Add to collection(s) Add to saved
  1. No category

13-45_An-extensible-client-platform-for-eID-signatures-and

An extensible client platform
for eID, signatures and more
Tobias Wich, Moritz Horsch, Dirk Petrautzki, Johannes Schmölz,
Detlef Hühnlein, Thomas Wieland, Simon Potzernheim
© 2013
Open eCard Team
© Copyright 2010 ecsec GmbH, All Rights Reserved.
Agenda






How eID-solutions were built in the past?
Changes due to ISO/IEC 24727
Extension points of the Open eCard App
Architecture of the Add-on Framework
How to build application-specific Add-ons?
Conclusion
© 2013
Open eCard Team
© Copyright 2010 ecsec GmbH, All Rights Reserved.
>>
>>
2
Some European eID Cards
© 2013 Open eCard Team
>>
3
Agenda






How eID-solutions were built in the past?
Changes due to ISO/IEC 24727
Extension points of the Open eCard App
Architecture of the Add-on Framework
How to build application-specific Add-ons?
Conclusion
© 2013 Open eCard Team
>>
>>
5
ISO/IEC 24727 – Stack
<CardInfo>
SAL-Protocol
IFD-Protocol
Legacy card
© 2013 Open eCard Team
>>
6
eCard-API-Framework
Application-Layer
Management
GRTool,
Border
Control ...
ePAApplication
eHealthApplication
JobCard
ELSTER
...
Management
Convenience
ePassport
Convenience
ePA
Convenience
eHealth
Convenience
JobCard
Convenience
ELSTER
Convenience
...
Identity-Layer
Mgmt-Interface
eID
eCard-Interface
Management
Services
Service-Access-Layer
Encryption
Services
Signature Services
Identity Services
ISO24727-3-Interface
Support-Interface
Generic Card Services
ePassport
CardInfo
ePA
CardInfo
Terminal-Layer
© 2013 Open eCard Team
eGK/HBA
CardInfo
...
Support Services
IFD-Interface
SICCT-Interface
CT-API-Interface
IFD
SICCT
MKT, B1
etc.
SCARD-Interface
PC/SC 2.0
IFDIFDHandler
Handler
>> 10
Agenda






How eID-solutions were built in the past?
Changes due to ISO/IEC 24727
Extension points of the Open eCard App
Architecture of the Add-on Framework
How to build application-specific Add-ons?
Conclusion
© 2013 Open eCard Team
>>
>> 11
The Open eCard App at a glance
 eID-Client according to BSI-TR-01312
 Local link based eID Activation
 EAC based Authentication
 Support of CardInfo-files (CIF) acc. to ISO/IEC 24727-3
 Card is supported, if corresponding CIF is available
 Existing CIF for German eID card, German eHealth card, Estonian
eID card, various signature cards




Platform agnostic GUI interface
Heavily modularized
Clients for Java SE (Desktop & Applet) and Android
GPLv3 License
http://openecard.org
© 2013 Open eCard Team
>> 12
Extension points of the Open eCard App
ISO/IEC 24727
© 2013 Open eCard Team
>> 13
Agenda






How eID-solutions were built in the past?
Changes due to ISO/IEC 24727
Extension points of the Open eCard App
Architecture of the Add-on Framework
How to build application-specific Add-ons?
Conclusion
© 2013 Open eCard Team
>>
>> 14
External
Application
Appstore
File
Classpath
Add-on Framework Overview
ResourceName
Registry
3
ResourceName
Add-on Selector
AddonSpecification,
ResourceName
ClassLoader
Sandbox
2
1
Response
Binding
AddonSpecification
AddonSpecification[*]
5
Request
AddonSpecification, 4
ResourceName
7
Add-on Manager
AddonAction
6
Add-on Action
Properties
Context
© 2013 Open eCard Team
>> 15
Add-on Structure
AddonX.jar
Manifest File
(META-INF/Addon.xml)
AppExtensionAction
Identification
Description
Settings
Action & Protocol
AppPluginAction
Identification
Description
Settings
Class Reference
© 2013 Open eCard Team
SALProtocol
>> 16
Binding Essentials
External
Application
1
6
2
5
Binding
Body
Parameters
Attachments
(1)𝑀𝑅𝑒𝑞 → (𝐵, 𝑃, 𝐴)
(2) 𝑅 𝐶, 𝐵, 𝑃, 𝐴 → 𝑀𝑅𝑒𝑠
© 2013 Open eCard Team
BindingResult
3
4
Code
Body
Parameters
Attachments
Add-on Action
>> 17
Agenda






How eID-solutions were built in the past?
Changes due to ISO/IEC 24727
Extension points of the Open eCard App
Architecture of the Add-on Framework
How to build application-specific Add-ons?
Conclusion
© 2013 Open eCard Team
>>
>> 18
How to build application-specific Add-ons
 Create a mvn Project
 Add org.openecard:addon as provided dependency
 Add other dependencies if needed
 Implement Action/ Protocol interfaces
 Evaluate input parameters
 Call Code using SAL and IFD
 Create a Result and return it
 Create Manifest (src/main/resources/META-INF/Addon.xml)
 Add entries for the implemented Actions/ Protocols
© 2013 Open eCard Team
eID Activation Manifest
© 2013 Open eCard Team
Existing and Future Add-ons
 Existing Add-ons




Status
PIN Management (Pin Compare)
Activation and nPA Authentication (EAC)
Activation and TLS Authentication (Generic Crypto)
 Future Add-ons




Personal Health Record with German eHealth card
Signature (OASIS DSS)
PKCS#11
YourFavouriteAddOn
© 2013 Open eCard Team
>> 21
Conclusion
 Open eCard App supports ISO/IEC 24727 and its extension
mechanisms (CIF as well as protocols for SAL and IFD)
 Add-on Framework allows to extend the application layer
 The Sandbox limits the impact of malicious code
 Decoupling of Add-on-functionality and Binding
 The Add-on Framework makes it easy to build applicationspecific extensions for the Open eCard App
 Developer version to write Add-ons will be available soon
Developing tailormade eID and smart card
applications has never been easier!
Why not building YourFavouriteAddOn today?
© 2013 Open eCard Team
>> 22
Thank you very much
for your kind attention!
Titelmasterformat
durch Klicken
Contact:
bearbeiten
Formatvorlage des Untertitelmasters durch
Klicken bearbeiten
©©2013
Open
2013
OpeneCard
eCardTeam
Team
© Copyright 2010 ecsec GmbH, All Rights Reserved.
>>
>> 2323
Related documents
Identifying Cross Selling Opportunities
Identifying Cross Selling Opportunities
AMA-61850-FiT4HANA
AMA-61850-FiT4HANA
Government Outreach APP
Government Outreach APP
Device Networking Access
Device Networking Access
UCAIug Booth Slides RTDS
UCAIug Booth Slides RTDS
Video player (Color, Gray, Mono, Threashold)
Video player (Color, Gray, Mono, Threashold)
American Heart Association My Cards
American Heart Association My Cards
Download