I was requested to consider developing an application where the main data will be collected from the "smart card" chips. I believe most of the interface of these chips are written in java. Apart from purchasing the smart card reader, what are other important issues involved, like linking the java based app from the card and transferring the data to the vfp data for processing. I have no experience in the smart card technology but the prospect of developing one is quite interesting. I am thinking about the same approach like a barcode reader but I may be wrong. Suggestions on a systematic approach is much appreciated.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Integrating Smart Card with VFP
- Thread starter codetyko
- Start date
I just wrote a smart card module to integrate into a legacy system which used mag strip cards. The legacy system is written in Foxpro Windows 2.5 using a 3rd party .dll for serial port access, but as long as you are able to perform i/o on the comm port with VFP using one of the ocx's or whatever, you would still be able to use the code I wrote.
Let me say, it was fun, but it took me a while to grasp the workings of the smart chip since it seems there isn't any real good documentation that comes along. I'll try to clear a little fog.
First of all, think of the smart chip as a ram chip or rom chip, no comparison to mag stripe or barcodes. You actually read or write to specific locations on the chip, like you would to a subdirectory on a hard drive. For instance, one user area may begin at offset 0x20 and have 256 bytes available.
There are basically 2 types of smart chips. Memory, and application. Memory cards are usually just used as storage, whereas application chips can actually have small apps that run on them upon insertion/power up.
Let me clarify. For a memory card, you insert the card and either read the stored data, or update the card. For an application card, you insert the card and when you want to read or update data, you rely on the application on the card to perform the i/o and return you a result.
The type of card I am using is a memory card so I don't really know any more about the application card than that. But here's briefly how the memory card works.
All commands consist of a string of hex bytes, (which will vary by manufacturer), starting with the ack byte (60), length of command (01), actual command (6E), LRC byte (0F), and end-of-transmission byte (03), in a format such as: 60016E0F03
I wrote it as:
STORE '60' TO ack
STORE CHR(03) TO eot
STORE '' TO tx
tx = ack + '01' + '6E'
tx = tx + lrc(tx) + eot
(LRC = Logical Redundancy Check which, at least for my cards is a binary xor)
Here are the steps we use to write to the card:
- power up
- present security code (there is a built-in default on new cards, you will change it)
- erase current data (must be done before it can be rewritten)
- write new data
- reread data to verify
- set new default security code (you will need it to read the data later on)
- set issuer (personalize who wrote to card)
- set issuer security code
- blow issuer fuse
- power down
- eject
Why do you need default and issuer security? Say for instance you have a gift certificate card. The issuer (manager) can place a $10 value onto the card, and the representative can debit the card, yet be unable to reissue/reuse/hack.
Reading from the card is similar:
- power up
- present security code
- read data
- power down
- eject
Again, I wrote this stuff using FPW 2.5. There are all sorts of .DLLs and SDKs you can use with VFP which may make your life easier, but once you grasp the basics, it's not that hard to hand code it either.
Let me know if there's any blanks I can fill in or any more code samples I can show.
-Dave S.-
![[cheers]](/data/assets/smilies/cheers.gif "[cheers] [cheers]")
Even more Fox stuff at:
Let me say, it was fun, but it took me a while to grasp the workings of the smart chip since it seems there isn't any real good documentation that comes along. I'll try to clear a little fog.
First of all, think of the smart chip as a ram chip or rom chip, no comparison to mag stripe or barcodes. You actually read or write to specific locations on the chip, like you would to a subdirectory on a hard drive. For instance, one user area may begin at offset 0x20 and have 256 bytes available.
There are basically 2 types of smart chips. Memory, and application. Memory cards are usually just used as storage, whereas application chips can actually have small apps that run on them upon insertion/power up.
Let me clarify. For a memory card, you insert the card and either read the stored data, or update the card. For an application card, you insert the card and when you want to read or update data, you rely on the application on the card to perform the i/o and return you a result.
The type of card I am using is a memory card so I don't really know any more about the application card than that. But here's briefly how the memory card works.
All commands consist of a string of hex bytes, (which will vary by manufacturer), starting with the ack byte (60), length of command (01), actual command (6E), LRC byte (0F), and end-of-transmission byte (03), in a format such as: 60016E0F03
I wrote it as:
STORE '60' TO ack
STORE CHR(03) TO eot
STORE '' TO tx
tx = ack + '01' + '6E'
tx = tx + lrc(tx) + eot
(LRC = Logical Redundancy Check which, at least for my cards is a binary xor)
Here are the steps we use to write to the card:
- power up
- present security code (there is a built-in default on new cards, you will change it)
- erase current data (must be done before it can be rewritten)
- write new data
- reread data to verify
- set new default security code (you will need it to read the data later on)
- set issuer (personalize who wrote to card)
- set issuer security code
- blow issuer fuse
- power down
- eject
Why do you need default and issuer security? Say for instance you have a gift certificate card. The issuer (manager) can place a $10 value onto the card, and the representative can debit the card, yet be unable to reissue/reuse/hack.
Reading from the card is similar:
- power up
- present security code
- read data
- power down
- eject
Again, I wrote this stuff using FPW 2.5. There are all sorts of .DLLs and SDKs you can use with VFP which may make your life easier, but once you grasp the basics, it's not that hard to hand code it either.
Let me know if there's any blanks I can fill in or any more code samples I can show.
-Dave S.-
Even more Fox stuff at:
- Thread starter
- #3
dear dave
thanks for the reply. To be more specific, the card is a national registration card with embedded features such as bank accounts, personal details, health records, driving licence info, passport details and so on. We are not allowed to write anything on the card except for reading the personal information to be automatically inserted into the fields in the vfp table. This is to ease the registration of kids into pre-school, secondary school up to university entry. Would any smart card reader available in the market be able to read the information and if so, what is the 'medium' of communication between the smart card reader and the vfp application? Thanks in advance.
thanks for the reply. To be more specific, the card is a national registration card with embedded features such as bank accounts, personal details, health records, driving licence info, passport details and so on. We are not allowed to write anything on the card except for reading the personal information to be automatically inserted into the fields in the vfp table. This is to ease the registration of kids into pre-school, secondary school up to university entry. Would any smart card reader available in the market be able to read the information and if so, what is the 'medium' of communication between the smart card reader and the vfp application? Thanks in advance.
Smart cards are as different as hard drives. There are many different manufacturers, types, and configurations.
And, getting at the data is nowhere as easy as just sliding a mag stripe card. As I mentioned before, they have security codes built in. Some allow you to read the data without security validation, but some don't. Then again, some have readable data that may be encrypted.
What you need to do first is determine the type of card. From there, you can most likely determine the card class and find a variety of readers that can read the data, which will be attached to a serial port. From there determine whether or not the data you can get to is readable or able to be interpreted by you. This may require a 3rd party app or SDK from the organization that actually encoded the card, or an SDK from the manufacturer of the card or reader. If no 3rd party stuff is needed, you can use whatever comm package you want to communicate with the reader hooked to the serial port. You will then send commands directly to the port to open, power up, read, power down, eject, close, blah blah blah.
After determining how to access the card, you need to determine where the data is written on the card. As I mentioned previously, it will be stored as hex bytes located at certain offsets, in various sections of the card.
Confused yet?
For instance, we write data to 'user area' 0x20, a certain number of bytes. Then we write an 'issuer' code at another offset, and so on.
So to answer your question: Would any smart card reader available in the market be able to read the information?.
It depends. If by any you mean every, no.
Every reader on the market can't read every card on the market.
If by any you mean some reader on the market that can? Yes.
-Dave S.-
Even more Fox stuff at:
And, getting at the data is nowhere as easy as just sliding a mag stripe card. As I mentioned before, they have security codes built in. Some allow you to read the data without security validation, but some don't. Then again, some have readable data that may be encrypted.
What you need to do first is determine the type of card. From there, you can most likely determine the card class and find a variety of readers that can read the data, which will be attached to a serial port. From there determine whether or not the data you can get to is readable or able to be interpreted by you. This may require a 3rd party app or SDK from the organization that actually encoded the card, or an SDK from the manufacturer of the card or reader. If no 3rd party stuff is needed, you can use whatever comm package you want to communicate with the reader hooked to the serial port. You will then send commands directly to the port to open, power up, read, power down, eject, close, blah blah blah.
After determining how to access the card, you need to determine where the data is written on the card. As I mentioned previously, it will be stored as hex bytes located at certain offsets, in various sections of the card.
Confused yet?
For instance, we write data to 'user area' 0x20, a certain number of bytes. Then we write an 'issuer' code at another offset, and so on.
So to answer your question: Would any smart card reader available in the market be able to read the information?.
It depends. If by any you mean every, no.
Every reader on the market can't read every card on the market.
If by any you mean some reader on the market that can? Yes.
-Dave S.-
Even more Fox stuff at:
- Thread starter
- #5
- Status