> Report CKF_PROTECTED_AUTHENTICATION_PATH to the application. OpenSC > then calls an external lib to do do what is needed to authenticate the > user. > > The external lib can do anything like display a dialog box, talk to > the biometric reader, talk to a remote server, etc.
and what about the library-in-the-middle attack? > Todo list: > - define an API between OpenSC and an external lib maybe the readers have many different system of autehtication (pin, biometric, "on the fly /time generated") I have to think this twice. > - define a configuration to tell OpenSC to use an external lib and, what if i edit your current config and replace the lib with my modified evil lib? > I don't know how/if OpenSC can know the smart card reader is > biometric. I have not seen any thing like that in PC/SC. neither I. what about something like "declaring reader features" ? If the reader support extended apdus, then EXTENDED_APDU_SUPPORT flag is set. What do you think of BIOMETRIC_SUPPORT / EXTERNAL_LOGIN_SUPPORT? to know that? have this been discussed (improve readers feature info on PCSC wg?) > A few years ago I played with fprint [1] and a COVADIS Alya reader [2]. > Another API to loot at may be bioapi [3]. I'll have a look, thanks. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
