I have written an applet in my java card and the other applet in my SAM. I want to create mutual authentication by sending random number created each side.
The model of reader is:
c:\>gp.exe -all -d
# Detected readers from SunPCSC
[*] ACS ACR1281 1S Dual Reader PICC 0
[*] ACS ACR1281 1S Dual Reader SAM 0
I select applet on SAM ,create random number and send out. Then I select applet on java card creating string with random of SAM and new random creation by card and send the mixed random.
So I should again select applet on SAM to check the random, but as my randoms are in transient Clear_ON_RESET Memory, they gone.
I need random numbers in transient CLEAR_ON_RESET Memory.And I use gp.exe for sending APDU's.
Is there any way that I can have both SAM and Card selected? I guess there should be a way to have both them up.
If you've got different (logical)) reader devices then there is no need to close the channel to either one of them while using the other. You should be able to use them concurrently, even from the same thread.
The problem is using gp.exe which is a tool not written for such usage. Please code an application, for instance using Java & javax.smartcardio instead.
Related
I made an app that advertises an iBeacon. The UUID changes every 30 seconds. Within the UUID is the androidID of the phone and a timestamp. Both are encrypted. My smarthome system decrypts the UUID and gets the timestamp and the androidID.If both are valid the front door opens.
The app creates an UUID and starts advertising, stops after 30 seconds an creates a new one and restarts the advertising. This goes on for ever until the app (running in backround) doesn't get closed.
I wonder if it is possible to change the advertising data (UUID) without stopping and restarting the advertising??
Thanks!
Is starting with AdvertisingSet a solution??
The way to do this is via the setAdvertisingData() method. Calling this in the middle of advertising shouldn't be an issue (as long as you are on API 26 or later). From the Android developer website:-
Set/update data being Advertised. Make sure that data doesn't exceed
the size limit for specified AdvertisingSetParameters. This method
returns immediately, the operation status is delivered through
callback.onAdvertisingDataSet().
Advertising data must be empty if non-legacy scannable advertising is
used. For apps targeting Build.VERSION_CODES#R or lower, this requires
the Manifest.permission#BLUETOOTH_ADMIN permission which can be gained
with a simple manifest tag. For apps targeting
Build.VERSION_CODES#S or or higher, this requires the
Manifest.permission#BLUETOOTH_ADVERTISE permission which can be gained
with Activity.requestPermissions(String[], int). Requires
Manifest.permission.BLUETOOTH_ADVERTISE
Have a look at the links below for more information:-
How do you update the Android BLE advertising data at runtime
Dynamically changing BLE data in Android
BLE advertisements changing in Android
I am having a problem with the EXTERNAL AUTHENTICATE process on my EMV card. When I authenticate the card to the host, the host responds failed : Card Cryptogram Verification Error. Card cryptogram is obtained from the previous process to the card : INITIALIZE UPDATE.
INITIALIZE UPDATE response
Key Diversification Data (10 bytes)
Key Information (2 bytes)
Sequence Counter (2 bytes)
Card Challenge (6 bytes)
Card Cryptogram (8 bytes)
After we discussed with the host team, there might be a process that does not match in the Card Cryptogram calculation.
So we are looking for algorithms or formulas to calculate Cryptogram cards manually.
Is there an algorithm or formula for manually calculating Card Cryptogram?
Instead of INITIALIZE UPDATE data response.
My reference :
How can I check INITIALIZE UPDATE and EXTERNAL AUTHENTICATE correctness?
I don't see the point. If the GP doesn't handle the INITIALIZE UPDATE command then it won't establish the security context. Computing the cryptogram is in that case no use at all. I don't think you have direct - or at least enough - access to the keys from the applet that acts as a security domain either, so retrieving the keys to perform the calculation should not be possible.
Really, the onus is on the host to fix the issue, not the card. Usually cards are implemented and tested against the specs, so there must be a missing option or the host may be using a different SCP which results in the cryptogram failing.
I'm trying to read some data from the secure element in the SIM of a global platform 2.2 card.
My SELECT command of the applet is successful 90,00 with some PDOL data in the response. However when I send Get Processing Options it returns 6D00. It seems the Security Domain is still in charge and does not understand the GPO command.
My investigation says applet specific commands needs to go over a secure channel, while the CRS runs on the basic channel. Is this requirement true even if the card is not being accessed over the contactless interface?
First of all verify that your applet must be selected on same I/O interface and the same logical channel on which you are sending the command.
The status word '6D00' shows that the command sent over another applet or SD that does not understand it instead of secure channel initiation requirement.
And yes if you are communicating with secured card like and Secure element then you need to initiate scp session.
SELECT APDU should be sent first with correct AID.
If AID belongs to the EMV card, response should come with status SW 90 00 with data area. Processing Options Data Object List in data area should be properly parsed and GET PROCESSING OPTIONS should be constructed with required parameters (Terminal
Transaction Qualifiers,Amount, Authorized , Unpredictable Number etc.)
Try this TLV utilities and see the options list:
9F38 Processing Options Data Object List (PDOL)
9F66049F02069F37045F2A029A03
I have a public computer that is used in an ATM sort of fashion. When a certain action occurs (person inserts money), the program I've written on the computer sends a request to a trusted server which does a very critical task (transfers money).
I'm wondering, since I have to communicate to a server to start the critical task, the credentials to communicate with it are stored on this public computer. How do I prevent hackers from obtaining this information and running the critical task with their own parameters?
HSM (Hardware Security Modules) are designed to store keys safely:
A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server.
HSMs may possess controls that provide tamper evidence such as logging and alerting and tamper resistance such as deleting keys upon tamper detection. Each module contains one or more secure cryptoprocessor chips to prevent tampering and bus probing.
Impossible in general
If your user has access to this PC, they can easily insert fake money. Your model is doomed.
Minimize attack surface
This PC ought to have unique token (a permanent cookie is enough), and sever will refuse a request without a valid cookie. Server maintains database of device types, and this ATM-PC is only allowed certain operations (deposit money up to NNN units). Ideally it is also rate-limited (at most once per 3 seconds).
Please help me to resolve an issue with Cisco881G device.
My company bought Cisco881G. From the box we have npe firmware: c880data-universalk9_npe-mz.152-3.T1.bin
It's know that this firmware doesn't work with encryption.
I tried to update firmware to c880data-universalk9-mz.152-3.T1.bin
You can see this is the same firmware, but without npe.
After update I reboot device and facing the problem. Device can't start up correctly and create file crashinfo_20130902-140731-UTC.
I tried other firmwares but the result is the same.
In file crashinfo we can see:
*Jan 2 00:00:02.811: %LICENSE-6-EULA_ACCEPT_ALL: The Right to Use End User License Agreement is accepted
*Jan 2 00:00:02.847: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c880-data Next reboot level = advsecurity and License = No valid license found
*Sep 2 14:07:30.055: %IFMGR-7-NO_IFINDEX_FILE: Unable to open nvram:/ifIndex-table No such file or directory
*Sep 2 14:07:30.163: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Initialized
*Sep 2 14:07:30.283: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Enabled
*Sep 2 14:07:30.311: SEC_POST: AES-192 decryption output mismatch!
*Sep 2 14:07:30.311: SEC_POST: POST Test for AES-192 Failed
*Sep 2 14:07:30.311: %VPN_HW-0-SELF_TEST_FAILURE: Hardware Crypto self-test failed (SEC2.0 POST(Power-On-Self-Test) Failed!)
*Sep 2 14:07:31.435: %SYS-3-LOGGER_FLUSHED: System was paused for 00:00:01 to ensure console debugging output.
Please help me to understand why I have the problem and what does this message mean.
Thanks in advance for your help.
It means the onboard encryption engine is damaged/malfunctioning/disabled and doesn't return the power up test results as it should. It could be the router was built for sale in an area that doesn't allow payload encryption and it was physically disabled by Cisco during manufacturing or the chip is just broke and the reseller loaded it without encryption to get it to pass POST on boot up.
See the Cisco documentation here:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps5460/product_bulletin_c25-566278_ps10537_Products_Bulletin.html
Universal images with the universalk9_npe" designation in the image name: The strong enforcement of encryption capabilities provided by Cisco Software Activation satisfies requirements for the export of encryption capabilities. However, some countries have import requirements that require that the platform does not support any strong crypto functionality such as payload cryptography. To satisfy the import requirements of those countries, the `npe' universal image does not support any strong payload encryption. This image supports security features like Zone-Based Firewall, Intrusion Prevention through SECNPE-K9 license.
IOS 15 uses the CSA to inhibit export of munitions grade crypto packages, but there may be a jumper or switch on the motherboard to disable the onboard crypto co-processor.
Also double check the SHA of the firmware it shipped with compared to firmware available from Cisco; the device may be counterfeit.