摘要 |
<p>A smart card authentication framework may include a card application applet (CAA), an authentication policy applet (APA), and an authentication technology applet (ATA). The CAA may provide a protected service for a user. The APA may provide an authentication-technology-independent user validation service for the CAA. The ATA may provide a technology-specific authentication service. In one embodiment, the CAA provides a first external interface, the ATA provides a second external interface and a first internal interface, and the APA provides a second internal interface. The ATA may receive a host request for user authentication via the second external interface, and the ATA may process the authentication request without participation by the CAA. The CAA may communicate with the APA via the first internal interface to determine whether the user is currently validated. If so, the CAA may provide the protected service for the host via the first external interface.</p> |