1) ISO 7816-15 (aka PKCS #15) relys on READ BINARY and READ RECORD which are on all smart cards (even Java Cards) and are in the most modern smart card standard, ETSI SCP 102.221.
2) If you are doing a multi-appication card you have to have a codified way of associating PINs and keys with applications. The terminal has to be able to say to the card which PIN it is about to try to verify. If you don't use -15 then you will find yourself creating your own codification. Again, this is in the multi-application card case. If you are doing a single-application card then there is no ambiguity to resolve. 3) ETSI SCP 101.221 hardwires key references to application indexes. This has proven to be unsatisfactory but was a necessary intermediate step between single-application cards and real multi-application cards. Bottom line is that you can elect to not use -15 but you can't duck the problem it set out to address. IMHO, as always. Cheers, Scott -----Original Message----- From: David Corcoran To: [EMAIL PROTECTED] Sent: 12/7/01 12:42 AM Subject: Re: MUSCLE Musclecard architecture Hello, We have looked deeply into PKCS-15 but it assumes all of your identities, pins, keys, data structure already exist on the card. It doesn't abstract the apdu's needed for doing on board key generation, external authentication, etc for a variety of cards. In addition it's basis lies on ISO-7816 file commands which don't even exist on many of todays current and next generation JavaCards. Musclecard is much more simple. If you want to create and write to a file you do: MSCCreateObject(connectionHandle, objectID, size, ACL); MSCWriteLargeObject(connectionHandle, objectID, myData, dataSize) and the APDU's and protocol map 1:1 to the API. This CardEdge definition allows post-personalization in an abstract manner. The GSA applet also fails to allow some of these post-personalization functions assuming that the card is being used for crypto only and that the keys/etc are pre-loaded. If I can dig it up, I have a paper on the weaknesses of PKCS-15 as a smartcard abstraction. Send me a personal mail and I might be able to get you a copy. I'm very open to suggestion though...... Dave *************************************************************** Unix Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/ To unsubscribe send an email to [EMAIL PROTECTED] with unsubscribe sclinux *************************************************************** *************************************************************** Unix Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/ To unsubscribe send an email to [EMAIL PROTECTED] with unsubscribe sclinux ***************************************************************
