Previous | Table of Contents | Next |
As smart card application domains become more well defined through various standards and specification efforts, smart card service providers that support these standards and specifications will start to appear. For example, we should soon see a SET/EMV SSP and a digital signature SSP. These domain-specific SSPs will not only support the processing and procedures that are characteristic of the domain, but they will assume cards which contain the data structures and computing capabilities that are specified for the domain. Domain-specific SSPs are prime business opportunities for third-party smart card software companies.
The PC/SC smart card API serves more as an example of how to build SSPs than it does as a commercially available and widely used smart card API. Figure 7.2 illustrates the general layout of this API.
Figure 7.2. PC/SC reference smart card API architecture.
SCARD connects to the card and maintains a context in which the other functions can operate. It has two functions, AttachByHandle and AttachByIFD, that let the application specify a card to access and includes two more functions, Detach and Reconnect, to administer this connection.
The CARDAUTH interface provides functions to enable the card to authenticate the application and the application to authenticate the card. Included on this generic interface are GetChallenge, ICC_Auth, APP_Auth, and User_Auth. GetChallenge returns a random data string from the card that is to be encrypted by the application and returned in the APP_Auth call. ICC_Auth sends a random string to the card to encrypt it and return it. Finally, User_Auth is a general interface to vendor-specific routines for user authentication.
CHVERIFICATION is a collection of functions that connect to PIN functionality on a smart card. The functions on the interface are Verify, ChangeCode, Unblock, and ResetSecurityState. Verify presents a PIN to the card and returns success or failure. ChangeCode allows the cardholder to change the cards PIN by way of the application. Unblock lets the cards issuer unblock a PIN that has become blocked through too many unsuccessful attempts to present the PIN. Finally, ResetSecurityState causes a vendor-specific resetting of the PIN security on the card.
The FILEACCESS routines present the expected set of functions for manipulating files on the card. They are
Finally, CRYPTPROV supports some basic routines for accessing cryptographic services on a smart card. It is not the full-fledged Microsoft Cryptographic Services API (CAPI), but rather is a smart card-centric subset of CAPI that is nonetheless quite useful for adding smart card-provided cryptographic services to an application. Functions on the CRYPTPROV interfaces are
The dynamic link library (DLL) for the Multiflex SSP is included on the books CD-ROM. This SSP can be used with the Microsoft PC/SC software to build host applications that use the Multiflex card included with the book. Instructions for obtaining and installing the PC/SC software are included on the CD-ROM.
Note:
To use the smart card included with this book, you will have to buy a smart card reader and install it on your Windows PC.
Previous | Table of Contents | Next |