Previous Table of Contents Next


As smart card application domains become more well defined through various standards and specification efforts, smart card service providers that support these standards and specifications will start to appear. For example, we should soon see a SET/EMV SSP and a digital signature SSP. These domain-specific SSPs will not only support the processing and procedures that are characteristic of the domain, but they will assume cards which contain the data structures and computing capabilities that are specified for the domain. Domain-specific SSPs are prime business opportunities for third-party smart card software companies.

The PC/SC API

The PC/SC smart card API serves more as an example of how to build SSPs than it does as a commercially available and widely used smart card API. Figure 7.2 illustrates the general layout of this API.


Figure 7.2.  PC/SC reference smart card API architecture.

SCARD connects to the card and maintains a context in which the other functions can operate. It has two functions, AttachByHandle and AttachByIFD, that let the application specify a card to access and includes two more functions, Detach and Reconnect, to administer this connection.

The CARDAUTH interface provides functions to enable the card to authenticate the application and the application to authenticate the card. Included on this generic interface are GetChallenge, ICC_Auth, APP_Auth, and User_Auth. GetChallenge returns a random data string from the card that is to be encrypted by the application and returned in the APP_Auth call. ICC_Auth sends a random string to the card to encrypt it and return it. Finally, User_Auth is a general interface to vendor-specific routines for user authentication.

CHVERIFICATION is a collection of functions that connect to PIN functionality on a smart card. The functions on the interface are Verify, ChangeCode, Unblock, and ResetSecurityState. Verify presents a PIN to the card and returns success or failure. ChangeCode allows the cardholder to change the card’s PIN by way of the application. Unblock lets the card’s issuer unblock a PIN that has become blocked through too many unsuccessful attempts to present the PIN. Finally, ResetSecurityState causes a vendor-specific resetting of the PIN security on the card.

The FILEACCESS routines present the expected set of functions for manipulating files on the card. They are

  ChangeDir—Changes to a different directory
  GetCurrentDir—Returns the name of the current directory
  Directory—Returns a list of the files in the current directory
  GetProperties—Returns the properties of the current file
  SetProperties—Sets the properties of the current file
  GetFileCapabilities—Gets capabilities of the current file
  Open—Opens a file for access and makes it the current file
  Close—Closes the current file
  Seek—Files a data pattern in the current file
  Write—Writes data into the current file
  Read—Reads data from the current file
  Create—Creates a file in the current directory
  Delete—Deletes a file in the current directory
  Invalidate—Marks a file as unavailable
  Rehabilitate—Marks a file as available

Finally, CRYPTPROV supports some basic routines for accessing cryptographic services on a smart card. It is not the full-fledged Microsoft Cryptographic Services API (CAPI), but rather is a smart card-centric subset of CAPI that is nonetheless quite useful for adding smart card-provided cryptographic services to an application. Functions on the CRYPTPROV interfaces are

  Decrypt—Decodes an encrypted data block using a specified key
  DeriveKey—Creates keys from fixed data
  Encrypt—Encodes a data block using a specified key
  Export—Returns a key stored on the smart card
  GenKey—Creates keys from random data
  GetParm—Returns parameters being used by the routines
  GetRandom—Returns random bytes
  GetUserKey—Returns the public key
  HashData—Computes the cryptographic hash of a stream of data
  HashSessionKey—Computes the cryptographic hash of a key
  ImportKey—Provides a key to the smart card
  SetParam—Sets the parameters being used by the routines
  SignHash—Computes the signature on a hash using an asymmetric key
  VerifySignature—Verifies the signature of a hash using an asymmetric key

The Multiflex SSP

The dynamic link library (DLL) for the Multiflex SSP is included on the book’s CD-ROM. This SSP can be used with the Microsoft PC/SC software to build host applications that use the Multiflex card included with the book. Instructions for obtaining and installing the PC/SC software are included on the CD-ROM.


Note:  
To use the smart card included with this book, you will have to buy a smart card reader and install it on your Windows PC.


Previous Table of Contents Next