Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.help > #2334 > unrolled thread

Elementary Questions: Java And Reading Security Cards

Back to article view | Back to comp.lang.java.help

Contents

  Elementary Questions:  Java And Reading Security Cards Steve <tinker123@gmail.com> - 2012-12-06 09:45 -0500
    Re: Elementary Questions:  Java And Reading Security Cards Lew <lewbloch@gmail.com> - 2012-12-06 11:01 -0800
      Re: Elementary Questions:  Java And Reading Security Cards Steve <tinker123@gmail.com> - 2012-12-06 15:56 -0500
    Re: Elementary Questions:  Java And Reading Security Cards Roedy Green <see_website@mindprod.com.invalid> - 2012-12-06 14:47 -0800
      Re: Elementary Questions:  Java And Reading Security Cards Steve <tinker123@gmail.com> - 2012-12-07 10:01 -0500
        Re: Elementary Questions:  Java And Reading Security Cards Roedy Green <see_website@mindprod.com.invalid> - 2012-12-07 11:49 -0800
          Re: Elementary Questions:  Java And Reading Security Cards Steve <tinker123@gmail.com> - 2012-12-08 10:05 -0500
    Re: Elementary Questions:  Java And Reading Security Cards Roedy Green <see_website@mindprod.com.invalid> - 2012-12-06 14:58 -0800
      Re: Elementary Questions:  Java And Reading Security Cards Steve <tinker123@gmail.com> - 2012-12-07 10:05 -0500
        Re: Elementary Questions:  Java And Reading Security Cards Roedy Green <see_website@mindprod.com.invalid> - 2012-12-07 11:54 -0800
          Re: Elementary Questions:  Java And Reading Security Cards Steve <tinker123@gmail.com> - 2012-12-08 10:02 -0500
            Re: Elementary Questions:  Java And Reading Security Cards Roedy Green <see_website@mindprod.com.invalid> - 2012-12-08 16:27 -0800
              Re: Elementary Questions:  Java And Reading Security Cards Steve <tinker123@gmail.com> - 2012-12-10 11:28 -0500
                Re: Elementary Questions:  Java And Reading Security Cards Roedy Green <see_website@mindprod.com.invalid> - 2012-12-12 20:39 -0800
                  Re: Elementary Questions:  Java And Reading Security Cards Steve <tinker123@gmail.com> - 2012-12-13 10:01 -0500
                    Re: Elementary Questions:  Java And Reading Security Cards Roedy Green <see_website@mindprod.com.invalid> - 2012-12-17 02:57 -0800
    Re: Elementary Questions:  Java And Reading Security Cards Steve <tinker123@gmail.com> - 2012-12-10 11:30 -0500

#2334 — Elementary Questions: Java And Reading Security Cards

I have some very elementary questions.

Where I work we just hooked up card readers to our PCs, either by card 
readers in the keyboards or via USB card readers.

What are these type of cards called?

Can server side Java be used to read information off of these cards?

If so what are the names of the libraries, APIs, extensions etc that I 
would want to investigate?

Thanks much in advance for any information

Steve

[toc] | [next] | [standalone]

#2339

Steve wrote:
> I have some very elementary questions.
> 
> Where I work we just hooked up card readers to our PCs, either by card 
> readers in the keyboards or via USB card readers.
> 
> What are these type of cards called?

IIRC, "smartcards".

> Can server side Java be used to read information off of these cards?

All you need is a way to connect the ends.

(Making it sound simple, but not necessarily easy.)

> If so what are the names of the libraries, APIs, extensions etc that I 
> would want to investigate?

HTTP. RMI. Web services.

If your card reader is here, and your server is there, you need one of two things 
to connect the two - a really long wire or a radio or a network. Okay, three.

Presumably your reader is on the "client" side of the client-server exchange. You 
need hardware to connect it to the connection, so to speak.

Example I use - I sometimes debug smartphones. The communication locally would 
be between the phone and the PC via a socket that a driver translates to USB signals.

Now I have my test environment on a server over there, but my phone on my 
workstation over here. I connect to there from here via SSH, with reverse port-forwarding 
to convince the server that port 6666 (for example) is the one at my end. So the server 
talks over an SSH tunnel to my port 6666 thinking it's its own local 6666. It's just 
like being there, only slower.

-- 
Lew

[toc] | [prev] | [next] | [standalone]

#2341

On 12/6/2012 2:01 PM, Lew wrote:
> Steve wrote:
>> I have some very elementary questions.
>>
>> Where I work we just hooked up card readers to our PCs, either by card
>> readers in the keyboards or via USB card readers.
>>
>> What are these type of cards called?
>
> IIRC, "smartcards".

That is a huge help, now that I know what they are called I have a term 
to search on

Thanks

Steve

[toc] | [prev] | [next] | [standalone]

#2342

On Thu, 06 Dec 2012 09:45:52 -0500, Steve <tinker123@gmail.com> wrote,
quoted or indirectly quoted someone who said :

>Where I work we just hooked up card readers to our PCs, either by card 
>readers in the keyboards or via USB card readers.
>
>What are these type of cards called?

Do they look like credit cards?  If so, smart cards.

Do they look like the chips you put into a digital camera?  If so,
memory cards.

Do they have 80 columns of 12 rows with rectangular holes?  If so, 
punch cards.

Sometimes drivers make these look like tiny hard disks.  You can
access them by drive letter.  Server side Java cannot look at hard
disks without some signed app running on the client to do the looking
for them.

Can you point me to docs on the drivers?  You may have to access them
via C using JNI.

see http://mindprod.com/jgloss/jni.html

What brand/model of card reader did you buy?

-- 
Roedy Green Canadian Mind Products http://mindprod.com
Students who hire or con others to do their homework are as foolish 
as couch potatoes who hire others to go to the gym for them. 

[toc] | [prev] | [next] | [standalone]

#2347

On 12/6/2012 5:47 PM, Roedy Green wrote:
> On Thu, 06 Dec 2012 09:45:52 -0500, Steve<tinker123@gmail.com>  wrote,
> quoted or indirectly quoted someone who said :
>
>> Where I work we just hooked up card readers to our PCs, either by card
>> readers in the keyboards or via USB card readers.
>>
>> What are these type of cards called?
>
> Do they look like credit cards?  If so, smart cards.

I think so.  They have a black strip on the length of the back like a 
bank/credit card.  The front has a persons picture and a large gold chip 
embedded in it, that looks like a larger version of a "SIM Card" that is 
put into the back of smart phones

> Do they have 80 columns of 12 rows with rectangular holes?  If so,
> punch cards.

No.

>
> Can you point me to docs on the drivers?  You may have to access them
> via C using JNI.

No, these were given to us by our monolithic, off premises, network 
group ( it is a big government org ).  The card readers are embedded in 
off the shelf keyboards.


Thanks for the response.

[toc] | [prev] | [next] | [standalone]

#2349

On Fri, 07 Dec 2012 10:01:13 -0500, Steve <tinker123@gmail.com> wrote,
quoted or indirectly quoted someone who said :

>
>I think so.  They have a black strip on the length of the back like a 
>bank/credit card.  The front has a persons picture and a large gold chip 
>embedded in it, that looks like a larger version of a "SIM Card" that is 
>put into the back of smart phones

that is called a smart card reader. See
http://mindprod.com/jgloss/cardreader.html
There are two kinds, contact and contactless that you just have to
hover over the reader.  The contactless cost more.

Do you at least have some docs of this form?

Chip-card protocols: T=0, T=1, S=8, S=9, S=10. Software interface:
CT-Api, PC/SC, OCF

When you install the keyboard, look in the control panel for the
reader driver. What info can you glean?

Do you know how to use Wireshark? Snoop to see what website it goes to
fetch the driver when you first plug in the keyboard.
http://mindprod.com/jgloss/wireshark.html

Flip the keyboard over. See if there is a model number or
manufacturer.

Have you asked the big government org for the docs on how to write
software for this beast?
-- 
Roedy Green Canadian Mind Products http://mindprod.com
Students who hire or con others to do their homework are as foolish 
as couch potatoes who hire others to go to the gym for them. 

[toc] | [prev] | [next] | [standalone]

#2352

On 12/07/2012 02:49 PM, Roedy Green wrote:

> Have you asked the big government org for the docs on how to write
> software for this beast?
>

That is a good idea.  Our networking stuff is imposed on us from a big 
agency outside of and unresponsive to us, so usually asking questions 
from them doesn't make sense.  However, since the smart card, the CAC 
card is being made government wide, it is likely somebody, somewhere has 
some docs.  I don't have to build this immediately, I was asked by my 
boss to begin looking into it, so I can afford to send out emails asking 
if such docs exist.

[toc] | [prev] | [next] | [standalone]

#2343

On Thu, 06 Dec 2012 09:45:52 -0500, Steve <tinker123@gmail.com> wrote,
quoted or indirectly quoted someone who said :

>Thanks much in advance for any information

USB devices when you first plug them in automatically go looking on
the Internet for a device driver and install it.

Look in the Device Driver section of the Control Panel.  This may give
you a little info.  Also look in the menus to see if some sort of app
has been installed to use the device. You should at least be able to
find the website of the driver maker.

I enjoy tinkering with this sort of problem.  If you have trouble, one
option is to send me a reader.
-- 
Roedy Green Canadian Mind Products http://mindprod.com
Students who hire or con others to do their homework are as foolish 
as couch potatoes who hire others to go to the gym for them. 

[toc] | [prev] | [next] | [standalone]

#2348

On 12/6/2012 5:58 PM, Roedy Green wrote:
> I enjoy tinkering with this sort of problem.  If you have trouble, one
> option is to send me a reader.

I found a thread on stackoverlow.com where someone did exactly what I 
want to do.  Zero sample code and zero directions, but some clues where 
I might find some answers

http://stackoverflow.com/questions/544056/common-access-card-cac-authentication-using-java

[toc] | [prev] | [next] | [standalone]

#2350

On Fri, 07 Dec 2012 10:05:26 -0500, Steve <tinker123@gmail.com> wrote,
quoted or indirectly quoted someone who said :

>
>http://stackoverflow.com/questions/544056/common-access-card-cac-authentication-using-java

If this big government agency in the DoD, I have to stop helping you
right now.  All my work is for non-military use only.
-- 
Roedy Green Canadian Mind Products http://mindprod.com
Students who hire or con others to do their homework are as foolish 
as couch potatoes who hire others to go to the gym for them. 

[toc] | [prev] | [next] | [standalone]

#2351

On 12/07/2012 02:54 PM, Roedy Green wrote:
> On Fri, 07 Dec 2012 10:05:26 -0500, Steve <tinker123@gmail.com> wrote,
> quoted or indirectly quoted someone who said :
>
>>
>> http://stackoverflow.com/questions/544056/common-access-card-cac-authentication-using-java
>
> If this big government agency in the DoD, I have to stop helping you
> right now.  All my work is for non-military use only.
>

In the United States the Federal Government has been on a big security 
kick.  They are phasing out each agency having their own security card 
system ( previously just for getting in and out of buildings ) and 
having every agency, civilian and military alike use the CAC card.

It will be used for both building entry and computer entry.

[toc] | [prev] | [next] | [standalone]

#2353

On Sat, 08 Dec 2012 10:02:15 -0500, Steve <tinker123@gmail.com> wrote,
quoted or indirectly quoted someone who said :

>In the United States the Federal Government has been on a big security 
>kick.  They are phasing out each agency having their own security card 
>system ( previously just for getting in and out of buildings ) and 
>having every agency, civilian and military alike use the CAC card.

I was reading up on CAC. I have been pressing for such a card to be
issued to everyone. It could be use for all kinds of things such as 
secure Internet commerce, id, age id, digital signing of emails,
encryption, lock access, a universal door key.

I was surprised to find out that the Malaysians have already done
this.

I also discovered that slowly passports are moving toward
international digital standards.

I have been pushing various parties to issue such ids, in the form of
smart cards, digital certs and flash drives.

see http://mindprod.com/jgloss/cac.html

Every once in a while the military comes up with something very
valuable to general society.  Everything I have read suggests they did
it correctly.
-- 
Roedy Green Canadian Mind Products http://mindprod.com
Students who hire or con others to do their homework are as foolish 
as couch potatoes who hire others to go to the gym for them. 

[toc] | [prev] | [next] | [standalone]

#2357

On 12/8/2012 7:27 PM, Roedy Green wrote:
> I was reading up on CAC. I have been pressing for such a card to be
> issued to everyone. It could be use for all kinds of things such as
> secure Internet commerce, id, age id, digital signing of emails,
> encryption, lock access, a universal door key.

That does have a "really cool" factor to it.  However, something about a 
universal ID gives me the creeps.  I do realize we do not live in the 
18th century anymore.

[toc] | [prev] | [next] | [standalone]

#2361

On Mon, 10 Dec 2012 11:28:42 -0500, Steve <tinker123@gmail.com> wrote,
quoted or indirectly quoted someone who said :

>That does have a "really cool" factor to it.  However, something about a 
>universal ID gives me the creeps.


We put up with ids so long as they are incompetent, easy to forge,
easy to use if lost, so long as you need a wallet full of them. Credit
cards are effectively blank cheques. Once you do business with anyone
they, or anyone who works for them, can take your money again at any
time in future.

The scary part is the central control.  Somebody does not like you and
suddenly you can't buy anything, get into your house, start your car,
get medical care.  You are suddenly a non-person.

I have been trying to get around that objection by convincing
companies that sell code-signing certs to allow them to be put into
flash drives with the private key hidden, to use the way you could a
CAC. You would not need a reader, just a USB port. So far not even a
"thank you for sharing" response.


-- 
Roedy Green Canadian Mind Products http://mindprod.com
Students who hire or con others to do their homework are as foolish 
as couch potatoes who hire others to go to the gym for them. 

[toc] | [prev] | [next] | [standalone]

#2362

On 12/12/2012 11:39 PM, Roedy Green wrote:
> On Mon, 10 Dec 2012 11:28:42 -0500, Steve<tinker123@gmail.com>  wrote,
> quoted or indirectly quoted someone who said :
>
>> That does have a "really cool" factor to it.  However, something about a
>> universal ID gives me the creeps.
>
>
> We put up with ids so long as they are incompetent, easy to forge,
> easy to use if lost, so long as you need a wallet full of them. Credit
> cards are effectively blank cheques. Once you do business with anyone
> they, or anyone who works for them, can take your money again at any
> time in future.
>
> The scary part is the central control.  Somebody does not like you and
> suddenly you can't buy anything, get into your house, start your car,
> get medical care.  You are suddenly a non-person.
>
> I have been trying to get around that objection by convincing
> companies that sell code-signing certs to allow them to be put into
> flash drives with the private key hidden, to use the way you could a
> CAC. You would not need a reader, just a USB port. So far not even a
> "thank you for sharing" response.
>
>

Do I understand you correctly?  You are saying that a "Personal CAC" 
would be safer than another type of ID or credit card in that it would 
not leave information behind?

I can see that being the case if it is a photo id and clerks look at the 
photo.  Then again as far as debit/cred cards go, there are some that 
use photos and a PIN.

Steve

[toc] | [prev] | [next] | [standalone]

#2363

On Thu, 13 Dec 2012 10:01:13 -0500, Steve <tinker123@gmail.com> wrote,
quoted or indirectly quoted someone who said :

>Do I understand you correctly?  You are saying that a "Personal CAC" 
>would be safer than another type of ID or credit card in that it would 
>not leave information behind?
>
>I can see that being the case if it is a photo id and clerks look at the 
>photo.  Then again as far as debit/cred cards go, there are some that 
>use photos and a PIN.

A credit card leaves the number behind that anyone can use as easily
as the original owner. It is like leaving behind a pile of blank
cheques.  If you send it over the Internet, snoops get some blank
cheques too.

Credit cards are easy to forge. You might get stuck with at least some
charge/hassle or unnoticed fraud.

The big advantage of CAC someone seeing it has no handle to forge it
or reuse it. 

I believe a CAC contains a digital image, so even if the card were
tampered with externally, the digital image inside would be intact.
Further the card has a pin. Granted, a crooked reader could snoop on
the pin.  Ideally the pin mechanism should be built into the card,
requiring no external hardware. e.g. fingerprint id.

If your ID is not secure, it can harm you.  People can do bad things
and rack up debt in your name. It is then up to you to prove
otherwise.

Digital ID is expensive. That is why I think you should need only one,
and it should serve many purposes. 

We put up with dragging around so many different kinds of ID cards,
all of which expire and need to be separately maintained.  They are
all easy to forge. Whereever I can, I refuse to carry any sort of ID
card.

The ID I find most annoying is the kind supermarkets want you to carry
or else they charge 20% extra. 

-- 
Roedy Green Canadian Mind Products http://mindprod.com
Students who hire or con others to do their homework are as foolish 
as couch potatoes who hire others to go to the gym for them. 

[toc] | [prev] | [next] | [standalone]

#2358

On 12/6/2012 9:45 AM, Steve wrote:
> I have some very elementary questions.
>
> Where I work we just hooked up card readers to our PCs, either by card
> readers in the keyboards or via USB card readers.
>
> What are these type of cards called?
>
> Can server side Java be used to read information off of these cards?
>
> If so what are the names of the libraries, APIs, extensions etc that I
> would want to investigate?
>
> Thanks much in advance for any information
>
> Steve

Researching this further it seems to be the case that the CAC card would 
send a certificate through the browser, so it *might* be a matter of 
using server side Java to read the certificate.   Something else I know 
zero about, but that seems like something where it would be hard to 
throw a rock into Google and not hit at least a few tutorials.

Steve

[toc] | [prev] | [standalone]

Back to top | Article view | comp.lang.java.help

csiph-web