Interface IEbicsSecurityMedium

Namespace: Subsembly.EBICS

Assembly: Subsembly.EBICS.Core.dll

Interface for integrating RSA security tokens, such as smart cards, as EBICS security medias.

public interface IEbicsSecurityMedium

Remarks

This interface provides a very simple and generic way to integrate almost any security token that supports the RSA primitive operations as a security media for EBICS security operations.

The IEbicsSecurityMedium interface uses the concept of a SecurityMediaID which uniquely identifies a security medium. A SecurityMediaID may be a smart card ID, a hardware serial number, a file name, or something similar that uniquely identifies the token. The SecurityMediaID is required in order to avoid accidental use of the wrong security medium. An implemenation may use any non-empty string as a SecurityMediaID.

The interface does not provide generic methods for creating security medias, such as key files, and also does no provide administration methods such as for changing PINs. Such methods are token specific and therefore are implemented only in concrete classes.

Properties

CanChangePIN

Indicates whether the PIN (or password or whatever) of the security medium can be changed via ChangePIN(string, string).

bool CanChangePIN { get; }

Property Value

bool

LastError

The security medium error code from the most recent failing method.

EbicsSecurityMediumErrorCode LastError { get; }

Property Value

EbicsSecurityMediumErrorCode

Remarks

If the last operation completed successfully, then the value of this property is undefined. It may be zero, or 0x9000, or anything else. Only if the last operation did fail, then this property provides an error code.

The property value is either a positive smart card status word as defined in ISO 7816 part 4, or one of the special, negative failure values defined for the EbicsSecurityMediumError enumeration.

This property may be read in any state and at any time, even when no security token is present. However, it provides a meaningful value only, when a previous call to this interface has returned with failure.

SecurityMedium

Provides the content for the <SecurityMedium> XML element in an EBICS request.

string SecurityMedium { get; }

Property Value

string

Remarks

According to the EBICS specification this value is defined as follows:

0000	No specification
01dd	Diskette
02dd	Chipcard
03dd	Other removable storage medium
04dd	Non-removable storage medium

In the above table, "dd" represents any number combination that is specified individually by each institution.

This property may be read in any state and at any time, even when no security token is present.

SecurityMediumID

The ID of the currently selected or authenticated security medium.

string SecurityMediumID { get; }

Property Value

string

Remarks

In the Null state, this is null.

This property may be read in any state and at any time, even when no security token is present.

SecurityMediumType

The physical type of security medium implemented by this interface.

EbicsSecurityMediumType SecurityMediumType { get; }

Property Value

EbicsSecurityMediumType

Remarks

This property may be read in any state and at any time, even when no security token is present.

State

Indicates the current state of the security medium.

EbicsSecurityMediumState State { get; }

Property Value

EbicsSecurityMediumState

Remarks

This property may be read in any state and at any time, even when no security token is present.

SupportedSecurityCodes

Provides the set of EBICS security operations that are supported by this security media implementation.

EbicsSecurityCode SupportedSecurityCodes { get; }

Property Value

EbicsSecurityCode: A set of flags that indicates all the security processes that are implemented for this security media.

Remarks

The returned set includes all security processes that are supported by the implementation of this IEbicsSecurityMedium instance. There is no guarantee whether a particular physical security token really supports all the security processes indicated here. For example, a SECCOS implementation may support and indicate A004, A005 and A006, but a particular inserted SECCOS smart card may support A004 only.

In order to determine which security processes are really supported by a physical security token one must call GetPubKey(EbicsSecurityCode) for the desired security process. If this call successfully returns the public key information for the requested security process, then that security process is supported by the currently selected security token.

This property may be read in any state and at any time, even when no security token is present.

Methods

Authenticate(string)

Authenticate the selected security token for use.

bool Authenticate(string sPIN)

Parameters

sPIN string: The security token PIN for authentication. This may be an empty string if no PIN is required. It must not be null.

Returns

bool: If authentication was successful, then true is returned. If not, then false is returned and LastError provides the details.

Remarks

In the SECCOS smart card based implementation this will authenticate the CSA Password of the smart card, only. The signature PIN is authenticated internally by the SignHash(EbicsSecurityCode, byte[]) method, if needed.

This security medium must be in the Selected State when this method is called. When the method completes successfully, the security token has been switched into the Authenticated State. The authenticated state ends when the token is removed/disconnected or when the method Release() is called.

For secure PIN entry for smart cards the interface IEbicsSecurityMediumClass2 must be used, if it is supported.

Exceptions

ArgumentNullException: The parameter sPIN was null.
InvalidOperationException: This security medium instance is not in the Selected state.

ChangePIN(string, string)

Change the PIN (password) used to protect the security token.

bool ChangePIN(string sOldPIN, string sNewPIN)

Parameters

sOldPIN string: The old PIN to be changed. Must not be null.
sNewPIN string: The new PIN to be assigned. Must not be null.

Returns

bool: If the PIN was changed successfully, then true is returned. If not, then false is returned and LastError provides the details.

Remarks

This security medium must be in the Selected, State when this method is called. When the method returns, the security medium remains in the same state, regardless of success or failure.

For secure PIN change for smart cards the interface IEbicsSecurityMediumClass2 must be used, if it is supported.

Exceptions

ArgumentNullException: The parameter sOldPIN or sNewPIN was null.
InvalidOperationException: This security medium instance is not in the Selected state.

Create(string, string)

Creates a new software security medium.

bool Create(string sSecurityMediaID, string sPIN)

Parameters

sSecurityMediaID string: Usually the path to the key file to be created. If so, this must not be null and must not be an empty string. This must be a valid file name of a non-existing file.
sPIN string: The PIN to be assigned to the new file to be created.

Returns

bool: If the security token was successfully created, then true is returned. If creation failed, then false is returned and LastError provides more information.

Remarks

This method may only be called when this security medium is in the Null State. If the security token was successfully created, then it will be in the Authenticated State. thereafter.

Exceptions

ArgumentNullException: The parameter sSecurityMediaID or sPIN was null.
ArgumentException: The parameter sSecurityMediaID was an empty string.
InvalidOperationException: There is already a selected file.

GetPasswordInfo()

Provides information about the password that must be passed to Authenticate(string).

EbicsPasswordInfo GetPasswordInfo()

Returns

EbicsPasswordInfo

GetSecurityOperations(EbicsContact)

Get an implementation for the security operations bound to the key set for a particular contact.

IEbicsSecurityOperations GetSecurityOperations(EbicsContact aContact)

Parameters

aContact EbicsContact: The EbicsContact that identifies the key set that shall be implicitly used with the returned security operations implementation. Implementations that only store a single key set may ignore this parameter.

Returns

IEbicsSecurityOperations

Release()

Releases a previously authenticated security token.

void Release()

Remarks

This method shall end the authenticated state of the security token. Subsequently any calls to methods that require the authenticated state must fail. This method may be called in any state and at any time, even when no security token is present, and it must never fail.

Select(string)

Connect with existing security token.

bool Select(string sSecurityMediaID)

Parameters

sSecurityMediaID string: Unique identification of the required token. Must not be null or an empty string.

Returns

bool: If a connection to the requested token could be established, then true is returned. If the token was not found, then false is returned and LastError provides more information.

Remarks

This method may only be called when this security medium is in the Null State. If the security token was successfully selected, then it will be in the Selected State.

Exceptions

InvalidOperationException: This security medium instance is not in the Null state.