Home.... | log in.... | Pub my question! | Sign-up....

Java-index >> Java Mobility Forums >> Consumer and Commerce

Secure PIN Pad - protected authentication path

Hello folks!Does everyone has experience with the Secure PIN pads? I have some Omnikey readers with PIN pad and I would like to use them in Windows environment. Any kind of help (especially sample code) would be highly appreciated :-)Best regards,Aleksandar

[285 byte] By [fara0na] at [2007-11-26 22:14:22]

«« Development Tools: Which of them i really need?
»» No kinit/klist in Java 1.6 under Linux

# 1

I'm interested too... have Gemplus USB Pinpad...quick search didn't give me any useful information...

alToSa at 2007-7-10 11:05:34 >

top of Java-index,Java Mobility Forums,Consumer and Commerce...

# 2

I have skimmed through the updated revision of th PC/SC standards. Also, I have downoladed the definition of the PIN_VERIFY_STRUCTURE from the PCSC lite. But I find the fields of the mentioned structure very poorly defined and most important of all, I was not able to execute sample program that I had written.

What I actually need is a working example :-)

Regards,

Aleksandar

fara0na at 2007-7-10 11:05:34 >

# 3

Did you find a solution? I would also like to use my cardreaders Pinpad...Regards,Susanne

susikaufmanna at 2007-7-10 11:05:34 >

# 4

Susanne,

I don't know how else to tell you this. YOU need to write to your PC/SC reader for card communication and if you want to ask for a PIN, YOU have to write the PIN Prompt dialog. Reader suppliers don't supply that simply because it's all up to YOU to engineer. So, since you are in Java, use the Swing API, and write a simple PIN prompt application that takes the input and pass it to the reader.

YOU have to write the code in your JC applet to process that PIN data too. Nothing is a gimme !!!!!

Joseph.Smitha at 2007-7-10 11:05:34 >

# 5

I have written the code in my JC applet to process the PIN data. I also have a pin prompt, but it only works with my keyboard. But I want to use the pinpad of my class 2 cardreader to enter this PIN. And I do not think, that I have to engineer an own driver or a bridge to communicate with my card reader, so that I can use its PINpad.

That is what I am looking for. A way to do this using PC/SC or the CT-API interface or whatever.

regards,

Susanne

susikaufmanna at 2007-7-10 11:05:34 >

# 6

For your standalone class 2 reader, you'll need to obtain the API from your vendor so you may write code to it. Your code would involve selecting the applet with your AID and sending the PIN to your applet. That's not utilizing PC/SC because a class2 isn't a PC reader.

Joseph.Smitha at 2007-7-10 11:05:34 >

# 7

whoa..I haven't had my coffee yet...I was wrong with class 2 being standalone..I was thinking something else..class 2 is secure PIN mechanism.

Joseph.Smitha at 2007-7-10 11:05:34 >

# 8

I now found this: javax.smartcardio.Card . It comes with Java6. There is a method called transmitControlCommand(int controlCode, byte[] command)

The desription sounds like the method I was looking for, but I do not really know, what controlCode means. And how should this command look like? Do they mean a CT-BCS-Command?

Regards,

Susanne

susikaufmanna at 2007-7-10 11:05:34 >

# 9

take a look at CardChannel.transmit()..for sending APDU commands

Joseph.Smitha at 2007-7-10 11:05:34 >

# 10

I believe that you want to use the feature of secure PIN pad readers that was proprietary prior to PC/SC 2.0( new parts 9 and 10). Keywords could be PIN_VERIFY_STRUCTURE, PIN_MODIFY_STRUCTURE,... Support for this feature is not available by default on Windows OS, but some publicly available frameworks do support it (MUSCLE or OPENSC) for instance. I was looking for some kind of working example, but I have not found it so far. Unfortunatelly, I have got no time to deal with it right now.

Best regards,

Aleksandar

fara0na at 2007-7-10 11:05:34 >

# 11

I am now using JAVA (jni2ctapi) to access my smartcard reader (with pinpad). Now I am trying to use this pinpad, but the "enter-pin dialog" is only displayed for a half second or so. I do not know the correct CT-BCS command.

0x20,

0x18, // perform verification

0x01, // ICC-Interface 1

0x00, // default qualifier

But what to use for the next two entries? At first the "length of subsequent data field" and then "data field".

How do I "design" this "data field"? The documentation says it is done as ASN.1 data objects, but I do not know how to do this.

But I guess this is the correct way.

Regards,

Susanne

susikaufmanna at 2007-7-10 11:05:34 >

# 12

Ok, now I have got the solution:

byte[] verifyPin3 = {

0x20, // CLA

0x18, // INS (Perform verification)

0x01, // ICC-Interface 1

0x00, // use keypad

0x08, // length of subsequent data field

0x52, // DO

0x06, // length

0x01, // control byte ('01' for variable PIN length and T.50 encoding)

0x06, // position byte

0x00, // command to send

0x20,

0x00,

0x00

};

and then:

rc = reader.CT_Data((char) 1, (byte)1, (byte)2, 14, (byte[])verifyPin3, (char) lr2, rsp2);

Regards, Susanne

susikaufmanna at 2007-7-10 11:05:34 >

# 13

Very nice Susan, but there is a small problem: that code relies on OCF. It would be nice to have the solution working with PC/SC. Regards,Aleksandar

fara0na at 2007-7-10 11:05:34 >

# 14

The only thing is the CT-API through JNI (in my case I used the CTAPIAccess-Object from Kobil, ok, this is in their opencard-jar). I think there is no way to get the PINPad-Dialog using PC/SC 1, but PC/SC 2. Regards,SusanneMessage was edited by: susikaufmann

susikaufmanna at 2007-7-10 11:05:34 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Secure PIN Pad - protected authentication path

Java Mobility Forums New Topic

Java Mobility Forums Hot Topic

Java Mobility Forums

All Classified