13-45_An-extensible-client-platform-for-eID-signatures-and

An extensible client platform
for eID, signatures and more
Tobias Wich, Moritz Horsch, Dirk Petrautzki, Johannes Schmölz,
Detlef Hühnlein, Thomas Wieland, Simon Potzernheim
© 2013
Open eCard Team
© Copyright 2010 ecsec GmbH, All Rights Reserved.
Agenda






How eID-solutions were built in the past?
Changes due to ISO/IEC 24727
Extension points of the Open eCard App
Architecture of the Add-on Framework
How to build application-specific Add-ons?
Conclusion
© 2013
Open eCard Team
© Copyright 2010 ecsec GmbH, All Rights Reserved.
>>
>>
2
Some European eID Cards
© 2013 Open eCard Team
>>
3
Agenda






How eID-solutions were built in the past?
Changes due to ISO/IEC 24727
Extension points of the Open eCard App
Architecture of the Add-on Framework
How to build application-specific Add-ons?
Conclusion
© 2013 Open eCard Team
>>
>>
5
ISO/IEC 24727 – Stack
<CardInfo>
SAL-Protocol
IFD-Protocol
Legacy card
© 2013 Open eCard Team
>>
6
eCard-API-Framework
Application-Layer
Management
GRTool,
Border
Control ...
ePAApplication
eHealthApplication
JobCard
ELSTER
...
Management
Convenience
ePassport
Convenience
ePA
Convenience
eHealth
Convenience
JobCard
Convenience
ELSTER
Convenience
...
Identity-Layer
Mgmt-Interface
eID
eCard-Interface
Management
Services
Service-Access-Layer
Encryption
Services
Signature Services
Identity Services
ISO24727-3-Interface
Support-Interface
Generic Card Services
ePassport
CardInfo
ePA
CardInfo
Terminal-Layer
© 2013 Open eCard Team
eGK/HBA
CardInfo
...
Support Services
IFD-Interface
SICCT-Interface
CT-API-Interface
IFD
SICCT
MKT, B1
etc.
SCARD-Interface
PC/SC 2.0
IFDIFDHandler
Handler
>> 10
Agenda






How eID-solutions were built in the past?
Changes due to ISO/IEC 24727
Extension points of the Open eCard App
Architecture of the Add-on Framework
How to build application-specific Add-ons?
Conclusion
© 2013 Open eCard Team
>>
>> 11
The Open eCard App at a glance
 eID-Client according to BSI-TR-01312
 Local link based eID Activation
 EAC based Authentication
 Support of CardInfo-files (CIF) acc. to ISO/IEC 24727-3
 Card is supported, if corresponding CIF is available
 Existing CIF for German eID card, German eHealth card, Estonian
eID card, various signature cards




Platform agnostic GUI interface
Heavily modularized
Clients for Java SE (Desktop & Applet) and Android
GPLv3 License
http://openecard.org
© 2013 Open eCard Team
>> 12
Extension points of the Open eCard App
ISO/IEC 24727
© 2013 Open eCard Team
>> 13
Agenda






How eID-solutions were built in the past?
Changes due to ISO/IEC 24727
Extension points of the Open eCard App
Architecture of the Add-on Framework
How to build application-specific Add-ons?
Conclusion
© 2013 Open eCard Team
>>
>> 14
External
Application
Appstore
File
Classpath
Add-on Framework Overview
ResourceName
Registry
3
ResourceName
Add-on Selector
AddonSpecification,
ResourceName
ClassLoader
Sandbox
2
1
Response
Binding
AddonSpecification
AddonSpecification[*]
5
Request
AddonSpecification, 4
ResourceName
7
Add-on Manager
AddonAction
6
Add-on Action
Properties
Context
© 2013 Open eCard Team
>> 15
Add-on Structure
AddonX.jar
Manifest File
(META-INF/Addon.xml)
AppExtensionAction
Identification
Description
Settings
Action & Protocol
AppPluginAction
Identification
Description
Settings
Class Reference
© 2013 Open eCard Team
SALProtocol
>> 16
Binding Essentials
External
Application
1
6
2
5
Binding
Body
Parameters
Attachments
(1)𝑀𝑅𝑒𝑞 → (𝐵, 𝑃, 𝐴)
(2) 𝑅 𝐶, 𝐵, 𝑃, 𝐴 → 𝑀𝑅𝑒𝑠
© 2013 Open eCard Team
BindingResult
3
4
Code
Body
Parameters
Attachments
Add-on Action
>> 17
Agenda






How eID-solutions were built in the past?
Changes due to ISO/IEC 24727
Extension points of the Open eCard App
Architecture of the Add-on Framework
How to build application-specific Add-ons?
Conclusion
© 2013 Open eCard Team
>>
>> 18
How to build application-specific Add-ons
 Create a mvn Project
 Add org.openecard:addon as provided dependency
 Add other dependencies if needed
 Implement Action/ Protocol interfaces
 Evaluate input parameters
 Call Code using SAL and IFD
 Create a Result and return it
 Create Manifest (src/main/resources/META-INF/Addon.xml)
 Add entries for the implemented Actions/ Protocols
© 2013 Open eCard Team
eID Activation Manifest
© 2013 Open eCard Team
Existing and Future Add-ons
 Existing Add-ons




Status
PIN Management (Pin Compare)
Activation and nPA Authentication (EAC)
Activation and TLS Authentication (Generic Crypto)
 Future Add-ons




Personal Health Record with German eHealth card
Signature (OASIS DSS)
PKCS#11
YourFavouriteAddOn
© 2013 Open eCard Team
>> 21
Conclusion
 Open eCard App supports ISO/IEC 24727 and its extension
mechanisms (CIF as well as protocols for SAL and IFD)
 Add-on Framework allows to extend the application layer
 The Sandbox limits the impact of malicious code
 Decoupling of Add-on-functionality and Binding
 The Add-on Framework makes it easy to build applicationspecific extensions for the Open eCard App
 Developer version to write Add-ons will be available soon
Developing tailormade eID and smart card
applications has never been easier!
Why not building YourFavouriteAddOn today?
© 2013 Open eCard Team
>> 22
Thank you very much
for your kind attention!
Titelmasterformat
durch Klicken
Contact:
bearbeiten
Formatvorlage des Untertitelmasters durch
Klicken bearbeiten
©©2013
Open
2013
OpeneCard
eCardTeam
Team
© Copyright 2010 ecsec GmbH, All Rights Reserved.
>>
>> 2323