Skip Navigation Links | |
Exit Print View | |
Developer's Guide to Oracle Solaris Security Oracle Solaris 10 8/11 Information Library |
1. Oracle Solaris Security for Developers (Overview)
2. Developing Privileged Applications
3. Writing PAM Applications and Services
4. Writing Applications That Use GSS-API
7. Writing Applications That Use SASL
8. Introduction to the Oracle Solaris Cryptographic Framework
9. Writing User-Level Cryptographic Applications and Providers
10. Using the Smart Card Framework
Oracle Solaris Smart Card Framework Overview
Developing an IFD Handler for Smart Card Terminals
Installation of Smart Card Terminals
A. Sample C-Based GSS-API Programs
D. Source Code for SASL Example
The SCF API provides a set of interfaces for accessing smart cards. These interfaces provide communication to the cards in low-level application protocol data unit (APDU) form. These interfaces are provided in both C and Java. The interfaces work with all readers that are supported by the Solaris operating system and with any smart card that communicates with APDUs. The SCF API is based on the following components:
Session object – A general context for each individual thread so that can collisions can be avoided.
Terminal object – An abstraction of a physical smart card terminal. This object can detect the presence, insertion, or removal of a card.
Card object – Represents a smart card that is inserted in a terminal. The object can send information in APDU format to the physical smart card. The object also accommodates mutex locking so that an application can have exclusive access to the card.
Listener object – An object that receives notification of events.
The SCF API provides functionality in the following areas:
Checking for the physical presence of a smart card in the reader.
Receiving notification of smart card movement, that is, insertion and removal.
Exchanging data with the smart card.
Retrieving information about the session, terminal, and smart card.
Locking and unlocking the smart card for exclusive access.
The following sections provide information about the specific SCF interfaces.
The following functions are used for SCF sessions.
Establishes a session with a system's smart card framework. After a session has been opened, the session can be used with SCF_Session_getTerminal(3SMARTCARD) to access a smart card terminal.
Releases the resources that were allocated when the session was opened. Also, closes any terminals or cards that are associated with that session.
Deallocates storage that is returned from SCF_Session_getInfo(3SMARTCARD).
Establishes a context with a specific smart card terminal in the session. Terminal objects are used for detecting card movement, that is, insertion or removal. Terminal objects are also used to create card objects for accessing a specific card.
The following functions are used to access SCF terminals.
Releases the resources that were allocated when the terminal was opened. The function also closes any cards that were associated with the terminal.
Deallocates storage that has been returned from SCF_Terminal_getInfo(3SMARTCARD).
Blocks and waits until a card is present in the specified terminal.
Blocks and waits until the card in the specified terminal is removed.
Allows a program to receive callback notifications when events occur on a terminal. The concept is similar to a signal handler. When an event occurs, a service thread executes the provided callback function.
Updates the specified event listener that is associated with this terminal.
Removes the specified event listener from the listener list that is associated with this terminal.
Establishes a context with a specific smart card in a terminal. Card objects can be used to send APDUs to the card with SCF_Card_exchangeAPDU(3SMARTCARD).
The following functions are used to access smart cards and to get status.
Releases resources, such as memory and threads, that were allocated when the card was opened. Also, releases the lock that was held by that card.
Deallocates storage that has been returned from SCF_Card_getInfo(3SMARTCARD).
Obtains a lock on a specific card. This function allows an application to perform a multiple APDU transaction without interference from other smart card applications.
Sends a command APDU to a card and reads the card's response.
Checks to see if a specific card has been removed. If another card or even the same card has since been reinserted, the function reports that the old card was removed.