© 2011 ecsec GmbH>>1 eCard-API-Framework. © 2011 ecsec GmbH>>2 ISO/IEC 24727-Architecture.
25
© 2011 ecsec GmbH >> Service-A ccess-Layer Identity-Layer Terminal-Layer A pplication-Layer eC ard-Interface G R Tool, B order C ontrol... eH ealth- A pplication ePA- A pplication JobC ard ELSTER ... ISO 24727-3-Interface ePassport C ardInfo ePA C ardInfo eG K/H BA C ardInfo ePassport C onvenience SupportServices Support-Interface G eneric C ard Services ... M anagem ent Services M gm t-Interface Encryption Services Signature Services Identity Services IFD -Interface SC A RD -Interface PC /SC 2.0 IFD- Handler IFD- Handler IFD SICCT C T-A PI-Interface M KT,B1 etc. SIC C T-Interface ePA C onvenience eHealth C onvenience JobC ard C onvenience eID M anage- m ent M anagem ent C onvenience ELSTER C onvenience ... eCard-API-Framework
-
Upload
clifford-strickland -
Category
Documents
-
view
213 -
download
0
Transcript of © 2011 ecsec GmbH>>1 eCard-API-Framework. © 2011 ecsec GmbH>>2 ISO/IEC 24727-Architecture.
© 2011 ecsec GmbH >>
1
Service-Access-Layer
Identity-Layer
Terminal-Layer
Application-Layer
eCard-Interface
GRTool, Border
Control ...
eHealth-Application
ePA-Application
JobCard ELSTER ...
ISO24727-3-Interface
ePassport CardInfo
ePA CardInfo
eGK/HBA CardInfo
ePassportConvenience
Support Services
Support-Interface
Generic Card Services
...
Management Services
Mgmt-Interface
Encryption Services
Signature ServicesIdentity Services
IFD-Interface
SCARD-Interface
PC/SC 2.0 IFD-Handler
IFD-Handler
IFDSICCT
CT-API-Interface
MKT, B1 etc.
SICCT-Interface
ePAConvenience
eHealthConvenience
JobCardConvenience
eID
Manage-ment
ManagementConvenience
ELSTERConvenience ...
eCard-API-Framework
© 2011 ecsec GmbH >>
2
ISO/IEC 24727-Architecture
© 2011 ecsec GmbH >>
3
Example: MSE for Signature Generation
© 2011 ecsec GmbH >>
4
CardInfo
© 2011 ecsec GmbH >>
5
Signaturen mit dem eCard-API-Framework
© 2011 ecsec GmbH
Signature
App eSign SAL
SignRequest(DIDName,Doc) Hash(DIDName,Doc)
SignResponse(SigObject)
1
ACLList(DIDName)
CardInfo
h
<HashGenerationInfo>
IFD
possibly Transmit(...)
<DIDACL>
DIDAuthenticate(PIN)
2
<ACL>
3
evaluate <ACL>
<PinCompareMarker>
VerifyUser (...)
4
Sign(DIDName,h)<CryptoMarker>
Sequ. of Transmit(...)
5
6
possibly create AdES
7
9
TV
ShowViewer(VID,Doc)
8
>>
6
© 2011 ecsec GmbH
dss:SignRequest
>>
7
1
© 2011 ecsec GmbH
Hash / HashResponse
>>
8
2
© 2011 ecsec GmbH
HashGenerationInfo@CardInfo
>>
9
2
© 2011 ecsec GmbH
HashGenerationInfo
>>
10
2
© 2011 ecsec GmbH
ACLList
>>
11
3
© 2011 ecsec GmbH
DIDACL@CardInfo
>>
12
3
© 2011 ecsec GmbH
AccessRule
>>
13
3
© 2011 ecsec GmbH >>
14
ACL auswerten
>>
14
4
1. Determine available DIDs with CardApplicationPath and ACLList, CardApplicationConnect, DIDList od CardInfo-Access
2. Normalisation of ACL3. Perform appropriate Authentication Steps
© 2011 ecsec GmbH >>
15
ShowViewer
>>
15
5
© 2011 ecsec GmbH >>
16
DIDAuthenticate
>>
16
6
© 2011 ecsec GmbH >>
17
CardInfo-Ausschnitt für PinCompareMarker 6
© 2011 ecsec GmbH
VerifyUser
>>
18
6
© 2011 ecsec GmbH
iso:Sign / iso:SignResponse
>>
19
7
© 2011 ecsec GmbH
SignatureGenerationInfo@CardInfo
>>
20
7
© 2011 ecsec GmbH
SignatureGenerationInfo
>>
21
7
© 2011 ecsec GmbH
StateInfo@CardInfo
>>
22
7
© 2011 ecsec GmbH >>
23
StateInfo
>>
23
7
© 2011 ecsec GmbH >>
24
State
>>
24
7
© 2011 ecsec GmbH
dss:SignResponse
>>
25
9
