Smart card support architectures
The main goal of the architecture and specification of the interaction of smart cards with chips and personal computer systems PC/SC (Interoperability Specification for ICC and Personal Computer Systems) is to enable independent product development by reader manufacturers and smart card manufacturers, while ensuring that the results of their efforts will work together seamlessly.
The PC/SC specification has developed a number of requirements for the compatibility of microprocessor cards and smart card readers:
- Cards and readers must comply with ISO standards 7816-1/2/3;
- the card must provide an asynchronous response to the reset signal;
- Data exchange requires support for the T=0 and T=1 protocols;
- The readers must be compatible with special terminal devices with a keyboard and display.
If the requirements of the PC/SC specification are met, programmers can create smart card applications that are not tied to specific readers or cards, and system creators can freely combine readers and smart cards. It is this advantage that allowed the use of smart cards in the creation of a working time accounting system for the company 1c-prime.ru “Prime-1C”, which offers services for the integrated implementation and maintenance of 1C applications, while it should be emphasized that the total user database contains more than 500 records. At the first level, there are a number of modules, each of which provides an application programming interface API corresponding to the set of commands supported by a particular card. The PC/SC specification defines programming interfaces for functions such as file access, authentication, and cryptographic services.
These interfaces can be extended to meet the needs of specific applications. In the simple case, each first-level module represents a way that an application program can send a specific block of APDU data to a smart card, where it will be processed, and get back the results. These API modules are called Smart card Service providers (SSP). In the PC system, one SSP service provider is used for each smart card.
When an application contacts an SSP provider, the SSP services form an APDU data block to transmit a specific command to a specific smart card. These APDU blocks are passed via the API to the second software layer of the smart card stack, called the Smart Card Resource Manager. The Smart Card Resource Manager is a key component of the architecture, PC/SC. This component is responsible for managing the smart card resources in the system and for supporting managed access to and through readers to individual smart cards. The smart card resource administrator is considered to be a component of the system-level architecture. It must be provided by the operating system vendor. Within this system, there should be only one smart card resource manager.
Smart Card Resource Manager
The Smart Card Resource Manager solves the following problems when managing access to multiple readers and smart cards. First, it is responsible for identifying and tracking resources. This includes:
- tracking installed readers and making this information available to other applications;
- Track known smart card types together with their associated service providers and supported interfaces, and make this information available to other applications;
- Track smart card insertion and deletion events to ensure accurate smart card information in the readers.
Second, it is responsible for managing the distribution of readers and resources (and thus access to smart cards) across a variety of applications. This is done by providing mechanisms for attaching to specific readers in shared or privileged mode. The third level of the smart card stack consists of a set of drivers for each reader. Drivers should eliminate any differences between the specific I/O channels used by smart card readers. A smart card reader is a physical interface device through which a smart card communicates with a personal computer.
The PC/SC architecture defines the interface between the smart card readers and the resource manager in such a way that, from the application’s point of view, all smart card readers behave in the same way. For example, on the basis of individual smart cards, we implemented a project for access to the production territory of the Plast Service enterprise, which produces containers made of plastic for industrial use, and 8 smart card readers were combined into a single local network. Smart card reader manufacturers also provide a PC/SC driver that connects the reader hardware to the resource manager at the same time as the smart card reader hardware.
Accordingly, the system treats the smart card reader as a floppy disk drive or CD-ROM drive. Smart card readers have more differences and a broader set of features than simple disk drives, so the PC/SC specification provides an application program with the ability to directly exchange with a smart card reader in addition to directly exchanging with a card inserted into it.
This interface can be used, for example, when the smart card is located in an ATM (automatic teller machine) or in a POS (point-of-sale) retail terminal. The SSP smart card service providers are usually specified by the smart card manufacturers and are supplied with the cards themselves. For example, Gemplus supplies each of its serial cards with an SSP provider, as do Schlumberger and Oberthur. These card-oriented SSP providers make it easier for an application to use each of the commands supported by the card. Some also provide higher-level functions that can be built on basic commands.
As standards and specifications more clearly define the application areas of smart cards, SSP service providers that support these standards and specifications are emerging. For example, there are now JavaCard SSP providers along with digital signature SSP providers. These domain-specific SSP service providers not only support domain-specific computations and procedures, but also cover cards that contain data structures and computing capabilities specific to the domain. Domain-specific SSP service providers enable independent companies to expand the release of smart card software.
It should be noted that the reference implementation of the PC/SC specifications was created for Windows platforms. However, the widespread introduction of smart cards in the field of personal computers and workstations has raised the question of supporting a number of operating systems such as Macintosh, Solaris, Linux, etc. At first, the solutions for these platforms were highly specialized and included vertical stacks that worked only in the manufacturer’s hardware environment.
The PC / SC Workgroup has developed documentation describing the behavior of the smart card resource manager and cryptographic devices regardless of the PC operating system. Therefore, the PC/SC standard allows other platforms to support smart cards in a way that is similar to that used for Windows platforms.