How to read contactless Smart Card from a Chrome App (Part 1) – Info Gadgets

Welcome to the world of embedded programming

As a software developer who spends most of his time in web based Apps, my only experience dealing with hardware was to connect to a Barcode Scanner years ago. Recently, I have had an opportunity to develop a Chrome App which read contactless SmartCards from a reader that connected to a Chrome Device. At the start, I was quite overwhelmed. The developer guide and SmartCard specification was in english. I can recognise every single word, but could hardly understand most of the paragraphs. They were written in electrical engineering Jargon, and I can’t find any good tutorial for Developers new to embedded programming.

After days of researching, I am able to understand just enough to get the App working. I know I just scratched the surface of the new world, but it may be useful to share my newly gained knowledge to other Devs that are also new to SmartCard technology.

In this article, I will discuss the development of Chrome Apps to read a NXP Mifare 4k classic card with the HID OMNIKey 5427 reader. Although some specific details are tied to the card specification, but the most things should applicable to other contactless memory cards and PC/SC compliant readers.

To begin, we need to understand the basics of the card reader Standard and SmartCard technology.

PC/SC

PC/SC is the standard that defines the API for communication between personal computers and smart cards by the PC/SC Workgroup. It provides software developers with a standard set of tools for managing smart card readers and communicating with readers and cards. The interface defined by PC/SC includes enumeration of readers, retrieve reader and card states and read/write data to and from cards.

The PC/SC standard has been fully implemented by Microsoft on Windows, and partly implemented on Linux in PC/SC Lite.

The best thing about PCSC is that it is the industry standard. Before PC/SC, there was no standard API and each manufacturer has their own. Thus, applications are locked to vendor specific drivers and readers. But now, a application implemented with PC/SC will be able to work with any PC/SC compliant SmartCard reader. Using the PC/SC API, the App can find available readers, detect smart cards, and then communicate with a particular card.

Having said that, although PC/SC defines the commands used to communicate with SmartCards, provides the communication channels, and hide the complexities of the underlying card-reader protocols, but it does not provides an abstraction of different card types. Thus, the meaning of those commands are still largely defined by the manufacturer. It is up to the application developer to deal with different types of card and special cases.

CCID

The Chip Card Interface Device (CCID) specification defines how smart card reader communicate to a computer via USB at a low level (ie the actual commands sent via USB). This means that, in theory, any CCID smart card reader can be installed on Windows without the need for a driver, because the default Microsoft driver is available, just like other USB class devices.

SmartCard

SmartCard is also called Chip Card. There are hundreds of different types, and billons of cards are produced every year. Although looks simple, a typical chip card is made up of more than 10 elements and need about 30 steps to be produced.

The SmartCard discussed in this article is a contactless memory card, where the data is stored into a fixed address on the card. They are used for building access control, membership card, ticketing or giftcard. The contactless memory cards are in the high frequency (HF) category, which is the 13.56 MHz spectrum and comply with either or both the ISO 14443 or ISO 15693, or their own proprietary protocol.

Within the four big players in the market, HID and NXP are the top 2.

Mifare card

NXP’s family of Mifare card is built on the ISO 14443 Type A standard. Each card is factory programmed with a unique serial number. It is very durable and designed with an encryption key to protect the data in the card.

Mifare Classic 4K card has 40 sectors, 32 of them are divided into four blocks (each block contains 16 bytes memory storage) and the remaining 8 are divided into 16 blocks. The memory structure is as follows:

It is important to understand the memory structure for a developer, as you need to figure out which memory block you need to read/write, and where the keys are stored.

OMNIKey 5427 SmartCard Reader

OMNIKey 5427 is a dual frequency reader which means it can read a various types of cards.

To setup the reader for windows, download and install the windows driver from the HID web site, then download and install the OMNIKey workbench. Plug in the reader to the USB port of your PC, and start the workbench. You should see the reader is shown, as well as the ATR and UID of the reader.

To setup the reader at the Chrome Device, just plug in the reader in to the Chrome Device USB port, no driver required.

Google has provided a SmartCard Connector Chrome App as the implementation of the PC/SC API, so a custom middleware App can talk to smart card reader via it. The connector App is bundled together with the USB CCID Driver. After installing the App from Chrome Store, your reader will be shown in the App. Unfortunately, the App only works in the Chrome Device, which means we can’t develop the App in windows.

The API exposed by the Connector App is basically a PC/SC-Lite API adopted for the message-exchanging nature of the communication between Chrome Apps.