Service-Access-Layer

The Service-Access-Layer in particular provides functions for cryptographic primitives and authentication protocols built upon them as they are used by the different eCards. The ISO24727-3-Interface (see [BSI-TR03112], part 4) defines a comprehensive interface for the generic access to different smart card services. This interface contains functions to establish (cryptographically protected) connections to smart cards, to manage card applications, to read or write data, to perform cryptographic operations and to manage the respective key material (in the form of so-called "differential identities"). Here all functions which use or manage "differential identities" are parameterised by means of protocol-specific object identifiers so that the different protocols which are defined in in [BSI-TR03112] (part 7) (or in [ISO24727] (part 3 and 6) can be used with a standardised interface. Part 7 of the eCard-API-Framework specifies the authentication protocols, which are most relevant for the German market (i.e. PIN Compare, PACE, EAC, Generic Cryptography). The concrete features of an eCard are described by CardInfo files (CIF). These XML-based smart card descriptions, which can be validated using the test suite at www.cardinfo.eu, have been incorporated in [CEN15480] (part 3) and [ISO24727] (part 3, Amd1) and contain the necessary information to recognise the card type as well as a description of the available card applications, which in particular contains information about the available key material (Differential Identities) and data groups (Data Sets and Data Structures for Interoperability). Therefore it is possible to use eCards, which specific features are not yet known when implementing an eCard client, but for which a CIF exists, which describes the use of the card.