[Muscle] Remote connections to pcsc

[Ludovic Rousseau]

2007/9/22, Michael Bender/MBP <Michael.Bender at sun.com>:
> I still wonder if it's ever really necessary to have APDU level
> access to a card that is on a remote system. How useful is it to
> be able to send raw SCSI commands to a disk drive on another box
> for example? Disks are abstracted via filesystems and above that
> via network file access protocols that can have appropriate
> access controls layered on top of them, yet the issue of being
> able to send an APDU from an application on one machine to a card
> in a reader on another machine still comes up from time to time.
> Is it really necessary to do that? It seems to me that the better
> approach would be to abstract the card functionality over the
> network (i.e. "sign this", "verify that").

I don't think that SCSI is a good example since iSCSI (SCSI over
TCP/IP) [1] already exists. SUN has products [2] for that. Maybe the
need is to have a storage that does not need to understand the file
system used by the client.

As I said in my previous mail, the choice of where to put the remote
support is not easy to do. With a multi-layer system you can select
any layer and split it to have the two parts of the layer on two
different machines.

- application
- PKCS#11
- PC/SC
- ifdhandler
- USB

After doing some research I found some products to do USB over IP. So
you do not even have to change any existing software layer. Just add a
new layer.

Bye

[1] http://en.wikipedia.org/wiki/ISCSI
[2] http://www.sun.com/storagetek/nas/5220/

-- 
  Dr. Ludovic Rousseau