Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Reply
New Developer
adamwos
Posts: 3
Registered: ‎03-31-2009
My Device: Not Specified
Accepted Solution

Smart Card user authentication - Authentication Certificate

I'm currently developing an authentication solution for BlackBerry based on cryptographic SIM cards. I've successfully created a smartcard reader driver and a smartcard driver using RIM Crypto APIs. Using these two, I'm able to import a
certificate stored on the SIM card, turn on two-phase user authentication that checks the device password and PIN to the certificate. I can also establish a TLS session using private keys and certificates stored on the card.

However, when trying to turn on the "Authentication Certificate" option in the Password options panel, I encounter a problem. Upon selecting the certificate and clicking Save, the device asks me to enter the device password and smart card PIN, which I do. Debugging tells me, that the PIN is correctly checked with the card. Afterwards, a popup "Smart Card Access" appears with information that "Options" application from RIM is trying to access the card with information "The private key will be used to initialize the authentication certificate". When I enter the correct PIN, I am told: "Unable to initialize the authentication certificate. Verify that the certificate is present on the smart card being used for two factor authentication".

Can someone tell me why that is? Does the certificate have to be special in some way (contents, key usage restrictions etc.)? The certificate is obviously present on the card, as it's available e.g. as a client certificate for establishing TLS sessions. Also, what does this whole "initialization" of the certificate mean?

New Developer
adamwos
Posts: 3
Registered: ‎03-31-2009
My Device: Not Specified

Re: Smart Card user authentication - Authentication Certificate

Well, I think I'll reply to myself as I managed to fix this :smileyhappy:

 

After some debugging I figured out that:

  • after the second PIN prompt is shown,the signRSA(net.rim.device.api.crypto.RSACryptoSystem, net.rim.device.api.crypto.CryptoTokenPrivateKeyData, byte[], int, byte[], int, java.lang.Object) method in our extension of RSACryptoToken is invoked
  • this method is given a context object (last parameter), which is a SmartCardSession
  • when processing the sign request (cf. the smart card / smart card reader examples from RIM) we must not create another smart card session, but instead reuse the one provided in the context.

Trying to establish another smart card session caused the request to block, as the sessions are exclusive, i.e. only one can be open simultaneously.
New Developer
bbguru_2009
Posts: 6
Registered: ‎11-15-2009
My Device: Not Specified

Re: Smart Card user authentication - Authentication Certificate

Hello,

 

Are you using an external smart card reader or the smart card of thephone that contain your sim provided by your telco operator.

 

Thsnks in advance.

New Contributor
jm0077
Posts: 3
Registered: ‎05-31-2010
My Device: Bold 800

Re: Smart Card user authentication - Authentication Certificate

Do you know a way for write/ read data on SIM card with SmartCard APIs?

 

how you differentiate from others?

 

With the openSession() method of SmartCardReader class is possible connect to SIM card?

 

Thanks in advance..

Contributor
kims
Posts: 10
Registered: ‎05-31-2010
My Device: Bold

Re: Smart Card user authentication - Authentication Certificate

[ Edited ]

Hi Adamwos,

 

I am doing same, for one of my requirement. My requirement is to read RAND number generated on the SIM. I have couple of doubts on this.

 

1) How to create customAPDU Command?

is below the right way to create it?

 

CommandAPDU command = new CommandAPDU( (byte)0xA0, (byte)0x88, (byte)0x00, (byte)0x00 );                
 ResponseAPDU responseAPDU = new ResponseAPDU();

smartCardSessionEx.sendAPDUImpl(command, responseAPDU);

 

2) Is this approach requires any SIM application,  which will return us these values?

 

Basically i am implementing without cryptio and not able to establish a session (it is giving me SmartCardSessionClosedException )

 

Could you plz give me some thoughts on this?

 

Thanks,

Kims.