| Cryptographic Token Interface Standard |
PKCS#11
|
Secondary authentication
Detailed Description
Cryptoki allows an application to specify that a private key should be protected by a secondary authentication mechanism. This mechanism is in addition to the standard login mechanism described in section 6.6 for sessions. The mechanism is mostly transparent to the application because the Cryptoki implementation does almost all of the work.
The intent of secondary authentication is to provide a means for a cryptographic token to produce digital signatures for non-repudiation with reasonable certainty that only the authorized user could have produced that signature. This capability is becoming increasingly important as digital signature laws are introduced worldwide.
The secondary authentication is based on the following principles:
- The owner of the private key must be authenticated to the token before secondary authentication can proceed (i.e. C_Login must have been called successfully).
- If a private key is protected by a secondary authentication PIN, then the token must require that the PIN be presented before each use of the key for any purpose.
- All secondary authentication operations are done using a mechanism that is transparent to the Cryptoki client.
The secondary authentication mechanism adds a couple of subtle points to the way that an application presents an object to a user and generates new private keys with the additional protections. The following sections detail the minor additions to applications that are required to take full advantage of secondary authentication.
RSA Security Inc. Public-Key Cryptography Standards -
PKCS#11 - v210