[Muscle] Fly Clear - Registered Traveler smartcard

Douglas E. Engert deengert at anl.gov
Tue Feb 3 12:02:56 PST 2009 


Peter Tomlinson wrote:
> I have heard from someone at NIST that there are FIPS-201 schemes and 
> schemes that are not fully FIPS-201 compliant...

Maybe so, but its not a PIV application on the card. Oberthur is
using their card for some other application, which may have nothing
to do with FIPS-201.

> 
> Peter
> 
> Nick D wrote:
>> Yeah I suspected it was a different application:
>>
>> Sending: 00 A4 04 00 09 A0 00 00 03 08 00 00 10 00 00 Received 
>> (SW1=0x6A, SW2=0x82)
>>
>> Would be kind of neat to see what was going on with the card.
>>
>> - Nick
>>
>> On Tue, Feb 03, 2009 at 10:37:26AM -0600, Douglas E. Engert wrote:
>>
>>  
>>> Nick D wrote:
>>>    
>>>> So I have one of these smart cards and started just fooling around with
>>>> it.
>>>> It looks to be a Oberthur CS PIV End Point v1.08 FIPS201 Certified
>>>> smartcard. Looking at their webpage they do indeed make the registered
>>>> traveler card.
>>>> Fly Clear card: ATR: 3b db 96 00 81 b1 fe 45 1f 03 80 f9 a0 00 00 03 48
>>>> 00 00 00 01 49
>>>> Oberthur PIV  : ATR: 3B DB 96 00 81 B1 FE 45 1F 03 80 F9 A0 00 00 03 08
>>>> 00 00 10 00 18
>>>> The regular PIV drivers fails to read the card properly however some
>>>> google searching found a Solaris smart card reader application
>>>> configuration file for this exact card here:
>>>>       
>>> PIV is actually an application on a card. And there are 4 card vendors
>>> including Obether, with an approved PIV application listed on:
>>> http://fips201ep.cio.gov/apl.php
>>>
>>> Obether may be using the same card but with a different application.
>>> The PIV application will respond to the "SELECT" command as defined
>>> in section 3.1.1 of:
>>> http://csrc.nist.gov/publications/nistpubs/800-73-2/sp800-73-2_part2_end-point-piv-card-application-card-command-interface-final.pdf 
>>>
>>>
>>> and in Section 2.2 of:
>>> http://csrc.nist.gov/publications/nistpubs/800-73-2/sp800-73-2_part1-datamodel-final.pdf 
>>>
>>>
>>> i.e. send:
>>> Outgoing APDU data [   15 bytes] =====================================
>>> 00 A4 04 00 09 A0 00 00 03 08 00 00 10 00 00 ...............
>>> ======================================================================
>>>
>>> and  receive something like:
>>>
>>> Incoming APDU data [   96 bytes] =====================================
>>> 61 5C 4F 0B A0 00 00 03 08 00 00 10 00 01 00 79 a\O............y
>>> 07 4F 05 A0 00 00 03 08 50 27 50 65 72 73 6F 6E .O......P'Person
>>> 61 6C 5F 49 64 65 6E 74 69 74 79 5F 61 6E 64 5F al_Identity_and_
>>> 56 65 72 69 66 69 63 61 74 69 6F 6E 5F 43 61 72 Verification_Car
>>> 64 5F 50 1A 68 74 74 70 3A 2F 2F 63 73 72 63 2E d_P.http://csrc.
>>> 6E 69 73 74 2E 67 6F 76 2F 6E 70 69 76 70 90 00 nist.gov/npivp..
>>> ======================================================================
>>>
>>> If the card does not respond with the application ID, then it is not
>>> "PIV".
>>>
>>>    
>>>> http://blogs.sun.com/ThinkThin/resource/7dec2008-thinkthin-OberthurCS.cfg 
>>>>
>>>> Using the APDU commands within this config file I managed to get
>>>> something out of the card:
>>>> opensc-tool --send-apdu 00A4040007A0000001510000
>>>> Sending: 00 A4 04 00 07 A0 00 00 01 51 00 00
>>>> Received (SW1=0x90, SW2=0x00):
>>>> 6F 6D 84 07 A0 00 00 01 51 00 00 A5 62 73 2F 06 om......Q...bs/.
>>>> 07 2A 86 48 86 FC 6B 01 60 0C 06 0A 2A 86 48 86 .*.H..k.`...*.H.
>>>> FC 6B 02 02 01 01 63 09 06 07 2A 86 48 86 FC 6B .k....c...*.H..k
>>>> 03 64 0B 06 09 2A 86 48 86 FC 6B 04 01 05 9F 6E .d...*.H..k....n
>>>> 2A 20 50 50 00 40 41 40 91 00 5F 72 52 98 00 08 * PP. at A@.._rR...
>>>> 34 98 00 11 42 80 04 11 43 80 04 11 44 80 04 13 4...B...C...D...
>>>> 02 00 00 11 45 80 52 18 10 00 00 9F 65 01 FF    ....E.R.....e..
>>>> Seems kind of interesting. Not sure anything can be done with this 
>>>> card.
>>>> Figured I would share my findings and maybe hear what others have to
>>>> say.
>>>> - Nick
>>>>       
>>> -- 
>>>
>>>  Douglas E. Engert  <DEEngert at anl.gov>
>>>  Argonne National Laboratory
>>>  9700 South Cass Avenue
>>>  Argonne, Illinois  60439
>>>  (630) 252-5444
>>> _______________________________________________
>>> Muscle mailing list
>>> Muscle at lists.musclecard.com
>>> http://lists.drizzle.com/mailman/listinfo/muscle
>>>     
>>
>>   
> 
> _______________________________________________
> Muscle mailing list
> Muscle at lists.musclecard.com
> http://lists.drizzle.com/mailman/listinfo/muscle
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the Muscle mailing list