing Standards: Standards and guidelines issued by NIST (q.v.)
G
Gateway GPRS -
A node or switch that permits communications between two dissimilar networks
General Packet Radio Service: A standard for wireless communications which runs at speeds up to 115 kilobits per second,
compared with current GSM (q.v.)
GSC-IS -
Government Smart Card-Interoperability Specification: Interoperability (q.v.) specification for smart cards (q.v.) in the USA
developed by NIST (q.v.)
GSM H
Global Systems for Mobile Communications: One of the leading digital cellular systems
Hash http Hybrid card -
Message digest. A number generated from a string of text
Hyper Text Transfer Protocol: The underlying protocol used by the World Wide Web (q.v.)
A smart card (q.v.) that contains two separate and unconnected chips, one with a contact interface (q.v.) and the other with a
contactless interface (q.v.)
I
ICAO ICC ICT IDeA -
International Civil Aviation Authority: A specialized agency of the United Nations, ICAO is the permanent body charged with the
administration of the principles laid out in the Convention on International Civil Aviation, Chicago, 7/12/1944
Integrated Circuit Card, or smart card (q.v.)
Information & Communications Technology
Improvement and Development Agency (UK): Established by and for local government in April 1999 to support self-sustaining
improvement from within local government
IEC -
International Electrotechnical Commission: Global standards organisation for all electrical, electronic and related technologies
IFM -
Integrated Formal Methods: The rigorous engineering methodology for system development; a conceptual parallel to the industrial
standard UML (q.v.)
IIN -
Issuer Identification Number: The numbering system that uniquely identifies a card issuing institution in an international
interchange environment, specified in ISO/IEC 7812
IKE -
Internet Key Exchange
-58-
81902352
Integrity Internet Interoperability -
31/07/2017
Information that is free from error, corruption or alteration
A global collection of interconnected networks, used for the purpose of electronic communication
The ability for different systems to work together
Information Law Terms See WP8-04 Appendix 1 for definitions of the following terms in context:
Data
Data Controller
DPA
Data Processor
Data Subject
DCA
E-Envoy Identity
Guidelines
FOIA
HRA
LCD
Mandatory/Mandatory
Smart Card Scheme
Personal Data
Processing
Public Authority
Sensitive Personal
Data
Intranet A private network
IOPTA "InterOperable PT Applications" for smart cards: A revision of CEN (q.v.) standard ENV1545 that defines the codification of data
elements used for public transport
IP IR -
Internet (q.v.) protocol: Specifies the format of packets, also called datagrams, and the addressing scheme
Inland Revenue (UK)
-59-
81902352
31/07/2017
ISO -
International Standardisation Organisation: Body responsible for development of international standards covering a huge range of
issues
Issuer IT ITSO -
A financial institution that establishes an account for a cardholder and issues a payment card
Information Technology
Formerly "Integrated Transport Smartcard Organisation": Public sector membership organisation founded in 1998 to build and
maintain specifications for secure end-to-end interoperable ticketing operations in the UK
J
Java Java Card -
A high-level object-oriented programming language developed by Sun Microsystems
An ISO 7816-4 Compliant application (q.v.) environment focused on smart cards (q.v.)
K
Key Escrow Key Management -
Storage of a private key (q.v.) by a neutral third party
The process by which cryptographic keys (q.v.) and messages are managed and protected
L
LA LASSeO -
Local Authority
Local Authority Smartcard Standards e-Service Organisation: Created by local government organisations in the UK to define at the
working level the necessary standards, rules and policies needed to provide public services to citizens using smart cards
LDAP -
Lightweight Directory Access Protocol: A set of protocols (q.v.) for accessing information directories. Because LDAP is an open
protocol, applications (q.v.) need not worry about the type of server hosting the directory
LGOL Linux LLPG -
Local Government Online (UK): Internet (q.v.) portal to local government
A freely-distributable open source operating system that runs on a number of hardware platforms
Local Land and Property Gazeteer (UK): A definitive, local address list that provides unique identification of properties, conforms to
a British Standard, BS 7666 and feeds the National Land and Property Gazetteer
M
Magnetic Stripe Card MIFARE -
A card with a magnetic strip of recording material on which data can be stored
A proprietary standard for contactless (q.v.) and dual interface (q.v.) smart cards (q.v.) produced by Philips Semiconductors and
extensively deployed worldwide
MIME -
Multipurpose Internet Multimedia Extension: An Internet (q.v.) protocol (q.v.) for sending e-mail (q.v.) and attachments
Mondex -
An e-cash application for Smart Cards that stores value as electronic information on a microchip, rather than as physical notes and
-60-
81902352
Multos MUSCLE N
31/07/2017
coins enabling cardholders to carry, store and spend cash
A smart card (q.v.) operating system for multi application cards
Movement for the Use of Smart Cards in a Linux Environment: (q.v. Linux)
NBS -
A global leader in card personalisation, payment solutions, and secure processing for financial institutions, healthcare,
governments, entertainment and retail customers
NIC NIST -
National Insurance Contributions
National Institute of Standards and Technology (USA): Designs standards and guidelines for Federal computer systems
Not-on-us -
Transactions that are carried out in a smart card scheme where one of the parties to the transaction is not a member of the
scheme
O
OCF ODPM OeE -
Open Card Framework: A Java (q.v.) API (q.v.) for smart card (q.v.) access
Office of the Deputy Prime Minister (UK)
Office of the e-Envoy (UK): Part of the Delivery and Reform team based in the Cabinet Office whose purpose is to improve the
delivery of public services and achieve long-term cost savings
OEM -
Original Equipment Manufacturers: Misleading term for a company that has a special relationship with computer producers. OEMs
buy computers in bulk and customize them for a particular application
OID Online Open systems -
Operator Identity: An ITSO (q.v.) term for entities performing specified ITSO roles
Jargon for the process of obtaining information through access via a computer or terminal to the source
Systems whose architecture specifications are public. This includes officially approved standards as well as privately designed
architectures whose specifications are made public by the designers
OS X P
Computer operating system developed by Apple Computers
PC/SC PCMCIA -
Personal Computer/Smart Card: A standard framework for smart card (q.v.) access on Windows Platforms
Personal Computer Memory Card International Association: An organisation consisting of some 500 companies that has
developed a standard for smart cards (q.v.). Originally designed for adding memory to portable computers
PDA -
Person Digital Assistant: A handheld device that combines computing, telephone/fax, Internet (q.v.) and networking features
-61-
81902352
31/07/2017
PIN PIN Pad PIN Verification PKCS PKI -
Personal Identification Number
A small keypad on which a cardholder keys in his/her PIN (q.v.)
The security process that confirms the cardholder's PIN (q.v.)
Public Key Cryptography Standard: (q.v. "Public Key", "cryptography")
Public Key Infrastructure: A certificate system for obtaining an entity's Public Key. (q.v. "Private Key/Public Key"); a networked
system that enables organisations and users to exchange information and money safely and securely
PLCC Protocol Public Key/Private Key -
Plastic Leaded Chip Carrier: Method of packaging computer chips together
An agreed-upon format for transmitting data between two devices
Cryptographic keys (q.v.) used together. Private Keys are used to encrypt/decrypt messages or files that have been encrypted
using a Public Key. The Private Key is only known to the rightful owner. Public Keys are only used in conjunction with the Private
Key and are freely available to defined users.
See wp8-05 Appendix 1 for definitions of the following terms in context:
Public Procurement
Terms
BAFO
CCTA
Consolidated Directive
Contract Notice
Contracting Authority
ECJ
G-Cat
ITN
ITT
OGC
OJ
PFI
PIN
[Note: In the procurement context this has a different meaning from that which applies in the technical context]
PPP
Public Procurement
Directives
-62-
81902352
31/07/2017
Public Services
Directive
Public Supplies
Directive
Public Works Directive
S-Cat
SPV
R
RA -
Registration Authority: q.v.
RAM Registration Authority
Random Access Memory: A type of computer memory that can be accessed randomly
A registration authority (RA) is an authority in a network that verifies user requests for a digital certificate and tells the certificate
authority (CA, q.v.) to issue it. RAs are part of a public key infrastructure (PKI, q.v.)
Radio Frequency: Any frequency within the electromagnetic spectrum associated with radio wave propagation
RF RNG ROM -
S
S/MIME -
Random Number Generator
Read Only Memory: Computer memory on which data has been pre-recorded. Once data has been written onto a ROM chip, it
cannot be removed and can only be read
Secure/ Multipurpose Internet Mail Extensions: A new version of MIME (q.v.) that supports encrypted (q.v.) messages
SCNF-
Smart Card Networking Forum: Not-for-profit organisation consisting of public sector representatives with an interest in the use of
smart cards to provide improved services to their customers
SDK -
Software Development Kit: A programming package that enables a programmer to develop applications for a specific platform
SET -
Secure Electronic Transaction: A security standard that defines how to encrypt (q.v. "encryption") transmissions over public
networks
SIM Smart card -
Subscriber Identification Module: A card-based chip that personalises a mobile phone
A portable programmable device conforming to ISO 7816 dimensions and containing an integrated circuit that stores and
processes information
SMS -
Short Message Service: A service for sending short text messages to mobile phones
-63-
81902352
SSL STIP -
31/07/2017
Secure Sockets Layer: A protocol (q.v.) developed by Netscape for transmitting private documents via the Internet (q.v.). SSL
works by using a private key (q.v.) to encrypt (q.v.) data that is transferred over the SSL connection
Small Terminal Interoperability Platform: The STIP Consortium was founded to develop an interoperable (q.v.) platform
specification for secure transaction devices, including, but not limited to, card accepting devices
T
T=CL Tag Track TTP U
Specification of a contactless interface (q.v.) for a smart card (q.v.)
A command inserted in a document that specifies how the document, or a portion of the document, should be formatted
A defined part of a magnetic stripe where data can be written
Trusted Third Party
UML -
Unified Modelling Language: A general-purpose notational language for specifying and visualizing complex software, especially
large projects
UMTS -
Universal Mobile Telecommunication System: A 3G (q.v.) mobile technology that will deliver broadband information at speeds up
to 2Mbits/sec
UNICODE -
A standard for representing characters as integers. Unlike ASCII, which uses 7 bits for each character, Unicode uses 16 bits,
which means that it can represent more than 65,000 unique characters
UNIX URL USB -
Open source computer operating system, popular for workstations
Uniform Resource Locator: Website address
Universal Serial Bus: An external bus standard that supports data transfer rates of 12 Mbps. A single USB port can be used to
connect up to 127 peripheral devices. USB also supports Plug-and-Play installation
USIM -
Universal Subscriber Identity Module: (q.v. SIM)
V
Visual Basic -
A popular programming language; sometimes called an event-driven language because each object can react to different events
such as a mouse click
VPN -
Virtual Private Network: A network that is constructed by using public wires to connect nodes; uses encryption (q.v.) and other
security mechanisms to ensure that only authorized users can access the network and the data it carries
W
WAP -
Wireless Application Protocol: A secure specification that allows users to access information instantly via handheld wireless
devices such as mobile phones
-64-
81902352
WIM Windows WPKI WWW X
XML -
31/07/2017
Wireless Identity Module
A computer operating system developed by Microsoft
Wireless Public Key Infrastructure: (q.v. PKI)
World Wide Web: Part of the Internet (q.v.)
Extensible Markup Language: Designed especially for Web documents, it allows designers to create their own customized tags
(q.v.), enabling the definition, transmission, validation, and interpretation of data between applications (q.v.) and between
organizations
-65-