Java Card biometric authentication using OID

Similar Messages

• Java card user authentication

  Hi
  Im Using Gemalto TOP DL V2 Java card
  it supports java card 2.2.2 version.
  Will some one guide how to write program to authenticate..
  it support 3DES ,AES encryption
  how i can write user pin inside EEPROM( i hope pin.update )
  what is the use of Mother key they provided with Card?
  Details
  SID A000000003000000

  If you look at the JCDK samples, there is a PIN applet you can look at for user pin.
  What do you want to authenticate? Is it host to applet or host to card manager?
  Cheers,
  Shane

• ASP application authenticating users using OID

  Hi, I'm a newbie using ASP, but I need to modify an existing application to use LDAP authentication, using OID as it's directory server.
  I thought that if I get an LDAP ASP library that can be used against any LDAP server (non propietary), my problem is solved.
  My questions are :
  1) Does this library exist ? Where can I find it ?
  2) Has anyone any experience in this matter ? Is there another way to get around this problem ?
  Thanks for any clue that you can give me,
  Sebastian.

  This is an example where your Active Directory allows simple binds:
  FUNCTION authenticate_aduser (p_username IN VARCHAR2, p_password IN VARCHAR2)
     RETURN BOOLEAN
  IS
     v_user          VARCHAR2 (256);
     v_ldap_server   VARCHAR2 (256)    := '10.128.1.81';
     --h80081.isd_it.company_ag.local
     v_domain        VARCHAR2 (256)    := 'isd_it.company_ag.local';
     v_ldap_port     NUMBER            := 389;
     v_retval        PLS_INTEGER;
     v_session       DBMS_LDAP.SESSION;
     v_cnt           NUMBER;
  BEGIN
     IF p_password IS NOT NULL
     THEN
        v_user := p_username || '@' || v_domain;
        v_session := DBMS_LDAP.init (v_ldap_server, v_ldap_port);
        -- start session
        v_retval := DBMS_LDAP.simple_bind_s (v_session, v_user, p_password);
        -- auth as user
        v_retval := DBMS_LDAP.unbind_s (v_session);                   -- unbind
        RETURN TRUE;
     ELSE
        RETURN FALSE;
     END IF;
  EXCEPTION
     WHEN OTHERS
     THEN
        v_retval := DBMS_LDAP.unbind_s (v_session);
        RETURN FALSE;
  END authenticate_aduser;You need to replace the IP with the IP of your AD Server.
  Denes Kubicek
  http://deneskubicek.blogspot.com/
  http://www.opal-consulting.de/training
  http://apex.oracle.com/pls/otn/f?p=31517:1
  -------------------------------------------------------------------

• Java application communicate with java card applet without java card

  Can I write java application to communicate with java card applet without using java card?
  Can I send APDU to java card applet on computer(not install in java card)? If it's not, how can I write?
  Best Regard,
  Thanawan

  Your JCOP simulator implements a JCVM/JCRE according
  to specs. The CREF does that same thing excepts it's
  only simulates the API without crypto or third party
  applets. JCOP simulator is more then that. They are using thesame_ codebase for simulator and for oncard JCVM. Basically you are dealing with the same environment in both cases.

• Is the Java Card Platform supports the unnamed package?

  1.agree
  Virtual Machine Specification for the Java Card� Platform, Version 2.2.1 chapter 2.2.2.1:
  "packages in the Java Card platform are used exactly the way they are in the Java platform."
  That means the Java Card platform also have two type package,named package and unnamed package.
  2.against
  Development Kit User�s Guide for the Java Card Platform, Version 2.2.1 chapter Running the Converter:
  "Command line usage of the Converter is:
  converter [ options] <package_name> < package_aid> < major_version>.
  < minor_version>"
  The above formula tells us that the <package_name> is a MUST Line Arguments of converter.But if we create a unnamed package,how should we express it?
  3.against
  first,How a real JCVM intall/organize the unnamed packages?
  second,In a real JCVM run-time environment,all java items(include attribute,method and soon) refered by the suit of package+class+item.In this condition,the item in a nunamed package cannot offers the package and is never refered.
  I have been botherd by the above 3 boresome and opposite points for some time and cannot give out the key of the question.
  Can some one give me some ideas?
  thx!

  Sun's kit is free. There is a reference implementation of the JC Runtime environment with the kit.
  You of course can't load that onto a card. And even if you had the RE, you won't be able to load onto a card because the RE is burned into the ROM which you don't have low level access to.
  Read the JCRE specs that come with the kit

• Manually upload .cap file on a java card

  Hi
  I wonder how to manually upload a .cap file on a java card. I do know that it must be an or more APDUs that contain the file and so on.
  What I wonder is how to convert a .cap file into a byte array (byte array that on-card installer can read and understand) without using JCOP or any other tools? Does (must) this array have a special format or something?
  I am interested in the process of taking a.cap file and convert it to byte array (nothing else).
  Thanks in advance!
  /Lyudmila

  The .cap file uploading mechanism depends if you have a java card or a GlobalPlatform card.Java Card cards are GlobalPlatform based.
  If you have a java card you can use the same mechanism that it is used with Cref (see Java Card Kit - Development Kit - Chapter 11): .cap file is divided in n apdus, one or more (if a component not fit in one apdu, for example method component) for component (first:Header.cap, second:directory.cap, third:import.cap, etc).
  If you use a GlobalPlatform card, the mechanism is more complex:
  first you have to create a session using a specific protocol (SCP01, SCP02, etc) through INITIALIZE UPDATE and EXTERNAL AUTHENTICATE commands, then an INSTALL FOR LOAD command and n LOAD commads as they are necessary.
  To use GlobalPlatform mechanism, see GlobalPlatform Specification 2.1.1.The JCRE spec does not define the applet loader and CREF has a basic version of an applet loader that is not GP compliant, but this is not the Java Card standard. To load onto any physical Java Card you will need to follow the GlobalPlatform specification.
  - Shane

• Help:java card and rfid

  I searched a lot about java card and rfid, but don't have a clear idea about the relationship between the two. Please help me....

  They have NO common grounds.
  A java card needs a real "smart" processor because it contains a Java Virtual Machine, can do crypto and other stuff. The cost to produce one is in the multi dollar range. Some java cards can communicate contactless by "radio".
  RFID is the term to describe a very primitive device, all it can do is report a unique identification (ID) and it does this contactless (RF). the cost to produce one is in the cent range. You can use it to track products or containers or other stuff.
  Since RFID is also a very popular buzzword these days, the exact meaning of RFID varies.
  Of course, you could use a java card to play RFID tag, but that would be
  very expensive. Java cards are usually used for bank cards and similar applications.

• MIDP and Bluetooth as Java Card substitute

  Hi,
  I'm a Java developer, but not a Java Card developer, so I'm curious about the opinions of Java Card developers. It seems to me that IR and Bluetooth enabled J2ME/MIDP devices could be used in many situations where Java Cards are currently used. Depending on the adoption rates of
  a) Bluetooth enabled computers, devices, access points, etc... and
  b) cell phones with both Bluetooth and J2ME
  It may soon (a year or two) become cheaper and/or more convenient to issue users without a J2ME Bluetooth phone, such a device, than to issue all users Java Cards.
  So, entrenched coders
  1) Is this migration sane?
  2) Is anybody doing it, now?
  3) How hard/trivial is porting the applications?
  Thanks,
  Curt

  I'm aware of the JSR, but what is the security element ?On Sun Tech Days I was told it should be a Java Card. ;-))
  The main advantage of a smartcard is that it provides a trustworthy and tamper-resistant environment.
  Please have a look at
  http://www.simalliance.org/portal_upload/SIMalliance_comm.PDF
  I quote from the SIM Alliance site:
  "Thanks to a defined standard, easy downloading and powerful operating systems displaying high quality graphics, J2ME phones are making their mark. This leads to the question with such success and a memory capacity up to 1000 times the (U)SIM, will this relegate the Smart Card to a second class citizen?
  While Smart Card cannot compete with a Java handset for the sexy aspects of applications such as graphics, the core attributes of a Smart Card offer a number of significant benefits to application delivery, execution and management. All of these features require privacy management, security, portability and one-to-one personalization.
  Wireless applications must be secure and robust. However, it is feared that operators' revenue streams and secure pipeline will be threatened by the free delivery of applications mimicking the loss-making Internet portal model.
  This is where the Smart Card, (UICC, (U)SIM, and equivalent), will play an essential role in providing security, building trust and protecting revenues for mobile businesses.
  The card will become an integral part of the architecture for distributed applications running at the same time on Server, Handset and Smart Card to leverage the respective benefits of each part of the infrastructure.
  By looking at the strong points of each of the Java standards, Java Card and J2ME are not competing technologies but instead can be used in tandem to create an "open" and "secure" infrastructure that operators and content providers need in order to increase their ARPU and diminish costs. At present this infrastructure does not exist but leading operators, handset manufacturers, content providers and (U)SIM suppliers are working to make it a reality."

• What Java compiler for Java Card development ?

  What Java compiler and options should be used for Java Card development with the goal of generating correct, and (secondarily) small or/and fast code after conversion to Java Card bytecode using converter ?
  In particular
  - Is use of JDK 7 approved by Oracle for Java Card development? That would solve security problems associated with (the web components of the JRE of) some earlier JDK, including the latest JDK6. The JCDK 3.0.4 release notes states "+the commercial version of Java Development Kit (JDK software) version 6 Update 10 (JDK 6 Update 10) or later is required+, but that does not answer that question.
  - Anyone had _bad_ experience (like incorrect or disastrous code) with the Java compiler bundled with Eclipse ? I have seen at least one case where org.eclipse.jdt.core_3.7.3.v20120119-1537.jar produced slightly more compact code than javac.
  - Anyone had _bad_ experience with javac in jdk1.3 ? In an applet involving a "finally" clause, I've seen it generating more compact code than later javac (which in my test triplicated the code for the finally clause).

  What Java compiler and options should be used for Java Card development with the goal of generating correct, and (secondarily) small or/and fast code after conversion to Java Card bytecode using converter ?-target -source may be required to generate compatible byte code. Depending on the CAP file converter being used debug information may also help. Remember that Java Card is a subset of the Java language (also there are short opcodes that Java doesn't have etc) so a lot of the work for optimisation is done by the converter or the JCRE. You can look at the JCA code generated to determine what works best for your applets. There are also some ways of stripping out dead code etc from JCA files (return statements after a throw etc) to reduce your code size. Most of the speed optimisations come from your code (avoiding context switches and unnecessary security/access checks).
  The compactness of your Java Card binary may not be directly related to the size of your compiled Java code. It can depend on the converter you use and any optimisaitons the JCRE might try to do when the code is loaded.
  - Is use of JDK 7 approved by Oracle for Java Card development? That would solve security problems associated with (the web components of the JRE of) some earlier JDK, including the latest JDK6. Java Card does not use any of the libraries from the JDK/JRE. All of the libraries are provided by the JCRE on the smartcard.
  The JCDK 3.0.4 release notes states "+the commercial version of Java Development Kit (JDK software) version 6 Update 10 (JDK 6 Update 10) or later is required+, but that does not answer that question.Anything above JDK6u10 is supported. If you use Java 7 you may need to add a -source and -target flag when compiling.
  - Anyone had _bad_ experience (like incorrect or disastrous code) with the Java compiler bundled with Eclipse ? I have seen at least one case where org.eclipse.jdt.core_3.7.3.v20120119-1537.jar produced slightly more compact code than javac.We generally use the Eclipse compiler as we find that we get more deterministic builds. When CAP files are sent for security review it is helpful to have the reviewer able to generate a CAP file that matches the one you sent to confirm the binary is what you say it is.
  - Anyone had _bad_ experience with javac in jdk1.3 ? In an applet involving a "finally" clause, I've seen it generating more compact code than later javac (which in my test triplicated the code for the finally clause).We do not use anything less than Java 6 for compilation.
  - Shane

• NetBeans java card platform

  Dear All,
  I need a java card simulator to debug my java card applet code.
  I try to use Java Card Platform on NetBeans IDE 7.1 for debugging purpose. After successfully building the applet and loading it onto the simulated card environment I try to select the applet instance using the following command through the Console.
  select //aid/3F564379F5/00279CD982
  in response I receive the following error.
  "Connection reset by peer: socket write error"
  Is anyone using Java Card Platform for debugging? I would be very happy to hear how to resolve this problem.
  Thanks in advance!
  Cheers!
  Mehmet

  Mehmet wrote:
  Hello Rohit,
  If you download the Java Card Development Kit (http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-javame-419430.html#java_card_kit-2.2.1-oth-JPR)
  you will have a set of sample java card applets to use.
  You can use JPShell to download the cap files(compiled applet) onto the card and send ADPU to the card to see if you get correct response.
  Following link provides all the information to set up the environment and start developing java card applets using NetBeans IDE and GPShell.
  https://minotaur.fi.muni.cz:8443/~xsvenda/docuwiki/doku.php?id=public:smartcard:javacardcompilation
  I hope this can help.
  MehmetI already have , Netbeans 7.1 and now i have gpshell 1.4.4 ,i think netbeans is capable to making .cap file, did you mean that with use of gpshell i can connect with java card through reader? gp shell would work stand alone or we need to set this to netbeans? i read the link which u passed to me, it seems very good but "it seems very tough to implement" . HELL IS WAITING FOR ME... KIDDING DEAR,
  one last thing, anything other than net beans { here we create applet and it automatically create cap file} and gp shell are require to load applet onto the card? OR these is enough to implement wholo java card application- I asked this because i get the term JCOP and etc when i read uploading applet to card.
  anyways thanks for your help.

• CAN I USE JAVA CARD TECHNOLOGY TO BUILD BIOMETRIC COLLEGE ATTENDANCE SYSTEM

  HELLO everybody,
  I am new in Java card technology.Please any one can guide me.Can i use Java Card Technology to build biometrics college attendance system.If i can so which device should i need to buy or eBooks..
  PLEASE I NEED HELP..
  Thanks for your time ..
  I am looking forward to hearing from everyone..
  Thanks
  Durjan Hussain
  SCJP1.4,SCWCD

  Thanks AlexRashevsky for your good comments,
  I want to build Student Biometrics Attendance system.I want to use biometrics reader.Please i need guide for which biometrics device can i use to build the system.If you can give me your contact number that could be great with country code.Because i am doing this Project for my M.Sc dissertation and also for real client.
  I am looking forward to hear from you.
  Thanks.

• Java Card and OID Implementation

  Hi
  Has anyone used java card (Smart card) authentication and authorization with Oracle Internet Directory. Can it be done using the Identity Managment Component.
  More specifically speaking , I want to create the trade partner user in internet directory and wants to enable the JAAS in oracle application server for authentication and authorization.
  There are other types of users ( patient) who are having the biometric smart card (i.e. Java card). When these user swipes the finger, client based authentication is performed using the fingerprints and connects to the oid to get the authorization and personal details.
  Please let me know the exact suggestion to implement these type of identification and authorizaiton. Please let me know if there is any oracle technical paper which addresses the mentioned problem.
  Thanks in Advance.
  with regards
  Mazhar

  I am interested in this also. We are currently trying to move our website to java card authentication with an OID directory. I know it has been done before but have not thoroughly researched it yet.

• Problem configuring SOA suite to use OID for authentication

  We are in the process of rebuilding our environment to use the full SOA suite with our OID server for authentication (was previously just BPEL using AD directly), and have encountered several problems (below). We have rebuilt the OID server, and reinstalled the SOA suite into a clean ORACLE_HOME to no avail.
  We first rebuilt the OID server using the following steps (derived from Oracle® Internet Directory Administrator's Guide):
  1)     Create the Import and Export profiles for AD synchronization. We did this using the Directory Integration and Provisioning Server Administration tool under “Active Directory Configuration”
  2)     Modify the map file to specify the correct OU mappings between AD and OID.
  3)     Update the profile with the new map file using “dipassistant.bat mp”
  4)     Bootstrap the import profile using “dipassistant.bat bootstrap”
  5)     Start a new instance of the Integration server (odisrv) running on config set 1 (the config set containing the Active Directory import/export profiles) using “oidctl”
  6)     Set the Import profile to Enable. The OID server does not export changes to AD in our current configuration, so the Export profile is left on disable (and not bootstrapped)
  At this point it appears that the AD synchronizes correctly into our new OID server.
  Next we installed the SOA suite:
  1)     We ran “irca.bat” on our database server to create the ORABPEL, ORAESB, and ORAWSM schemas and associated integration repository structure.
  2)     After launching the SOA suite installer, we selected Advanced Install.
  3)     On the next screen, we selected J2EE Server, Web Server, and SOA Suite.
  4)     We then provided the credentials for our Oracle database, and the passwords for ORABPEL, ORAESB, and ORAWSM.
  5)     We configured our new AS instance as an administration instance, but did not opt to use from a separate HTTP server, and did not make this instance part of an OAS cluster topology.
  And finally, we configured our new SOA suite instance to use OID for authentication (using the instructions in Oracle® BPEL Process Manager Administrator's Guide section 2.1.3):
  1)     Used the configure_oid.bat command to seed OID with required users only.
  2)     Logged into the OracleAS Control Console
  3)     Chose the oc4j_soa instance, then Administration->Security->Identity Management
  4)     Configured the OID server using a non-ssl connection and the cn=orcladmin account.
  5)     When prompted, chose to reconfigure all applications in the oc4j_soa instance to OID, but not to use SSO for any of them.
  6)     Copied the contents of ORACLE_HOME\j2ee\home\config\jazn.xml to ORACLE_HOME\j2ee\oc4j_soa\config\jazn.xml
  7)     Restarted the application server.
  After this procedure, we encountered the following issues:
  1)     The BPEL console appears to authenticate users correctly out of OID, but no users have access to the default domain, including bpeladmin and oc4jadmin. All users receive a similar access denied message when attempting to log into the BPEL Admin Console.
  2)     We cannot upload a BPEL process to our new server via JDeveloper’s standard BPEL deployment mechanisms. The connection appears to be working properly and passes all tests, but on uploading a process we get a Java AccessDeniedException. ESB appears to be functioning properly, and accepts uploaded projects without issue.

  Bassman,
  We recently configured our SOA Suite to use OID and SSO. We had the same issues you are having, and we found the resolutions in a blog from Jaas Poot (http://blog.jpoot.com/category/oracle-appserver/oid-ldap/). For the BPEL domain access, this involved going to the data-sources.xml file and changing the database passwords from using ->pwForOrabpel for the orabpel schema and ->pwForOraesb for the oraesb schema to the real passwords; the blog explains more about this.
  The blog also covers the JDeveloper deployment issue, and another issue we encountered, where we couldn't access the BPEL Admin console. All of these were resolved following the steps in the blog.
  Hope this helps
  Candace

• External Authentication with Java Card through HSM

  Hi All,
  How to do External Authentication process in Javacard through HSM (Hardware Security Module). Does any HSM supports this?
  My requirement is to store the Card KMC in HSM and i should authenticate the terminal application with the Java Card through HSM.
  Does anyone have the idea on this. Because i should not expose the Card KMC to outside world.

  Hi,
  Megaa1207 wrote:
  My requirement is to store the Card KMC in HSM and i should authenticate the terminal application with the Java Card through HSM.If you cannot create a functional module for your HSM to perform external authenticate, you can use the PKCS11 libraries (cryptoki) to perform the primitive operations to generate your KDC's and to use them for generating session keys and cryptograms. All the sensitive data will be able to stay secured inside the HSM. You would perform the cryptographic operations on the derivation data and store the result as a key object inside the HSM. There is quite a lot of documentation on the PKCS11 operations on the RSA web site.
  Cheers,
  Shane

• Need suggestion regarding simulation of Java Card using a floppy

  Hi All,
  I am working on a project wherein I have to simulate a Java Card application using a floppy. I am writing my own Card Terminal and CardTerminalFactory. Thats what I have started working on. Will that serve the purpose or do I have to think about some other approach like just overriding the cardInserted method of CTListener class? I want to achieve communication between the host application and the floppy(which is my java card) Please advise.
  I would like to thank DurangoVa and Nilesh for helping me out sorting out the error in running the converter.
  Thanks in advance

  Are you referring to a Floppy diskette drive ?