Site Tools


Sidebar

Smart Card Solution

User Manual

JavaCard API Samples

Java Card Specification

Knowledge Sharing

javacard:java-card-api:securityservice

javacard.framework.service

Interface SecurityService

All Superinterfaces: Service


This interface describes the functions of a generic security service. It extends the base Service interface and defines methods to query the current security status. Note that this interface is generic and does not include methods to initialize and change the security status of the service; initialization is assumed to be performed through APDU commands that the service is able to process. A security service implementation class should extend BasicService and implement this interface.

Version:

1.0 

Field Summary
static short PRINCIPAL_APP_PROVIDER           The principal identifier for the application provider.
static short PRINCIPAL_CARD_ISSUER           The principal identifier for the card issuer.
static short PRINCIPAL_CARDHOLDER           The principal identifier for the cardholder.
static byte PROPERTY_INPUT_CONFIDENTIALITY           This security property provides input confidentiality through encryption of the incoming command.
static byte PROPERTY_INPUT_INTEGRITY           This security property provides input integrity through MAC signature checking of the incoming command.
static byte PROPERTY_OUTPUT_CONFIDENTIALITY           This security property provides output confidentiality through encryption of the outgoing response.
static byte PROPERTY_OUTPUT_INTEGRITY           This security property provides output integrity through MAC signature generation for the outgoing response.

 

Method Summary
 boolean isAuthenticated (short principal)          Checks whether or not the specified principal is currently authenticated.
 boolean isChannelSecure (byte properties)          Checks whether a secure channel is established between the card and the host for the ongoing session that guarantees the indicated properties.
 boolean isCommandSecure (byte properties)          Checks whether a secure channel is in use between the card and the host for the ongoing command that guarantees the indicated properties.

 

Methods inherited from interface javacard.framework.service.Service
processCommand , processDataIn , processDataOut

 

Field Detail

PROPERTY_INPUT_CONFIDENTIALITY

static final byte PROPERTY_INPUT_CONFIDENTIALITY

This security property provides input confidentiality through encryption of the incoming command. Note that this is a bit mask and security properties can be combined by simply adding them together.

See Also:Constant Field Values


PROPERTY_INPUT_INTEGRITY

static final byte PROPERTY_INPUT_INTEGRITY

This security property provides input integrity through MAC signature checking of the incoming command. Note that this is a bit mask and security properties can be combined by simply adding them together.

See Also:Constant Field Values


PROPERTY_OUTPUT_CONFIDENTIALITY

static final byte PROPERTY_OUTPUT_CONFIDENTIALITY

This security property provides output confidentiality through encryption of the outgoing response. Note that this is a bit mask and security properties can be combined by simply adding them together.

See Also:Constant Field Values


PROPERTY_OUTPUT_INTEGRITY

static final byte PROPERTY_OUTPUT_INTEGRITY

This security property provides output integrity through MAC signature generation for the outgoing response. Note that this is a bit mask and security properties can be combined by simply adding them together.

See Also:Constant Field Values


PRINCIPAL_CARDHOLDER

static final short PRINCIPAL_CARDHOLDER

The principal identifier for the cardholder.

See Also:Constant Field Values


PRINCIPAL_CARD_ISSUER

static final short PRINCIPAL_CARD_ISSUER

The principal identifier for the card issuer.

See Also:Constant Field Values


PRINCIPAL_APP_PROVIDER

static final short PRINCIPAL_APP_PROVIDER

The principal identifier for the application provider.

See Also:Constant Field Values

Method Detail

isAuthenticated

boolean isAuthenticated(short principal) throws ServiceException

Checks whether or not the specified principal is currently authenticated. The validity timeframe (selection or reset) and authentication method as well as the exact interpretation of the specified principal parameter needs to be detailed by the implementation class. The only generic guarantee is that the authentication has been performed in the current card session.

Parameters:principal - an identifier of the principal that needs to be authenticated

Returns:true if the expected principal is authenticated

Throws: ServiceException - with the following reason code:

  • ServiceException.ILLEGAL_PARAM if the specified principal is unknown.



isChannelSecure

boolean isChannelSecure(byte properties) throws ServiceException

Checks whether a secure channel is established between the card and the host for the ongoing session that guarantees the indicated properties.

Parameters:properties - the required properties

Returns:true if the required properties are true, false otherwise

Throws: ServiceException - with the following reason code:

  • ServiceException.ILLEGAL_PARAM if the specified property is unknown.



isCommandSecure

boolean isCommandSecure(byte properties) throws ServiceException

Checks whether a secure channel is in use between the card and the host for the ongoing command that guarantees the indicated properties. The result is only correct after pre-processing the command (for instance during the processing of the command). For properties on incoming data, the result is guaranteed to be correct; for outgoing data, the result reflects the expectations of the client software, with no other guarantee.

Parameters:properties - the required properties

Returns:true if the required properties are true, false otherwise

Throws: ServiceException - with the following reason code:

  • ServiceException.ILLEGAL_PARAM if the specified property is unknown.


javacard/java-card-api/securityservice.txt · Last modified: 2017/05/13 04:05 (external edit)