I removed the people names from the document and used XXX instead.
Please send/add comments if you have some.
Identifying a reader model
Authors: | Ludovic ROUSSEAU XXX, Xiring XXX, Gemalto |
---|---|
Version: | 1.0, October 2011 |
The problem
PC/SC v2 Part 10 now allows to use FEATURE_CCID_ESC_COMMAND to send a proprietary command to a reader using the CCID command PC_to_RDR_Escape.This is fine, but before sending a CCID escape command the application should be sure it is using the correct reader. A command foobar sent to reader A may return the firmware release but if sent to reader B the same command may erase its firmware or may do many other bad things.
PC/SC should provide a way to uniquely identify a reader so that an application will not send commands to readers not designed to support them.
Proposed solution
The USB protocol already provides a way to identify a device: idVendor and idProduct.We propose to include these 2 fields in the FEATURE_GET_TLV_PROPERTIES TLV response.
Tag name and value
Vendor ID
- Tag value:
- 0x0B
- Length:
- 2 bytes
- Value
- idVendor USB idVendor
Product ID
- Tag value:
- 0x0C
- Length:
- 2 bytes
- Value
- idProduct USB idProduct
Code sample
Here is a sample code written in Python using pyscard PC/SC wrapper http://pyscard.sourceforge.net/#! /usr/bin/env python from smartcard.System import readers from smartcard.pcsc.PCSCPart10 import (getFeatureRequest, hasFeature, getTlvProperties, FEATURE_CCID_ESC_COMMAND) # use the first reader card_connection = readers()[0].createConnection() card_connection.connect() # get CCID Escape control code feature_list = getFeatureRequest(card_connection) ccid_esc_command = hasFeature(feature_list, FEATURE_CCID_ESC_COMMAND) if ccid_esc_command is None: raise Exception("The reader does not support FEATURE_CCID_ESC_COMMAND") # get the TLV PROPERTIES tlv = getTlvProperties(card_connection) # check we are using a Xiring Leo reader if tlv['PCSCv2_PART10_PROPERTY_idVendor'] == 0x0F14 \ and tlv['PCSCv2_PART10_PROPERTY_idProduct'] == 0x0037: # proprietary commands for Xiring readers version = [ord(c) for c in "VERSION"] res = card_connection.control(ccid_esc_command, version) print res print ''.join([chr(x) for x in res]) else: print "Xiring Leo reader not found"Execution with a Xiring Leo reader:
[86, 69, 82, 32, 32, 80, 75, 48, 50, 46, 49, 49, 0] VER PK02.11Execution with a non Xiring Leo reader:
Xiring Leo reader not found
Questions & Answers
USB readers
For USB devices the idVendor and idProduct are the values from the USB layer.Non-USB readers
For serial, PCMCIA, ExpressCard, etc. readers the idVendor can be the manufacturer USB ID (if any), and idProduct a product ID managed by the manufacturer.But non-USB readers may not support the FEATURE_CCID_ESC_COMMAND command. So a non-USB reader may return no value for idVendor and idProduct tags.
Why not use the PC/SC reader name?
Using the PC/SC name is a fragile method. For example the name of a reader may change over time if the manufacturer name changes ("Gemplus" became "Gemalto" for example) and a new driver updates the reader name.My CCID driver (http://pcsclite.alioth.debian.org/ccid.html) updated reader names from Gemplus to Gemalto a few years ago. This is a real case.
Why not use SCARD_ATTR_VENDOR_NAME?
PC/SC v2 part 3 defines the tag 0x100 "Vendor Name" as "ASCII string".MSDN documentation for SCardGetAttrib() defines SCARD_ATTR_VENDOR_NAME as "Vendor name."
It looks like the Windows CCID driver uses the USB iManufacturer text field as SCARD_ATTR_VENDOR_NAME. Other drivers may return something else. For example up to release 1.4.5 my CCID driver returned the name of the driver author not the name of the reader manufacturer (because of a misunderstanding of the PC/SC specification).
The content of field is not specified, only its format: ASCII string.
Another problem is that some USB CCID readers use a strange value for the iManufacturer field.
Here is a list of all the iManufacturer values Ludovic has in his reader list: http://pcsclite.alioth.debian.org/ccid/section.html The first column is the number of occurrences of the name in the second column.
Nb | iManufacturer value |
1 | |
1 | |
6 | ACS |
1 | ASK-RFID |
6 | ATMEL |
1 | ActivCard |
2 | ActivIdentity |
2 | Aktiv |
1 | Aktiv Co., ProgramPark |
1 | Aladdin |
1 | Athena |
2 | Athena |
2 | Atmel |
1 | Axalto |
2 | BIFIT |
1 | BLUTRONICS |
5 | Broadcom Corp |
6 | C3PO |
3 | COVADIS |
7 | Cherry GmbH |
1 | Dell |
6 | Eutron |
1 | FS |
1 | FT SCR301 |
1 | Feitian Technologies |
1 | Free Software Initiative of Japan |
2 | Fujitsu Siemens Computers |
1 | GEMPLUS |
8 | Gemalto |
2 | Gemalto |
1 | Gemalto* |
12 | Gemplus |
7 | Generic |
1 | German Privacy Foundation |
2 | Giesecke & Devrient GmbH |
1 | GoldKey Security |
1 | HDZB |
1 | Hewlett Packard |
2 | Hewlett-Packard Company |
1 | KEBTechnology |
3 | KOBIL |
9 | KOBIL Systems |
1 | Kingtrust |
1 | Lenovo |
1 | MYSMART |
4 | Neowave |
2 | O2 |
1 | OBERTHUR TECHNOLOGIES |
2 | OCS ID-One Cosmo Card |
4 | OMNIKEY |
9 | OMNIKEY AG |
1 | Panasonic |
2 | Philips Semiconductors |
2 | Precise Biometrics |
1 | REINER SCT |
1 | RSA |
1 | Raritan |
1 | Reiner-SCT |
18 | SCM Microsystems Inc. |
1 | SMART |
1 | SYNNIX |
1 | Samsung ElectronicsCo., Ltd |
1 | SchlumbergerSema |
1 | Secure Device Solutions |
1 | Sitecom |
7 | SpringCard |
1 | THRC |
1 | TianYu CCID Key |
1 | Tianyu |
3 | Todos |
1 | USB |
8 | VASCO |
1 | VMware |
1 | Validy |
1 | Winbond |
4 | XIRING |
1 | charismathics |
3 | id3 Semiconductors |
1 | jNet Technology inc. |
1 | ubisys |
Remarks
The first name is just 3 space characters for ACS ACR 122U reader.The second name is just 1 space character for the Gemalto Ezio CB+ reader.
The same company uses "ActivCard" and "ActivIdentity".
The same company uses "Aktiv" and "Aktiv Co., ProgramPark".
The ASEDrive IIIe KB reader uses "Athena " with an extra space at the end of the name. But the other readers from the same manufacturer use "Athena" without the extra space.
Feitian uses the product name "FT SCR301" as iManufacturer.
Gemplus uses "GEMPLUS" (all caps) for the GemPC433 SL reader.
Gemplus has been renamed Gemalto. So the new readers now use "Gemalto", but also "Gemalto " (with an extra space character) and even "Gemalto*".
We have 7 "Generic" for 2 different idVendor (0x0BDA and 0x058F).
We have 1 "Hewlett Packard" and 2 "Hewlett-Packard Company".
We have 3 "KOBIL" and 9 "KOBIL Systems".
We have 4 "OMNIKEY" and 9 "OMNIKEY AG".
We have 1 "REINER SCT" and 1 "Reiner-SCT"
Results
The iManufacturer field is not constant for all devices from the same manufacturer.The iManufacturer is not uniq since the same name "Generic" is used by (at least) 2 manufacturers.
Only the idVendor USB field is correctly specified and uniq.
Why not use SCARD_ATTR_VENDOR_IFD_TYPE?
PC/SC v2 part 3 defines the tag 0x101 "Vendor- specified IFD Type" as "ASCII string".MSDN for SCardGetAttrib() defines SCARD_ATTR_VENDOR_IFD_TYPE as "Vendor-supplied interface device type (model designation of reader)."
It looks like the Windows CCID driver uses the USB iProduct text field. Other drivers may return something else.
The content of the field is not specified, only its format (ASCII string).
Another problem is that some USB CCID readers use a strange value for the iProduct field.
Here is a list of all the iProduct values Ludovic has in his reader list. The first column is the number of occurrences of the name in the second column.
Nb | Name |
13 | Smart Card Reader USB |
5 | mIDentity 4smart |
5 | 5880 |
4 | Weneo |
4 | CCID USB Reader |
3 | USB SmartCard Reader |
3 | USB Smart Card Reader |
3 | USB SMART CARD READER |
3 | Contactless Reader |
2 | XI-SIGN USB V2 |
2 | USB2.0-CRW |
2 | USB Smart Chip Device |
2 | USB SMART CARD KEYBOARD |
2 | USB GemPCPinpad SmartCard Reader |
2 | Smart Enterprise Guardian Secure USB Device |
2 | Smart Card Reader |
2 | SCR33x USB Smart Card Reader |
2 | SCR3310 USB Smart Card Reader |
2 | SCR331-DI USB Smart Card Reader |
2 | SCL01x Contactless Reader |
2 | Prox SU USB PC LinkReader |
2 | Prox Dual USB PC LinkReader |
2 | PCSC Smartcard Reader |
2 | O2Micro CCID SC Reader |
2 | ICCD Smartcard |
2 | Ezio Shield |
2 | EMV Smartcard Reader |
2 | DIGIPASS KEY 860 |
2 | DIGIPASS KEY 200 |
2 | CryptoIdentity CCID |
2 | Connectable |
2 | Card Reader |
2 | CCID Smart Card Reader |
2 | ASEDrive CCID |
1 | uKeyCI800-K18 |
1 | plug'n'crypt CCID token |
1 | mIDentity XL |
1 | mIDentity M |
1 | jToken s1 |
1 | iBank2Key |
1 | cyberJack pinpad(a) |
1 | cyberJack RFID basis |
1 | Virtual USB CCID |
1 | VaultIC460 |
1 | VaultIC440 |
1 | VaultIC420 Smart Object |
1 | VEGA-ALPHA |
1 | USB-Token iBank2key |
1 | USB Token |
1 | USB Reader V3 |
1 | TokenA sl vt |
1 | Token JC |
1 | Token GEM USB COMBI-M |
1 | Token GEM USB COMBI |
1 | TianYu CCID SmartKey |
1 | SmartTerminal XX7X |
1 | SmartTerminal XX44 |
1 | SmartTerminal XX1X |
1 | SmartTerminal ST-2xxx |
1 | SmartMX Sample |
1 | SmartCard USB 2A |
1 | SmartCard Keyboard USB 2A |
1 | SmartBoard XX44 |
1 | SmartBoard XX33 |
1 | SmartBoard XX1X |
1 | Smart Token |
1 | Smart Card Reader Interface |
1 | Sitecom USB simcard reader MD-010 |
1 | SchlumbergerSema Cyberflex Access |
1 | STD200 |
1 | SPRx32 USB Smart Card Reader |
1 | SIM Reader |
1 | SDI010 Smart Card Reader |
1 | SCRx31 USB Smart Card Reader |
1 | SCR35xx v2.0 USB SC Reader |
1 | SCR35xx USB Smart Card Reader |
1 | SCR3340 - ExpressCard54 Smart Card Reader |
1 | SCR3320 - Smart Card Reader |
1 | SCR3311 USB Smart Card Reader |
1 | SCL010 Contactless Reader |
1 | SBV280 |
1 | SA .NET Dual |
1 | S3FC9UB USB Smart Card II |
1 | Rutoken lite |
1 | Rutoken Magistra |
1 | Rutoken ECP |
1 | Reflex USB v3 |
1 | RSA SecurID (R) Authenticator |
1 | Prox'N'Roll |
1 | Precise 250 MC |
1 | Precise 200 MC |
1 | Panasonic USB Smart Card Reader 7A-Smart |
1 | PIV Token |
1 | PDT |
1 | MySMART PAD V2.0 |
1 | Multi-Reader |
1 | MFP Smart Card Reader |
1 | LTC3x USB |
1 | KONA USB SmartCard |
1 | KOBIL Class 3 Reader |
1 | KAAN SIM III |
1 | KAAN Base |
1 | KAAN Advanced |
1 | JCOP41V221 |
1 | Integrated Smart Card Reader |
1 | IDProtect Key v2 |
1 | ID-ONE TOKEN SLIM v2 |
1 | Hybrid Smartcard Reader |
1 | HP USB Smartcard Reader |
1 | HP USB Smart Card Keyboard |
1 | HP USB CCID Smartcard Keyboard |
1 | Gemplus USB SmartCard Reader 433-Swap |
1 | GemPC Express |
1 | GemCore SIM Pro Smart Card Reader |
1 | GemCore POS Pro Smart Card Reader |
1 | Gem e-Seal Pro USB Token |
1 | GEN5XX CCID |
1 | FT SCR310 |
1 | FSIJ USB Token |
1 | EasyFinger Ultimate |
1 | EasyFinger Standard |
1 | EZIO CB+ |
1 | Digipass 860 |
1 | Dell USB Smartcard Keyboard |
1 | Dell Smart Card Reader Keyboard |
1 | DP905 |
1 | DP865 |
1 | DP855 |
1 | DOMINO-Key TWIN |
1 | DIGIPASS 920 |
1 | D2CIM-DVUSB VM/CCID |
1 | Crypto Stick v1.2 |
1 | CrazyWriter |
1 | CSB6 Ultimate |
1 | CSB6 Secure |
1 | CSB6 Basic |
1 | CCID SmartCard Controller |
1 | CCID Smart Card 301 |
1 | BLUDRIVE II CCID |
1 | Auriga |
1 | Activkey Sim |
1 | ActivCard USB Reader V2 |
1 1 | AT98SC032CT-USB AT91SO CCID Smart Card Reader |
1 | AT91SC192192CT-USB ICCD reader |
1 | APG8201 USB Reader |
1 | ALYA |
1 | AGM2 CCID |
1 | ACR38 USB Reader |
1 | ACR122U PICC Interface |
1 | 13.56MHz RFID (CCID) |
Remarks
We have 13 readers defined as "Smart Card Reader USB". All these readers are from Omnikey.Kobil uses the same name "mIDentity 4smart" for 5 readers with different idProduct.
Broadcom uses 5880 for 3 different idProduct.
Neowave uses Weneo for 4 readers with different idProduct.
ACS uses "CCID USB Reader" for 4 different readers (with the same idProduct: 0x90CC).
Gemplus/Gemalto uses "USB SmartCard Reader" for 3 readers with different idProduct.
"USB Smart Card Reader" is used by 2 Atmel readers and 1 THRC reader.
C3PO uses "USB SMART CARD READER" for 3 readers with different idProduct and "USB SMART CARD KEYBOARD" for 2 readers with different idProduct.
Oberthur uses "USB Smart Chip Device" for 2 readers with different idProduct.
Gemalto and Tianyu share the same "Smart Card Reader" name.
Results
Some names are too common and not specific to a product. How can we tell what reader is behind the name "USB SmartCard Reader" or "Smart Card Reader USB"?The iProduct field is not uniq.
Only the idProduct USB field is correctly specified and (often) uniq.