user sign in on token

349 views Asked by At

Is login on the smart card implemented completely on the hardware chip Or it should be impelemented on both pkcs11 dll and smart card? and so how do they separated the chip functions for 3 type of user : user, CA, guest.
EDIT:
it helps me more, if you have a small sample code for both hardware and PKCS11 DLL as a start point

1

There are 1 answers

2
Martin Paljak On
  • PKCS#11 has C_Login, which has to be implemented, obviously, for any reasonable interoperability.
  • Guest only opens a session, does not call C_Login. User vs CA is not really an option in PKCS#11 terms (they are both "users" of the token), there is arbitrary "user" vs "admin" in PKCS#11 (but you don't really have to implement both, if your model does not follow the PKCS#11 model)
  • The security device must implement any protective measures (the ability to "log in" or "unlock" some resources in the device being one of them) so yes, it is implemented in the chip.
  • Don't know what "user" means in your context but having three types of users in a single token and one of them being called "CA" sounds like a bad idea.
  • You actually answer your own question: a device is useless for an application without the middleware (PKCS#11) so both must implement "something".