subject: Meant By "contact Smart Cards" [print this page] As mentioned above, Contact Smart Card have their own cryptoprocessor, their own operating system, protected memory, and their own file system. The access to them is performed on different levels with different protocols. The standard, ISO 7816, specifies the main Contact Smart Card components and describes the low-level access to them.
For higher-level access to Contact Smart Cards, the PKCS#11 standard is used. This standard defines the application interface for interaction with the cryptographic devices (cryptographic tokens)for instance, Contact Smart Cards - Card Embossing Machine , hardware cryptographic accelerators, and others.
The software that is delivered along with the Contact Smart Card usually contains an implementation of the PKCS#11 standard for the specific Contact Smart Card and card reader. The implementation usually is a library (.dll file in Windows or .sofile in Linux and UNIX) that can be loaded dynamically and can be used from all applications installed locally.
For example, if an ISO 7816-compatible Utimaco Safeware Contact Smart Card is used, then the PKCS#11 implementation for this card is contained in the software package "Utimaco SafeGuard Smartcard Provider," which is delivered along with the card. For this article, you can assume you complete an installation of this software under Microsoft Windows XP. In Windows XP, the library that implements PKCS #11 will be seen as the file C:WINDOWSsystem32pkcs201n.dll.
The PKCS#11 standard doesn't allow physical extraction of the private keys from the Contact Smart Card, but it is possible to use these keys to encrypt, decrypt, or sign data. Of course, for such an operation to be performed, the user must enter the PIN code beforehand; this protects the access to the Contact Smart Card - Card Tipper.
The PKCS#11 standard gives an interface for accessing the protected keys and certificate keystores, located on the Contact Smart Card. For this reason, the Contact Smart Cards can be operated in a way very similar to the operation with PKCS#12 keystores. A PKCS#11-compatible Contact Smart Card, however, has much more capability than PKCS#12 keystores. Accessing protected keys and certificate keystores from a Contact Smart Card using PKCS#11 is very similar to accessing information from PKCS#12 keystore files. Contact Smart Cards, however, have much more capability than PKCS#12 keystores; for example, encryption and signature built-in functionality.
