=?iso-8859-1?Q?Re:_R:_[OCF]_RE:_=C4OCFA_OCF-based_and_PKCS11-base?==?iso-8859-1?Q?d_access_to_same_data_on_the_same_card:_possible=3F?=

[SELIGER]

Adriano,
the scenario that you described does make sense to me and is something that we
have discussed many times in our group. What you pose as a more general question
of interoperability does in deed not have an easy solution.  But it is easy to
understand that there must be one single point in the system, that finally
controls and arbitrates the concurrent access to the same card in the scenario
that you describe.  So, it can be either ...
... OCF, if all applications are based directly or indirectly on OCF,
... a PKCS#11 access layer, if all applications are based on it,
... PC/SC if that particular implementation (probaby Windoze) is using PKCS#11
and OCF on PC/SC,
... your own self written access layer that takes over this "traffic cop"
function and which is used by all applications.  And if the applications are
using the same data, like in your example cryptographic keys, they better use
the same view of and access mechanism to them.

OCF can not do anything about card accesses that go around it, as can not
PKCS#11, as can not PC/SC as can not your or mine self written access layer.
All must go through one common channel in order to guarantee concurrent access
without interference.  In my view OCF and PKCS#11 are both good candidates of
being that one access controlling instance of choice, but only one of both for
the same card (in the case of PKCS#11 implemented based on OCF this instance is
OCF).

We have written a very sophisticated PKCS#11 access layer for a filesystem card
an for a JavaCard.  We know what optimizations we have done internally to store
the data safely and securely and performantly on the card.  We would not advise
anybody to try to access the data on the card directly without the control of
the PKCS#11 access layer.  We would not do so if it were our development project
:-)
         Frank Seliger
IBM Pervasive Computing Division
Schoenaicher Str. 220,    71032 Boeblingen,   Germany
[EMAIL PROTECTED]                                                        Tel.
+49-7031-16-3142




---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/

! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
!                           [EMAIL PROTECTED]
! containing the word
!                           unsubscribe 
! in the body.