This paper presents an open and modular middleware for smart cards, providing a simple abstraction of the device to application developers. The soft- ware is interoperable across multiple card devices, and portable across various open platforms. The architectural design is centred around the definition of a new API that allows protected access to the storage and cryptographic facilities of a smart card. In the envisioned architecture, a smart card driver architecture is partitioned into a lower card-dependent component, that formats and exchanges APDUs with the external device, and a higher card- independent component, that implements more sophisticated services and interfaces, such as the well known PKCS-11 standard. Each layer can focus on a smaller set of functionality, thus reducing the effort required for the development as well as the testing and maintenance of each component. The proposed architecture, along with a set of pilot applications such as secure remote shell, secure web services, local login and digital signature, has been developed and tested on various platforms, including Open BSD, Linux, Solaris and Mac OS X, proving effectiveness of the new approach.
An open middleware for smart-cards
CUCINOTTA, TOMMASO;DI NATALE, Marco;
2005-01-01
Abstract
This paper presents an open and modular middleware for smart cards, providing a simple abstraction of the device to application developers. The soft- ware is interoperable across multiple card devices, and portable across various open platforms. The architectural design is centred around the definition of a new API that allows protected access to the storage and cryptographic facilities of a smart card. In the envisioned architecture, a smart card driver architecture is partitioned into a lower card-dependent component, that formats and exchanges APDUs with the external device, and a higher card- independent component, that implements more sophisticated services and interfaces, such as the well known PKCS-11 standard. Each layer can focus on a smaller set of functionality, thus reducing the effort required for the development as well as the testing and maintenance of each component. The proposed architecture, along with a set of pilot applications such as secure remote shell, secure web services, local login and digital signature, has been developed and tested on various platforms, including Open BSD, Linux, Solaris and Mac OS X, proving effectiveness of the new approach.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
