Standards and APIs

Standards and APIs related to smart cards and a summary of information they provide.

• alt.technology.smartcards FAQ
• smart.gov - GSA smartcard standards and interoperability. The Smartcard Handbook looks interesting.

• Java Cards and APIs

ISO-7816 Smart Card Standard

• ISO-7816 Standards
• Wikipedia: ISO-7816 - Lists the parts of 7816
• Identification Cards - Integrated Circuit Cards with Contacts

Terms

• Application - a particular file system on the card. All files belonging to an application are under the same DF.
• APDU Application protocol data unit - communication between the reader and the card
• ATR Answer to reset
• DF Dedicated file (like a directory)
• EF Elementary file
• ICC Integrated Circuit Card
  • iEF internal EF - stores data used by the card
  • wEF working EF - Stores data not used by the card
• MF Master File - DF at the root, ID 3F00
• TPDU Transmission protocol data unit

Access Control

• CHV - Card holder verification (PIN)
• AUT - Authenticated (key or challenge)

  Principal	Info
  CHV1	User
  CHV2	Card office
  Default	Unauthenticated access

• Access Vector: Read, Write, Execute/Append/Protect, Invalidate, Rehabilitate, Decrease, Increase

Scope of specification

• Basic commmands (APDUS) to read files, write files, authenticate, encrypt, decrypt

EN 726

RSA Public-Key Cryptography Standards (PKCS)

• RSA Public-Key Cryptography Standards (PKCS)

PKCS #11: Cryptographic Token Interface Standard

• PKCS #11: Cryptographic Token Interface Standard
• describes an API called "Cryptoki", pronounced "crypto-key."
• provides a logical view of the device called a "cryptographic token."
• provides device independance and resource sharing.
• assumes a single user
• devices are accessed via logical "slots"
• specifies an interface to the library, not its features.
• token "profiles" are used to describe the features.
• object classes
  • data
  • certificates
  • keys
    • public
    • private
    • secret
• object classifications
  • token objects - available to all applications with sufficient permission
  • session objects - only visible in a particular session.
• objects are either public or private
• two users: user and security officer (SO)

PKCS #15: Cryptographic Token Information Format Standard

• PKCS #15: Cryptographic Token Information Format Standard
• ICC standard: ISO-7816-15
• defines some files that contain info on where to find keys, certificates, PINs, and other data.

PC/SC

• PC/SC Working Group
  • Specification Download - Part 1 provides an overview and is well worth reading.
• Works on top of ISO-7816
• 

Terms

• ifd interface device (reader/writer)
• ifd handler - driver for ifd
• ICC Resource Manager - manages ifd handlers and access to them, e.g. pcscd

OpenSC

• OpenSC

FIPS

FIPS-140 Security Requirements for Cryptographic Modules

• Cryptographic Module Validation Program

FIPS-201 Personal Identity Verification (PIV)

• PIV - Smart cards to identify federal government employees and contractors.

CCID

CAPI