Ludovic Rousseau wrote:
Identifying a card (in fact an applet) using the card ATR is stupid.
But I don't know better and _backward compatible_ way.
There is provision in ISO/IEC 7816 for a card to identify itself in
several ways, but the majority of card suppliers either do not encode
the necessary information or encode it inadequately - or it gets changed
to something else during personalisation. Typically the ATR may be the
starting point, or there may be extended information in an ATR File -
and there may also be a DIR file giving a directory of card
applications. (EMV of course has its own method of application selection.)
GlobalPlatform also has provision for ID information, using data objects
stored at the MF level.
USA interests, lead by NIST, have tried to codify the identification
methods rather better as part of the development of ISO/IEC 24727, which
is intended to be an interoperability standard built on top of 7816 and
some other material. Unfortunately the whole project has not been well
handled by the USA group (and if they read this, Jim Dray of NIST and I
were talking about this only last week in London), while at the same
time several European interests are trying to make it too complicated.
Learn from the internet: Keep it simple, stupid!
Customers can help: make it a condition of supply that the card uses a
standard method of identifying itself, and make it a condition of the
personalisation that the ID info doesn't get scrambled and that a DIR
file is created and used as a directory of the apps on the card. And use
Select on AID to get into the card [1], not a private file structure.
And never have a default selected app after Reset.
We are still in the mindset that thinks bytes are extremely expensive,
and we need to get out of that and do the job properly.
Peter
[1] Of course Javacard requires you to use Select on AID, which is a big
step in the right direction. But you really must use registered RIDs as
the basis of the AIDs (MUSCLE people: have you done that yet? David
Corcoran was trying to get consensus a little while ago.)
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
