hie guys
I want to do a comparison of the performance and security of free and open source smart card offcard APIs could you please help by giving me any relevant ideas or material that can help me do the comparison.
you can refer me to any sites with individuals who have also done related work in this field.
thanx
compared to what ? the performance of your offcard APIs won't be an issue. it would be the card and what you are doing. For example, creating a RSA key could take long time depending on key size.
thanx for the reply Joseph
I need to carry out a performance and security evaluation/comparison of the following API technologies: Card Terminal Application Programming Interface (CT-API), PC/SC or the high level APIs like Java Card Open (JCOP), Open Card framework (OCF) ,GlobalPlatform offcard APIs and Native drivers.
At the end i need to offer advise on which API is suitable for what type of application or possible advise on how one API could be combined with another to give the best possible performance/security.
I look forward to here from you guys
overall you just need an API that communicates to the CAD and easy to deploy. The standard is PC/SC. It's used in Java 6, OCF, and JCOP offcard.There even exist the PC/SC Lite for linux distros. Off-card performance is an nonexistance issue. Also, this isn't a Java Card issue.
Another thing you need to be aware of is the chips are rapidly moving to USB format. In other words, your card, when inserted into a host machine dongle, you'll see it as a USB device.
For off-card security, you'll need to treat your middleware as you would any middleware. Follow security best practices when engineering off card applications. One thing I constantly see overlooked is that anything that requires a keyboard, is open in plain view, including PINs !!! A port sniffer can echo back any keyboard entries.
