Abstract
The forthcoming ISO/IEC 24727 series of standards defines application programming interfaces for smart cards and is expected to provide a major contribution to the global interoperability of smart cards and card-applications. However it assumes in part 2 [8] that certain information concerning the capabilities of the card and its (cryptographic) applications is stored on the card itself. As already issued smart cards do not provide the required structures, the significance of ISO/IEC 24727 for billions (see [5]) of “legacy cards” seems to be questionable. In order to overcome this problem, the present paper introduces an alternative approach, which does not require any specific information on the card but provides the information which is necessary to map generic requests to card-specific APDUs to the middleware in form of XML-based CardInfo-files.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
German Signature Alliance. SigAll-API - Specification of the Application Programming Interface to the Signature Card. Version 1.0 (2004)
Comité Européen de Normalisation (CEN). Identification card systems – European Citizen Card. CEN proposed Standard prCEN15480 (Working Drafts) (2006)
Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik). eCard-API-Framework (Part 1-6). Technical Directive (BSI-TR-03112), Draft, A copy of the documents may be obtained from the authors (2007)
Gesellschaft für Telematikanwendungen der Gesundheitskarte (gematik). The Specification of the German electronic Health Card eHC – Part 2: Applications and application related structures.Version 1.1.1, 2006-03-23, (2006), http://www.gematik.de/upload/gematik_eGK_Specification_Part2_e_V1_1_1_516.pdf
IMS Research Group. The Worldwide Market for Smart Cards and Semiconductors in Smart Cards–2006 edn. Research Report # IMS9654 (May 2006), http://www.electronics.ca/reports/ic/smart_cards.html
ISO/IEC 15408: Information technology – security techniques – evaluation criteria for it security (part 1-3). International Standard (2005)
ISO/IEC 24727-1: Identification cards – Integrated circuit cards programming interfaces – Part 1: Architecture. Final Draft International Standard (2006-08-25) (2006)
ISO/IEC 24727-2: Identification cards – Integrated circuit cards programming interfaces – Part 2: Generic Card Interface. Final Committee Draft (2006-07-30) (2006)
ISO/IEC 24727-3: Identification cards – Integrated circuit cards programming interfaces – Part 3: Application programming interface. Committee Draft (2006-09-07) (2006)
ISO/IEC 24727-4: Identification cards – Integrated circuit cards programming interfaces – Part 4: API Administration. Working Draft (2006-06-26) (2006)
ISO/IEC 7816-15: Identification cards – Integrated circuit cards – Part 15: Cryptographic information application. International Standard (2004)
ISO/IEC 7816-4: Identification cards – Integrated circuit cards – Part 4: Organization, security and commands for interchange. International Standard (2005)
ISO/IEC 7816-5: Identification cards – Integrated circuit cards – Part 5: Registration of application providers. International Standard (2005)
ISO/IEC 7816-8: Identification cards – Integrated circuit cards – Part 8: Commands for security operations. International Standard (2004)
Microsoft Inc.: Cryptography API: Next Generation, http://msdn2.microsoft.com/en-us/library/aa376210.aspx
Sun Microsystems. Java Card Technology, http://java.sun.com/products/javacard/
United States of America National Institute for Standards and Technology (NIST). Government Smart Card Interoperability Specification – Version 2.1 (July 2003), http://csrc.nist.gov/publications/nistir/nistir-6887.pdf
United States of America National Institute for Standards and Technology (NIST). Interfaces for Personal Identity Verification. NIST Special Publication 800-73-1 (March 2006), http://csrc.nist.gov/publications/nistir/nistir-6887.pdf
Open Card Consortium. OpenCard Framework Version 1.2, http://www.opencard.org/docs/1.2/index.html
RSA Laboratories. PKCS #11: Cryptographic Token Interface Standard - Version 2.2. Public Key Cryptography Standards – PKCS #11 (June 2004), ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hühnlein, D., Bach, M. (2007). How to Use ISO/IEC 24727-3 with Arbitrary Smart Cards. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2007. Lecture Notes in Computer Science, vol 4657. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74409-2_30
Download citation
DOI: https://doi.org/10.1007/978-3-540-74409-2_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74408-5
Online ISBN: 978-3-540-74409-2
eBook Packages: Computer ScienceComputer Science (R0)