CCID (protocol)

Last updated

CCID (chip card interface device) protocol is a USB protocol that allows a smartcard to be connected to a computer via a card reader using a standard USB interface, without the need for each manufacturer of smartcards to provide its own reader or protocol. [1] This allows the smartcard to be used as a security token for authentication and data encryption, such as that used in BitLocker. Chip card interface devices come in a variety of forms. The smallest CCID form is a standard USB dongle and may contain a SIM card or Secure Digital card inside the USB dongle.[ citation needed ] Another popular interface is a USB smart card reader keyboard, which in addition to being a standard USB keyboard, has an built-in slot for accepting a smartcard. However, not all CCID compliant devices accept removable smartcards, for example, select Yubikey hardware authentication devices support CCID, where they play the role of both the card reader and the smartcard itself.

Contents

Hardware implementation

According to the CCID specification by the USB standards work group, a CCID exchanges information through a host computer over USB by using a CCID message that consists of a 10-byte header followed by message-specific data. [2] The standard defines fourteen commands that the host computer can use to send data and status and control information in messages. Every command requires at least one response message from the CCID. [3]

Software driver

CCID driver support has been natively supported by Microsoft beginning with Windows 2000. [4] Apple has included some form of native CCID support since Mac OS X, with support evolving alongside Common Access Card and Personal Identity Verification specifications set by the US Federal Government. [5] [6] Apple's has included native CCID support on iOS since 16.0 and iPadOS since 16.1. [7] [8] On Linux and other Unixes, CCID and CT-API devices are usually accessed with user-space drivers, for which no special kernel adaptation is required. [9]

List of CCID providers

Related Research Articles

<span class="mw-page-title-main">Bluetooth</span> Short-range wireless technology standard

Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is limited to 2.5 milliwatts, giving it a very short range of up to 10 metres (33 ft). It employs UHF radio waves in the ISM bands, from 2.402 GHz to 2.48 GHz. It is mainly used as an alternative to wired connections to exchange files between nearby portable devices and connect cell phones and music players with wireless headphones.

<span class="mw-page-title-main">Smart card</span> Pocket-sized card with embedded integrated circuits for identification or payment functions

A smart card (SC), chip card, or integrated circuit card, is a card used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) chip. Many smart cards include a pattern of metal contacts to electrically connect to the internal chip. Others are contactless, and some are both. Smart cards can provide personal identification, authentication, data storage, and application processing. Applications include identification, financial, public transit, computer security, schools, and healthcare. Smart cards may provide strong security authentication for single sign-on (SSO) within organizations. Numerous nations have deployed smart cards throughout their populations.

<span class="mw-page-title-main">SD card</span> Type of memory storage for portable devices

Secure Digital, officially abbreviated as SD, is a proprietary, non-volatile, flash memory card format the SD Association (SDA) developed for use in portable devices.

<span class="mw-page-title-main">Software protection dongle</span> Electronic software copy protection device

A software protection dongle is an electronic copy protection and content protection device. When connected to a computer or other electronics, they unlock software functionality or decode content. The hardware key is programmed with a product key or other cryptographic protection mechanism and functions via an electrical connector to an external bus of the computer or appliance.

A host controller interface (HCI) is a register-level interface that enables a host controller for USB or IEEE 1394 hardware to communicate with a host controller driver in software. The driver software is typically provided with an operating system of a personal computer, but may also be implemented by application-specific devices such as a microcontroller.

A human interface device or HID is a type of computer device usually used by humans that takes input from or provides output to humans.

<span class="mw-page-title-main">Security token</span> Device used to access electronically restricted resource

A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to, or in place of, a password. Examples of security tokens include wireless keycards used to open locked doors, a banking token used as a digital authenticator for signing in to online banking, or signing a transaction such as a wire transfer.

<span class="mw-page-title-main">USB mass storage device class</span> USB device class for drives

The USB mass storage device class is a set of computing communications protocols, specifically a USB Device Class, defined by the USB Implementers Forum that makes a USB device accessible to a host computing device and enables file transfers between the host and the USB device. To a host, the USB device acts as an external hard drive; the protocol set interfaces with a number of storage devices.

Extensible Authentication Protocol (EAP) is an authentication framework frequently used in network and internet connections. It is defined in RFC 3748, which made RFC 2284 obsolete, and is updated by RFC 5247. EAP is an authentication framework for providing the transport and usage of material and parameters generated by EAP methods. There are many methods defined by RFCs, and a number of vendor-specific methods and new proposals exist. EAP is not a wire protocol; instead it only defines the information from the interface and the formats. Each protocol that uses EAP defines a way to encapsulate by the user EAP messages within that protocol's messages.

A card reader is a data input device that reads data from a card-shaped storage medium and provides the data to a computer. Card readers can acquire data from a card via a number of methods, including: optical scanning of printed text or barcodes or holes on punched cards, electrical signals from connections made or interrupted by a card's punched holes or embedded circuitry, or electronic devices that can read plastic cards embedded with either a magnetic strip, computer chip, RFID chip, or another storage medium.

In computing, the USB human interface device class is a part of the USB specification for computer peripherals: it specifies a device class for human interface devices such as keyboards, mice, game controllers and alphanumeric display devices.

A Bluetooth stack is software that is an implementation of the Bluetooth protocol stack.

<span class="mw-page-title-main">OpenPGP card</span> Type of cryptographic smart card

In cryptography, the OpenPGP card is an ISO/IEC 7816-4, -8 compatible smart card that is integrated with many OpenPGP functions. Using this smart card, various cryptographic tasks can be performed. It allows secure storage of secret key material; all versions of the protocol state, "Private keys and passwords cannot be read from the card with any command or function." However, new key pairs may be loaded onto the card at any time, overwriting the existing ones.

<span class="mw-page-title-main">IEEE 1394</span> Serial bus interface standard, also known as Firewire

IEEE 1394 is an interface standard for a serial bus for high-speed communications and isochronous real-time data transfer. It was developed in the late 1980s and early 1990s by Apple in cooperation with a number of companies, primarily Sony and Panasonic. It is most commonly known by the name FireWire (Apple), though other brand names exist such as i.LINK (Sony), and Lynx.

<span class="mw-page-title-main">USB-C</span> 24-pin USB connector system

USB-C, or USB Type-C, is a 24-pin connector that supersedes previous USB connectors and can carry audio, video and other data, e.g., to drive multiple displays or to store a backup to an external drive. It can also provide and receive power, such as powering a laptop or a mobile phone. It is applied not only by USB technology, but also by other protocols, including Thunderbolt, PCIe, HDMI, DisplayPort, and others. It is extensible to support future standards.

<span class="mw-page-title-main">HomeKit</span> Software framework by Apple for home automation

HomeKit, also known as Apple Home, is a software framework and communication protocol developed by Apple Inc. that lets users configure, communicate with and control smart-home appliances using Apple devices. It provides users with a way to automatically discover such devices and configure them. By designing rooms, items and actions in HomeKit, users can enable automations in the home through a voice command to Siri or through the Home app. With HomeKit, developers are able to create complex applications in order to manage accessories at a high level.

<span class="mw-page-title-main">YubiKey</span> Hardware authentication device

The YubiKey is a hardware authentication device manufactured by Yubico to protect access to computers, networks, and online services that supports one-time passwords (OTP), public-key cryptography, and authentication, and the Universal 2nd Factor (U2F) and FIDO2 protocols developed by the FIDO Alliance. It allows users to securely log into their accounts by emitting one-time passwords or using a FIDO-based public/private key pair generated by the device. YubiKey also allows storing static passwords for use at sites that do not support one-time passwords. Google, Amazon, Microsoft, Twitter, and Facebook use YubiKey devices to secure employee accounts as well as end-user accounts. Some password managers support YubiKey. Yubico also manufactures the Security Key, a similar lower-cost device with only FIDO2/WebAuthn and FIDO/U2F support.

Universal 2nd Factor (U2F) is an open standard that strengthens and simplifies two-factor authentication (2FA) using specialized Universal Serial Bus (USB) or near-field communication (NFC) devices based on similar security technology found in smart cards. It is succeeded by the FIDO2 Project, which includes the W3C Web Authentication (WebAuthn) standard and the FIDO Alliance's Client to Authenticator Protocol 2 (CTAP2).

WebUSB is a JavaScript application programming interface (API) specification for securely providing access to USB devices from web applications.

References

  1. USpatent 7748636,Finn, David,"Portable identity card reader system for physical and logical access",published 2010-07-06, assigned to Dpd Patent Trust Ltd.
  2. "Specification for Integrated Circuit(s) Cards Interface Devices Revision 1.1". usb.org. USB Implementers Forum, Inc. p. 25. Retrieved January 26, 2015.
  3. USB Complete: Everything you need to develop custom USB peripherals, Jan Axelson, 2005, page 189
  4. "Microsoft Class Drivers for USB CCID Smart Cards". Microsoft Developer Network. Microsoft. Retrieved January 26, 2015.
  5. "Jamf Pro Overview—macOS Smart card Functionality" (PDF). Jamf. 2018. p. 7. Archived (PDF) from the original on 2020-11-26. Retrieved 2020-11-26.
  6. "Intro to smart card integration". Apple Support. Apple. Archived from the original on 2020-11-26. Retrieved 2020-11-26.
  7. "Use a smart card on iPhone and iPad". Apple Support. Retrieved 2024-01-23.
  8. "Supported smart card functions on iPhone and iPad". Apple Support. Retrieved 2024-01-23.
  9. "CCID free software driver" . Retrieved June 22, 2018.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.