crecode.com

Figure 9.3. WIM card used for mobile authorization. in .NET Generator Data Matrix ECC200 in .NET Figure 9.3. WIM card used for mobile authorization.




How to generate, print barcode using .NET, Java sdk library control with example project source code free download:
Figure 9.3. WIM card used for mobile authorization. using .net vs 2010 touse data matrix on asp.net web,windows application Internatioanl Orgnization for Standardization The WML script Data Matrix for .NET that the mobile authorization gatewaysends to the WAP phone to ask for an authorization might look like this: <wml> <card id="Query" <select name="YESorNO" title="Reset BLUE Printer "> <option value="YES">YES</option> <option value="NO">NO</option> </select> <do type="Accept"> <go href="SignIt.wmls#signIt($(YESorNO))"/ </go> </do> </card> <card id="Return" <do type="Accept" title="Send authorization "> <go href="http://www.

sguthery.com/gateway.asp" method="post"> <postfield name="Signature" value="$(Signature)"/> </go> </do> </card> </wml> The WMLScript function signIt looks like this:.

extern functio n signIt(data) { WMLBrowser.setVar("Signature", Crypto.signText(data, 1, 0, "\x00")); WMLBrowser.

go("WMLScriptExample.wml#Return"); }; The Crypto.signText function is an element of the WMLScript Crypto library.

The execution of the signIt function by the WAP browser on the handset causes five ISO 7816-8 APDUs to be sent to the WIM smart card. The first one is a Manage Security Environment command that establishes the WIM security environment on the card: CLA 8016 INS 2216 F316 P1 0616 P2 0116 Lc 0016 Data. The second one visual .net ECC200 is a VERIFY PIN APDU that provides access to the private key: CLA 8016 INS 2016 P1 0016 P2 0116 Lc 0416 Data 3116 3216 3316 3416. The third one is another MANAGE SECURITY ENVIRONMENT command that says what private key file and what key in that file to use: CLA 8016 INS 2216 P1 4116 P2 B616 Lc 0716 Data 8116 0216 0016 1216 8416 0116 01. In our case, w DataMatrix for .NET e are using key #1 in the file 0x0012. The fourth APDU is the PERFORM SECURITY OPERATION APDU that actually sends the data into the WIM for signing: CLA 8016 INS 2A16 P1 9E16 P2 9A16 0316 Lc Data "Y" "E" "S".

And the final APDU is a GET RESPONSE APDU that retrieves the 64-byte signature: CLA 0016 INS C016 0016 P1 0016 P2 4016 Lc Data. SWIMs, WIBs, and the USAT Interpreter As fate would have it, WAP has not been one of the world"s great successes. Not only are there few WAP handsets out there, there were even fewer WIM cards. Nevertheless, the idea of adding additional keys and the ISO 7816-8 APDUs to the mobile environment is compelling.

Thus was born the SWIM card. A SWIM card is a SIM with WIM capabilities; namely, it supports the ISO 7816-8 needed to implement the WIM signing and verification protocols. To be sure, network operators aren"t thrilled by having keys other than their own on the SIM, but the alternative of having a second smart card on the scene is even more distasteful.

At least with the SWIM, they still own the platform. Additional keys are fine, but what about the WMLScript and interacting with the mobile cardholder How do we accomplish this without a WAP phone The answer is to install a nanobrowser on the SIM itself. This was first accomplished by Across Wireless in 1998.

The SIM-based browser was called the Wireless Internet Browser, or WIB for short. The Across Wireless (now SmartTrust) WIB was very well received in the GSM and 3G marketplace and has proved to be a more manageable and less costly way to roll out mobile applications than downloading Java applets to the SIM. The Across Wireless WIB supports a public key cryptography plug-in, just like the browser on your desktop; this plug-in can be used for mobile authorization just like the WML Crypto library was previously.

The WML that you send to the Across Wireless WIB is almost identical to the WML that you would have sent to a WAP handset. Telecom operators are adamant about standardization and while, they liked the approach of the Across WIB, they were uncomfortable with installing essentially proprietary technology on their SIMs. In early 2000, they launched an effort in 3GPP to standardize the SIM-based microbrowser.

The result is the USAT (for UICC SIM Application Toolkit) Interpreter that we discussed in 8.. Summary. A public key s mart card creates a tamper-resistant binding between a digital object (a private key) and a physical object (the smart card). In order to use the key, the card must be present. If the key is used, then the card is present.

If the key is a right, then the right is bound to the card and can be transferred by transferring possession of the card. The act of encrypting a piece of data with a private key generated on a smart card associates the piece of data bound to the possession of the card. It does not associate the data with any particular person.

.
Copyright © crecode.com . All rights reserved.