Peter Stuge wrote: Are APDUs the best communications protocol for PKI tokens?
We spent some time thinking about this many years ago. 7816 is a very baroque interface, better suited to the days of 300 baud modems than to modern computing. One recent attempt was the Schlumberger etoken, which eliminated the card reader and put a usb interface on the card. I don't remember whether it was CCID compliant but it certainly could be. My own modest contribution was to implement tcp/ip (and a web server) on a card. Some of you may remember that. It was really just a demonstration, as the card still used apdus. The original idea was for the card to instead speak ppp over rs232 or other serial protocol. We never got that far for lack of funding, but I had a plan that involved Atmel cards and some card os work. If I were doing it today, I'd give the card a usb interface, like etoken (or just use a usb token), and use some existing standards, maybe including tcp/ip, to talk to the card. 7816-3 is an abomination, it's just job security for bit-twiddlers. As for making the card speak something closer to pkcs11, that's not a bad idea, but a bit too special purpose for my taste. What about the biometric data from cac/piv? What about symmetric-key systems like kerberos? What about non-crypto apps like the phone book on your sim? 11 years ago we thought turning the card into a web server, and the services into web services, seemed like a good idea. That might not be the right model, but I think it's useful to think of the card as a service provider, not just a secure store. _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
