The baiMobile® Framework for Secure Credentials, developed by Biometric Associates, LP (BALP), is the first and most widely used, reader-independent, smart card framework for iOS and Android operating systems. Originally developed to support Windows Mobile® 6.x, the baiMobile® Framework was ported to the iOS and Android mobile operating systems under a contract through the US Department of Defense.
The baiMobile® Framework was first deployed in 2007 (US Air Force and others) on Windows Mobile® 6.x devices, followed by deployments that began in 2011 (US Army and others) on iOS and Android devices. Today over 100 software development companies worldwide are building mobile apps for private industry and government (both domestic and international) using the baiMobile® Framework.
A key feature of the baiMobile® Framework is ability of the PKCS#11 component to support card-specific “plug-ins”, allowing support for national identity cards and most other enterprise smart cards. Digital certificates, such as EMV, can be supported either on traditional contact smart cards, NFC smart cards, microSD cards and embedded Secure Elements.
The baiMobile® Framework is the layer of software, drivers, middleware, libraries and APIs that allows a mobile app to form a command for, and parse responses from, a given type of credential, whether physically located on a smartcard or another token (such as a microSD or embedded Secure Element), in order to accomplish common cryptographic operations typically supported by smartcards. Cryptographic operations (Send user PIN, Sign, Decrypt, Retrieve Certificate, etc.) are supported by exposing the standard PKCS#11 interface (API), which is the most common and most OS-agnostic interface. The architecture of the baiMobile® Framework is based on interchangeable modules that can be updated when the commands of a particular card type have changed (which occurs frequently).
Another role of the baiMobile® Framework is to ensure that all cryptographic functionality is confined to FIPS 140-2 certified modules This is achieved by having the application avoid using any OS-provided cryptographic functions (including random number generation, hashing, etc.) in favour of using a middleware implementation that uses only FIPS 140-2 certified modules.
With platforms that have an infrastructure for an alternative, pluggable cryptographic interface API (either standard or proprietary to the OS), we strive to implement that API as well. Such implementations call down to our lower PKCS11 module. An example might be javax.crypto CSP on Android® or MS CAPI on Windows Mobile® or Windows® 7.
With, the Framework cannot be installed on iOS or Android devices by the user; rather the Framework must be integrated separately into each application (each application has its own copy) or embedded in the OS by the device manufacturer.
Smartcard Reader Resource Manager
The smartcard reader resource manager component of the baiMobile® Framework is a system-wide resource that manages access to the reader by multiple applications and potentially managing access to multiple readers on a single system. It provides a standard interface to be exercised by the smartcard middleware.
Smartcard Reader Driver
The smartcard reader driver component of the baiMobile® Framework is the layer that provides a standard interface to be exercised by the Smartcard Reader Resource Manager and knows how data is exchanged to and from the reader (Bluetooth, USB, NFC, etc.). A separate reader driver is required for each type of reader. Typically, the driver has no knowledge of what the particular command and response means and is only concerned with getting them to and from the reader over the implemented medium (Bluetooth, USB, NFC, etc.).
The baiMobile® Framework for Secure Credentials is provided to mobile application developers and device manufacturers under a royalty-free license or a technology license. For more information, please contact firstname.lastname@example.org
- Support for industry standard API’s (PC/SC, PKCS#11, OpenSSL)
- Framework abstracts the connection medium to the smartcard so that multiple interfaces can be supported.
- Support for multiple smart card readers:
- Third party wired (USB) and attached
- Support for multiple smart card types and popular applets:
- CAC, PIV, PIV-I, CIV
- ATOS CardOS®
- Planned support for alternate hardware tokens
- NFC smart cards
- MicroSD cards
- SIM cards
- Embedded Secure Elements