IC API Handa-F@mail.dnp.co.jp 2004 8 26
Copyright (c) 2004 NPO Page 2 IC API PKI IC PKCS#11 CSP (Cryptographic Service Provider) PKCS#11 CSP PKCS#15 GSC-IS
Copyright (c) 2004 NPO Page 3 (identity token) (identity authentication) IC (smart card) USB
IC IC OS (Native OS) : OS ROM OS : Java Card, MULTOS IC ( 2mm) ( 10cm) : Type A, Type B, FeliCa ( 70cm) IC 1 1 IC ( ) 2 I/F I/F I/F Copyright (c) 2004 NPO Page 4
Copyright (c) 2004 NPO Page 5 CPU RAM ROM OS) EEPROM 3 EEPROM 1 1 AP1 CPU RAM ROM OS 2 3 4 2 AP2 2 3 AP3 3 OS OS
Copyright (c) 2004 NPO Page 6 PKI IC PC PKI (SSL, S/MIME ) API (PKCS #11, CryptoAPI) APDU / PIN API APDU
API? IC (PIN ) (Challenge & Response) ( ) ( ) IC IC I/F ( APDU APDU) IC API Copyright (c) 2004 NPO Page 7
PKCS #11 Cryptoki API PKCS #11 PKCS #11 v 2.20, 2004 6 28 v2.11 Copyright (c) 2004 NPO Page 8
Cryptoki SO(Security Officer) Copyright (c) 2004 NPO Page 9
Copyright (c) 2004 NPO Page 10 PKCS #11 Object Data Key Certificate Public Key Private Key Secret Key
Copyright (c) 2004 NPO Page 11 ( ) Object Identifier ID Value Token Session Public Private PIN ID ID ID Start Date ( ) ( ) Issuer ( ) (Private ) PIN
Copyright (c) 2004 NPO Page 12
Copyright (c) 2004 NPO Page 13 PKCS #11 Cryptoki C_Initialize C_Initialize R/W 1 C_EncryptFinal C_GetSlotList
PKCS #11 ( ) 1 Cryptoki C_Initialize 2 C_GetSlotList ID 3 C_OpenSession 4 C_Login PIN 5 C_CreateObject 6 C_FindObjectsInit Object Identifier 7 C_FindObjects Copyright (c) 2004 NPO Page 14
Copyright (c) 2004 NPO Page 15 PKCS #11 ( ) 8 Finalize C_FindObjectsFinal 9 C_EncryptInit 10 Value C_Encrypt 11 C_Logout 12 C_CloseSession 13 Cryptoki Finalize C_Finalize
Copyright (c) 2004 NPO Page 16 CryptoAPI IC CSP IC ( ) CSP(Cryptographic Service Provider) PKI 1. CryptoAPI Windows OS CryptoAPI CSP (CryptAcquireContext) 2. CSP Microsoft CSP Windows OS Advapi32.dll Crypt32.dll 3. CSP CryptoSPI Microsoft CSP IC CSP CSP
Copyright (c) 2004 NPO Page 17 CSP CSP CryptoSPI The Smart Card Cryptographic Service Provider Cookbook http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnscard/html/smartcardcspcook.asp IC CSP
Copyright (c) 2004 NPO Page 18 CSP (eg. IE Outlook) IC CSP PIN IC IC PIN IC 9600bps 1 2
Copyright (c) 2004 NPO Page 19 CSP Internet Explorer Outlook Express (SSL S/MIME) ( Internet Explorer Outlook Express ( ) IC CSP IC IC ( )
Copyright (c) 2004 NPO Page 20 CSP, IC CSP IC R/W a) HKLM SOFTWARE Microsoft Cryptography Calais SmartCards ATR ATR CSP b) HKLM SOFTWARE Microsoft Cryptography Defaults Provider CSP CSP IC CSP 1. R/W ATR 2. ATR a CSP 3. CSP CryptoAPI CSP 4. b CSP CSP
PKCS #11 CSP IC CSP PKCS #11 PIN IC PIN PIN CSP CSP Copyright (c) 2004 NPO Page 21
PKCS #15 (IC ) ISO/IEC 7816-15 : Information technology - Identification cards - Integrity circuit(s) cards with contacts - Part 15: Cryptographic information application private key, public key, secret key X.509 Certificate PIN Object, Biometric Template IC Copyright (c) 2004 NPO Page 22
Copyright (c) 2004 NPO Page 23 PKCS #15 / MF PKCS#15 Application Directory EF(DIR) EF DF EF(ODF) EF(PrKDF) EF(CDF) EF(AODF) EF(Tokeninfo)
Copyright (c) 2004 NPO Page 24 PKCS #15 / DF : Directory File ASN.1 EF(ODF) : Object Directory File PKCS#15 Application Directory EF(PrKDF) : Private Key Directory File EF(CDF) : Certification Directory File EF(AODF) : Authentication Object Directory File EF(TokenInfo) : ( No. )
PKCS #15 / Directory File Directory File Directory File 00 EF(UnusedSpace) 6-5 6-6 Copyright (c) 2004 NPO Page 25
GSC-IS IC GSA (General Services Administration) NIST Government SmartCard Interoperability Specification (GSC-IS) GSC-IS ServiceCallLevel BSI(Basic Services Interfaces) API SPM(Service Provider Module) : = IC + R/W + S/W (SPS) CardCommandLevel APDU VCEI (Virtual Card Edge Interface) Copyright (c) 2004 NPO Page 26
GSC-IS Copyright (c) 2004 NPO Page 27
Copyright (c) 2004 NPO Page 28 IC PKI API API PKCS #11 Netscape Navigator, Netscape Messanger, Entrust Products CryptoAPI (IC CSP) Microsoft Internet Explorer, Microsoft Outlook Express, Outlook GSC-IS PKCS #15