Discussion:
Elementary Questions: Java And Reading Security Cards
(too old to reply)
Steve
2012-12-06 14:45:52 UTC
Permalink
I have some very elementary questions.

Where I work we just hooked up card readers to our PCs, either by card
readers in the keyboards or via USB card readers.

What are these type of cards called?

Can server side Java be used to read information off of these cards?

If so what are the names of the libraries, APIs, extensions etc that I
would want to investigate?

Thanks much in advance for any information

Steve
Lew
2012-12-06 19:01:02 UTC
Permalink
Post by Steve
I have some very elementary questions.
Where I work we just hooked up card readers to our PCs, either by card
readers in the keyboards or via USB card readers.
What are these type of cards called?
IIRC, "smartcards".
Post by Steve
Can server side Java be used to read information off of these cards?
All you need is a way to connect the ends.

(Making it sound simple, but not necessarily easy.)
Post by Steve
If so what are the names of the libraries, APIs, extensions etc that I
would want to investigate?
HTTP. RMI. Web services.

If your card reader is here, and your server is there, you need one of two things
to connect the two - a really long wire or a radio or a network. Okay, three.

Presumably your reader is on the "client" side of the client-server exchange. You
need hardware to connect it to the connection, so to speak.

Example I use - I sometimes debug smartphones. The communication locally would
be between the phone and the PC via a socket that a driver translates to USB signals.

Now I have my test environment on a server over there, but my phone on my
workstation over here. I connect to there from here via SSH, with reverse port-forwarding
to convince the server that port 6666 (for example) is the one at my end. So the server
talks over an SSH tunnel to my port 6666 thinking it's its own local 6666. It's just
like being there, only slower.
--
Lew
Steve
2012-12-06 20:56:59 UTC
Permalink
Post by Lew
Post by Steve
I have some very elementary questions.
Where I work we just hooked up card readers to our PCs, either by card
readers in the keyboards or via USB card readers.
What are these type of cards called?
IIRC, "smartcards".
That is a huge help, now that I know what they are called I have a term
to search on

Thanks

Steve
Roedy Green
2012-12-06 22:47:33 UTC
Permalink
Post by Steve
Where I work we just hooked up card readers to our PCs, either by card
readers in the keyboards or via USB card readers.
What are these type of cards called?
Do they look like credit cards? If so, smart cards.

Do they look like the chips you put into a digital camera? If so,
memory cards.

Do they have 80 columns of 12 rows with rectangular holes? If so,
punch cards.

Sometimes drivers make these look like tiny hard disks. You can
access them by drive letter. Server side Java cannot look at hard
disks without some signed app running on the client to do the looking
for them.

Can you point me to docs on the drivers? You may have to access them
via C using JNI.

see http://mindprod.com/jgloss/jni.html

What brand/model of card reader did you buy?
--
Roedy Green Canadian Mind Products http://mindprod.com
Students who hire or con others to do their homework are as foolish
as couch potatoes who hire others to go to the gym for them.
Steve
2012-12-07 15:01:13 UTC
Permalink
Post by Roedy Green
Post by Steve
Where I work we just hooked up card readers to our PCs, either by card
readers in the keyboards or via USB card readers.
What are these type of cards called?
Do they look like credit cards? If so, smart cards.
I think so. They have a black strip on the length of the back like a
bank/credit card. The front has a persons picture and a large gold chip
embedded in it, that looks like a larger version of a "SIM Card" that is
put into the back of smart phones
Post by Roedy Green
Do they have 80 columns of 12 rows with rectangular holes? If so,
punch cards.
No.
Post by Roedy Green
Can you point me to docs on the drivers? You may have to access them
via C using JNI.
No, these were given to us by our monolithic, off premises, network
group ( it is a big government org ). The card readers are embedded in
off the shelf keyboards.


Thanks for the response.
Roedy Green
2012-12-07 19:49:46 UTC
Permalink
Post by Steve
I think so. They have a black strip on the length of the back like a
bank/credit card. The front has a persons picture and a large gold chip
embedded in it, that looks like a larger version of a "SIM Card" that is
put into the back of smart phones
that is called a smart card reader. See
http://mindprod.com/jgloss/cardreader.html
There are two kinds, contact and contactless that you just have to
hover over the reader. The contactless cost more.

Do you at least have some docs of this form?

Chip-card protocols: T=0, T=1, S=8, S=9, S=10. Software interface:
CT-Api, PC/SC, OCF

When you install the keyboard, look in the control panel for the
reader driver. What info can you glean?

Do you know how to use Wireshark? Snoop to see what website it goes to
fetch the driver when you first plug in the keyboard.
http://mindprod.com/jgloss/wireshark.html

Flip the keyboard over. See if there is a model number or
manufacturer.

Have you asked the big government org for the docs on how to write
software for this beast?
--
Roedy Green Canadian Mind Products http://mindprod.com
Students who hire or con others to do their homework are as foolish
as couch potatoes who hire others to go to the gym for them.
Steve
2012-12-08 15:05:11 UTC
Permalink
Post by Roedy Green
Have you asked the big government org for the docs on how to write
software for this beast?
That is a good idea. Our networking stuff is imposed on us from a big
agency outside of and unresponsive to us, so usually asking questions
from them doesn't make sense. However, since the smart card, the CAC
card is being made government wide, it is likely somebody, somewhere has
some docs. I don't have to build this immediately, I was asked by my
boss to begin looking into it, so I can afford to send out emails asking
if such docs exist.
Roedy Green
2012-12-06 22:58:03 UTC
Permalink
Post by Steve
Thanks much in advance for any information
USB devices when you first plug them in automatically go looking on
the Internet for a device driver and install it.

Look in the Device Driver section of the Control Panel. This may give
you a little info. Also look in the menus to see if some sort of app
has been installed to use the device. You should at least be able to
find the website of the driver maker.

I enjoy tinkering with this sort of problem. If you have trouble, one
option is to send me a reader.
--
Roedy Green Canadian Mind Products http://mindprod.com
Students who hire or con others to do their homework are as foolish
as couch potatoes who hire others to go to the gym for them.
Steve
2012-12-07 15:05:26 UTC
Permalink
Post by Roedy Green
I enjoy tinkering with this sort of problem. If you have trouble, one
option is to send me a reader.
I found a thread on stackoverlow.com where someone did exactly what I
want to do. Zero sample code and zero directions, but some clues where
I might find some answers

http://stackoverflow.com/questions/544056/common-access-card-cac-authentication-using-java
Roedy Green
2012-12-07 19:54:52 UTC
Permalink
Post by Steve
http://stackoverflow.com/questions/544056/common-access-card-cac-authentication-using-java
If this big government agency in the DoD, I have to stop helping you
right now. All my work is for non-military use only.
--
Roedy Green Canadian Mind Products http://mindprod.com
Students who hire or con others to do their homework are as foolish
as couch potatoes who hire others to go to the gym for them.
Steve
2012-12-08 15:02:15 UTC
Permalink
Post by Roedy Green
Post by Steve
http://stackoverflow.com/questions/544056/common-access-card-cac-authentication-using-java
If this big government agency in the DoD, I have to stop helping you
right now. All my work is for non-military use only.
In the United States the Federal Government has been on a big security
kick. They are phasing out each agency having their own security card
system ( previously just for getting in and out of buildings ) and
having every agency, civilian and military alike use the CAC card.

It will be used for both building entry and computer entry.
Roedy Green
2012-12-09 00:27:52 UTC
Permalink
Post by Steve
In the United States the Federal Government has been on a big security
kick. They are phasing out each agency having their own security card
system ( previously just for getting in and out of buildings ) and
having every agency, civilian and military alike use the CAC card.
I was reading up on CAC. I have been pressing for such a card to be
issued to everyone. It could be use for all kinds of things such as
secure Internet commerce, id, age id, digital signing of emails,
encryption, lock access, a universal door key.

I was surprised to find out that the Malaysians have already done
this.

I also discovered that slowly passports are moving toward
international digital standards.

I have been pushing various parties to issue such ids, in the form of
smart cards, digital certs and flash drives.

see http://mindprod.com/jgloss/cac.html

Every once in a while the military comes up with something very
valuable to general society. Everything I have read suggests they did
it correctly.
--
Roedy Green Canadian Mind Products http://mindprod.com
Students who hire or con others to do their homework are as foolish
as couch potatoes who hire others to go to the gym for them.
Steve
2012-12-10 16:28:42 UTC
Permalink
Post by Roedy Green
I was reading up on CAC. I have been pressing for such a card to be
issued to everyone. It could be use for all kinds of things such as
secure Internet commerce, id, age id, digital signing of emails,
encryption, lock access, a universal door key.
That does have a "really cool" factor to it. However, something about a
universal ID gives me the creeps. I do realize we do not live in the
18th century anymore.
Roedy Green
2012-12-13 04:39:03 UTC
Permalink
Post by Steve
That does have a "really cool" factor to it. However, something about a
universal ID gives me the creeps.
We put up with ids so long as they are incompetent, easy to forge,
easy to use if lost, so long as you need a wallet full of them. Credit
cards are effectively blank cheques. Once you do business with anyone
they, or anyone who works for them, can take your money again at any
time in future.

The scary part is the central control. Somebody does not like you and
suddenly you can't buy anything, get into your house, start your car,
get medical care. You are suddenly a non-person.

I have been trying to get around that objection by convincing
companies that sell code-signing certs to allow them to be put into
flash drives with the private key hidden, to use the way you could a
CAC. You would not need a reader, just a USB port. So far not even a
"thank you for sharing" response.
--
Roedy Green Canadian Mind Products http://mindprod.com
Students who hire or con others to do their homework are as foolish
as couch potatoes who hire others to go to the gym for them.
Steve
2012-12-13 15:01:13 UTC
Permalink
Post by Roedy Green
Post by Steve
That does have a "really cool" factor to it. However, something about a
universal ID gives me the creeps.
We put up with ids so long as they are incompetent, easy to forge,
easy to use if lost, so long as you need a wallet full of them. Credit
cards are effectively blank cheques. Once you do business with anyone
they, or anyone who works for them, can take your money again at any
time in future.
The scary part is the central control. Somebody does not like you and
suddenly you can't buy anything, get into your house, start your car,
get medical care. You are suddenly a non-person.
I have been trying to get around that objection by convincing
companies that sell code-signing certs to allow them to be put into
flash drives with the private key hidden, to use the way you could a
CAC. You would not need a reader, just a USB port. So far not even a
"thank you for sharing" response.
Do I understand you correctly? You are saying that a "Personal CAC"
would be safer than another type of ID or credit card in that it would
not leave information behind?

I can see that being the case if it is a photo id and clerks look at the
photo. Then again as far as debit/cred cards go, there are some that
use photos and a PIN.

Steve
Roedy Green
2012-12-17 10:57:44 UTC
Permalink
Post by Steve
Do I understand you correctly? You are saying that a "Personal CAC"
would be safer than another type of ID or credit card in that it would
not leave information behind?
I can see that being the case if it is a photo id and clerks look at the
photo. Then again as far as debit/cred cards go, there are some that
use photos and a PIN.
A credit card leaves the number behind that anyone can use as easily
as the original owner. It is like leaving behind a pile of blank
cheques. If you send it over the Internet, snoops get some blank
cheques too.

Credit cards are easy to forge. You might get stuck with at least some
charge/hassle or unnoticed fraud.

The big advantage of CAC someone seeing it has no handle to forge it
or reuse it.

I believe a CAC contains a digital image, so even if the card were
tampered with externally, the digital image inside would be intact.
Further the card has a pin. Granted, a crooked reader could snoop on
the pin. Ideally the pin mechanism should be built into the card,
requiring no external hardware. e.g. fingerprint id.

If your ID is not secure, it can harm you. People can do bad things
and rack up debt in your name. It is then up to you to prove
otherwise.

Digital ID is expensive. That is why I think you should need only one,
and it should serve many purposes.

We put up with dragging around so many different kinds of ID cards,
all of which expire and need to be separately maintained. They are
all easy to forge. Whereever I can, I refuse to carry any sort of ID
card.

The ID I find most annoying is the kind supermarkets want you to carry
or else they charge 20% extra.
--
Roedy Green Canadian Mind Products http://mindprod.com
Students who hire or con others to do their homework are as foolish
as couch potatoes who hire others to go to the gym for them.
Steve
2012-12-10 16:30:32 UTC
Permalink
Post by Steve
I have some very elementary questions.
Where I work we just hooked up card readers to our PCs, either by card
readers in the keyboards or via USB card readers.
What are these type of cards called?
Can server side Java be used to read information off of these cards?
If so what are the names of the libraries, APIs, extensions etc that I
would want to investigate?
Thanks much in advance for any information
Steve
Researching this further it seems to be the case that the CAC card would
send a certificate through the browser, so it *might* be a matter of
using server side Java to read the certificate. Something else I know
zero about, but that seems like something where it would be hard to
throw a rock into Google and not hit at least a few tutorials.

Steve
Loading...