Our Online Store have the new products: RFID antenna board. Currently it can work with JC10M24R and JCOP4 card chips.
Compared with normal cards, the antenna board module has a smaller size and fixed holes, which is easy to integrate in the IOT(Internet Of Things) project.

PIN + Certificate ( Date Expired )

JavaCard Applet Development Related Questions and Answers.
teixeira
Posts: 13
Joined: Tue Dec 06, 2016 10:53 am
Points :130
Location: Brazil
Contact:

PIN + Certificate ( Date Expired )

Post by teixeira » Tue Dec 13, 2016 3:20 pm

Hello everyone !

My project will be divided:
1 - Applet (JavaCard 2.2.1)
2 - Desktop App (JavaFX)

App Desktop, will only be accessed with the card, okay?

My applet will consist of:

1 - PassWord (PIN) maximum 3 attempts.

2 - My applet, need to create certificate, date (expired) (still do not know how to do ...)

I am sending, my source code if it is "safe" with the PIN.

PS: Can I consider that my applet is secure?

Code: Select all


import javacard.framework.APDU;
import javacard.framework.Applet;
import javacard.framework.ISO7816;
import javacard.framework.ISOException;
import javacard.framework.JCSystem;
import javacard.framework.OwnerPIN;
import javacard.framework.PINException;

/*
 * BOSSWARE
 * @date 12-12-2016
 * By: JOSE TEIXEIRA - teixeira.totvs@gmail.com
 *
 * */
public class SEID extends Applet {
   
   // appletID for selected
   public final static byte TSPIN_CLA = (byte) 0xA0;
   
   // method check PIN
   public final static byte PIN_CHECK = (byte) 0xD0;

   // method change PIN
   public final static byte PIN_CHANGE = (byte) 0xD2;
 
   // properties limit PIN check
   public final static byte PIN_TRY_LIMIT = (byte)5;
   
   // propertis lenght PIN
   public final static byte PIN_LENGTH = (byte) 4;
   
   public byte i = (byte)0x00;
   
   // default PIN! change first connection !
   final static byte[] default_pin = { (byte)0x12, (byte)0x34 };
 
   OwnerPIN pin;
   
   public SEID(){
      
      pin = new OwnerPIN(PIN_TRY_LIMIT, PIN_LENGTH);
 
      
      try
      {
         byte pinLength = (byte)default_pin.length;
         pin.update(default_pin, (short)0, (byte) pinLength);
      } catch (PINException e)
      {
         ISOException.throwIt(e.getReason());
      }
   }

   public static void install(byte[] bArray, short bOffset, byte bLength) {
      // GP-compliant JavaCard applet registration
      new SEID().register(bArray, (short) (bOffset + 1), bArray[bOffset]);
   }

   public void process(APDU apdu) {
      // Good practice: Return 9000 on SELECT
            if (selectingApplet())
            {
               return;
            }
            byte[] buffer = apdu.getBuffer();
      
            if (buffer[ISO7816.OFFSET_CLA] != TSPIN_CLA)
               ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
      
            switch (buffer[ISO7816.OFFSET_INS])
            {
             case (byte) 0x00:
             break;
      
            case PIN_CHECK:
               if (!pin.check(buffer, ISO7816.OFFSET_CDATA, (byte)apdu.setIncomingAndReceive()))
                  ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
               break;
      
            case PIN_CHANGE:
               JCSystem.beginTransaction();
               pin.update(buffer, ISO7816.OFFSET_CDATA, (byte)apdu.setIncomingAndReceive());
               JCSystem.commitTransaction();
               break;
      
            default:
               // good practice: If you don't know the INStruction, say so:
               ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
            }
         }
}




Thank you all !

User avatar
UNKNwYSHSA
Posts: 630
Joined: Thu May 21, 2015 4:05 am
Points :3053
Contact:

Re: PIN + Certificate ( Date Expired )

Post by UNKNwYSHSA » Tue Dec 13, 2016 10:05 pm

1 The PIN can be changed after the PIN verified, but your code has no check for this.
This means everyone can change your PIN, the Applet is not secure.
You should code like this:

Code: Select all

            case PIN_CHANGE:
                if (!pin.isVerified()) {
                    ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
                }
               JCSystem.beginTransaction();
               pin.update(buffer, ISO7816.OFFSET_CDATA, (byte)apdu.setIncomingAndReceive());
               JCSystem.commitTransaction();
               break;

2 You should check length for new PIN value. Normally, the length is 6 ~ 8 bytes.
sense and simplicity

teixeira
Posts: 13
Joined: Tue Dec 06, 2016 10:53 am
Points :130
Location: Brazil
Contact:

Re: PIN + Certificate ( Date Expired )

Post by teixeira » Tue Dec 13, 2016 10:40 pm

Hi, UNKNWYSHSA !

Thank you !

Now, to expire date? card expiring date...

User avatar
UNKNwYSHSA
Posts: 630
Joined: Thu May 21, 2015 4:05 am
Points :3053
Contact:

Re: PIN + Certificate ( Date Expired )

Post by UNKNwYSHSA » Tue Dec 13, 2016 10:54 pm

You can store the issue date in the card.
And check the card if expired or not with one APDU command with current date.
sense and simplicity

teixeira
Posts: 13
Joined: Tue Dec 06, 2016 10:53 am
Points :130
Location: Brazil
Contact:

Re: PIN + Certificate ( Date Expired )

Post by teixeira » Tue Dec 13, 2016 11:05 pm

I understand. The current date, I will send to the current date APDU SQL SERVER GETDATE ().

Thank you.

User avatar
UNKNwYSHSA
Posts: 630
Joined: Thu May 21, 2015 4:05 am
Points :3053
Contact:

Re: PIN + Certificate ( Date Expired )

Post by UNKNwYSHSA » Tue Dec 13, 2016 11:13 pm

Yes, you can send date with your own defined data format.
sense and simplicity

Post Reply Previous topicNext topic

Who is online

Users browsing this forum: Google [Bot] and 25 guests

JavaCard OS : Disclaimer