Pinpad support with PC/SC

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Pinpad support with PC/SC

Ludovic Rousseau
Hello,

Some people (2 including me) at the PC/SC workgroup are working on
better documenting how to use a pinpad reader with PC/SC. A draft of
the document is available at [1].

The draft contains samples of use (untested by me) with an IAS/ECC
card. It looks like it is a hot topic for OpenSC these days :-)

Note that:
- The document is still a draft.
- Not all pinpad readers may support all the features described in the document.

Comments, questions, remarks, etc. are greatly welcome.

Bye

[1] http://ludovic.rousseau.free.fr/softwares/pcsc-lite/SecurePIN%20discussion%20v5.pdf

--
 Dr. Ludovic Rousseau

------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Pinpad support with PC/SC

Martin Paljak-4
On 21/04/15 10:44, Ludovic Rousseau wrote:
> Comments, questions, remarks, etc. are greatly welcome.

A HTML version with linkable sections.

------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Pinpad support with PC/SC

Ludovic Rousseau
2015-04-21 9:51 GMT+02:00 Martin Paljak <[hidden email]>:
> On 21/04/15 10:44, Ludovic Rousseau wrote:
>> Comments, questions, remarks, etc. are greatly welcome.
>
> A HTML version with linkable sections.

Good idea. But...
Documentation from the PC/SC workgroup are .doc files converted to .pdf.

I think that providing an HTML version will be too much change for the
workgroup. I will try to push the idea.

Thanks

--
 Dr. Ludovic Rousseau

------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Pinpad support with PC/SC

Dirk-Willem van Gulik
In reply to this post by Ludovic Rousseau

> On 21 Apr 2015, at 09:44, Ludovic Rousseau <[hidden email]> wrote:
>
> Hello,
>
> Some people (2 including me) at the PC/SC workgroup are working on
> better documenting how to use a pinpad reader with PC/SC. A draft of
> the document is available at [1].
>
> The draft contains samples of use (untested by me) with an IAS/ECC
> card. It looks like it is a hot topic for OpenSC these days :-)
>
> Note that:
> - The document is still a draft.
> - Not all pinpad readers may support all the features described in the document.
..
> [1] http://ludovic.rousseau.free.fr/softwares/pcsc-lite/SecurePIN%20discussion%20v5.pdf

Pretty clear document.

I’ve recently gotten fairly concerned with people manipulating the string shown to the user (e.g. ‘session lost, enter pin to login’ — whereas the actual text should have read the original ‘transfer X to Y, confirm with PIN’)*.

As this seems an avenue for (dutch/german) medical & banking reader (ab)use (for the USB connected types).

This spec seems to nicely lock some of that down (nitpick ‘0’ for bMsgIndex p3 v.s. ‘1 on page 4) a-priori.

Though perhaps optionally the APDU of step 5 ‘formatting’ could be constructed such that the bMsgIndex is made (routine rather than optional) part of the APDU sent to the card.
 
Dw.

*: For a very specific use case I am now looking at passing the message shown + PIN to the chipcard - this making the reply unillegible if the hash of the message is not the one sent.


------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Pinpad support with PC/SC

Douglas E Engert
In reply to this post by Ludovic Rousseau
Looks like the "Adaptive PIN Fame size" is what OpenSC needs and the optional bAdvancedFlags in the PIN_PROPERTIES is what we should be
set if the reader supports it.

But the bAdvancedFlags is only in the draft, but some readers appear to support some of the features today.
it appears setting  bPINFrameSize = 0 in bmPINBlockString is the way readers may have implemented
the variable pin size within the current standard.

Do you have any insight in to which current readers can do the any of this even without
setting the bAdvancedFlags in the PIN_PROPERTIES?




On 4/21/2015 2:56 AM, Ludovic Rousseau wrote:

> 2015-04-21 9:51 GMT+02:00 Martin Paljak <[hidden email]>:
>> On 21/04/15 10:44, Ludovic Rousseau wrote:
>>> Comments, questions, remarks, etc. are greatly welcome.
>>
>> A HTML version with linkable sections.
>
> Good idea. But...
> Documentation from the PC/SC workgroup are .doc files converted to .pdf.
>
> I think that providing an HTML version will be too much change for the
> workgroup. I will try to push the idea.
>
> Thanks
>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Pinpad support with PC/SC

Ludovic Rousseau
Hello,

2015-04-21 14:51 GMT+02:00 Douglas E Engert <[hidden email]>:
> Looks like the "Adaptive PIN Fame size" is what OpenSC needs and the optional bAdvancedFlags in the PIN_PROPERTIES is what we should be
> set if the reader supports it.
>
> But the bAdvancedFlags is only in the draft, but some readers appear to support some of the features today.
> it appears setting  bPINFrameSize = 0 in bmPINBlockString is the way readers may have implemented
> the variable pin size within the current standard.
>
> Do you have any insight in to which current readers can do the any of this even without
> setting the bAdvancedFlags in the PIN_PROPERTIES?

The bAdvancedFlags byte (bAdaptiveFrameSize and bAdvancedModify bits)
is just a standardisation proposal.
I guess no reader support that yet.


The case bPINFrameSize = 0 is not really documented in the CCID spec.
I only found:

6.1.11.5 bmPINBlockString

This field provides the PIN block size and the PIN length size information.

Bit 7 - 4 : Size in bits of the PIN length inserted in the APDU
command. (If 0h, then the effective pin length is not inserted in the
APDU command)

Bit 3 - 0 : PIN length information: PIN block size in bytes after
justification and formatting.


Maybe some pinpad readers implement bPINFrameSize = 0 for adaptive size.
I would suggest to try with Vasco readers.

Bye

--
 Dr. Ludovic Rousseau

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Pinpad support with PC/SC

Ludovic Rousseau
In reply to this post by Ludovic Rousseau
2015-04-21 9:56 GMT+02:00 Ludovic Rousseau <[hidden email]>:

> 2015-04-21 9:51 GMT+02:00 Martin Paljak <[hidden email]>:
>> On 21/04/15 10:44, Ludovic Rousseau wrote:
>>> Comments, questions, remarks, etc. are greatly welcome.
>>
>> A HTML version with linkable sections.
>
> Good idea. But...
> Documentation from the PC/SC workgroup are .doc files converted to .pdf.
>
> I think that providing an HTML version will be too much change for the
> workgroup. I will try to push the idea.

The HTML version of the PC/SC specifications are now online at the
same place as the PDF version [1].
The conversion DOC -> HTML has been done using Google Docs and are not
perfect. For example the table of contents is not URL links to other
parts of the document.

If you know a better DOC to HTML convert tool please tell me. I tried
LibreOffice.org but the result is not much better. Using Microsoft
Word has other problems.

Bye

[1] http://pcscworkgroup.com/specifications/specdownload.php

--
 Dr. Ludovic Rousseau

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel