It is widely recognized that cryptographic tokens such as Integrated Circuit Cards (ICCs or Smart Cards) offer a great potential for secure identification of users of information systems. But if this potential is ever going to be fully realized, and users are to receive full benefit of these tokens, there is an obvious requirement of credential portability and interoperability.
Interoperability demands standardization, and this document, PKCS #15, is intended at establishing a standard which ensure that users in fact will be able to use cryptographic tokens to identify themselves to multiple, standards-aware applications, regardless of the application's cryptoki (or other token interface) provider.
Why is PKCS #11 not sufficient?
The PKCS #11 specification alone can not offer this functionality since it is an API specification aimed at offering applications a uniform interface to cryptographic tokens. This means that different tokens requires different PKCS #11 drivers, and unless a user's desktop has the 'right' PKCS #11 driver installed, the user will be unable to use the token on that desktop.
What does 'Information Format for Cryptographic Tokens' mean?
This means that we need to agree on the syntax for storing digital credentials (keys, certificates, etc) on these tokens, and how this information are to be accessed. If such an agreement can be met, we have a very good platform to achieve the goals of this work.
Some important objectives of PKCS#15 are:
- Enable interoperability among components running on various platforms (platform neutral).
- Enable applications to take advantage of products and components from multiple manufacturers (vendor neutral).
- Enable the use of advances in technology without rewriting application-level software (application neutral).
- Maintain consistency with existing, related standards while expanding upon them only where necessary and practical.
Users should be able to use their tokens for identification purposes in all applications where this is necessary.