|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Muscle] Q: access to remote chip card reader?
From: Peter Williams (home_pw
msn.com)
Date: Tue Feb 08 2005 - 09:57:40 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Remoting 7816 serial line protocols over tcp solutions abound. Sun settled
on TLP as the presentation layer and transport layer, and distributed it
widely with their javacard simulator. Tunneling the raw RS232 handshake
over TCP comes with Windows, of course, over (SSL-enhanced) winsock,
allowing remote access to a classical GemPlus serial reader. With full
support for CTS/DSR and decent and reserved bandwidth, etc, no reason why
one cannot support raw Phoenix/SmartMouse signaling, either, over IP.
The only place I've actually played with net:// was in secure discovery and
management protocols, uPNP specifically. Microsoft defined a subprotocol
enabling SSL over UDP. Once SSL is used as a connectionless bearer, its can
serve as a secure messaging service provider for half-duplex command
protocols - like uPNP and ....just like offcard-> javacard applet
communications.
Given the UNIX pcsclite resource manager exports a socket interface, there
is also the networked API at this layer. I suspect it was used, in the UNIX
world, as a way of (not) solving the trusted server's IPC problem, between
clients in one process and the common daemon in another. But, it was always
also a cute way of distributing readers in a net cluster. No reason why a
card communication provider plugged into in a Group 1 resource manager
cannot actually be an access protocol to the RMs in a second, remote,
Group. The url can do the routing, much like cascades of reverse HTTP proxy
servers provide fanout and collation of parallel CGI processing
requests/responses. a uPNP formatted URL, over connectionless https, would
surely work fine for remote smartcard access, given the underlying access
design of 7816 is half duplex.
Hope that gives some pointers, if nothing else.
----- Original Message -----
From: "Heiko Nardmann" <heiko.nardmannsecunet.com>
To: <musclelists.musclecard.com>
Sent: Tuesday, February 08, 2005 5:43 AM
Subject: [Muscle] Q: access to remote chip card reader?
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi!
>
> In the changelog I have read that it is supported to use something like
> "net://1.2.3.4/foobar" as a way to connect to remote attached readers. I
> am
> missing here a network protocol, i.e. a pcsc server and client. So how
> far
> is this working? Any examples how to use it?
>
> Thanks in advance!
>
> - --
> Heiko Nardmann (Dipl.-Ing. Technische Informatik)
> secunet Security Networks AG - Sicherheit in Netzwerken (www.secunet.de),
> Weidenauer Str. 223-225, D-57076 Siegen
> Tel. : +49 271 48950-13, Fax : +49 271 48950-50
>
> Besuchen Sie uns vom 10. - 16. März auf der CeBIT 2005 in Halle 7, Stand
> D38.
>
> Informationen zu unseren CeBIT-Themen finden Sie unter www.secunet.com
> <outbind://44/www.secunet.com> - wir freuen uns auf das Gespräch mit
> Ihnen.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
>
> iD8DBQFCCMIipm53PRScYygRAn8lAJ9LjFR6Kcw6sK/qVN57swEpn4gEzQCgmyGz
> uslUJL20MmXp56jSMU22goA=
> =duIB
> -----END PGP SIGNATURE-----
> _______________________________________________
> Muscle mailing list
> Musclelists.musclecard.com
> http://lists.drizzle.com/mailman/listinfo/muscle
>
_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]