Package opencard.opt.security

Interface Credential

  • All Known Subinterfaces:
    SecureChannelCredential
    All Known Implementing Classes:
    GPSCP02SecureChannelCredential, IsoSecureChannelCredential
    public interface Credential
    A tag interface for cryptographic credentials. Most smartcards are able to protect the access to the data stored on them by means of cryptography. In order to overcome such protection, the terminal side of an application will have to provide some kind of secret data to the card services it is using. That secret data is referred to as credentials. Credentials are collected in instances of class CredentialStore.
    Credentials can take different formats, depending on the smartcard used as well as on the card service that provides access to the smartcard. For example, a credential may be a key to the DES or 3DES algorithm, or a private key to the RSA algorithm. It does not even have to be a simple key. For example, a credential may provide the implementation of the algorithm, like DES or 3DES, along with the key. A card service requiring such a credential will define an interface, extending this one, which provides the cryptographic operations. These operations are then executed by invoking the application's credential.
    Encapsulating the algorithm within the credential has several advantages. First of all, the terminal application does not have to provide the secret data to the service directly. Second, the credential can be implemented as a pure software solution, optionally using a cryptographic framework like the Java Cryptography Extension (JCE), but it may also use a hardware implementation of the cryptographic algorithm. The card services will not have to be adapted to the platform in order to make use of such frameworks or special hardware. Last but not least, card services that include cryptographic code are subject to US export restrictions.

    Since there are few cryptographic algorithms ferquently used by smartcards, namely DES and 3DES, credential interfaces for these algorithms may be defined by OCF in the future.

    Version:
    $Id: Credential.java,v 1.1.1.1 1999/10/05 15:08:47 damke Exp $
    Author:
    Roland Weber (rolweber@de.ibm.com)
    See Also:
    CardService, CredentialBag, CredentialStore