H�seyin ORTAOVALI wrote:
Shame on the smartcard industry for not providing a universal way to identify a card tpye and to extract a unique ID. This isn't exactly a new concept in the field of electronics and computer-connected devices.
Smartcard industry mainly complies with standards it has to follow; if you except an unique ID for all GSM, banking, ID (memory?) cards you may indeed fail to find one since these standards are differents (actually nearly all cards but GSM provide a CPLC string as per EMV96 or VIS1.x.x)
Oh, and double shame on the industry for allowing different AIDs for OpenPlatform/GlobalPlatform Card Manager applets so that what could have been a reasonable way to determine card type and serial number information doesn't work in many cases.
one provider uses a proprietary AID, it isn't a rule.
Still some cards use A0000000030000 and others A000000003000000 but selection with partial AID is supported by most of them so "A000000003" can work as well.
IMHO, the industry has reaped what it has sowed over the past twenty or so years by steadfastly refusing to work together and continuing to propogate proprietary solutions for no good reason.
I'm afraid your point is definitively wrong. All GSM cards comply with 11.11 & 11.14, all banking cards comply with EMV certification - meaning aroud 99% of issued cards !...
considering that card providers can do their own stuff is a mess, they do what specification issuers request, and they request the same to all card providers.
Think about this - what if when you went to your local computer store and bought a PCI card, say a VGA card or a sound card or some other peripheral card when you plugged it into your system the system had no way to identify the card nor what resources it needs, and you needed custom manufactuer-provided software to just get to the point where the system knos that it's a VGA or sound or modem card, and in the process of running that custom software you had a good chance of crashing the system or scrambling other cards in the box? No one would stand for this in today's computer world, yet we can't seem to get the smartcard industry to even agree on a simple, universal identification scheme that doesn't require poking random APDUs into unknown cards to see what happens.
the comparison sounds strange !! a GSM card is as different than a banking one than a video card is different than sound card, PC industry had defined its own standards to (of course recognize these cards and) use them for a specific function; smartcards behaves the same: they behave as expected when plugged in the dedicated device.
does your VGA card runs well in a hi-fi systems ?
Think about the ATR - what an absolutely wonderful place that would have been to embed a multi-byte product/family/vendor code as well as a unique ID; you reset the card, and then you get all the info you need in a single transaction to know if the card in the reader is one that you can work with.
yeah, could be great, but again ATR is defined by ISO 7816-3 & 4, not by card providers, and ISO didn't define a card manufacturer tag (a "pre-issuance data" field still exists).
I know, I'm probably preaching to the chior, but I have very little patience when I hear the industry complaining about how smartcards have not been as embraced by the general public for general computing applications.
I think smartcard industry does not complain about that, it's a 1-3% market!!
The main reasons that prevent cards to be used in public is more: leak of readers, why M$ does not list smartcard reader as a required device? leak of application standards, OCF is great but is it better than CSP ?, would I use PKCS#11 ? most of software developers are not interested in smartcards (for security, license management, authentication, identification, data storage, ....) just because they can't rely on a mature API to provide these features.
sorry for this out of (list) subject mail.
Sylvain.
---
Visit the OpenCard web site at http://www.opencard.org/ for more information on OpenCard---binaries, source code, documents. This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email ! to ! [EMAIL PROTECTED] ! containing the word ! unsubscribe ! in the body.
