Seeking recommendation of any NFC compliant smart card reader

classic Classic list List threaded Threaded
46 messages Options
123
Reply | Threaded
Open this post in threaded view
|

Seeking recommendation of any NFC compliant smart card reader

Linda Yu
Hi,

I have a ACS ACR122u reader and failed making it work on either VMware (Ubuntu 14.04 LTS) or native Ubuntu without VM. In VMware, pcsc_scan worked fine with ATR returned, but opensc-tool failed with the error of "Failed to connect to card: Unresponsive card". In native Ubuntu, it was worse. pcsc_scan didn't work (not even detecting the same reader).

Did anyone make a NFC compliant PC/SC reader work recently? If you did, could you provide the detailed info about your platform and middleware/driver version numbers?

Many thanks!
Reply | Threaded
Open this post in threaded view
|

Re: Seeking recommendation of any NFC compliant smart card reader

William Roberts
I am using that same reader with no issues. I have been able to use both HCE Android devices implementing smart cards, as well as PIV cards with NFC support.

I have seen issues with a loaded pn533 driver and you need to make sure you have udev rules that make the USB device accessable to OpenSC framework.

Try looking at syslog for errors. If you get something about device busy, check to see if the pn533 module is loaded, if so you can either black list it or remove the associated
package. That driver claims the interface that opensc is trying to open with libusb.


On Wed, Jan 28, 2015 at 1:37 PM, Linda Yu <[hidden email]> wrote:
Hi,

I have a ACS ACR122u reader and failed making it work on either VMware
(Ubuntu 14.04 LTS) or native Ubuntu without VM. In VMware, pcsc_scan worked
fine with ATR returned, but opensc-tool failed with the error of "Failed to
connect to card: Unresponsive card". In native Ubuntu, it was worse.
pcsc_scan didn't work (not even detecting the same reader).

Did anyone make a NFC compliant PC/SC reader work recently? If you did,
could you provide the detailed info about your platform and
middleware/driver version numbers?

Many thanks!



--
View this message in context: http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093.html
Sent from the Developer mailing list archive at Nabble.com.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel



--
Respectfully,

William C Roberts


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Seeking recommendation of any NFC compliant smart card reader

Linda Yu
Thank you so much! It worked after pn533 module was unloaded.

What are the brand names and model numbers of your PIV cards with NFC support? Are they writable? I would like to order a few of them.

Thanks again for your help!
Reply | Threaded
Open this post in threaded view
|

Re: Seeking recommendation of any NFC compliant smart card reader

William Roberts


On Thu, Jan 29, 2015 at 1:35 PM, Linda Yu <[hidden email]> wrote:
Thank you so much! It worked after pn533 module was unloaded.

What are the brand names and model numbers of your PIV cards with NFC
support? Are they writable? I would like to order a few of them.

They are Oberthur ID-one PIV. I do not know if they publish the 9B admin key for their "Patricia Thomas" cards.
Just remember, that PIV specification severly limits what can be done over a contactless interface. 
 

Thanks again for your help!
You're welcome, glad I could help.
 



--
View this message in context: http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15099.html
Sent from the Developer mailing list archive at Nabble.com.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel



--
Respectfully,

William C Roberts


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Seeking recommendation of any NFC compliant smart card reader

Douglas E Engert
In reply to this post by Linda Yu


On 1/29/2015 3:35 PM, Linda Yu wrote:
> Thank you so much! It worked after pn533 module was unloaded.
>
> What are the brand names and model numbers of your PIV cards with NFC
> support? Are they writable? I would like to order a few of them.

One list of approved cards, is here:
http://www.idmanagement.gov/approved-products-list

Most will not sell to individuals or is small amounts.

In addition to the above, the Yubico NEO has a PIV application:
Google for: yubikey neo PIV

https://www.yubico.com/products/yubikey-hardware/yubikey-neo/
Only meantions PIV once.

>
> Thanks again for your help!
>
>
>
> --
> View this message in context: http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15099.html
> Sent from the Developer mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
> .
>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Seeking recommendation of any NFC compliant smart card reader

David Woodhouse
On Thu, 2015-01-29 at 16:31 -0600, Douglas E Engert wrote:
>
> In addition to the above, the Yubico NEO has a PIV application:
> Google for: yubikey neo PIV
>
> https://www.yubico.com/products/yubikey-hardware/yubikey-neo/
> Only meantions PIV once.

It does indeed have PIV, and it has NFC. But I'm not sure you can access
the PIV over NFC.

I might send for an NFC reader and have a play with it. It looks like
the PN533 is the best one to get, isn't it?

--
dwmw2


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Seeking recommendation of any NFC compliant smart card reader

William Roberts


On Thu, Jan 29, 2015 at 2:59 PM, David Woodhouse <[hidden email]> wrote:
On Thu, 2015-01-29 at 16:31 -0600, Douglas E Engert wrote:
>
> In addition to the above, the Yubico NEO has a PIV application:
> Google for: yubikey neo PIV
>
> https://www.yubico.com/products/yubikey-hardware/yubikey-neo/
> Only meantions PIV once.

It does indeed have PIV, and it has NFC. But I'm not sure you can access
the PIV over NFC.

You can we have one. IIRC it conforms to the Contacless interface nuetering that goes on. I got my hands on
some Gemalto cards at one point that ignored this part of the spec, it was nice.
 

I might send for an NFC reader and have a play with it. It looks like
the PN533 is the best one to get, isn't it?

pn5333 is the actual chip, and it is really good. But you're probably going to want to buy
something that uses it and implements a USB ccid interface, like the ACR-122U. I have had
very good results with that reader, especially with testing Host Card Emulation on Android.
 

--
dwmw2


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel




--
Respectfully,

William C Roberts


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Seeking recommendation of any NFC compliant smart card reader

Douglas E Engert


On 1/29/2015 7:02 PM, William Roberts wrote:

>
>
> On Thu, Jan 29, 2015 at 2:59 PM, David Woodhouse <[hidden email] <mailto:[hidden email]>> wrote:
>
>     On Thu, 2015-01-29 at 16:31 -0600, Douglas E Engert wrote:
>     >
>     > In addition to the above, the Yubico NEO has a PIV application:
>     > Google for: yubikey neo PIV
>     >
>     >https://www.yubico.com/products/yubikey-hardware/yubikey-neo/
>     > Only meantions PIV once.
>
>     It does indeed have PIV, and it has NFC. But I'm not sure you can access
>     the PIV over NFC.
>
>
> You can we have one. IIRC it conforms to the Contacless interface nuetering that goes on. I got my hands on
> some Gemalto cards at one point that ignored this part of the spec, it was nice.

The specs, NIST 800-73-3 and FIPS 201, allow some operations over NFS but not not all.
NIST 800-73-3 part 2 After table 2. says:
"Note: Cryptographic protocols using private/secret keys requiring “PIN” security
  condition shall not be used on the contactless interface."

NIST 800-73-4 (draft) adds secure messaging over contactless interface,
to allow more operations over contactless. I believe this is still draft, and I don't
know if there are any cards available or if Yubico is looking at this for their
PIV applet.

Its not clear were the NEO is headed, with their PIV applet, since part of the
FIPS 201 says the PIV is a smart card in a smart card format, usable as a ID badge
and has a mag strip too. So although the NEO PIV applet might pass the card interface
part of the specs, it violates the crypto over contactless and it does not pass the
physical aspects of the specs.

But for non government use it is still useful, partly because it works with the Microsoft
builtin PIV card driver, as well as OpenSC on other platforms.

The NEO can be bought in small quantities and the yubico-piv-tool will allow the end user
to initialize the card. (With other PIV cards, the initialization process varies by vendor.)

https://developers.yubico.com/yubico-piv-tool/YubiKey_NEO_PIV_introduction.html

The current NEO has some hardware limitations on memory and key size:
  http://forum.yubico.com/viewtopic.php?f=26&t=1303

In that article, people are also looking for RSA 4096 and ECC other then secp256r1 or
specp384r1. This is not likely to happen. See NIST 800-78-2 table 6.2  Note that the RSA key size,
or ECC curve is maped to a single byte "Algorithm Identifier". It is sent in the General Authenticate
APDU as P1. So NIST need to change the specs to add new algorithms, curves or key sizes.

In the article, that also say "don't trust OpenSC". The OpenSC code assumes the card supports
the NIST standards and reports RSA 2048, and ECC 256 and 386 are supported. Its the NEO that
is not following the standards. (Also the NIST standards don't allow end users to change
their card  so its the certificates on the card that really define what the card can do.)

Sorry for the long reply, but I got on a roll...

Any Yubico people want to reply?

>
>
>     I might send for an NFC reader and have a play with it. It looks like
>     the PN533 is the best one to get, isn't it?
>
>
> pn5333 is the actual chip, and it is really good. But you're probably going to want to buy
> something that uses it and implements a USB ccid interface, like the ACR-122U. I have had
> very good results with that reader, especially with testing Host Card Emulation on Android.
>
>
>     --
>     dwmw2
>
>
>     ------------------------------------------------------------------------------
>     Dive into the World of Parallel Programming. The Go Parallel Website,
>     sponsored by Intel and developed in partnership with Slashdot Media, is your
>     hub for all things parallel software development, from weekly thought
>     leadership blogs to news, videos, case studies, tutorials and more. Take a
>     look and join the conversation now. http://goparallel.sourceforge.net/
>     _______________________________________________
>     Opensc-devel mailing list
>     [hidden email] <mailto:[hidden email]>
>     https://lists.sourceforge.net/lists/listinfo/opensc-devel
>
>
>
>
> --
> Respectfully,
>
> William C Roberts
>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Seeking recommendation of any NFC compliant smart card reader

Linda Yu
Thanks everyone for sharing your knowledge and experience. Much appreciated! I am new to NFC and smart cards.

Probably, I should tell you a little bit about the project I am working on. We are adding Bluetooth to our device and trying to do Bluetooth pairing via NFC. My first step is to develop a demo application on PC (Ubuntu 14.04 LTS). Try to write a Bluetooth address to a NFC compliant smart card and have it read back. The Bluetooth application will take over from here.

I am not concerned about the security at this point since it's a demo. I hope to find a NFC compliant smart card that is easy to be unlocked and written to. If you have any other reader to recommend, it would be great as well. Currently, I have a Motorola Boom 89605N Headset with an integrated PIV (NIST SP 800-73 according to Windows device manager).

I am still digesting all information here.
Reply | Threaded
Open this post in threaded view
|

Re: Seeking recommendation of any NFC compliant smart card reader

William Roberts


On Jan 30, 2015 7:37 AM, "Linda Yu" <[hidden email]> wrote:
>
> Thanks everyone for sharing your knowledge and experience. Much appreciated!
> I am new to NFC and smart cards.
>
> Probably, I should tell you a little bit about the project I am working on.
> We are adding Bluetooth to our device and trying to do Bluetooth pairing via
> NFC.  So can you elaborate here?

If you're doing Bluetooth pairing I'm guessing you're device is a handset or something?

My first step is to develop a demo application on PC (Ubuntu 14.04
> LTS). Try to write a Bluetooth address to a NFC compliant smart card and
> have it read back. The Bluetooth application will take over from here.

If you're trying to auto pair a handset via NFC, this is probably the most complicated approach. I would reload the pn533 driver and use libnfc and a high level binding, like for python. No need to deal with SC abstractions for this.

>
> I am not concerned about the security at this point since it's a demo. I
> hope to find a NFC compliant smart card that is easy to be unlocked and
> written to. If you have any other reader to recommend, it would be great as
> well. Currently, I have a Motorola Boom 89605N Headset with an integrated
> PIV (NIST SP 800-73 according to Windows device manager).
>
> I am still digesting all information here.
>
>
>
> --
> View this message in context: http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15106.html
> Sent from the Developer mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

RE: Seeking recommendation of any NFC compliant smart card reader

Linda Yu


On Jan 30, 2015 7:37 AM, "Linda Yu" <[hidden email]> wrote:
>
> Thanks everyone for sharing your knowledge and experience. Much appreciated!
> I am new to NFC and smart cards.
>
> Probably, I should tell you a little bit about the project I am working on.
> We are adding Bluetooth to our device and trying to do Bluetooth pairing via
> NFC.  So can you elaborate here?

If you're doing Bluetooth pairing I'm guessing you're device is a handset or something?

Our target device will be a medical tablet with Bluetooth and NFC modules. Our demo and simulation platform is PC/Linux.

My first step is to develop a demo application on PC (Ubuntu 14.04
> LTS). Try to write a Bluetooth address to a NFC compliant smart card and
> have it read back. The Bluetooth application will take over from here.

If you're trying to auto pair a handset via NFC, this is probably the most complicated approach. I would reload the pn533 driver and use libnfc and a high level binding, like for python. No need to deal with SC abstractions for this.

I use Qt/C++ for application development. You meant I don’t need to deal with unlocking the card etc if I use libnfc? I did see there is the libnfc community there. Thanks!

>
> I am not concerned about the security at this point since it's a demo. I
> hope to find a NFC compliant smart card that is easy to be unlocked and
> written to. If you have any other reader to recommend, it would be great as
> well. Currently, I have a Motorola Boom 89605N Headset with an integrated
> PIV (NIST SP 800-73 according to Windows device manager).
>
> I am still digesting all information here.
>
>
>
> --
> View this message in context: http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15106.html
> Sent from the Developer mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel


If you reply to this email, your message will be added to the discussion below:

http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15107.html

To unsubscribe from Seeking recommendation of any NFC compliant smart card reader, click here.
NAML

Reply | Threaded
Open this post in threaded view
|

Re: Seeking recommendation of any NFC compliant smart card reader

Andreas Schwier (ML)
In reply to this post by Linda Yu
Hi Linda,

you could also try SmartCard-HSM [1] cards which are available in a
Dual-Interface version. The card can be used over the contact or
contactless interface (ISO 14443/NFC) and you can use OpenSC to get
access to data elements and keys.

Cards are available in small quantities at [2].

Andreas

[1] www.smartcard-hsm.com
[2] http://www.cardomatic.de/SmartCard-HSM/en


On 01/30/2015 04:36 PM, Linda Yu wrote:

> Thanks everyone for sharing your knowledge and experience. Much appreciated!
> I am new to NFC and smart cards.
>
> Probably, I should tell you a little bit about the project I am working on.
> We are adding Bluetooth to our device and trying to do Bluetooth pairing via
> NFC. My first step is to develop a demo application on PC (Ubuntu 14.04
> LTS). Try to write a Bluetooth address to a NFC compliant smart card and
> have it read back. The Bluetooth application will take over from here.
>
> I am not concerned about the security at this point since it's a demo. I
> hope to find a NFC compliant smart card that is easy to be unlocked and
> written to. If you have any other reader to recommend, it would be great as
> well. Currently, I have a Motorola Boom 89605N Headset with an integrated
> PIV (NIST SP 800-73 according to Windows device manager).
>
> I am still digesting all information here.
>
>
>
> --
> View this message in context: http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15106.html
> Sent from the Developer mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org
                 http://www.smartcard-hsm.com


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Seeking recommendation of any NFC compliant smart card reader

Douglas E Engert
In reply to this post by Linda Yu


On 1/30/2015 9:36 AM, Linda Yu wrote:
> Thanks everyone for sharing your knowledge and experience. Much appreciated!
> I am new to NFC and smart cards.
>
> Probably, I should tell you a little bit about the project I am working on.
> We are adding Bluetooth to our device and trying to do Bluetooth pairing via
> NFC. My first step is to develop a demo application on PC (Ubuntu 14.04
> LTS). Try to write a Bluetooth address to a NFC compliant smart card and
> have it read back. The Bluetooth application will take over from here.

The PIV card may not be for you. I don't know what you mean by
"write a Bluetooth address to a NFC compliant smart card"
The PIV a a specific set of objects, consisting of certificates, private keys,
fingerprints, iris images, facial images, and other associated ID type stuff.
These can be used for physical access, like door locks, to login/web server
login, email signnature and data encryption.


If you goal is to use a gov issued PIV card with a mobile device.
This has been a goal for a long time, and there are blue tooth readers that
you ware around your neck and insert your PIV badge. There are iPhone and Android
drivers to uses these with a PIV card. Its very clunky...

NIST has recognized the problems of using the FIPS 201 infrastructure with mobile
devices and the restriction of no pins over NFC and are addressing this in two ways:

      http://csrc.nist.gov/publications/PubsSPs.html#800-73-4

   NIST 800-73-4 (draft) as I said in previous note, adds secure messaging to the
   NFC. This would require new cards.

      http://csrc.nist.gov/publications/PubsSPs.html#800-157

   NIST 800-157 defines delegated PIV credentials that can be loaded on the mobile
   device. The device or its TPMS hardware replace the smart card, and are not requires
   to use the ISO card-edge interface at all! I would expect mobile device vendors
   to support this...


>
> I am not concerned about the security at this point since it's a demo. I
> hope to find a NFC compliant smart card that is easy to be unlocked and
> written to.

I have used Oberthur card, but they don't sell in small numbers.

You could also get the NIST set of 16 test cards, with preloaded credentials.

   http://csrc.nist.gov/groups/SNS/piv/testcards.html

I the beta version I have, has some cards from Oberthur and Gemalto. This is a demo
set of cards, and the data is identical from set to set, with the
certs, objects and key listed in the docs. See:


> If you have any other reader to recommend, it would be great as
> well. Currently, I have a Motorola Boom 89605N Headset with an integrated
> PIV (NIST SP 800-73 according to Windows device manager).

That does not sound correct. How would you use the audio device as a smart card???



>
> I am still digesting all information here.
>
>
>
> --
> View this message in context: http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15106.html
> Sent from the Developer mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
> .
>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Seeking recommendation of any NFC compliant smart card reader

William Roberts
In reply to this post by Linda Yu


On Fri, Jan 30, 2015 at 8:01 AM, Linda Yu <[hidden email]> wrote:


On Jan 30, 2015 7:37 AM, "Linda Yu" <[hidden email]> wrote:
>
> Thanks everyone for sharing your knowledge and experience. Much appreciated!
> I am new to NFC and smart cards.
>
> Probably, I should tell you a little bit about the project I am working on.
> We are adding Bluetooth to our device and trying to do Bluetooth pairing via
> NFC.  So can you elaborate here?

If you're doing Bluetooth pairing I'm guessing you're device is a handset or something?

Our target device will be a medical tablet with Bluetooth and NFC modules. Our demo and simulation platform is PC/Linux.

My first step is to develop a demo application on PC (Ubuntu 14.04
> LTS). Try to write a Bluetooth address to a NFC compliant smart card and
> have it read back. The Bluetooth application will take over from here.

If you're trying to auto pair a handset via NFC, this is probably the most complicated approach. I would reload the pn533 driver and use libnfc and a high level binding, like for python. No need to deal with SC abstractions for this.

I use Qt/C++ for application development. You meant I don’t need to deal with unlocking the card etc if I use libnfc? I did see there is the libnfc community there. Thanks!

Yeah I would just write something on the PC that listens for NFC connections. When it comes in the tablet and pc can exchange the data required for pairing and set it up. IMHO this is a simpler approach than having to implement all the abstractions and data structures required to make for a working smart card, and is analagous to how Android beam and other things work. Take a look at NDEF records, I don't know much about this area of NFC. I would try to prototype something rapidly with Python, rather then C++, usually the raw BT and NFC apis in C are pretty nasty.


Also, if you wanted to avoid NDEF and do APDU's, I am assuming its an Android tablet, you can just use Host Card Emulation. The only, smart cardish thing you'll need to to to get the Android side to work is to issue an ISO 7816-4 SELECT command with an AID You register into Android. This will cause Android to invoke your HostApduService. Once that is invoked you can just exchange custome raw apdus directly. Essentially going this route prevents you from having to write a card driver for OpenSC, and you just send and recv the APDUs directly in your application.

 

>
> I am not concerned about the security at this point since it's a demo. I
> hope to find a NFC compliant smart card that is easy to be unlocked and
> written to. If you have any other reader to recommend, it would be great as
> well. Currently, I have a Motorola Boom 89605N Headset with an integrated
> PIV (NIST SP 800-73 according to Windows device manager).
>
> I am still digesting all information here.
>
>
>
> --
> View this message in context: http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15106.html
> Sent from the Developer mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel


If you reply to this email, your message will be added to the discussion below:

http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15107.html

To unsubscribe from Seeking recommendation of any NFC compliant smart card reader, click here.
NAML



View this message in context: RE: Seeking recommendation of any NFC compliant smart card reader

Sent from the Developer mailing list archive at Nabble.com.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel




--
Respectfully,

William C Roberts


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Seeking recommendation of any NFC compliant smart card reader

Douglas E Engert
Both of you are are doing demos. But you are putting off the security issues of using NFC
with smart cards. Security considerations should be considered up front, even for a demo.


On 1/30/2015 12:43 PM, William Roberts wrote:

>
>
> On Fri, Jan 30, 2015 at 8:01 AM, Linda Yu <[hidden email] <mailto:[hidden email]>> wrote:
>
>
>     On Jan 30, 2015 7:37 AM, "Linda Yu" <[hidden email] <http:///user/SendEmail.jtp?type=node&node=15107&i=0>> wrote:
>     >
>     > Thanks everyone for sharing your knowledge and experience. Much appreciated!
>     > I am new to NFC and smart cards.
>     >
>     > Probably, I should tell you a little bit about the project I am working on.
>     > We are adding Bluetooth to our device and trying to do Bluetooth pairing via
>     > NFC.  So can you elaborate here?____
>
>     If you're doing Bluetooth pairing I'm guessing you're device is a handset or something?____
>
>     Our target device will be a medical tablet with Bluetooth and NFC modules. Our demo and simulation platform is PC/Linux.____
>
>     My first step is to develop a demo application on PC (Ubuntu 14.04
>     > LTS). Try to write a Bluetooth address to a NFC compliant smart card and
>     > have it read back. The Bluetooth application will take over from here.____
>
>     If you're trying to auto pair a handset via NFC, this is probably the most complicated approach. I would reload the pn533 driver and use libnfc and a high level binding, like for python. No need
>     to deal with SC abstractions for this.____
>
>     I use Qt/C++ for application development. You meant I don’t need to deal with unlocking the card etc if I use libnfc? I did see there is the libnfc community there. Thanks!
>
> Yeah I would just write something on the PC that listens for NFC connections. When it comes in the tablet and pc can exchange the data required for pairing and set it up. IMHO this is a simpler
> approach than having to implement all the abstractions and data structures required to make for a working smart card, and is analagous to how Android beam and other things work. Take a look at NDEF
> records, I don't know much about this area of NFC. I would try to prototype something rapidly with Python, rather then C++, usually the raw BT and NFC apis in C are pretty nasty.
>
> https://nfcpy.readthedocs.org/en/latest/
>
> Also, if you wanted to avoid NDEF and do APDU's, I am assuming its an Android tablet, you can just use Host Card Emulation. The only, smart cardish thing you'll need to to to get the Android side to
> work is to issue an ISO 7816-4 SELECT command with an AID You register into Android. This will cause Android to invoke your HostApduService. Once that is invoked you can just exchange custome raw
> apdus directly. Essentially going this route prevents you from having to write a card driver for OpenSC, and you just send and recv the APDUs directly in your application.
>
>     ____
>
>     >
>     > I am not concerned about the security at this point since it's a demo. I
>     > hope to find a NFC compliant smart card that is easy to be unlocked and
>     > written to. If you have any other reader to recommend, it would be great as
>     > well. Currently, I have a Motorola Boom 89605N Headset with an integrated
>     > PIV (NIST SP 800-73 according to Windows device manager).
>     >
>     > I am still digesting all information here.
>     >
>     >
>     >
>     > --
>     > View this message in context:http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15106.html
>     > Sent from the Developer mailing list archive at Nabble.com.
>     >
>     > ------------------------------------------------------------------------------
>     > Dive into the World of Parallel Programming. The Go Parallel Website,
>     > sponsored by Intel and developed in partnership with Slashdot Media, is your
>     > hub for all things parallel software development, from weekly thought
>     > leadership blogs to news, videos, case studies, tutorials and more. Take a
>     > look and join the conversation now.http://goparallel.sourceforge.net/
>     > _______________________________________________
>     > Opensc-devel mailing list
>      > [hidden email] <http:///user/SendEmail.jtp?type=node&node=15107&i=1>
>      > https://lists.sourceforge.net/lists/listinfo/opensc-devel____
>
>
>     ------------------------------------------------------------------------------
>     Dive into the World of Parallel Programming. The Go Parallel Website,
>     sponsored by Intel and developed in partnership with Slashdot Media, is your
>     hub for all things parallel software development, from weekly thought
>     leadership blogs to news, videos, case studies, tutorials and more. Take a
>     look and join the conversation now. http://goparallel.sourceforge.net/
>     _______________________________________________
>     Opensc-devel mailing list
>     [hidden email] <http:///user/SendEmail.jtp?type=node&node=15107&i=2>
>     https://lists.sourceforge.net/lists/listinfo/opensc-devel
>
>     ____
>
>     --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>     *If you reply to this email, your message will be added to the discussion below:____*
>
>     http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15107.html ____
>
>     To unsubscribe from Seeking recommendation of any NFC compliant smart card reader, click here.
>     NAML
>     <http://opensc.1086184.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>     ____
>
>
>     --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>     View this message in context: RE: Seeking recommendation of any NFC compliant smart card reader
>     <http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15108.html>
>
>     Sent from the Developer mailing list archive <http://opensc.1086184.n5.nabble.com/Developer-f3.html> at Nabble.com.
>
>     ------------------------------------------------------------------------------
>     Dive into the World of Parallel Programming. The Go Parallel Website,
>     sponsored by Intel and developed in partnership with Slashdot Media, is your
>     hub for all things parallel software development, from weekly thought
>     leadership blogs to news, videos, case studies, tutorials and more. Take a
>     look and join the conversation now. http://goparallel.sourceforge.net/
>     _______________________________________________
>     Opensc-devel mailing list
>     [hidden email] <mailto:[hidden email]>
>     https://lists.sourceforge.net/lists/listinfo/opensc-devel
>
>
>
>
> --
> Respectfully,
>
> William C Roberts
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net/
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Seeking recommendation of any NFC compliant smart card reader

William Roberts


On Fri, Jan 30, 2015 at 11:02 AM, Douglas E Engert <[hidden email]> wrote:
Both of you are are doing demos. But you are putting off the security issues of using NFC
with smart cards. Security considerations should be considered up front, even for a demo.

So for me, I am stuck within the confines of the PIV card edge, but for Linda's situation, I don't think she needs much. She can just
set up session keys as described in the 4th edition draft, which is really just a 0 key protocol as described by Opacity (No Forward Secrecy). Once an encrypted
session is set up then the transmission of the BT pairing pins can be sent. Linda would additional want to require a users consent to actually do the automatic pairing,
so rouge "taps" don't result in pairing with a rogue machine. 

As far as my case, for more CIV uses of the card, NFC is fine for the whole protocol. NFC only has a working range of 4 -10cm unless you get a ridiculous
piece of hardware that can read it from 30+ft, however, if someone is in your office building with that, you probably have bigger problems. Although normal
NFC traffic is plain-text, its difficult to snoop. While the federal government deems that for their uses of PIV and their threat models, NFC is too easy to snoop.
For a SMB or even large enterprise, they might deem it's difficulty to capture is sufficient. Even cables emit electromagnetic fields that can be read at very very
short distances... again level of paranoia.

So how does that guy get into you're office building with the crazy hardware? Consider the amount of door reader systems in place in business's that use the
14443 UID as the identifier to let the individual in. No second factor authentication, and are trivial to spoof. You can buy a 30 dollar reader writer from Amazon
that does it. I did a demo at work where I was able to clone a dozen employee cards without them knowing. Just get close, zap it, and walk away. Go back and
 make a clone.



On 1/30/2015 12:43 PM, William Roberts wrote:


On Fri, Jan 30, 2015 at 8:01 AM, Linda Yu <[hidden email] <mailto:[hidden email]>> wrote:


    On Jan 30, 2015 7:37 AM, "Linda Yu" <[hidden email] <http:///user/SendEmail.jtp?type=node&node=15107&i=0>> wrote:
    >
    > Thanks everyone for sharing your knowledge and experience. Much appreciated!
    > I am new to NFC and smart cards.
    >
    > Probably, I should tell you a little bit about the project I am working on.
    > We are adding Bluetooth to our device and trying to do Bluetooth pairing via
    > NFC.  So can you elaborate here?____

    If you're doing Bluetooth pairing I'm guessing you're device is a handset or something?____

    Our target device will be a medical tablet with Bluetooth and NFC modules. Our demo and simulation platform is PC/Linux.____

    My first step is to develop a demo application on PC (Ubuntu 14.04
    > LTS). Try to write a Bluetooth address to a NFC compliant smart card and
    > have it read back. The Bluetooth application will take over from here.____

    If you're trying to auto pair a handset via NFC, this is probably the most complicated approach. I would reload the pn533 driver and use libnfc and a high level binding, like for python. No need
    to deal with SC abstractions for this.____

    I use Qt/C++ for application development. You meant I don’t need to deal with unlocking the card etc if I use libnfc? I did see there is the libnfc community there. Thanks!

Yeah I would just write something on the PC that listens for NFC connections. When it comes in the tablet and pc can exchange the data required for pairing and set it up. IMHO this is a simpler
approach than having to implement all the abstractions and data structures required to make for a working smart card, and is analagous to how Android beam and other things work. Take a look at NDEF
records, I don't know much about this area of NFC. I would try to prototype something rapidly with Python, rather then C++, usually the raw BT and NFC apis in C are pretty nasty.

https://nfcpy.readthedocs.org/en/latest/

Also, if you wanted to avoid NDEF and do APDU's, I am assuming its an Android tablet, you can just use Host Card Emulation. The only, smart cardish thing you'll need to to to get the Android side to
work is to issue an ISO 7816-4 SELECT command with an AID You register into Android. This will cause Android to invoke your HostApduService. Once that is invoked you can just exchange custome raw
apdus directly. Essentially going this route prevents you from having to write a card driver for OpenSC, and you just send and recv the APDUs directly in your application.

    ____

    >
    > I am not concerned about the security at this point since it's a demo. I
    > hope to find a NFC compliant smart card that is easy to be unlocked and
    > written to. If you have any other reader to recommend, it would be great as
    > well. Currently, I have a Motorola Boom 89605N Headset with an integrated
    > PIV (NIST SP 800-73 according to Windows device manager).
    >
    > I am still digesting all information here.
    >
    >
    >
    > --
    > View this message in context:http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15106.html
    > Sent from the Developer mailing list archive at Nabble.com.
    >
    > ------------------------------------------------------------------------------
    > Dive into the World of Parallel Programming. The Go Parallel Website,
    > sponsored by Intel and developed in partnership with Slashdot Media, is your
    > hub for all things parallel software development, from weekly thought
    > leadership blogs to news, videos, case studies, tutorials and more. Take a
    > look and join the conversation now.http://goparallel.sourceforge.net/
    > _______________________________________________
    > Opensc-devel mailing list
     > [hidden email] <http:///user/SendEmail.jtp?type=node&node=15107&i=1>
     > https://lists.sourceforge.net/lists/listinfo/opensc-devel____


    ------------------------------------------------------------------------------
    Dive into the World of Parallel Programming. The Go Parallel Website,
    sponsored by Intel and developed in partnership with Slashdot Media, is your
    hub for all things parallel software development, from weekly thought
    leadership blogs to news, videos, case studies, tutorials and more. Take a
    look and join the conversation now. http://goparallel.sourceforge.net/
    _______________________________________________
    Opensc-devel mailing list
    [hidden email] <http:///user/SendEmail.jtp?type=node&node=15107&i=2>
    https://lists.sourceforge.net/lists/listinfo/opensc-devel

    ____

    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    *If you reply to this email, your message will be added to the discussion below:____*

    http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15107.html ____

    To unsubscribe from Seeking recommendation of any NFC compliant smart card reader, click here.
    NAML
    <http://opensc.1086184.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
    ____


    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    View this message in context: RE: Seeking recommendation of any NFC compliant smart card reader
    <http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15108.html>

    Sent from the Developer mailing list archive <http://opensc.1086184.n5.nabble.com/Developer-f3.html> at Nabble.com.

    ------------------------------------------------------------------------------
    Dive into the World of Parallel Programming. The Go Parallel Website,
    sponsored by Intel and developed in partnership with Slashdot Media, is your
    hub for all things parallel software development, from weekly thought
    leadership blogs to news, videos, case studies, tutorials and more. Take a
    look and join the conversation now. http://goparallel.sourceforge.net/
    _______________________________________________
    Opensc-devel mailing list
    [hidden email] <mailto:[hidden email]>
    https://lists.sourceforge.net/lists/listinfo/opensc-devel




--
Respectfully,

William C Roberts



------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/



_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel


--

 Douglas E. Engert  <[hidden email]>




--
Respectfully,

William C Roberts


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Seeking recommendation of any NFC compliant smart card reader

Linda Yu

I’ll look closely at libnfc and the security. Thanks again everyone for the help.

 

 

On Fri, Jan 30, 2015 at 11:02 AM, Douglas E Engert <[hidden email]> wrote:

Both of you are are doing demos. But you are putting off the security issues of using NFC
with smart cards. Security considerations should be considered up front, even for a demo.

 

So for me, I am stuck within the confines of the PIV card edge, but for Linda's situation, I don't think she needs much. She can just

set up session keys as described in the 4th edition draft, which is really just a 0 key protocol as described by Opacity (No Forward Secrecy). Once an encrypted

session is set up then the transmission of the BT pairing pins can be sent. Linda would additional want to require a users consent to actually do the automatic pairing,

so rouge "taps" don't result in pairing with a rogue machine. 

 

As far as my case, for more CIV uses of the card, NFC is fine for the whole protocol. NFC only has a working range of 4 -10cm unless you get a ridiculous

piece of hardware that can read it from 30+ft, however, if someone is in your office building with that, you probably have bigger problems. Although normal

NFC traffic is plain-text, its difficult to snoop. While the federal government deems that for their uses of PIV and their threat models, NFC is too easy to snoop.

For a SMB or even large enterprise, they might deem it's difficulty to capture is sufficient. Even cables emit electromagnetic fields that can be read at very very

short distances... again level of paranoia.

 

So how does that guy get into you're office building with the crazy hardware? Consider the amount of door reader systems in place in business's that use the

14443 UID as the identifier to let the individual in. No second factor authentication, and are trivial to spoof. You can buy a 30 dollar reader writer from Amazon

that does it. I did a demo at work where I was able to clone a dozen employee cards without them knowing. Just get close, zap it, and walk away. Go back and

 make a clone.

 



On 1/30/2015 12:43 PM, William Roberts wrote:



On Fri, Jan 30, 2015 at 8:01 AM, Linda Yu <[hidden email] <mailto:[hidden email]>> wrote:


    On Jan 30, 2015 7:37 AM, "Linda Yu" <[hidden email] <http:///user/SendEmail.jtp?type=node&node=15107&i=0>> wrote:
    >
    > Thanks everyone for sharing your knowledge and experience. Much appreciated!
    > I am new to NFC and smart cards.
    >
    > Probably, I should tell you a little bit about the project I am working on.
    > We are adding Bluetooth to our device and trying to do Bluetooth pairing via
    > NFC.  So can you elaborate here?____

    If you're doing Bluetooth pairing I'm guessing you're device is a handset or something?____

    Our target device will be a medical tablet with Bluetooth and NFC modules. Our demo and simulation platform is PC/Linux.____

    My first step is to develop a demo application on PC (Ubuntu 14.04
    > LTS). Try to write a Bluetooth address to a NFC compliant smart card and
    > have it read back. The Bluetooth application will take over from here.____

    If you're trying to auto pair a handset via NFC, this is probably the most complicated approach. I would reload the pn533 driver and use libnfc and a high level binding, like for python. No need
    to deal with SC abstractions for this.____

    I use Qt/C++ for application development. You meant I don’t need to deal with unlocking the card etc if I use libnfc? I did see there is the libnfc community there. Thanks!

Yeah I would just write something on the PC that listens for NFC connections. When it comes in the tablet and pc can exchange the data required for pairing and set it up. IMHO this is a simpler
approach than having to implement all the abstractions and data structures required to make for a working smart card, and is analagous to how Android beam and other things work. Take a look at NDEF
records, I don't know much about this area of NFC. I would try to prototype something rapidly with Python, rather then C++, usually the raw BT and NFC apis in C are pretty nasty.

https://nfcpy.readthedocs.org/en/latest/

Also, if you wanted to avoid NDEF and do APDU's, I am assuming its an Android tablet, you can just use Host Card Emulation. The only, smart cardish thing you'll need to to to get the Android side to
work is to issue an ISO 7816-4 SELECT command with an AID You register into Android. This will cause Android to invoke your HostApduService. Once that is invoked you can just exchange custome raw
apdus directly. Essentially going this route prevents you from having to write a card driver for OpenSC, and you just send and recv the APDUs directly in your application.

    ____

    >
    > I am not concerned about the security at this point since it's a demo. I
    > hope to find a NFC compliant smart card that is easy to be unlocked and
    > written to. If you have any other reader to recommend, it would be great as
    > well. Currently, I have a Motorola Boom 89605N Headset with an integrated
    > PIV (NIST SP 800-73 according to Windows device manager).
    >
    > I am still digesting all information here.
    >
    >
    >
    > --
    > View this message in context:http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15106.html
    > Sent from the Developer mailing list archive at Nabble.com.
    >
    > ------------------------------------------------------------------------------
    > Dive into the World of Parallel Programming. The Go Parallel Website,
    > sponsored by Intel and developed in partnership with Slashdot Media, is your
    > hub for all things parallel software development, from weekly thought
    > leadership blogs to news, videos, case studies, tutorials and more. Take a
    > look and join the conversation now.http://goparallel.sourceforge.net/
    > _______________________________________________
    > Opensc-devel mailing list
     > [hidden email] <http:///user/SendEmail.jtp?type=node&node=15107&i=1>
     > https://lists.sourceforge.net/lists/listinfo/opensc-devel____


    ------------------------------------------------------------------------------
    Dive into the World of Parallel Programming. The Go Parallel Website,
    sponsored by Intel and developed in partnership with Slashdot Media, is your
    hub for all things parallel software development, from weekly thought
    leadership blogs to news, videos, case studies, tutorials and more. Take a
    look and join the conversation now. http://goparallel.sourceforge.net/
    _______________________________________________
    Opensc-devel mailing list
    [hidden email] <http:///user/SendEmail.jtp?type=node&node=15107&i=2>
    https://lists.sourceforge.net/lists/listinfo/opensc-devel

    ____

    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    *If you reply to this email, your message will be added to the discussion below:____*

    http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15107.html ____

    To unsubscribe from Seeking recommendation of any NFC compliant smart card reader, click here.
    NAML
    <http://opensc.1086184.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
    ____


    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    View this message in context: RE: Seeking recommendation of any NFC compliant smart card reader
    <http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15108.html>

    Sent from the Developer mailing list archive <http://opensc.1086184.n5.nabble.com/Developer-f3.html> at Nabble.com.

    ------------------------------------------------------------------------------
    Dive into the World of Parallel Programming. The Go Parallel Website,
    sponsored by Intel and developed in partnership with Slashdot Media, is your
    hub for all things parallel software development, from weekly thought
    leadership blogs to news, videos, case studies, tutorials and more. Take a
    look and join the conversation now. http://goparallel.sourceforge.net/
    _______________________________________________
    Opensc-devel mailing list
    [hidden email] <mailto:[hidden email]>
    https://lists.sourceforge.net/lists/listinfo/opensc-devel




--
Respectfully,

William C Roberts



------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/



_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel


--

 Douglas E. Engert  <[hidden email]>



 

--

Respectfully,

William C Roberts


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Seeking recommendation of any NFC compliant smart card reader

Douglas E Engert
In reply to this post by William Roberts


On 1/30/2015 1:25 PM, William Roberts wrote:

>
>
> On Fri, Jan 30, 2015 at 11:02 AM, Douglas E Engert <[hidden email] <mailto:[hidden email]>> wrote:
>
>     Both of you are are doing demos. But you are putting off the security issues of using NFC
>     with smart cards. Security considerations should be considered up front, even for a demo.
>
>
> So for me, I am stuck within the confines of the PIV card edge, but for Linda's situation, I don't think she needs much. She can just
> set up session keys as described in the 4th edition draft, which is really just a 0 key protocol as described by Opacity (No Forward Secrecy). Once an encrypted
> session is set up then the transmission of the BT pairing pins can be sent. Linda would additional want to require a users consent to actually do the automatic pairing,
> so rouge "taps" don't result in pairing with a rogue machine.
>
> As far as my case, for more CIV uses of the card, NFC is fine for the whole protocol. NFC only has a working range of 4 -10cm unless you get a ridiculous
> piece of hardware that can read it from 30+ft, however, if someone is in your office building with that, you probably have bigger problems. Although normal
> NFC traffic is plain-text, its difficult to snoop. While the federal government deems that for their uses of PIV and their threat models, NFC is too easy to snoop.
> For a SMB or even large enterprise, they might deem it's difficulty to capture is sufficient. Even cables emit electromagnetic fields that can be read at very very
> short distances... again level of paranoia.
>
> So how does that guy get into you're office building with the crazy hardware? Consider the amount of door reader systems in place in business's that use the
> 14443 UID as the identifier to let the individual in. No second factor authentication, and are trivial to spoof. You can buy a 30 dollar reader writer from Amazon
> that does it. I did a demo at work where I was able to clone a dozen employee cards without them knowing. Just get close, zap it, and walk away. Go back and
>   make a clone.

They don't have to get in, just get close to you, like an elevator in a hotel when you badge is in your wallet.
That why we had to keep the card in a metal backed badge holder.

But if you start trying to use your card over NFC to your phone in some public place, then some one close could try
and snoop the card. The NIST standards are written to be paranoia...

>
>
>
>     On 1/30/2015 12:43 PM, William Roberts wrote:
>
>
>
>         On Fri, Jan 30, 2015 at 8:01 AM, Linda Yu <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>__> wrote:
>
>
>              On Jan 30, 2015 7:37 AM, "Linda Yu" <[hidden email] <http:///user/SendEmail.jtp?__type=node&node=15107&i=0>> wrote:
>              >
>              > Thanks everyone for sharing your knowledge and experience. Much appreciated!
>              > I am new to NFC and smart cards.
>              >
>              > Probably, I should tell you a little bit about the project I am working on.
>              > We are adding Bluetooth to our device and trying to do Bluetooth pairing via
>              > NFC.  So can you elaborate here?____
>
>              If you're doing Bluetooth pairing I'm guessing you're device is a handset or something?____
>
>              Our target device will be a medical tablet with Bluetooth and NFC modules. Our demo and simulation platform is PC/Linux.____
>
>              My first step is to develop a demo application on PC (Ubuntu 14.04
>              > LTS). Try to write a Bluetooth address to a NFC compliant smart card and
>              > have it read back. The Bluetooth application will take over from here.____
>
>              If you're trying to auto pair a handset via NFC, this is probably the most complicated approach. I would reload the pn533 driver and use libnfc and a high level binding, like for python.
>         No need
>              to deal with SC abstractions for this.____
>
>              I use Qt/C++ for application development. You meant I don’t need to deal with unlocking the card etc if I use libnfc? I did see there is the libnfc community there. Thanks!
>
>         Yeah I would just write something on the PC that listens for NFC connections. When it comes in the tablet and pc can exchange the data required for pairing and set it up. IMHO this is a simpler
>         approach than having to implement all the abstractions and data structures required to make for a working smart card, and is analagous to how Android beam and other things work. Take a look at
>         NDEF
>         records, I don't know much about this area of NFC. I would try to prototype something rapidly with Python, rather then C++, usually the raw BT and NFC apis in C are pretty nasty.
>
>         https://nfcpy.readthedocs.org/__en/latest/ <https://nfcpy.readthedocs.org/en/latest/>
>
>         Also, if you wanted to avoid NDEF and do APDU's, I am assuming its an Android tablet, you can just use Host Card Emulation. The only, smart cardish thing you'll need to to to get the Android
>         side to
>         work is to issue an ISO 7816-4 SELECT command with an AID You register into Android. This will cause Android to invoke your HostApduService. Once that is invoked you can just exchange custome raw
>         apdus directly. Essentially going this route prevents you from having to write a card driver for OpenSC, and you just send and recv the APDUs directly in your application.
>
>              ____
>
>              >
>              > I am not concerned about the security at this point since it's a demo. I
>              > hope to find a NFC compliant smart card that is easy to be unlocked and
>              > written to. If you have any other reader to recommend, it would be great as
>              > well. Currently, I have a Motorola Boom 89605N Headset with an integrated
>              > PIV (NIST SP 800-73 according to Windows device manager).
>              >
>              > I am still digesting all information here.
>              >
>              >
>              >
>              > --
>              > View this message in context:http://opensc.1086184.__n5.nabble.com/Seeking-__recommendation-of-any-NFC-__compliant-smart-card-reader-__tp15093p15106.html
>         <http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15106.html>
>              > Sent from the Developer mailing list archive at Nabble.com.
>              >
>              > ------------------------------__------------------------------__------------------
>              > Dive into the World of Parallel Programming. The Go Parallel Website,
>              > sponsored by Intel and developed in partnership with Slashdot Media, is your
>              > hub for all things parallel software development, from weekly thought
>              > leadership blogs to news, videos, case studies, tutorials and more. Take a
>              > look and join the conversation now.http://goparallel.__sourceforge.net/ <http://goparallel.sourceforge.net/>
>              > _________________________________________________
>              > Opensc-devel mailing list
>               > [hidden email] <http:///user/SendEmail.jtp?__type=node&node=15107&i=1>
>               > https://lists.sourceforge.net/__lists/listinfo/opensc-devel______ <https://lists.sourceforge.net/lists/listinfo/opensc-devel____>
>
>
>              ------------------------------__------------------------------__------------------
>              Dive into the World of Parallel Programming. The Go Parallel Website,
>              sponsored by Intel and developed in partnership with Slashdot Media, is your
>              hub for all things parallel software development, from weekly thought
>              leadership blogs to news, videos, case studies, tutorials and more. Take a
>              look and join the conversation now. http://goparallel.sourceforge.__net/ <http://goparallel.sourceforge.net/>
>              _________________________________________________
>              Opensc-devel mailing list
>              [hidden email] <http:///user/SendEmail.jtp?__type=node&node=15107&i=2>
>         https://lists.sourceforge.net/__lists/listinfo/opensc-devel <https://lists.sourceforge.net/lists/listinfo/opensc-devel>
>
>              ____
>
>
>         ------------------------------__------------------------------__------------------------------__------------------------------__------------------------------__------------------------------__--------------------
>
>              *If you reply to this email, your message will be added to the discussion below:____*
>
>         http://opensc.1086184.n5.__nabble.com/Seeking-__recommendation-of-any-NFC-__compliant-smart-card-reader-__tp15093p15107.html
>         <http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15107.html> ____
>
>              To unsubscribe from Seeking recommendation of any NFC compliant smart card reader, click here.
>              NAML
>
>         <<a href="http://opensc.1086184.n5.__nabble.com/template/__NamlServlet.jtp?macro=macro___viewer&id=instant_html%__21nabble%3Aemail.naml&base=__nabble.naml.namespaces.__BasicNamespace-nabble.view.__web.template.NabbleNamespace-__nabble.view.web.template.__NodeNamespace&breadcrumbs=__notify_subscribers%21nabble%__3Aemail.naml-instant_emails%__21nabble%3Aemail.naml-send___instant_email%21nabble%__3Aemail.naml">http://opensc.1086184.n5.__nabble.com/template/__NamlServlet.jtp?macro=macro___viewer&id=instant_html%__21nabble%3Aemail.naml&base=__nabble.naml.namespaces.__BasicNamespace-nabble.view.__web.template.NabbleNamespace-__nabble.view.web.template.__NodeNamespace&breadcrumbs=__notify_subscribers%21nabble%__3Aemail.naml-instant_emails%__21nabble%3Aemail.naml-send___instant_email%21nabble%__3Aemail.naml
>         <http://opensc.1086184.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>>
>              ____
>
>
>
>         ------------------------------__------------------------------__------------------------------__------------------------------__------------------------------__------------------------------__--------------------
>              View this message in context: RE: Seeking recommendation of any NFC compliant smart card reader
>              <http://opensc.1086184.n5.__nabble.com/Seeking-__recommendation-of-any-NFC-__compliant-smart-card-reader-__tp15093p15108.html
>         <http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15108.html>>
>
>              Sent from the Developer mailing list archive <http://opensc.1086184.n5.__nabble.com/Developer-f3.html <http://opensc.1086184.n5.nabble.com/Developer-f3.html>> at Nabble.com.
>
>              ------------------------------__------------------------------__------------------
>              Dive into the World of Parallel Programming. The Go Parallel Website,
>              sponsored by Intel and developed in partnership with Slashdot Media, is your
>              hub for all things parallel software development, from weekly thought
>              leadership blogs to news, videos, case studies, tutorials and more. Take a
>              look and join the conversation now. http://goparallel.sourceforge.__net/ <http://goparallel.sourceforge.net/>
>              _________________________________________________
>              Opensc-devel mailing list
>         [hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>
>         https://lists.sourceforge.net/__lists/listinfo/opensc-devel <https://lists.sourceforge.net/lists/listinfo/opensc-devel>
>
>
>
>
>         --
>         Respectfully,
>
>         William C Roberts
>
>
>
>         ------------------------------__------------------------------__------------------
>         Dive into the World of Parallel Programming. The Go Parallel Website,
>         sponsored by Intel and developed in partnership with Slashdot Media, is your
>         hub for all things parallel software development, from weekly thought
>         leadership blogs to news, videos, case studies, tutorials and more. Take a
>         look and join the conversation now. http://goparallel.sourceforge.__net/ <http://goparallel.sourceforge.net/>
>
>
>
>         _________________________________________________
>         Opensc-devel mailing list
>         [hidden email] <mailto:[hidden email]>
>         https://lists.sourceforge.net/__lists/listinfo/opensc-devel <https://lists.sourceforge.net/lists/listinfo/opensc-devel>
>
>
>     --
>
>       Douglas E. Engert  <[hidden email] <mailto:[hidden email]>>
>
>
>
>
> --
> Respectfully,
>
> William C Roberts
>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Seeking recommendation of any NFC compliant smart card reader

William Roberts


On Fri, Jan 30, 2015 at 2:31 PM, Douglas E Engert <[hidden email]> wrote:


On 1/30/2015 1:25 PM, William Roberts wrote:


On Fri, Jan 30, 2015 at 11:02 AM, Douglas E Engert <[hidden email] <mailto:[hidden email]>> wrote:

    Both of you are are doing demos. But you are putting off the security issues of using NFC
    with smart cards. Security considerations should be considered up front, even for a demo.


So for me, I am stuck within the confines of the PIV card edge, but for Linda's situation, I don't think she needs much. She can just
set up session keys as described in the 4th edition draft, which is really just a 0 key protocol as described by Opacity (No Forward Secrecy). Once an encrypted
session is set up then the transmission of the BT pairing pins can be sent. Linda would additional want to require a users consent to actually do the automatic pairing,
so rouge "taps" don't result in pairing with a rogue machine.

As far as my case, for more CIV uses of the card, NFC is fine for the whole protocol. NFC only has a working range of 4 -10cm unless you get a ridiculous
piece of hardware that can read it from 30+ft, however, if someone is in your office building with that, you probably have bigger problems. Although normal
NFC traffic is plain-text, its difficult to snoop. While the federal government deems that for their uses of PIV and their threat models, NFC is too easy to snoop.
For a SMB or even large enterprise, they might deem it's difficulty to capture is sufficient. Even cables emit electromagnetic fields that can be read at very very
short distances... again level of paranoia.

So how does that guy get into you're office building with the crazy hardware? Consider the amount of door reader systems in place in business's that use the
14443 UID as the identifier to let the individual in. No second factor authentication, and are trivial to spoof. You can buy a 30 dollar reader writer from Amazon
that does it. I did a demo at work where I was able to clone a dozen employee cards without them knowing. Just get close, zap it, and walk away. Go back and
  make a clone.

They don't have to get in, just get close to you, like an elevator in a hotel when you badge is in your wallet.
That why we had to keep the card in a metal backed badge holder.

So? Read it. Get the public key? Now what? At the end of the day, we only care about the PIN or a Private Key getting leaked.
 

But if you start trying to use your card over NFC to your phone in some public place, then some one close could try
and snoop the card. The NIST standards are written to be paranoia...

Yes their target use is government who has a much more servere threat model than a buisness wishing to deploy a PKI card. At its heart, PIV is a PKI card that
ships with a windows minidriver and has some open standard to it. This is why I like openpgp card myself.

Snooping is still a very hard attack with NFC, and unless I am specifically being targeted, I doubt someone is doing this at Starbucks.

 




    On 1/30/2015 12:43 PM, William Roberts wrote:



        On Fri, Jan 30, 2015 at 8:01 AM, Linda Yu <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>__> wrote:


             On Jan 30, 2015 7:37 AM, "Linda Yu" <[hidden email] <http:///user/SendEmail.jtp?__type=node&node=15107&i=0>> wrote:
             >
             > Thanks everyone for sharing your knowledge and experience. Much appreciated!
             > I am new to NFC and smart cards.
             >
             > Probably, I should tell you a little bit about the project I am working on.
             > We are adding Bluetooth to our device and trying to do Bluetooth pairing via
             > NFC.  So can you elaborate here?____

             If you're doing Bluetooth pairing I'm guessing you're device is a handset or something?____

             Our target device will be a medical tablet with Bluetooth and NFC modules. Our demo and simulation platform is PC/Linux.____

             My first step is to develop a demo application on PC (Ubuntu 14.04
             > LTS). Try to write a Bluetooth address to a NFC compliant smart card and
             > have it read back. The Bluetooth application will take over from here.____

             If you're trying to auto pair a handset via NFC, this is probably the most complicated approach. I would reload the pn533 driver and use libnfc and a high level binding, like for python.
        No need
             to deal with SC abstractions for this.____

             I use Qt/C++ for application development. You meant I don’t need to deal with unlocking the card etc if I use libnfc? I did see there is the libnfc community there. Thanks!

        Yeah I would just write something on the PC that listens for NFC connections. When it comes in the tablet and pc can exchange the data required for pairing and set it up. IMHO this is a simpler
        approach than having to implement all the abstractions and data structures required to make for a working smart card, and is analagous to how Android beam and other things work. Take a look at
        NDEF
        records, I don't know much about this area of NFC. I would try to prototype something rapidly with Python, rather then C++, usually the raw BT and NFC apis in C are pretty nasty.

        https://nfcpy.readthedocs.org/__en/latest/ <https://nfcpy.readthedocs.org/en/latest/>

        Also, if you wanted to avoid NDEF and do APDU's, I am assuming its an Android tablet, you can just use Host Card Emulation. The only, smart cardish thing you'll need to to to get the Android
        side to
        work is to issue an ISO 7816-4 SELECT command with an AID You register into Android. This will cause Android to invoke your HostApduService. Once that is invoked you can just exchange custome raw
        apdus directly. Essentially going this route prevents you from having to write a card driver for OpenSC, and you just send and recv the APDUs directly in your application.

             ____

             >
             > I am not concerned about the security at this point since it's a demo. I
             > hope to find a NFC compliant smart card that is easy to be unlocked and
             > written to. If you have any other reader to recommend, it would be great as
             > well. Currently, I have a Motorola Boom 89605N Headset with an integrated
             > PIV (NIST SP 800-73 according to Windows device manager).
             >
             > I am still digesting all information here.
             >
             >
             >
             > --
             > View this message in context:http://opensc.1086184.__n5.nabble.com/Seeking-__recommendation-of-any-NFC-__compliant-smart-card-reader-__tp15093p15106.html
        <http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15106.html>
             > Sent from the Developer mailing list archive at Nabble.com.
             >
             > ------------------------------__------------------------------__------------------
             > Dive into the World of Parallel Programming. The Go Parallel Website,
             > sponsored by Intel and developed in partnership with Slashdot Media, is your
             > hub for all things parallel software development, from weekly thought
             > leadership blogs to news, videos, case studies, tutorials and more. Take a
             > look and join the conversation now.http://goparallel.__sourceforge.net/ <http://goparallel.sourceforge.net/>
             > _________________________________________________
             > Opensc-devel mailing list
              > [hidden email] <http:///user/SendEmail.jtp?__type=node&node=15107&i=1>
              > https://lists.sourceforge.net/__lists/listinfo/opensc-devel______ <https://lists.sourceforge.net/lists/listinfo/opensc-devel____>


             ------------------------------__------------------------------__------------------
             Dive into the World of Parallel Programming. The Go Parallel Website,
             sponsored by Intel and developed in partnership with Slashdot Media, is your
             hub for all things parallel software development, from weekly thought
             leadership blogs to news, videos, case studies, tutorials and more. Take a
             look and join the conversation now. http://goparallel.sourceforge.__net/ <http://goparallel.sourceforge.net/>
             _________________________________________________
             Opensc-devel mailing list
             [hidden email] <http:///user/SendEmail.jtp?__type=node&node=15107&i=2>
        https://lists.sourceforge.net/__lists/listinfo/opensc-devel <https://lists.sourceforge.net/lists/listinfo/opensc-devel>

             ____


        ------------------------------__------------------------------__------------------------------__------------------------------__------------------------------__------------------------------__--------------------

             *If you reply to this email, your message will be added to the discussion below:____*

        http://opensc.1086184.n5.__nabble.com/Seeking-__recommendation-of-any-NFC-__compliant-smart-card-reader-__tp15093p15107.html
        <http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15107.html> ____

             To unsubscribe from Seeking recommendation of any NFC compliant smart card reader, click here.
             NAML

        <http://opensc.1086184.n5.__<a href="http://nabble.com/template/__NamlServlet.jtp?macro=macro___viewer&amp;id=instant_html%__21nabble%3Aemail.naml&amp;base=__nabble.naml.namespaces.__BasicNamespace-nabble.view.__web.template.NabbleNamespace-__nabble.view.web.template.__NodeNamespace&amp;breadcrumbs=__notify_subscribers%21nabble%__3Aemail.naml-instant_emails%__21nabble%3Aemail.naml-send___instant_email%21nabble%__3Aemail.naml" target="_blank">nabble.com/template/__NamlServlet.jtp?macro=macro___viewer&id=instant_html%__21nabble%3Aemail.naml&base=__nabble.naml.namespaces.__BasicNamespace-nabble.view.__web.template.NabbleNamespace-__nabble.view.web.template.__NodeNamespace&breadcrumbs=__notify_subscribers%21nabble%__3Aemail.naml-instant_emails%__21nabble%3Aemail.naml-send___instant_email%21nabble%__3Aemail.naml
        <http://opensc.1086184.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>>
             ____



        ------------------------------__------------------------------__------------------------------__------------------------------__------------------------------__------------------------------__--------------------
             View this message in context: RE: Seeking recommendation of any NFC compliant smart card reader
             <http://opensc.1086184.n5.__nabble.com/Seeking-__recommendation-of-any-NFC-__compliant-smart-card-reader-__tp15093p15108.html
        <http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15108.html>>

             Sent from the Developer mailing list archive <http://opensc.1086184.n5.__nabble.com/Developer-f3.html <http://opensc.1086184.n5.nabble.com/Developer-f3.html>> at Nabble.com.

             ------------------------------__------------------------------__------------------
             Dive into the World of Parallel Programming. The Go Parallel Website,
             sponsored by Intel and developed in partnership with Slashdot Media, is your
             hub for all things parallel software development, from weekly thought
             leadership blogs to news, videos, case studies, tutorials and more. Take a
             look and join the conversation now. http://goparallel.sourceforge.__net/ <http://goparallel.sourceforge.net/>
             _________________________________________________
             Opensc-devel mailing list
        Opensc-devel@lists.__sourceforge.net <mailto:[hidden email]> <mailto:[hidden email]__sourceforge.net <mailto:[hidden email]>>
        https://lists.sourceforge.net/__lists/listinfo/opensc-devel <https://lists.sourceforge.net/lists/listinfo/opensc-devel>




        --
        Respectfully,

        William C Roberts



        ------------------------------__------------------------------__------------------
        Dive into the World of Parallel Programming. The Go Parallel Website,
        sponsored by Intel and developed in partnership with Slashdot Media, is your
        hub for all things parallel software development, from weekly thought
        leadership blogs to news, videos, case studies, tutorials and more. Take a
        look and join the conversation now. http://goparallel.sourceforge.__net/ <http://goparallel.sourceforge.net/>



        _________________________________________________
        Opensc-devel mailing list
        Opensc-devel@lists.__sourceforge.net <mailto:[hidden email]>
        https://lists.sourceforge.net/__lists/listinfo/opensc-devel <https://lists.sourceforge.net/lists/listinfo/opensc-devel>


    --

      Douglas E. Engert  <[hidden email] <mailto:[hidden email]>>




--
Respectfully,

William C Roberts


--

 Douglas E. Engert  <[hidden email]>




--
Respectfully,

William C Roberts


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Seeking recommendation of any NFC compliant smart card reader

Douglas E Engert


On 1/30/2015 5:05 PM, William Roberts wrote:

>
>
> On Fri, Jan 30, 2015 at 2:31 PM, Douglas E Engert <[hidden email] <mailto:[hidden email]>> wrote:
>
>
>
>     On 1/30/2015 1:25 PM, William Roberts wrote:
>
>
>
>         On Fri, Jan 30, 2015 at 11:02 AM, Douglas E Engert <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>
>              Both of you are are doing demos. But you are putting off the security issues of using NFC
>              with smart cards. Security considerations should be considered up front, even for a demo.
>
>
>         So for me, I am stuck within the confines of the PIV card edge, but for Linda's situation, I don't think she needs much. She can just
>         set up session keys as described in the 4th edition draft, which is really just a 0 key protocol as described by Opacity (No Forward Secrecy). Once an encrypted
>         session is set up then the transmission of the BT pairing pins can be sent. Linda would additional want to require a users consent to actually do the automatic pairing,
>         so rouge "taps" don't result in pairing with a rogue machine.
>
>         As far as my case, for more CIV uses of the card, NFC is fine for the whole protocol. NFC only has a working range of 4 -10cm unless you get a ridiculous
>         piece of hardware that can read it from 30+ft, however, if someone is in your office building with that, you probably have bigger problems. Although normal
>         NFC traffic is plain-text, its difficult to snoop. While the federal government deems that for their uses of PIV and their threat models, NFC is too easy to snoop.
>         For a SMB or even large enterprise, they might deem it's difficulty to capture is sufficient. Even cables emit electromagnetic fields that can be read at very very
>         short distances... again level of paranoia.
>
>         So how does that guy get into you're office building with the crazy hardware? Consider the amount of door reader systems in place in business's that use the
>         14443 UID as the identifier to let the individual in. No second factor authentication, and are trivial to spoof. You can buy a 30 dollar reader writer from Amazon
>         that does it. I did a demo at work where I was able to clone a dozen employee cards without them knowing. Just get close, zap it, and walk away. Go back and
>            make a clone.
>
>
>     They don't have to get in, just get close to you, like an elevator in a hotel when you badge is in your wallet.
>     That why we had to keep the card in a metal backed badge holder.
>
>
> So? Read it. Get the public key? Now what? At the end of the day, we only care about the PIN or a Private Key getting leaked.

Some physical access uses of the card don't require crypto or the PIN so information off the card could be copied and used.
NIS 800-73-3 part 1 Section 3.2.5 "X.509 Certificate for Card Authentication" describes the forth cert/key which can be used without
a PIN, "to support additional physical access applications" It does not need a PIN and can be used over NFC.
This cert/key is not to be used for "logical access" or signing or encryption, so more then a public key can be leaked.
and if the cert is not used correctly more then physical access god be at risk.

Having a card claim to be "PIV" but allowing NFC access for all operations including VERIFY or having a reader that then send data in the clear
over NFC violates the "PIV" standard, and should not be called "PIV".

>
>     But if you start trying to use your card over NFC to your phone in some public place, then some one close could try
>     and snoop the card. The NIST standards are written to be paranoia...
>
>
> Yes their target use is government who has a much more servere threat model than a buisness wishing to deploy a PKI card. At its heart, PIV is a PKI card that
> ships with a windows minidriver and has some open standard to it. This is why I like openpgp card myself.

Yes having Microsoft provide a driver is very attractive.

>
> Snooping is still a very hard attack with NFC, and unless I am specifically being targeted, I doubt someone is doing this at Starbucks.

More then snooping, one (for example, some foreign gov where money is no object) could try and do both input and output with a card at a distance over NFC.
But to do any crypto  with the other certs/keys also requires the PIN. A PIN over NFC could be stolen some way including by snooping it when a user needs to use
it with a mobile device of NFC, if a non compliant card allows it.

That is why NIST said:
"Note: Cryptographic protocols using private/secret keys requiring “PIN” security
  condition shall not be used on the contactless interface."

Unprotected NFC is a back door to a card, and the NIST standards don't allow it.





>
>
>
>              On 1/30/2015 12:43 PM, William Roberts wrote:
>
>
>
>                  On Fri, Jan 30, 2015 at 8:01 AM, Linda Yu <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>
>         <mailto:[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>__>__> wrote:
>
>
>                       On Jan 30, 2015 7:37 AM, "Linda Yu" <[hidden email] <http:///user/SendEmail.jtp?____type=node&node=15107&i=0>> wrote:
>                       >
>                       > Thanks everyone for sharing your knowledge and experience. Much appreciated!
>                       > I am new to NFC and smart cards.
>                       >
>                       > Probably, I should tell you a little bit about the project I am working on.
>                       > We are adding Bluetooth to our device and trying to do Bluetooth pairing via
>                       > NFC.  So can you elaborate here?____
>
>                       If you're doing Bluetooth pairing I'm guessing you're device is a handset or something?____
>
>                       Our target device will be a medical tablet with Bluetooth and NFC modules. Our demo and simulation platform is PC/Linux.____
>
>                       My first step is to develop a demo application on PC (Ubuntu 14.04
>                       > LTS). Try to write a Bluetooth address to a NFC compliant smart card and
>                       > have it read back. The Bluetooth application will take over from here.____
>
>                       If you're trying to auto pair a handset via NFC, this is probably the most complicated approach. I would reload the pn533 driver and use libnfc and a high level binding, like for
>         python.
>                  No need
>                       to deal with SC abstractions for this.____
>
>                       I use Qt/C++ for application development. You meant I don’t need to deal with unlocking the card etc if I use libnfc? I did see there is the libnfc community there. Thanks!
>
>                  Yeah I would just write something on the PC that listens for NFC connections. When it comes in the tablet and pc can exchange the data required for pairing and set it up. IMHO this is
>         a simpler
>                  approach than having to implement all the abstractions and data structures required to make for a working smart card, and is analagous to how Android beam and other things work. Take
>         a look at
>                  NDEF
>                  records, I don't know much about this area of NFC. I would try to prototype something rapidly with Python, rather then C++, usually the raw BT and NFC apis in C are pretty nasty.
>
>         https://nfcpy.readthedocs.org/____en/latest/ <https://nfcpy.readthedocs.org/__en/latest/> <https://nfcpy.readthedocs.__org/en/latest/ <https://nfcpy.readthedocs.org/en/latest/>>
>
>                  Also, if you wanted to avoid NDEF and do APDU's, I am assuming its an Android tablet, you can just use Host Card Emulation. The only, smart cardish thing you'll need to to to get the
>         Android
>                  side to
>                  work is to issue an ISO 7816-4 SELECT command with an AID You register into Android. This will cause Android to invoke your HostApduService. Once that is invoked you can just exchange
>         custome raw
>                  apdus directly. Essentially going this route prevents you from having to write a card driver for OpenSC, and you just send and recv the APDUs directly in your application.
>
>                       ____
>
>                       >
>                       > I am not concerned about the security at this point since it's a demo. I
>                       > hope to find a NFC compliant smart card that is easy to be unlocked and
>                       > written to. If you have any other reader to recommend, it would be great as
>                       > well. Currently, I have a Motorola Boom 89605N Headset with an integrated
>                       > PIV (NIST SP 800-73 according to Windows device manager).
>                       >
>                       > I am still digesting all information here.
>                       >
>                       >
>                       >
>                       > --
>                       > View this message in context:http://opensc.1086184.____n5.nabble.com/Seeking-____recommendation-of-any-NFC-____compliant-smart-card-reader-____tp15093p15106.html
>         <http://n5.nabble.com/Seeking-__recommendation-of-any-NFC-__compliant-smart-card-reader-__tp15093p15106.html>
>                  <http://opensc.1086184.n5.__nabble.com/Seeking-__recommendation-of-any-NFC-__compliant-smart-card-reader-__tp15093p15106.html
>         <http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15106.html>>
>                       > Sent from the Developer mailing list archive at Nabble.com.
>                       >
>                       > ------------------------------____----------------------------__--__------------------
>                       > Dive into the World of Parallel Programming. The Go Parallel Website,
>                       > sponsored by Intel and developed in partnership with Slashdot Media, is your
>                       > hub for all things parallel software development, from weekly thought
>                       > leadership blogs to news, videos, case studies, tutorials and more. Take a
>                       > look and join the conversation now.http://goparallel.__source__forge.net/ <http://sourceforge.net/> <http://goparallel.__sourceforge.net/ <http://goparallel.sourceforge.net/>>
>                       > ___________________________________________________
>                       > Opensc-devel mailing list
>                        > [hidden email] <http:///user/SendEmail.jtp?____type=node&node=15107&i=1>
>                        > https://lists.sourceforge.net/____lists/listinfo/opensc-devel________ <https://lists.sourceforge.net/__lists/listinfo/opensc-devel______>
>         <https://lists.sourceforge.__net/lists/listinfo/opensc-__devel____ <https://lists.sourceforge.net/lists/listinfo/opensc-devel____>>
>
>
>                       ------------------------------____----------------------------__--__------------------
>                       Dive into the World of Parallel Programming. The Go Parallel Website,
>                       sponsored by Intel and developed in partnership with Slashdot Media, is your
>                       hub for all things parallel software development, from weekly thought
>                       leadership blogs to news, videos, case studies, tutorials and more. Take a
>                       look and join the conversation now. http://goparallel.sourceforge.____net/ <http://goparallel.__sourceforge.net/ <http://goparallel.sourceforge.net/>>
>                       ___________________________________________________
>                       Opensc-devel mailing list
>                       [hidden email] <http:///user/SendEmail.jtp?____type=node&node=15107&i=2>
>         https://lists.sourceforge.net/____lists/listinfo/opensc-devel <https://lists.sourceforge.net/__lists/listinfo/opensc-devel> <https://lists.sourceforge.__net/lists/listinfo/opensc-__devel
>         <https://lists.sourceforge.net/lists/listinfo/opensc-devel>>
>
>                       ____
>
>
>
>         ------------------------------____----------------------------__--__--------------------------__----__------------------------__------__----------------------__--------__--------------------__----------__------------------__--
>
>                       *If you reply to this email, your message will be added to the discussion below:____*
>
>         http://opensc.1086184.n5.__nab__ble.com/Seeking-____recommendation-of-any-NFC-____compliant-smart-card-reader-____tp15093p15107.html
>         <http://nabble.com/Seeking-__recommendation-of-any-NFC-__compliant-smart-card-reader-__tp15093p15107.html>
>                  <http://opensc.1086184.n5.__nabble.com/Seeking-__recommendation-of-any-NFC-__compliant-smart-card-reader-__tp15093p15107.html
>         <http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15107.html>> ____
>
>                       To unsubscribe from Seeking recommendation of any NFC compliant smart card reader, click here.
>                       NAML
>
>
>         <<a href="http://opensc.1086184.n5.__na__bble.com/template/____NamlServlet.jtp?macro=macro_____viewer&id=instant_html%____21nabble%3Aemail.naml&base=____nabble.naml.namespaces.____BasicNamespace-nabble.view.____web.template.NabbleNamespace-____nabble.view.web.template.____NodeNamespace&breadcrumbs=____notify_subscribers%21nabble%____3Aemail.naml-instant_emails%____21nabble%3Aemail.naml-send_____instant_email%21nabble%____3Aemail.naml">http://opensc.1086184.n5.__na__bble.com/template/____NamlServlet.jtp?macro=macro_____viewer&id=instant_html%____21nabble%3Aemail.naml&base=____nabble.naml.namespaces.____BasicNamespace-nabble.view.____web.template.NabbleNamespace-____nabble.view.web.template.____NodeNamespace&breadcrumbs=____notify_subscribers%21nabble%____3Aemail.naml-instant_emails%____21nabble%3Aemail.naml-send_____instant_email%21nabble%____3Aemail.naml
>         <<a href="http://nabble.com/template/__NamlServlet.jtp?macro=macro___viewer&id=instant_html%__21nabble%3Aemail.naml&base=__nabble.naml.namespaces.__BasicNamespace-nabble.view.__web.template.NabbleNamespace-__nabble.view.web.template.__NodeNamespace&breadcrumbs=__notify_subscribers%21nabble%__3Aemail.naml-instant_emails%__21nabble%3Aemail.naml-send___instant_email%21nabble%__3Aemail.naml">http://nabble.com/template/__NamlServlet.jtp?macro=macro___viewer&id=instant_html%__21nabble%3Aemail.naml&base=__nabble.naml.namespaces.__BasicNamespace-nabble.view.__web.template.NabbleNamespace-__nabble.view.web.template.__NodeNamespace&breadcrumbs=__notify_subscribers%21nabble%__3Aemail.naml-instant_emails%__21nabble%3Aemail.naml-send___instant_email%21nabble%__3Aemail.naml>
>
>         <<a href="http://opensc.1086184.n5.__nabble.com/template/__NamlServlet.jtp?macro=macro___viewer&id=instant_html%__21nabble%3Aemail.naml&base=__nabble.naml.namespaces.__BasicNamespace-nabble.view.__web.template.NabbleNamespace-__nabble.view.web.template.__NodeNamespace&breadcrumbs=__notify_subscribers%21nabble%__3Aemail.naml-instant_emails%__21nabble%3Aemail.naml-send___instant_email%21nabble%__3Aemail.naml">http://opensc.1086184.n5.__nabble.com/template/__NamlServlet.jtp?macro=macro___viewer&id=instant_html%__21nabble%3Aemail.naml&base=__nabble.naml.namespaces.__BasicNamespace-nabble.view.__web.template.NabbleNamespace-__nabble.view.web.template.__NodeNamespace&breadcrumbs=__notify_subscribers%21nabble%__3Aemail.naml-instant_emails%__21nabble%3Aemail.naml-send___instant_email%21nabble%__3Aemail.naml
>         <http://opensc.1086184.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>>>
>                       ____
>
>
>
>
>         ------------------------------____----------------------------__--__--------------------------__----__------------------------__------__----------------------__--------__--------------------__----------__------------------__--
>                       View this message in context: RE: Seeking recommendation of any NFC compliant smart card reader
>                       <http://opensc.1086184.n5.__na__bble.com/Seeking-____recommendation-of-any-NFC-____compliant-smart-card-reader-____tp15093p15108.html
>         <http://nabble.com/Seeking-__recommendation-of-any-NFC-__compliant-smart-card-reader-__tp15093p15108.html>
>                  <http://opensc.1086184.n5.__nabble.com/Seeking-__recommendation-of-any-NFC-__compliant-smart-card-reader-__tp15093p15108.html
>         <http://opensc.1086184.n5.nabble.com/Seeking-recommendation-of-any-NFC-compliant-smart-card-reader-tp15093p15108.html>>>
>
>                       Sent from the Developer mailing list archive <http://opensc.1086184.n5.__na__bble.com/Developer-f3.html <http://nabble.com/Developer-f3.html>
>         <http://opensc.1086184.n5.__nabble.com/Developer-f3.html <http://opensc.1086184.n5.nabble.com/Developer-f3.html>>> at Nabble.com.
>
>                       ------------------------------____----------------------------__--__------------------
>                       Dive into the World of Parallel Programming. The Go Parallel Website,
>                       sponsored by Intel and developed in partnership with Slashdot Media, is your
>                       hub for all things parallel software development, from weekly thought
>                       leadership blogs to news, videos, case studies, tutorials and more. Take a
>                       look and join the conversation now. http://goparallel.sourceforge.____net/ <http://goparallel.__sourceforge.net/ <http://goparallel.sourceforge.net/>>
>                       ___________________________________________________
>                       Opensc-devel mailing list
>                  [hidden email] <http://sourceforge.net> <mailto:[hidden email] <mailto:[hidden email]>> <mailto:Opensc-devel@lists.
>         <mailto:Opensc-devel@lists.>__s__ourceforge.net <http://sourceforge.net> <mailto:[hidden email] <mailto:[hidden email]>>>
>         https://lists.sourceforge.net/____lists/listinfo/opensc-devel <https://lists.sourceforge.net/__lists/listinfo/opensc-devel> <https://lists.sourceforge.__net/lists/listinfo/opensc-__devel
>         <https://lists.sourceforge.net/lists/listinfo/opensc-devel>>
>
>
>
>
>                  --
>                  Respectfully,
>
>                  William C Roberts
>
>
>
>                  ------------------------------____----------------------------__--__------------------
>                  Dive into the World of Parallel Programming. The Go Parallel Website,
>                  sponsored by Intel and developed in partnership with Slashdot Media, is your
>                  hub for all things parallel software development, from weekly thought
>                  leadership blogs to news, videos, case studies, tutorials and more. Take a
>                  look and join the conversation now. http://goparallel.sourceforge.____net/ <http://goparallel.__sourceforge.net/ <http://goparallel.sourceforge.net/>>
>
>
>
>                  ___________________________________________________
>                  Opensc-devel mailing list
>                  [hidden email] <http://sourceforge.net> <mailto:[hidden email] <mailto:[hidden email]>>
>         https://lists.sourceforge.net/____lists/listinfo/opensc-devel <https://lists.sourceforge.net/__lists/listinfo/opensc-devel> <https://lists.sourceforge.__net/lists/listinfo/opensc-__devel
>         <https://lists.sourceforge.net/lists/listinfo/opensc-devel>>
>
>
>              --
>
>                Douglas E. Engert  <[hidden email] <mailto:[hidden email]> <mailto:[hidden email] <mailto:[hidden email]>>>
>
>
>
>
>         --
>         Respectfully,
>
>         William C Roberts
>
>
>     --
>
>       Douglas E. Engert  <[hidden email] <mailto:[hidden email]>>
>
>
>
>
> --
> Respectfully,
>
> William C Roberts
>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
123