Package opencard.opt.security
Interface CHVCardService
-
- All Superinterfaces:
CardServiceInterface
- All Known Subinterfaces:
CHVCardServiceWithControl
- All Known Implementing Classes:
IsoCardService
,SmartCardHSMCardService
public interface CHVCardService extends CardServiceInterface
A card service interface for Card Holder Verification (CHV). CHV is typically performed by querying a password or PIN (Personal Identification Number) from the user and presenting it to the card for verification. The user's input has to be converted into the format understood by the smartcard, for example by BCD-packing and padding a PIN. The methods in this interface expect this converted data, which is referred to as password. Please note that there is no assumption on how the password data is obtained and preprocessed. For example, biometric scanning could be used instead of querying a PIN.- Version:
- $Id: CHVCardService.java,v 1.1 1999/11/10 09:05:21 damke Exp $
- Author:
- Roland Weber (rolweber@de.ibm.com)
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description void
closeApplication(SecurityDomain domain)
Resets the achieved card holder verifications on the smartcard.int
getPasswordLength(SecurityDomain domain, int number)
Determines the padded length of a password.boolean
verifyPassword(SecurityDomain domain, int number, byte[] password)
Checks a password for card holder verification.-
Methods inherited from interface opencard.opt.service.CardServiceInterface
getCard, setCHVDialog
-
-
-
-
Method Detail
-
getPasswordLength
int getPasswordLength(SecurityDomain domain, int number) throws CardServiceException, CardTerminalException
Determines the padded length of a password. The returned value is required to pad passwords for verification.- Parameters:
domain
- The security domain in which the password resides. null can be passed to refer to the root domain on the smartcard.
For file system based smartcards, the security domain is specified as a CardFilePath. The root domain then corresponds to the master file.number
- The number of the password. This parameter is used to distinguish between different passwords in the same security domain.- Returns:
- the number of data bytes for the specified password
- Throws:
CardServiceException
- if this service encountered an error. This may occur if the service needs to contact the smartcard in order to determine the password length. An exception may also be thrown if the service is unable to locate the security domain.CardTerminalException
- if the underlying card terminal encountered an error when communicating with the smartcard
-
verifyPassword
boolean verifyPassword(SecurityDomain domain, int number, byte[] password) throws CardServiceException, CardTerminalException
Checks a password for card holder verification. Note that repeated verification of a wrong password will typically block that password on the smartcard.- Parameters:
domain
- The security domain in which to verify the password. null can be passed to refer to the root domain on the smartcard.
For file system based smartcards, the security domain is specified as a CardFilePath. The root domain then corresponds to the master file.number
- The number of the password to verify. This parameter is used to distinguish between different passwords in the same security domain.password
- The password data that has to be verified. If the data is supplied, it has to be padded to the length returned by getPasswordLength for that password.
null may be passed to indicate that this service should use a protected PIN path facility, if available. Alternatively, this service may query the password by some other, implementation-dependend means. In any case, the service implementation will require knowledge about the encoding of the password data on the smartcard.- Throws:
CardServiceException
- if this service encountered an error. In this context, it is not considered an error if the password to be verified is wrong. However, if the password is blocked on the smartcard, an exception will be thrown.CardTerminalException
- if the underlying card terminal encountered an error when communicating with the smartcard
-
closeApplication
void closeApplication(SecurityDomain domain) throws CardServiceException, CardTerminalException
Resets the achieved card holder verifications on the smartcard. Typically, other permanent access conditions that have been satisfied will also be reset. If the card does not allow to reset access conditions for a specific application, it is expected that all access conditions for all on-card applications are reset.The name of this method implies that an application on the smartcard is first selected and then opened by performing card holder verification, giving access to the application data. By resetting the card holder verification, the on-card application therefore gets closed.
- Parameters:
domain
- the security domain for which to reset card holder verifications- Throws:
CardServiceException
- if this service, or the underlying implementation, encountered an errorCardTerminalException
- if the underlying terminal encountered an error while communicating with the smartcard
-
-