150-152.html

Smart Card Developer s Kit, a smart card manual for development, English

<!-- Edit EirGrabber 3.01 -->
<HTML>
<HEAD>


<TITLE>Smart Card Developer's Kit:Reader-Side Application Programming Interfaces</TITLE>





<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="147-150.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="152-157.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<P>As smart card application domains become more well defined through various standards and specification efforts, smart card service providers that support these standards and specifications will start to appear. For example, we should soon see a SET/EMV SSP and a digital signature SSP. These domain-specific SSPs will not only support the processing and procedures that are characteristic of the domain, but they will assume cards which contain the data structures and computing capabilities that are specified for the domain. Domain-specific SSPs are prime business opportunities for third-party smart card software companies.
</P>
<H4 ALIGN="LEFT"><A NAME="Heading3"></A><FONT COLOR="#000077">The PC/SC API</FONT></H4>
<P>The PC/SC smart card API serves more as an example of how to build SSPs than it does as a commercially available and widely used smart card API. Figure 7.2 illustrates the general layout of this API.
</P>
<P><A NAME="Fig2"></A><A HREF="images/07-02.jpg"><IMG SRC="images/07-02t.jpg"></A>
<BR><A HREF="images/07-02.jpg"><FONT COLOR="#000077"><B>Figure 7.2.</B></FONT></A>&nbsp;&nbsp;PC/SC reference smart card API architecture.</P>
<P><TT>SCARD</TT> connects to the card and maintains a context in which the other functions can operate. It has two functions, <TT>AttachByHandle</TT> and <TT>AttachByIFD</TT>, that let the application specify a card to access and includes two more functions, <TT>Detach</TT> and <TT>Reconnect</TT>, to administer this connection.</P>
<P>The <TT>CARDAUTH</TT> interface provides functions to enable the card to authenticate the application and the application to authenticate the card. Included on this generic interface are <TT>GetChallenge</TT>, <TT>ICC_Auth</TT>, <TT>APP_Auth</TT>, and <TT>User_Auth</TT>. <TT>GetChallenge</TT> returns a random data string from the card that is to be encrypted by the application and returned in the <TT>APP_Auth</TT> call. <TT>ICC_Auth</TT> sends a random string to the card to encrypt it and return it. Finally, <TT>User_Auth</TT> is a general interface to vendor-specific routines for user authentication.</P>
<P><TT>CHVERIFICATION</TT> is a collection of functions that connect to PIN functionality on a smart card. The functions on the interface are <TT>Verify</TT>, <TT>ChangeCode</TT>, <TT>Unblock</TT>, and <TT>ResetSecurityState</TT>. <TT>Verify</TT> presents a PIN to the card and returns success or failure. <TT>ChangeCode</TT> allows the cardholder to change the card&#146;s PIN by way of the application. <TT>Unblock</TT> lets the card&#146;s issuer unblock a PIN that has become blocked through too many unsuccessful attempts to present the PIN. Finally, <TT>ResetSecurityState</TT> causes a vendor-specific resetting of the PIN security on the card.</P>
<P>The <TT>FILEACCESS</TT> routines present the expected set of functions for manipulating files on the card. They are</P>
<DL>
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>ChangeDir</TT>&#151;Changes to a different directory
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>GetCurrentDir</TT>&#151;Returns the name of the current directory
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>Directory</TT>&#151;Returns a list of the files in the current directory
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>GetProperties</TT>&#151;Returns the properties of the current file
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>SetProperties</TT>&#151;Sets the properties of the current file
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>GetFileCapabilities</TT>&#151;Gets capabilities of the current file
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>Open</TT>&#151;Opens a file for access and makes it the current file
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>Close</TT>&#151;Closes the current file
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>Seek</TT>&#151;Files a data pattern in the current file
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>Write</TT>&#151;Writes data into the current file
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>Read</TT>&#151;Reads data from the current file
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>Create</TT>&#151;Creates a file in the current directory
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>Delete</TT>&#151;Deletes a file in the current directory
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>Invalidate</TT>&#151;Marks a file as unavailable
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>Rehabilitate</TT>&#151;Marks a file as available
</DL>
<P>Finally, <TT>CRYPTPROV</TT> supports some basic routines for accessing cryptographic services on a smart card. It is not the full-fledged Microsoft Cryptographic Services API (CAPI), but rather is a smart card-centric subset of CAPI that is nonetheless quite useful for adding smart card-provided cryptographic services to an application. Functions on the <TT>CRYPTPROV</TT> interfaces are</P>
<DL>
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>Decrypt</TT>&#151;Decodes an encrypted data block using a specified key
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>DeriveKey</TT>&#151;Creates keys from fixed data
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>Encrypt</TT>&#151;Encodes a data block using a specified key
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>Export</TT>&#151;Returns a key stored on the smart card
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>GenKey</TT>&#151;Creates keys from random data
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>GetParm</TT>&#151;Returns parameters being used by the routines
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>GetRandom</TT>&#151;Returns random bytes
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>GetUserKey</TT>&#151;Returns the public key
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>HashData</TT>&#151;Computes the cryptographic hash of a stream of data
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>HashSessionKey</TT>&#151;Computes the cryptographic hash of a key
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>ImportKey</TT>&#151;Provides a key to the smart card
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>SetParam</TT>&#151;Sets the parameters being used by the routines
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>SignHash</TT>&#151;Computes the signature on a hash using an asymmetric key
<DD><B>&#149;</B>&nbsp;&nbsp;<TT>VerifySignature</TT>&#151;Verifies the signature of a hash using an asymmetric key
</DL>
<H4 ALIGN="LEFT"><A NAME="Heading4"></A><FONT COLOR="#000077">The Multiflex SSP</FONT></H4>
<P>The dynamic link library (DLL) for the Multiflex SSP is included on the book&#146;s CD-ROM. This SSP can be used with the Microsoft PC/SC software to build host applications that use the Multiflex card included with the book. Instructions for obtaining and installing the PC/SC software are included on the CD-ROM.
</P>
<BLOCKQUOTE>
<P><FONT SIZE="-1"><HR><B>Note:&nbsp;&nbsp;</B><BR>To use the smart card included with this book, you will have to buy a smart card reader and install it on your Windows PC.<HR></FONT>
</BLOCKQUOTE>
<P><BR></P>
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="147-150.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="152-157.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>





</BODY>
</HTML>