Simulation of Smart Card Application

Similar Messages

• Simulation of smart card

  Hi ppl,
  I'm a student working on a project of simulation of smart card. It involes no hardware at all so the physical layer transmission is ignored. I'm gonna implement the smart card operation using two programmes "card.c" and "reader.c" in the same computer. Yes, it's C not java, but the idea is the same. I just wanna ask is that the programmes r about the same? I mean what exactly should the reader.c and the card.c do? Is it the reader.c simply sends out commands and then the card.c listens and waits for the commands like the client of a client-server scenario? And then once the card.c receives commands, it extracts the useful data according to the ISO17816-4 and then sends back response and the reader.c again provess the data recoived and sends another commands. And the transmission goes on, is it like that?
  Plz give me some hits on these. Desperate for some help really.
  Thanz sooo much ppl!!
  Franky

  Here's what I'm gonna do in the programs.
  At the very first, the reader sends a reset RST to teh card and waits for repsonse. The card then responses with answer to reset ATR, this gives all the communications protocol used afterwards, so the card will choose like T=1.
  And then the reader sends the GET CHALLENGE command to the card asking for a random number e.g. A and response from the card gives the challenge A to reader.
  Reader then sends the encrypted challenge [A] with the EXTERNAL AUTHENTICATE command to card, the card replies with a YES or NO indicating if the challenges match.
  Reader sends its challenge B with command INTERNAL AUTHENTICATE, card replies with encrypted challenge .
  This finishes the challenge-response operation for mutual authentication. I read from books that the key used to encrypt and decrypt the challenge is the master key. But I have no clue how both entities can get hold of the key beforehand. Maybe there's sth like PKI for that.
  And then, should there be a verification by using the PIN? So after this verification, the real data and message exchange should occur rite? And I read from books that some cards require every access to the card to have a PIN verification. Well, I think that's almost it for the security part. And I'll have to find some source on how to make a read application of the smart card, like a payment card or identification card. I think one of the most popular standards for payment card is EMV, and I dunno much for the identification card.

• What does it take to build smart card applications?

  Just out of interest I was wondering what does it take to build smart card applications:
  - Can I do it at home with my PC or do I have to have access to expensive hardware?
  - How difficult is it to master given that I do it on my own with no help. Does it involve a lot of hardware issues?
  - If hardware is required (a smart card and a cable connection), where do I get it and how much does it cost?

  Let me rephrase my question.
  I understand that the deployment process may not be so easy. That does not disturb me.
  I just want to know whether I'll experience hardware probelms. If reading/writing to the card involves putting it inside and taking it outside from the device just like a floppy disk without any complications, then I don't have any worries.
  By the way, does the reader device is used for both reading AND writing?

• Smart Card application with EJB?

  Hallo
  I have the following problem:
  I have to write an application which should be accessible from the internet. The whole application has to be on the server. Every user who wants to get access to the application has to insert a smartcard into the Reader who is installed on his local system. The application has to read some information (username or password for example) from the card and to prove if the user is allowed to start the Application.
  Does anybody has an idea how to realize this? Is it possible to realize this with EJB or do i have to use an other technology?
  Thanks for your answers

  Well i did not use the java smart card technology. I used the Java native interface to implement the classes who have to read from the card. I got an api dll from the producer of the smart card. So i used the Java native interface to realize the logic of the smartcard application. This part of my programm is written in c++. The problem is that the whole programm is on a server but for getting access to the smartcard reader the dll s (the api dll from the producer and my dll for the jni) have to been installed on every client......
  You said that i have to write a swing client who picks the information from the smartcard and sends it afterwards to the enterprise system. Is there no other possibility to solve this problem without writing a swing client ?

• Beginner's Question on simulation of java card application

  Hi,
  I am trying to run a basic Java card application.
  To simulate the java card application, I created jcwde.app and tried C:\>jcwde -p 9025 jcwde.app
  I got and exception like:
  Exception in thread "main" java.lang.UnsatisfiedLinkError: markHeap
  at com.sun.javacard.impl.NativeMethods.markHeap(Native Method)
  at javacard.framework.Dispatcher.cardInit(Dispatcher.java:188)
  at javacard.framework.Dispatcher.main(Dispatcher.java:63)
  at javacard.framework.JCWDEDispatcher.main(JCWDEDispatcher.java:28)
  at com.sun.javacard.jcwde.Main.run(Main.java:85)
  at com.sun.javacard.jcwde.Main.main(Main.java:148)
  Can anyone help me to find out the reason for this exception?
  The content of jcwde.app is
  // applet AID
  com.sun.javacard.installer.InstallerApplet 0xa0:0x0:0x0:0x0:0x62:0x3:0x1:0x8:0x1
  wallet.Wallet
  Thanx in advance.
  anju

  I see terms like ...
  Core Java: The main libraries.
  JDK: (J)ava (D)evelopement (K)it) - AKA: (S)oftware (D)evelopement (K)it although the terms are not exactly synonomous
  J2EE:(J)ava 2 (E)nterprise (E)dition (builds on the J2SE with additional librarities for true business application building)
  J2SE: (J)ava 2 (S)tandard (E)dition (The core libraries for general Java program developement, w/o the extra stuff that is in the J2EE
  Go to java.sun.com and check out the tutorials, the readme files that come with the downloads, the release notes, etc ... HTH

• How to Compile and run Smart Card Application

  hi
  any one can help me reagrding Javacard API. i download the JavaCard Development Kit from sun and install on my machine but i didn't get all java files and class files of JavaCard API. where i obtain those files so my application get compile and run.
  pls help me i m new in this technology.
  Thanks in Advance.

  My program Test.java in F:\Tomcat5\webapps\Ambika\WEB-INF\Classes. I compiled in the format below. I got like this. What should I do for this? But yesterday I compiled like this only, It compiled and the folder com\cert\Test.class is created. Today again I compiled the pgm after deleting the already created folder 'com\cert', I got the error like this.
  I've given my pgm and the thing I've got when I compiled it.
  Test.java
  package com.cert;
  public class Test
       public void display()
            System.out.println("Hai");
  F:\Tomcat5\webapps\Ambika\WEB-INF\Classes>javac -d F:\Tomcat5\webapps\Ambika\WEB-INF\Classes\Test.java
  javac: no source files
  Usage: javac <options> <source files>
  where possible options include:
  -g Generate all debugging info
  -g:none Generate no debugging info
  -g:{lines,vars,source} Generate only some debugging info
  -nowarn Generate no warnings
  -verbose Output messages about what the compiler is doing
  -deprecation Output source locations where deprecated APIs are u
  sed
  -classpath <path> Specify where to find user class files
  -cp <path> Specify where to find user class files
  -sourcepath <path> Specify where to find input source files
  -bootclasspath <path> Override location of bootstrap class files
  -extdirs <dirs> Override location of installed extensions
  -endorseddirs <dirs> Override location of endorsed standards path
  -d <directory> Specify where to place generated class files
  -encoding <encoding> Specify character encoding used by source files
  -source <release> Provide source compatibility with specified release
  -target <release> Generate class files for specific VM version
  -version Version information
  -help Print a synopsis of standard options
  -X Print a synopsis of nonstandard options
  -J<flag> Pass <flag> directly to the runtime system
  F:\Tomcat5\webapps\Ambika\WEB-INF\Classes>
  Plz help me.
  thanks in advance
  Ambika

• Help needed in learning the basics of Java Smart Card and implementation?

  Hello every body,
  I am trying to develop the applications on java contactless smart cards technology.
  Can any body give me the details like how to start?
  What are the required softwares and installation procedure and path settings and etc.?
  I am the beginner in java smart card application development.
  plz help me out

  Dear Friend,
  I would advice to divide learning into two main parts: JavaCard technology and contactless RFID cards. For JavaCard technology you can find useful articles on Sun web-site (developers.sun.com/mobility/javacard/articles/javacard1/). For contactless RFID you can find few useful books at Amazon. Regarding software you need JC development kit. How to install it there is an instrunction in JCDK user guide.
  If it is not a secret what a javacard contactless card you are going to use in your work?
  Yours
  Dmitri

• Step by step approach to develope the java card application

  Do anybody know how to develope a smart card application using java card.i have downloaded java card kit,but the documentation provided by the sun is bit complex to use.
  so please anybody know how to proceed?
  It would be appreciated if i am given a step by step approach to develope a smart card application using java card.

  Do anybody know how to develope a smart card
  application using java card.i have downloaded java
  card kit,but the documentation provided by the sun is
  bit complex to use.
  so please anybody know how to proceed?I would suggest to read these articles
  http://developers.sun.com/techtopics/mobility/javacard/articles/
  Jan

• Java Game Smart Card Implementation

  Hi,
  As an assignment i have been told to design a smart card application,(theory only). My idea was that of cross-platform java games that could be stored on a smart card,so for example:
  -the smart card could be used in PC and mobile (allowing games to be restarted at the same stage).
  -the card would store high scores, character info, and background environments
  - the card could send game data to friends, by either using the smart card in their devices or via the internet extracting and downloading from the card, or better still off the phone to anothers phone by selecting them from the address book
  I was wondering if there were any other ideas that i could use, and more importantly the technical details of how to implement such a card
  -ie which card
  -how much memory
  -the equipment required
  I would appreciate all the help you could give me, and it is quite an interesting topic.
  thanks
  jag

  http://forum.java.sun.com/thread.jsp?forum=23&thread=357393&tstart=0&trange=15

• Learn about writing applet for java smart card

  hi to all i am newbie in here and need to start write applet for my project
  but i am little confuse about writing applet please guide me for doing that
  thank you

  maybe this link how to develop new smart card application(write and read data on smart card will be useful

• How to use Smart Card API's (OCF) in Web Application

  Hi frnds,
  For our new smart card based project, i have few queries,
  1. Can we choose web based application for smart card based projects?
  2. How servlet will communicate with opencard CTListener class?
  3. While the card insertion and remove how the event will be reflet the servlet?
  4. For that is it needed to design the client UI by using Swing?
  5. Without Swing will servlet give all solution for smart card connection and events?
  Rgrds,
  dhaya.

  I am also looking for smart card Authentication using web. Any info really appreciated

• Need advice for an application that restricts access to other applications using a smart card

  Hello everybody,
  I am developing a system that uses a smart card reader attached to a USB port of a PC.
  What the system should provide is:
  When computer boots up and shows the users login screen, a user, previously registered, can use his smart card to access the system, instead of entering his password
  Once the user is logged in, when he tries to launch an application, which has previously marked as "secured", a dialog box is shown indicating that the user has to present his smart card. If the smart card has access to the application, the application
  is launched, otherwise an error message is shown to the user and the application is not executed.
  I develop in C++ and C#. I have already created a library (in Visual C++) that manages the smart card reader and provides the card presented to it.
  Now I am developing the applicastion (in C#) that will configure the security (assigning cards to users and applications).
  Concerning this, I have 2 questions regarding each point above:
  Is it possible to create the centralized application that lists all users and allows to assign cards to them? Then, when the users login screen is shown, the system must access that data before logging in, so that it can check which card was presented and
  what user it corresponds to. I have seen in laptops, that have embedded fingerprint readers, a user must login to his account first and then he can register his fingerprints. In fact, what I need to do is something similar but with smart card reader instead
  of fingerprint reader. So, perhaps, user must login into his account first and then he will be able to add his card and store that information somewhere (in windows registry maybe).
  How can I launch my application when other application is executed but before its interface is actually shown? this is similar to what antivirus programs do, because they check the executable before it is actually ran. What is the best method to address
  the application? by executable file name? process name? or other? if the best is by process name, how can I know the process name without actually running the application?
  Well, that is all what I need to do. Please advice regarding this subject.
  I look forward to hearing from you,
  Best regards,
  Jaime
  Powered by C++

  > what was the guidance?
  1. Research other software that does similar things (not just exactly the same) as you need. If you like something in their solutions, copy it :)
  The only software I know that does that is an antivirus, but I am unlucky to find some code in c++ that allows to intercept the program execution before actually executing it.
  2. If a kernel driver would fit in your solution, go for it (google for what is available for free, or find a consultant to write it for you).
  There are a lot of information about kernel drivers, but the question is, is that really the solution?
  Otherwise, you can just hide the application from user's reach and substitute the executable in shortcuts, etc. to run your program instead.
  Definetly this is not the way to go
  What is the best method to address the application? by executable file name? process name? or other?
  By executable file name, like in the Windows Applocker, I think. Processes do not have names (they are artifact of Task manager and debugging tools, to represent the processes for user somehow). Or, only by the filename part of the full path.
  I agree with that
  if the best is by process name, how can I know the process name without actually running the application?
  When the user runs the application, the driver will detect this and do its magic.
  I have found this page: http://stackoverflow.com/questions/3556048/how-to-detect-win32-process-creation-termination-in-c. They mention WMI, but I will study it tommorow... it is so late for today :-)
  Regards,
  -- pa
  Regards
  Jaime
  Powered by C++

• Support for smart-card authentication in PowerBuilder based application

  Hi, I have an application on PB11.5 with an Oracle DB back-end (11.2g). My DoD customer wants the application to use their DoD CAC Card (Smart Card) to authenticate against the Enterprise - Windows Active Directory domain, currently the application uses user-id\password for user authentication.  Is this something newer versions of PB can support and implement? Thank you.

  You have a couple of choices:
  1.  Depending on how old their workstations are, or if they have ACTIVCLIENT installed, you could call the CAPICOMM ActiveX using OLE commands
  2.  A solution that doesn't require that ActiveX is to use the Smart Card SDK built into newer versions of Windows.  It does require a lot lower level coding though, as you have to issue specific APDU commands to the card and know how to handle the responses.
  I posted a sample of the latter to the NNTP groups back in 2011.  I suppose I should get around to creating a blog entry explaining how to use it.

• Smart card development for desktop applications

  I'm totally new to smart cards and would like to get learn some about it. I'd like to build programs which have simple interaction with a smart card for storing information there and light processing.
  I thought about buying Gemplus 430USB reader.
  Could someone suggest a java card for me?
  P.S.
  How hard (if at all) is it to build the most simple application and install it on a smart card?

  I'm totally new to smart cards and would like to get
  learn some about it. I'd like to build programs which
  have simple interaction with a smart card for storing
  information there and light processing.
  I thought about buying Gemplus 430USB reader.I don't know this reader, just make sure it's PC/SC compliant. You shouldn't have to spend more then $20 on a reader that you can develope with. The American Express Blue or Visa readers would do fine(I use the Amex Blue) and they are free if you get the credit card(at least in the United States).
  Could someone suggest a java card for me?I use IBM's JCOP10. It's IBM's low cost JavaCard.
  You can probably purchase one from my company
  www.orga.com
  >
  P.S.
  How hard (if at all) is it to build the most simple
  application and install it on a smart card?Depends on your programming ability.

• Problem with CertificateRequest when using a smart card

  Hello,
  I have used the ssl debug statement to determine that ssl server is sending a CertificateRequest and a list of CAs. The smart card is opened via a password and I think X509KeyManagerImpl compares the Issuer of the smart card certificates with the server sent CAs. However since the issuer is an intermediate CA and only the root CA is in this list, the smartcard certificates are rejected. I CAN'T have the intermediate CA place in the ssl server list.
  Using SSLConnect (KeyManager, X509TrustManager, null). The KeyManager is using NSS and the TrustManager is using opensc-pkcs11 via SunPKCS11. The OS is Linux, kernel 2.6.35.10-74.fc14.i686.
  The intermediate CA is in the local cert store.
  The application being used is DavMail.
  Am I correct in stating that the the smart card certificates are checked against the server sent CAs?
  Does anyone know how to get Java to use he local cert store to find the intermediate CA and then verify it against the Root CA in the server sent list?

  Placed in wrong forum. Moved it to Security Java Secure Socket Extension (JSSE)