On Mon, Apr 12, 2010 at 1:59 PM, Martin Paljak <mar...@paljak.pri.ee> wrote: > My main goals and improvement areas in OpenSC are:
<snip> 1. Make OpenSC secured? The fact that OpenSC locks the reader for its own use for the duration of the session is the most critical issue OpenSC has. As a result two applications that uses PKCS#11 at the same time either cannot work at the same time, or can access the card without authentication. A stateless mode should be implemented... [1], it has nothing to do with the card features, but credential caching. As for PINPAD readers, there are some cards that has a feature of authentication cookie that is given after initial authentication, this cookie is valid as long as there is power to the card. So the algorithm is as follows: Lock reader, authenticate using PINPAD, acquire cookie, unlock reader. After that a normal sequence of stateless operation can be executed while the cookie is the authentication credential. Because of the lack of this feature I could not offer OpenSC to any enterprise. 2. Support biometrics match-on-card? This feature is missing from open source and Linux drivers. If you go toward java cards, an applet can be implemented in order to do so, maybe using libfprint [2]. Alon. [1] http://www.opensc-project.org/opensc/ticket/186 [2] http://reactivated.net/fprint/wiki/Libfprint _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
