auvin
commented
7 years ago The eCard-API-Framework establishs uniform communication between the applications and the various chipcards. There are different chipcards because the eCard-strategy is not only used for the eID, but also for an electronic health card, passport etc.
The eCard-API-Framework is divided into four layers:
Application-Layer
The Application-Layer contains various applications which use the Framework to access the eCards and their associated functions. But their intefaces are not within the scope of this API.
Identity-Layer
This Layer covers two interfaces for the use and management of electronic identities as well as for management of the eCard-API-Framework.
- eCard-Interface: This interface encapsulates the main functions of the eCard-API-Framework in an application-orientated manner. For this purpose the eCard-Interface provides the following groups:
- Functions for identity management
- Signature functions
- Encryption functions
- Management-Interface: provides functions for updating the framework and the management of trusted identities, smart cards, card terminals, and default behaviour.
Service-Access-Layer
The Service-Access-Layer provides functions for cryptographic primitives and biometric mechanisms in connection with cryptographic tokens.
- ISO24727-3-Interface: This interface is a webservice-based implementation of the standard and contains functions to establish connections to smart cards and read or write data:
- Card-Application Service Access
- Connection Service
- Card Application Service
- Named data service
- Cryptographic service
- Authorization service
- Support-Interface: Contains a range of supporting functions.
Terminal-Layer
This layer contains the IFD-Interface which takes over the generralisation of specific card terminal types and various interfaces.
janles
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03112/TR-03112-api_teil1.pdf