Package javacard.framework.service
Interface SecurityService
-
- All Superinterfaces:
Service
public interface SecurityService extends Service
This interface describes the functions of a generic security service. It extends the baseServiceinterface and defines methods to query the current security status. Note that this interface is generic and does not include methods to initialize and change the security status of the service; initialization is assumed to be performed throughAPDUcommands that the service is able to process.A security service implementation class should extend
BasicServiceand implement this interface.
-
-
Field Summary
Fields Modifier and Type Field Description static shortPRINCIPAL_APP_PROVIDERThe principal identifier for the application provider.static shortPRINCIPAL_CARD_ISSUERThe principal identifier for the card issuer.static shortPRINCIPAL_CARDHOLDERThe principal identifier for the cardholder.static bytePROPERTY_INPUT_CONFIDENTIALITYThis security property provides input confidentiality through encryption of the incoming command.static bytePROPERTY_INPUT_INTEGRITYThis security property provides input integrity through MAC signature checking of the incoming command.static bytePROPERTY_OUTPUT_CONFIDENTIALITYThis security property provides output confidentiality through encryption of the outgoing response.static bytePROPERTY_OUTPUT_INTEGRITYThis security property provides output integrity through MAC signature generation for the outgoing response.
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description booleanisAuthenticated(short principal)Checks whether or not the specified principal is currently authenticated.booleanisChannelSecure(byte properties)Checks whether a secure channel is established between the card and the host for the ongoing session that guarantees the indicated properties.booleanisCommandSecure(byte properties)Checks whether a secure channel is in use between the card and the host for the ongoing command that guarantees the indicated properties.-
Methods inherited from interface javacard.framework.service.Service
processCommand, processDataIn, processDataOut
-
-
-
-
Field Detail
-
PROPERTY_INPUT_CONFIDENTIALITY
static final byte PROPERTY_INPUT_CONFIDENTIALITY
This security property provides input confidentiality through encryption of the incoming command. Note that this is a bit mask and security properties can be combined by simply adding them together.- See Also:
- Constant Field Values
-
PROPERTY_INPUT_INTEGRITY
static final byte PROPERTY_INPUT_INTEGRITY
This security property provides input integrity through MAC signature checking of the incoming command. Note that this is a bit mask and security properties can be combined by simply adding them together.- See Also:
- Constant Field Values
-
PROPERTY_OUTPUT_CONFIDENTIALITY
static final byte PROPERTY_OUTPUT_CONFIDENTIALITY
This security property provides output confidentiality through encryption of the outgoing response. Note that this is a bit mask and security properties can be combined by simply adding them together.- See Also:
- Constant Field Values
-
PROPERTY_OUTPUT_INTEGRITY
static final byte PROPERTY_OUTPUT_INTEGRITY
This security property provides output integrity through MAC signature generation for the outgoing response. Note that this is a bit mask and security properties can be combined by simply adding them together.- See Also:
- Constant Field Values
-
PRINCIPAL_CARDHOLDER
static final short PRINCIPAL_CARDHOLDER
The principal identifier for the cardholder.- See Also:
- Constant Field Values
-
PRINCIPAL_CARD_ISSUER
static final short PRINCIPAL_CARD_ISSUER
The principal identifier for the card issuer.- See Also:
- Constant Field Values
-
PRINCIPAL_APP_PROVIDER
static final short PRINCIPAL_APP_PROVIDER
The principal identifier for the application provider.- See Also:
- Constant Field Values
-
-
Method Detail
-
isAuthenticated
boolean isAuthenticated(short principal) throws ServiceExceptionChecks whether or not the specified principal is currently authenticated. The validity timeframe (selection or reset) and authentication method as well as the exact interpretation of the specified principal parameter needs to be detailed by the implementation class. The only generic guarantee is that the authentication has been performed in the current card session.- Parameters:
principal- an identifier of the principal that needs to be authenticated- Returns:
- true if the expected principal is authenticated
- Throws:
ServiceException- with the following reason code:ServiceException.ILLEGAL_PARAMif the specified principal is unknown.
-
isChannelSecure
boolean isChannelSecure(byte properties) throws ServiceExceptionChecks whether a secure channel is established between the card and the host for the ongoing session that guarantees the indicated properties.- Parameters:
properties- the required properties- Returns:
- true if the required properties are true, false otherwise
- Throws:
ServiceException- with the following reason code:ServiceException.ILLEGAL_PARAMif the specified property is unknown.
-
isCommandSecure
boolean isCommandSecure(byte properties) throws ServiceExceptionChecks whether a secure channel is in use between the card and the host for the ongoing command that guarantees the indicated properties. The result is only correct after pre-processing the command (for instance during the processing of the command). For properties on incoming data, the result is guaranteed to be correct; for outgoing data, the result reflects the expectations of the client software, with no other guarantee.- Parameters:
properties- the required properties- Returns:
- true if the required properties are
true,falseotherwise - Throws:
ServiceException- with the following reason code:ServiceException.ILLEGAL_PARAMif the specified property is unknown.
-
-