this time I am NOT gonna freaking miss the show!!!

15 June 2012

Book 1 – Application Independent ICC to Terminal Interface Requirements
Book 2 – Security and Key Management
Book 3 – Application Specification
Book 4 – Cardholder, Attendant, and Acquirer Interface Requirements

http://www.emvco.com/specifications.aspx?id=21

http://www.emvco.com/specifications.aspx?id=22

…and so on…

This is what I am talking about Yeah, baby!

green all over the place

only “high-end” tasks: as in…21st or 11th floor high, wonderful panoramic view of the city

love the new hotel, relaxing after a super interesting 100% techie, geeky day

I have something I miss everyday at home:

- a nice bathtub (which I am going to joyfully abuse with all the bubbles available)

- a sauna!

[Show as slideshow]

me happy

Risks

Assumptions

Issues

Dependencies

face palm !!!

Nice how-to with example here. I’m not saying it makes sense (“ignore this bit, then shift right nibble of the leftmost byte to left by 1 position…etc”) but this is how it works.

Challenge number 2: try to encode my own stuff, which is not as simple as this nice example

Why do I have these issues? Mwell:

1. Global Platform specifies in GP SE Access Control spec that the binding between a Secure Element (javacard) application and a handset application shall be done according to a set of management rules. These rules can be either newly configured in an ARA-C (Access Rule Application Client) and ARA-M (Access Rule Application Master), a set of “databases” containing access rules. One other way is to use the PKCS#15 support that should be/is present on the cards. The PKCS#15 can be implemented as a smartcard filesystem structure – which I am studying now…

2. PKCS#15 standard is, of course, defined by RSA and specifies how the structure of this filesystem looks like. My interest is in the Data Object Identifiers (OIDs), which are used for smartcards as per GP in order to regulate access to smartcard applications from the handset

3. OIDs are specified according to ASN.1 notation, which, of course, is specified in a different standard, ISO/IEC 8825-1 (ITU X.690).

Now, for the funny part of this deal, is that the examples provided by these 3 different standards look alike and not so much That being said, an enthusiastic Cristina spent the entire day computing examples of ASN.1 encoding on paper, and for the same OID, she was able to get different encoding for each kind of explanations provided by the standards.

Asked for help from my smarter/more experienced friends around the Internets and got close to the ASN.1 enlightenment. Still, some things still don’t make any sense.

Have any of you actually used ASN.1 encoding? I understand how to encode the initial OIDs. I also understand how to encode integers that are less than 127B. I can also understand how to encode integers that are larger than 128B _and_ represented on 2 Bytes.

I cannot manage to encode integers that are larger than 127B and represented on 1 Byte. Also, I cannot properly encode integers that are represented on more than 2 Bytes.

Ex.: How do I encode the following OID: 1.2.840.114283.200.1.1 ?

Cheers!

Mwell, the very nice people of the Internet and not only recommended books And I’ve started to read Michael G’s recommendation: Hyperion / Fall of Hyperion, by Dan Simmons. Very very very nice books.

‘Ve read them breathlessly and now I’ve just found out that another friend whom I recommended them to a while back is also high on Hyperion.

tai metallia, mikäli tarpeen

mikään mukava irlantilainen kahvi ja ville laihiala (sentenced) ei korjata tänään

aika multaa muistot

These guys provide several tools. What I have started to use is the Smart Card Shell, which is a nice framework for running Java scripts.

OpenSCDP provides multiple JS scripts, some of them emulating a simple smart card, for instance. How does this work?: You just open a Smart Card Shell (scsh) and run the JS that emulates the smart card. The scsh will open a JCOP port, presenting the smartcard emulation as a real smart card reader would to other apps (for instance, I am using Eclipse to code the JS – OpenSCDP also integrates with Eclipse btw). But because I am (still) very n00b, for now I am just running the sample scripts from OpenSCDP in another scsh instance, and looking at the output.

Let’s have a look

simplecard.js provides an implementation of ISO 7816-4:

1. Open scsh GUI (cmd line not working yet for some reason), added filesystem.js from File > Run Script.

2. Open a second scsh GUI, and go to File > Run Script > select pkcs15 > explore.js

3. The images below will list the output. Actually, because the simplecard.js emulator does not have (apparently) support for PKCS15, they will give an error when trying to explore the PKCS15 infrastructure.

On the simulator console, the nice scsh tool logs all the commands.

[Show as slideshow]

Next step is to dig into the simulators in Eclipse and create my own PKCS15 card image. Iuhuu!!!