have it - I was more involved in killing it off as
far back as 2006-7).
http://www.statewatch.org/analyses/no-107-national-ID-cards-questionnaire.pdf
is interesting.
Project STORK might have card spec.
https://www.eid-stork.eu/ (completed)
https://www.eid-stork2.eu/ (current)
Peter
Peter
Please block the source of the spam that is appearing on MUSCLE - see
the attached, which is the third copy.
Best regards,
Peter Tomlinson
Iosis
Bristol UK
---BeginMessage---
http://whitehorsejewelry.com/find11.html___
Muscle mailing list
Muscle
Ludovic Rousseau wrote:
2009/11/24 a...@lingnu.com:
hello
Hi
I wanted to know what is the status of 7816-3/4 compliance,
yes
and another question:
do i have to use encryption libraries for compliance
with those standarts ?
42
Isn't that the answer to everything
I have heard from someone at NIST that there are FIPS-201 schemes and
schemes that are not fully FIPS-201 compliant...
Peter
Nick D wrote:
Yeah I suspected it was a different application:
Sending: 00 A4 04 00 09 A0 00 00 03 08 00 00 10 00 00
Received (SW1=0x6A, SW2=0x82)
Would be kind of
David,
Have you reported Igor to Shelfari with a request that they cancel his
membership? We can all do that personally, but a request from the list
owner ought to carry more weight.
Peter
Michael Bender wrote:
Corcoran David wrote:
FYI ... I've removed our friend Igor from the list for
Geoff Elgey wrote:
G'day,
I've written a IFD handler for a memory card, but I am now wondering
if I am handling the IFDHPowerICC() function correctly.
The function documentation defines the 'action' parameter as follows:
* IFD_POWER_UP
Power and reset the card if not done so
*
to use access keys for all read
and write operations with a Mifare card?
Regards,
Peter
Peter Tomlinson Iosis Associates Bristol UK www.iosis.org.uk
www.pssg.biz
Original Message Subject: RE: [Muscle] APDUs
Date: Sat, 7 Jul 2007 21:26:42 +0100 (BST) From: Jeff Fern
Ulf Leichsenring wrote:
Yes, I tried this out and it works. But in this scenario the client
workstations are only thin client with a very limited and fixed
config. The users only connect to the citrix server. Configuring the
different Citrix applications on the client would be the
Karsten Ohme wrote:
Jason Grant wrote:
On Sun, 2007-03-18 at 09:31 +0100, Karsten Ohme wrote:
SCardGetStatusChange should help.
Thanks, On first reading, I assumed the reader name had to be
supplied, and thus this was intended for monitoring known readers.
I'll give it a try without
jackie wong wrote:
Dear all,
I have some question to ask on T=1 protocol card.
1. Is T=1 card has higher speed than T=0 card? Why?
2. Is T=1 card has higher security than T=0 Card? Why?
Any advantage of T=1 protocol compare to T=0 protocol other than
ability of T=1 card to handle class 4
Michael Bender wrote:
Andreas Schwier wrote:
I say flush the protocol sections of ISO-7816 down the
toilet and
come up with a protocol that works for the 21st Century.
like what: TCP/IP ?
No, that's way too much overhead.
Don't be unfair, these protocols need to be
Timothy J. Miller wrote:
Roy Keene (Contractor) wrote:
You might also want to look into CoolKey
(http://directory.fedora.redhat.com/wiki/CoolKey) as it doesn't
need commonAccessCard.bundle and seems to recognize a wide range of
CAC cards without the need to update the ATR list or patch
Although on-card software should be designed so that it always restarts
cleanly if a card is closed down by removing power (i.e. restarts with a
cold reset), using warm reset (telling the card reader to just take the
card reset line low and then high again) from the situation where a card
is
[EMAIL PROTECTED] wrote:
Hi all, I have a board based on Intel XScale IXP425 processor. On the
board is present a Philips TDA8003 I2C bus Sim card interface. I am
able to send command (like START,STOP, RESET, WARM ecc) to SIM via
I2C
Those commands control the TDA 8003 which sequences
Jackie,
Completely off topic for MUSCLE, but e-wallet is usually an application
software package that runs in a PDA or other portable device (or even on
the desktop PC), potentially allowing you to store and use all the
things that you would normally keep in your wallet.
e-purse stores only
How do we read the patch? Notepad shows that its not a text file.
Peter
David Corcoran wrote:
Here's a patch for Muscle card support in OpenSC. It applies to
both 0.11.0 and 0.11.1.
It compiles cleanly for Linux and Windows. I've tested compiling
it into SCB and it works pretty well.
Jackie,
A major problem with T=0 is the handling of Class 4 APDUs: these have
data transmitted in both directions, but TPDUs (as used in T=0) can only
handle data in one direction. Some card readers and their drivers handle
the 'double TPDU per Class 4 APDU' sequencing, others leave it to the
Ludovic Rousseau wrote:
According to [1] you may code some unicode characters on
4 bytes.
[1] http://en.wikipedia.org/wiki/UTF-16
You should consult ISO 10646 [1].
The advice that I was given when having to incorporate multiple
character sets into eURI [2] was that it is satisfactory to
The Jan 2002 draft (CD level) is at www.iosis.org. I believe that there
were a few new data element definitions (tag allocations) added after that.
Peter
jackie wong wrote:
Dear all,
Do anyone know where i can get a copy of the ISO7816-6 other than
purchase it from the ISO.
Thanks!
Shawn Willden wrote:
I need the card to be restricted to a user, not an application. It
seems to me that the same scenario will arise with pretty much any
multi-application card.
As we were reminded by a man from CESG [1] at a conference that I
attended last week, the card doesn't identify
Shawn Willden wrote:
On Wednesday 22 March 2006 19:33, Karsten Ohme wrote:
Serious card terminals (OK, it is possible to spoof the PIN, but
maybe this will change and then it is.) have a key pad to enter the
PIN. It would violate the idea behind the concept that the
untrustworthy computer
Ludovic Rousseau wrote:
Identifying a card (in fact an applet) using the card ATR is stupid.
But I don't know better and _backward compatible_ way.
There is provision in ISO/IEC 7816 for a card to identify itself in
several ways, but the majority of card suppliers either do not encode
the
: Scott Guthery [EMAIL PROTECTED]
Reply-To: MUSCLE muscle@lists.musclecard.com
To: MUSCLE muscle@lists.musclecard.com
CC: Peter Tomlinson [EMAIL PROTECTED]
Subject: RE: [Muscle] Re: Muscle Digest, Vol 25, Issue 21
Date: Tue, 21 Mar 2006 17:23:26 -0500
Just as a note in passing, the ISO/IEC 7816-4
So the U3 drive is not a secure device in its own right? (i.e. it seems
to me that it does not incorporate a crypto chip such as is used in a
strong security smart card, and nor does its flash memory have the kind
of security protection against penetration that smart card flash has)
(I looked on
implementation push
MULTOS.
Correct ?
Regards,
Philippe
On Thursday 27 October 2005 12:34 pm, Philippe C. Martin wrote:
On Thursday 27 October 2005 05:44 am, Peter Tomlinson wrote:
Can you clarify the paragraph with the list of epurse types? In
particular, are you suggesting tht Mastercard has
Philippe C. Martin wrote:
SCWEB assumes the user has a smart card (or any security device with
no RSA/elliptic curve support, but rather DES/3DES/AES )
connected to the PC.
The authentication is made between the users card and the SAM card,
and this _without_ using any
for any security model work in the MCardApplet area, as changes
should only be made with the agreement of a security group.
DC any comment?
Regards,
Peter
Peter Tomlinson
Iosis Associates
UK
Karsten Ohme wrote:
Hello,
I need a function for libmusclecard and the MCardApplet which returns
ISO/IEC 14443 allows for more than one card to be detected. One is then
put into hibernation while the other is accessed. Then swap over if that
is what you want to do. If you try to close one card, it is very
possible that you will turn off the activating field and both will be
closed!
Karsten Ohme wrote:
Peter Williams wrote:
Karsten,
you might consider including the following code modification (note last
line), in the musclecardApplet.c plugin. If the length of the default
applet AID is 0, for the AID one looks up in the service.plist having
determined the coldreset ATR,
As a natural consequence of work done under the eEurope Smart Cards
umbrella, the following should be implemented:
- secure the silicon chip at the wafer level, before it is sawn (inject
a certificate into each individual cell that will eventually go into a
smart card as soon as that cell is
Martin Büchler wrote:
Hmm, Another irritation because of these explicit ATR entries in
Info.plist. But:
featurerequest
ATR mask validation would also be a nice solution for Info.plist's
ATRs. /featurerequest
Isn't it? Finally, rigid filtering by the whole ATR sequence keeps
more cards than
Karsten Ohme wrote:
The hash values could be generated at the PC and then only
this result had to be padded and encrypted, but if the aim is to have a
trustworthy signature this should be done by the card (the the problem
is to get trustworthy clear text from the PC).
The problem is indeed to
No, 10373 is a test standard that specifies methods for testing
conformance to other standards. 7810 specifies physical characteristics,
and 7816 and 14443 refer back to 7810. 7810 now includes ID-1, ID-2,
ID-3 and the original small SIM card ID-000.
Peter
PS I'm copying this to Steve Brunt,
and asking
in the lists.
Peter Tomlinson wrote:
One way to reduce complexity is to reduce the number of different
drivers - hence the drive (sic) to have a common CCID driver. However,
there are clearly security concerns with USB (possibility for other
software in the PC to interfere), and those
One way to reduce complexity is to reduce the number of different
drivers - hence the drive (sic) to have a common CCID driver. However,
there are clearly security concerns with USB (possibility for other
software in the PC to interfere), and those remain to be addressed.
Peter
Luiz Reuter
No, but the takeup by citizens is not always very high. I hear the Japs
also have a poor takeup. Is there something missing from the customer
proposition? Not enough essential or even convenient services, perhaps?
Peter
Scott Guthery wrote:
Anders:
1) The CEPS documents were full of Payments
Peter Williams wrote:
Ok. So lets get political! Given someone mentioned ISO, and the contribution
of an NSA work product to an international forum.
Those who want to cross-reference my comments here to Peter W's text and
my previous contribution can go back to the earlier posts.
I mentioned
Yes, it wasn't entirely clear. But it was clear that Peter W wants to be
able to share code while the card edge shows more than one instance of an
applet, probably in two ways:
- with different AIDs in the same security domains
- in different security domains
Peter T
- Original Message -
Isn't it time to start to look at supporting the secure card reader/PIN
pad/display/biometric sensor? And secure channels right into the
application in the card, even down to the card platform in order to
authenticate it [1]? The time is coming when the use of the insecure
terminal on the
Purchase ISO/IEC 7816 Part 4 from www.iso.ch. Alternatively you can use
the very slightly different version [1] from EMV www.emvco.com, and
download for free the EMV card spec.
Peter
[1] At least, it was slightly different the last time that I looked at
it - the differences were in the error
GW Habraken wrote:
Some time ago there was a post from someone looking for a card punch
that can punch out a SIM size card (or plug) from a full size card.
Anyone heard of such a device and where to get it?
Although a project that I participated in some while ago went through
the process of
At selection of the applet it should always verify that its internal
state is tidy - and that includes dealing with anything left over at the
previous termination (whether controlled or uncontrolled). Termination
of the applet could be by loss of power to the card (including removing
it from
Peter Williams wrote:
If I think out loud about train stations, and football stadiums, and
the like:
PCSCd event and process archirtecture really needs updating, to use
UNIX in a way that suits thread pooling, not static threading for USB
or RS22C connected reader.
if a mifare reader is in a
It would be great if a developer would implement the eURI concept [1].
Peter
[1] eURI is a method for allowing a user to store data in a smart card,
data that is under the control of the card holder but may also be
supported by a smart card scheme or set of schemes. Data is stored as
data
Michael Bender wrote:
Scott Guthery wrote:
Is it legal to prevent a consumer from having a phone that they
purchased activated on a carrier's network? I go back to the days
when it was illegal to plug in a non-MaBell phone into your POTS
jack at home.
Some things are different in Europe: as far
of card reader from many
manufacturers, so long as they use the USB CCID method
- your goal must be to enable the personal computer application to be
independent of the type of CCID-compliant card reader, and thus to allow
the market for card readers to be open
Peter
Peter Tomlinson MA (Oxon
Erwann Abalea wrote:
On Wed, 6 Oct 2004, Jesse I Pollard - CONTRACTOR wrote:
On Wed, 6 Oct 2004, jmt wrote:
From: Jesse I Pollard - CONTRACTOR
Yes... this is the most delicate problem. I assume that you are
aware about how Mario Strasser's module checks the name. In your
opinion, what would be the
Ram,
The TDA 8008 is a chip that goes in a reader. The main characteristics
of the reader are determined by the software loaded into the TDA 8008
chip. You need to tell us at leats the manufacturer of the complete
reader and the model number.
Peter
ramprasad wrote:
Hi ,
How Can i add my
From memory, the state diagram in 7816-3:1997 for fundamental card
environment states is not complete, and the response to warm reset is in
the problem zone (particularly so if the card has been sent APDUs before
the warm reset is issued). The ISO/IEC SC17 WG4 people don't seem too
keen on
Cannot someone ask Gemplus why this card has different cold and warm
reset ATRs?
If the purpose of the 2nd (after warm reset) ATR is to show that the
card has reverted to being a basic EMV platform, it might be better not
to allow warm reset to occur.
Peter
David Corcoran wrote:
Ultimately,
And the extra byte in the first ATR is TA1, coded 94, which here says
the card I/O can run at a higher bit rate that fclock / 372. Indeed it
can go at fclock / 64, and might be able to do intermediate rates
subject to PPS negotiation (see 7816-3:1997 section 6.5 and section 7).
Typical design
(in Reston, VA, and about GSC-IS and developing a related
ISO standard) in the middle of this month, so is there anyone in the USA
on the list who could help us by arranging to get a couple of the
readers to him?
Thanks in advance,
Peter
Peter Tomlinson, Iosis Associates
34 Strathmore Road
in the general environment is another, especially if one is
expecting the card to maintain parallel sessions with different readers.
I think we have a fair amount of work to do in PCSC-lite, for wireless
support (beyond demos).
From: Peter Tomlinson [EMAIL PROTECTED]
Reply-To: MUSCLE [EMAIL
A colleague with knowledge of the use of USB interfaces tells me that he has
heard that this problem has tripped up other implementors of USB products,
so its not unique to smart card readers.
Peter
- Original Message -
From: Damien Sauveron [EMAIL PROTECTED]
To: MUSCLE [EMAIL
But surely everybody in MUSCLE understands the need to write fault tolerant
code?
Peter
- Original Message -
From: Tommaso Cucinotta [EMAIL PROTECTED]
To: MUSCLE [EMAIL PROTECTED]
Sent: Friday, May 28, 2004 4:14 PM
Subject: Re: [Muscle] Question MUSCLE authentication
Peter Williams
.
Peter
Peter Tomlinson [EMAIL PROTECTED]
___
Muscle mailing list
[EMAIL PROTECTED]
http://lists.drizzle.com/mailman/listinfo/muscle
the good work. There are still
people in the public sector who have to be convinced that open source is
viable for their implementations, but some of us are working to get Muscle
into the UK recommended list of platforms for public sector schemes.
Peter
Peter Tomlinson MA(Oxon), Iosis Associates
34
Christian Schneider wrote:
It´s quite sad that there is no universal pkcs11 module. But muscle is
a start ;-)
PKCS#11 was designed as an API within a client system, allowing for a set of
drivers under it in order to link to each crypto process/token (server). My
understanding of the purpose
Anders Rundgren wrote:
In Sweden an e-ID (which is considered as another thing than physical
IDs), costs nothing for the citizen as it is prepaid and is not a card.
Issuance is performed on-line from the citizens on-line bank which is
a 2-5 minute procedure.
Well (and we may be able to get
and
place and topics. But don't anyone think I'm a software man (I was once a
teenage physicist, then briefly a CPU designer when they were 10 ft to 40 ft
long), and the other UK delegate is a security man (although he was a linux
man some time ago).
Peter
Peter Tomlinson MA(Oxon), Iosis Associates
Anders Rundgren wrote:
I have a feeling that we are talking about different use-cases.
I assume that UK's cards are passport replacements?
No: it seems that we intend to have contactless chips embedded in standard
Euro passports (and maybe the national ID applet also loaded), and then we
will
Scott Guthery wrote:
The TCPA architecture and Global Platform finally got it right. The card
holder
is the card issuer.
and
Trust is not transitive. The only multitrust token that will ever fly is
the white card.
Then Anders Rundgren wrote:
That means that you in essense say that TTPs
Work that I did for the eEurope Smart Cards GIF
project last year took on board for editing a set of documents put together by a
group of experts who had discussed national ID card scheme requirements across
Europe. They came to the conclusion that a central administration (i.e. govt)
would
I doubt that the USA will be able to issue those electronic passports by the
autumn of next year, but they might manage to issue a small number of visas
to people entering the USA.
Peter
- Original Message -
From: Scott Guthery [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Damien Sauveron wrote:
Peter Tomlinson wrote:
2. ISO/IEC 7816 is undergoing a major rewrite (FDIS ballot under way at
the
moment, I think - see www.sc17.com and click on Outstanding Ballots),
and it
is known that some technical changes have been made. 7816-4 and several
other parts have
Anders Rundgren wrote:
PTD = Personal Trusted Device (usually in the form of a mobile phone)
The SIM-card (which only applies
to GSM)
CDMA countries are also adopting plug-in SIMS.
In addition there is a need to improve the security in the
entire mobile computing platform.
Apparently
Damien Sauveron wrote:
In order that always may follow the thread you can find the iso7816-4
here [1].
Three important items:
1. Although I have every sympathy with those who seek to make ISO/IEC
standards freely available, and with those who try to write summaries of the
material that is
Try Micropross in France - they make test
equipment, and last year I saw a configuration which included a networked card
reader. http://www.micropross.com/home.htm
But it will have to be run with their software, I
think.
Peter
- Original Message -
From:
Truong Manh
them to finish it. They proposed in 2000 to
upgrade it and then everything faded away.
Probably MUSCLE holds the baton now.
Peter
Peter Tomlinson
Iosis Associates
Bristol, UK
Email [EMAIL PROTECTED] and [EMAIL PROTECTED]
___
Muscle mailing list
[EMAIL
Unfortunately, most of the functions defined in 7816-4, etc, are optional -
and there is no method defined for finding the capabilities of the card.
There is a revision of 7816 under way at the moment (you can find a lot of
the draft documents at my information site www.iosis.org, and any drafts
://www.idealist.org
On 01/12/2003 01:07:56 PM GMT Peter Tomlinson wrote:
Unfortunately, most of the functions defined in 7816-4, etc, are optional
-
and there is no method defined for finding the capabilities of the card.
There is a revision of 7816 under way at the moment (you can find a lot
The following is from tiday's issue of a UK newsletter, SCN Daily News,
which is about smart card topics:
Linux To Make Smart Card Debut
The open source operating system (OS) Linux is emerging as a strong
potential platform for future Smart Card development, according to a senior
executive at
Ludovic Rousseau[EMAIL PROTECTED] wrote:
Still on the GDC topic I met a guy from Sharp. They have a 1MByte flash
memory smart card. After installing a JCVM and the MuscleCard applet
they have 700KB of free memory.
Most interesting about this card is that it has both a contactless and a
contact
Why this appeared on 2nd November when it is dated 23rd September, I can't
understand. From the header, it seems to have been held by
bubbleator.drizzle.com for a long time.
Your card is a memory card, but it does not use the communications protocol
defined in ISO/IEC 7816 part 10. The Philips
74 matches
Mail list logo