Brief Introduction to CloudFoxy Technical Specification

If you have any questions or you are interested in more details, drop us a line at support@cloudfoxy.com

Get Started

CloudFoxy is a hardware platform enabling web access to smartcards. It has been designed as a high-performance, reliable, and scalable platform. It provides reliable access to high-security hardware processors (FIPS140-2 L3/4, Common Criterial EAL5+) to cloud applications.

CloudFoxy provides TCP/IP interface, which can be accessed directly, or via an additional RESTful server - FoxyRest. All our software is provided as open-source. You can also use FoxyRest the same way you’d use tools GlobalPlatform Pro and APDU4j developed by Martin Paljak. The only difference is an additional parameter specifying a Java driver for CloudFoxy:

An example of a whole gp command to list applets installed on a smartcard /192.168.42.10@2:

java -jar gp.jar -d -l -terminals ./driver.jar:main_class:tcp%3A%2F%2F192.168.42.10 -r /192.168.42.10@2 -v

The driver is available from our GitHub repository at:
https://gitlab.com/cloudfoxy/FoxyRest/tree/master/driver

Use and Integration

Cloud Foxy can be used directly from Java applications, with a simple modification of a driver.

terminalFactory = TerminalFactory.getInstance("PC/SC", "bin@tcp://192.168.42.0/27", new smarthsmfast.simona.Simonaio());
terminals = terminalFactory.terminals();
List<CardTerminal> readersList = terminals.list();

Replacing initalization with a default Java driver:

terminalFactory = TerminalFactory.getDefault();
terminals = terminalFactory.terminals();
List<CardTerminal> readersList = terminals.list();

You can also use an integration with JSignPDF for PDF document signing, or with an APDUPlay Windows library to enabling legacy Windows applications for Cloud Foxy

GitLab Project

Integration With Windows Applications

While we strongly recommend using our modern RESTful API, there are many situations when it is not possible and what you may want to do instead is to simply start using your cloud smartcards with applications, which already can use smart-cards.

Access to your cloud smartcards can be transparent of Windows and Linux smartcard applications.

Your applications will use our system library instead of original versions (e.g., winscard.dll in Windows), which will automatically redirect all requests to a local proxy service, which is part of our open-source integration software.

The installation is easy and in many cases it comprises a simple file being added to a system folder, or a folder of your application. The following text describes low-level technical details of the communication protocols we implemented for communication between our smartcard library, and the TCP/HTTPS proxy.

Smartcard library to/from TCP Proxy

Smartcard library (APDUPlay) receives requests from your applications as smart-cards are mute until they receive a request. They will process the request and send back a response.

In our case, APDUPlay sends each request as a text message of 2 or more lines, which start with a ">" character. The lines contain:

<card reader name>"|"
<cmd ID1>:<command1>"|"
<cmd ID2>:<command2>"|"

messages can also contain lines starting with "#", which can be used for internal signalling / configuration. All other lines, i.e., not starting with ">" or "#" are completely ignored. The lines starting with ">" can also contain of a line termination character "|" to ensure that the whole command is received correctly.

The card reader names have the following format:

"Enigma Bridge " | <IP address> | "@" | <id>

an example of the expected name is "Enigma Bridge /81.174.22.22@12". The "id" is a positive number, i.e., we don't use "0". When the prefix "Enigma Bridge" is removed from the name, you get a cloud smart-card identification that can be used to directly address a particular smartcard with our BASIC API - RESTful Server API.

The response from a proxy to APDUPlay consists only of responses to received commands. Each line starts with ">" and is terminated with “\n@@", like

232:3B0401020304
@@

Example of complete data flow

APDUplay → proxy

>Enigma Bridge /81.174.22.22@12|
>2342:RESET|
>2343:APDU:00A4040008A00000000300000000

Proxy→ BASIC API

https://gp.enigmabridge.com:8081/api/v1/basic? \
reset=1&apdu=00A4040008A00000000300000000&terminal=%2F81.174.22.22%4012

Response to Proxy

The BASIC API responds with a simple text message, which has as many lines as it received commands from APDUPlay, e.g.

3B0401020304
621A82013883023F008404524F4F5485030079AD8A0105A1038B01019000

Proxy to APDUPlay

>2342:3B0401020304
>2343:621A82013883023F008404524F4F5485030079AD8A0105A1038B01019000
@@

CloudFoxy is a brand of Smart Arcs Ltd, a company registered in England and Wales - reg. no.: 07359131. The registered address of Smart Arcs Ltd is ideaSpace, 3 Charles Babbage Rd, CB3 0GT United Kingdom.