SmartSign Home  
About SmartSign Project
Project information  
Project Documentation  
Download Area  
Support Area  
Related Links  
Frequently Asked Questions  

Last updated on 08/07/2005

About Smart Sign


This project started in 1999 as the Engineering thesis project for Tommaso Cucinotta, at Sant'Anna University (Italy), cured by dr. Paolo Bizzarri and prof. Paolo Ancilotti. From then on, it has been cured as part of the PhD program and subsequent research activities undertaken by Tommaso Cucinotta.

The original purpose of the project was to enhance the security level of existing open source applications by integrating them with smart card technology. This was achieved by allowing an open source certification authority software (OpenCA) to interact with smart cards, providing means for a user to store and use its private key and public key certificate on a smart card. Integration of smart cards in the "certificate emission chain" was a starting point, however additional tools were added in order to allow a user to sign and verify generic files and to allow smart card based logon to a system.

Because of the lack of a common standard that had been widely adopted across card manufacturer for exposure of cryptographic services, the project was initially limited to Schlumberger Cyberflex cards. From then on, a certain effort has been done to keep developing a unified API that could allow applications to use smart card technology in a uniform, card-independent way. That was the main aim of the SSP-Lite package from the MUSCLE project. So that package had been completed with cryptographic functions reflecting the PCSC level 6 API.

PCSC-6 API was troublesome to implement because of the excessive generality of the interface, that pretended to adapt to all kinds of card. Furthermore that API was still leaving enough space to allow implementations for different cards to be so different that the overall purpose of interoperability was not achievable.

MUCSLE Card API from the MUSCLE project seems to have a sufficient level of abstraction to allow implementation with multiple cards. It also has a detail level that allows applications to really use them without caring about particular cards being used. Initially designed around JavaCard exposed crypto capabilities, MUSCLE Card API is not really tied to JavaCard capable cards, and can be implemented with other crypto cards, too.

Now we're going to expand this project, improving architectural design, functionalities and documentation, in order to obtain multi-platform, easy to understand and use, card-independent smart card middleware and related tools.

Thanks to

  • Massimiliano Pala (OpenCA group)
  • David Corcoran (MUSCLE group)
  • Danny Kumamoto and Neville Pattinson (Schlumberger team)
  • Prof. Paolo Ancilotti (Pisa University)
  • Paolo Bizzarri (ICube srl Society)
  • Marco Bizzarri (ICube srl Society)
  • SourceForge site ideators, developers and maintainers
  • Open Source Community
  • ...