Can ATR be used for identification?

Hi!

Sorry, this question is probably trivial to you, but I did some search
on the net, and I found pro and contra answers.

So the question is whether ATR is unique or not. (I mean two cards from
the same "manufacturer" can have the same ATR or not.) I want to write a
PAM module based on ATR, would that work?

Bye


_______________________________________________
Muscle mailing list
Muscle@...
http://lists.drizzle.com/mailman/listinfo/muscle

No they are not unique. ATR only identifies the type of card. It's not
a unique serial number.

On Fri, Sep 11, 2009 at 9:52 PM, Nagy Gabor <ngaba@...> wrote:


--
- Goi Sihan
goister@...
_______________________________________________
Muscle mailing list
Muscle@...
http://lists.drizzle.com/mailman/listinfo/muscle

> No they are not unique. ATR only identifies the type of card. It's not
> a unique serial number.

Thanks. Then the question is modified to the following: Can I uniquely
identify smartcards without knowing anything about its "content"? We
only have a closed source app for windows, these smart cards are
black-boxes to me.

Bye


_______________________________________________
Muscle mailing list
Muscle@...
http://lists.drizzle.com/mailman/listinfo/muscle

The answer is "it depends" - on the actual type of card and how it was initialized.  If its a global platform (www.globalplatform.com) card for example, you might be able to retrieve the card personalization data using a specific Get Data call.

If you post the ATR for your card here, chances are someone can help remove the "black" from the "black box"

Mike


At 10:05 AM 9/11/2009, Nagy Gabor wrote:

_______________________________________________
Muscle mailing list
Muscle@...
http://lists.drizzle.com/mailman/listinfo/muscle

The answer is "it depends" - on the actual type of card and how it was initialized.  If its a global platform (www.globalplatform.com) card for example, you might be able to retrieve the card personalization data using a specific Get Data call.

If you post the ATR for your card here, chances are someone can help remove the "black" from the "black box"

Mike


At 10:05 AM 9/11/2009, Nagy Gabor wrote:

_______________________________________________
Muscle mailing list
Muscle@...
http://lists.drizzle.com/mailman/listinfo/muscle

2009. 09. 11, péntek keltezéssel 13.37-kor Michael StJohns ezt írta:
> The answer is "it depends" - on the actual type of card and how it was initialized.  If its a global platform (www.globalplatform.com) card for example, you might be able to retrieve the card personalization data using a specific Get Data call.
>
> If you post the ATR for your card here, chances are someone can help remove the "black" from the "black box"
>
> Mike

"3B 2A 00 80 65 A2 01 01 01 40 72 D6 43"



_______________________________________________
Muscle mailing list
Muscle@...
http://lists.drizzle.com/mailman/listinfo/muscle

At 01:50 PM 9/11/2009, Nagy Gabor wrote:

2009. 09. 11, péntek keltezéssel 13.37-kor Michael StJohns ezt írta:
> The answer is "it depends" - on the actual type of card and how it was initialized.  If its a global platform ( www.globalplatform.com) card for example, you might be able to retrieve the card personalization data using a specific Get Data call.
>
> If you post the ATR for your card here, chances are someone can help remove the "black" from the "black box"
>
> Mike

"3B 2A 00 80 65 A2 01 01 01 40 72 D6 43"

Gemplus MPCOS EMV 4 Byte sectors: 3B 2A 00 80 65 A2 01 xx xx xx 72
D6 43

Try www.emvco.com
for the related standards.

_______________________________________________
Muscle mailing list
Muscle@... http://lists.drizzle.com/mailman/listinfo/muscle

_______________________________________________
Muscle mailing list
Muscle@...
http://lists.drizzle.com/mailman/listinfo/muscle

At 01:50 PM 9/11/2009, Nagy Gabor wrote:

2009. 09. 11, péntek keltezéssel 13.37-kor Michael StJohns ezt írta:
> The answer is "it depends" - on the actual type of card and how it was initialized.  If its a global platform ( www.globalplatform.com) card for example, you might be able to retrieve the card personalization data using a specific Get Data call.
>
> If you post the ATR for your card here, chances are someone can help remove the "black" from the "black box"
>
> Mike

"3B 2A 00 80 65 A2 01 01 01 40 72 D6 43"

Gemplus MPCOS EMV 4 Byte sectors: 3B 2A 00 80 65 A2 01 xx xx xx 72
D6 43

Try www.emvco.com
for the related standards.

_______________________________________________
Muscle mailing list
Muscle@... http://lists.drizzle.com/mailman/listinfo/muscle

_______________________________________________
Muscle mailing list
Muscle@...
http://lists.drizzle.com/mailman/listinfo/muscle

On Sep 11, 2009, at 7:05 AM, Nagy Gabor wrote:

>> No they are not unique. ATR only identifies the type of card. It's  
>> not
>> a unique serial number.
>
> Thanks. Then the question is modified to the following: Can I uniquely
> identify smartcards without knowing anything about its "content"? We
> only have a closed source app for windows, these smart cards are
> black-boxes to me.

Yes, we do that on Sun Ray (Sun's thin client) by using a combination of
heuristics. Each card or card family has an associated "smartcard config
file" that contains the rules used to try to identify the card and to
extract a unique ID from the card. You would think that in the 21st
Century this would a piece of cake and all the card manufacturers would
have agreed on a single, cross-platform mechanism to provide a way to
do this. Ha ha ha I say.

Sun Ray smartcard config files do various things to accomplish the two
goals of identifying the card and extracting a unique ID. They can look
at the ATR, or attributes of the ATR (length, length of historical bytes
section, contents of all or part of the ATR, etc...) as well as issue
various APDUs that are known to work with the card that we are  
attempting
to identify. This has proven to be an almost 100% reliable method for
over ten years.

None of the Sun Ray software is available via opensource although I am
trying to make some of the smartcard-identification-related bits  
available
for the community to have a look at.

The smartcard config files themselves are all in human-readable format
and are available to look at on any Sun Ray server.

mike

_______________________________________________
Muscle mailing list
Muscle@...
http://lists.drizzle.com/mailman/listinfo/muscle

On Sat, Sep 12, 2009 at 2:43 AM, Michael StJohns <mstjohns@...> wrote: That looks like a really old card. I've worked with these before, and
believe they are native cards, so look for their
specifications/manual/datasheet. I don't have it with me right now so
I'm not sure if there's any way of obtaining a unique serial number
out of them.

_______________________________________________
Muscle mailing list
Muscle@...
http://lists.drizzle.com/mailman/listinfo/muscle

On Sep 12, 2009, at 3:11 AM, Sihan Goi wrote:

My Sun Ray GEMPLUS-MPCOS.cfg smartcard config file does this to extract
a unique ID fro this family of cards:

# The GEMPLUS MPCOS card has a 12-byte card-unique ID stored in
# a file in the card filesystem. This ID is used as the token ID
# for the SunRay. To access this ID, perform the following:
#
#    1. Do a SELECT FILE on the MF (0x3f00)
#    2. Do a SELECT FILE on the DF 0x0100
#    3. Do a SELECT FILE on the EF 0x0101
#    4. Do a READ BINARY and expect 12 bytes back. These 12
# bytes are the card-unique ID.

You could try that.

mike




_______________________________________________
Muscle mailing list
Muscle@...
http://lists.drizzle.com/mailman/listinfo/muscle