smartcard - overview of smart card features on Solaris
The smart card framework provides a mechanism to abstract
the details of interacting with smart cards and smart car-
dreaders (called card terminals). The framework is based on
the OpenCard Framework V1.1 (OCF) with Sun extensions to
allow OCF to operate in a multi-user environment. The core
OCF software protocol stack is implemented as a system ser-
vice daemon. This implementation allows smart cards and card
terminals to be shared cooperatively among many different
clients on the system while providing access control to the
smart card and card terminal resources on a per-UID basis.
An event dispatcher is provided to inform clients of events
occuring on the card and at the card terminal, such as card
insertion and card removal.
A high-level authentication mechanism is provided to allow
clients to perform smart card-based authentications without
requiring knowledge of specific card or reader authentica-
A set of applet administration tools is provided for Java-
Cards that support downloading Java applets (although applet
build tools are not provided).
Administration of the smart card framework is provided with
the smartcard(1M) command line administration utility and
the smartcardguiadmin(1) GUI administration tool.
Support for several card terminals is provided:
o Sun External Smart Card Reader I (see ocf_escr1(7D))
o Sun Internal Smart Card Reader I (see ocf_iscr1(7D))
o Dallas iButton Serial Reader (see ocf_ibutton(7D))
Additional card terminals can be supported by implementing
smart card terminal interfaces in a shared library.
Support for several smart cards is provided:
o Schlumberger Cyberflex Access JavaCard
o Schlumberger MicroPayflex
o Dallas Semiconductor Java iButton JavaCard
Each of the supported cards has a complete set of OCF card
services that implement the necessary functionality for
authentication and secure storage of data. For the two sup-
ported JavaCards, an authentication and secure data storage
applet is provided that can be loaded into these cards with
the supplied applet administration tools. See smartcard(1M).
A PAM smart card module is provided to allow PAM clients to
use smart card-based authentication. See pam_smartcard(5)
CDE is able to use the PAM smart card module for dtlogin and
dtsession authentication. CDE also uses the smart card
framework event dispatcher to listen for events on the card
terminal and provide corresponding visual feedback to the
ocfserv(1M), smartcard(1M), libsmartcard(3LIB),
pam_start(3PAM), pam_smartcard(5), ocf_escr1(7D),
ocf_ibutton(7D), ocf_iscr1(7D), scmi2c(7D)
Man(1) output converted with