General informations about the Smart Sign Project

Why

Security, today, is becoming more and more a central issue for web producers, developers and users. The "open" nature of the Internet has caused a growing interest in authenticating users, documents and data over the web.

Nowdays Public Key Infrastructures are being widely adopted as "The" solution for network security. However, the level of trust of such architectures depends completely on the security of some private keys. Smartcard technology is being actually used to achieve the maximum security level for private keys.

The need for data security has been being widely confirmed by the growing number of cryptograpic tools that are starting to populate the Internet today, both in the commercial and the freeware or OpenSource worlds. These tools are still lacking a smart card support, because of the intrinsic complexity of the smart card world that discourages developers.

Main aim of this project is to integrate Open Source cryptography based security tools publicly available over the Internet with smartcard technology, to obtain a system for smartcard based Digital Signature and Authentication services.

A secondary aim of this project is developing all the open source building blocks needed by developers to integrate smart card technology into their applications in a uniform, card independent, way. Differences among different kind of cards, both in supported features and in communication protocols, have always discouraged developers to go through such an integration path. Development of a common API that allows host applications to talk to almost equivalent (even if different) cards and a reference open source implementation are surely two steps towards this integration.