Smartcards from kernel mode?

OSR_Community_User · July 16, 2003, 6:24pm

Hi all,
I’m developing a system that makes use of a smartcard during
certain filesystem operations. The system will make use of a
programmable smartcard platform. Does anyone know if any smartcard
development platforms exist that would allow a filesystem filter driver
to call ioctls or some API on a smart card driver from kernel-mode?
Most smartcards and standards I have seen so far seem to cater toward
user apps that need smartcard services. I guess I could use an inverted
call model to call from user mode, but would like to avoid such
performance penalties if possible. Any advice is appreciated!

Thanks and advance,
Matt

OSR_Community_User · July 16, 2003, 10:35pm

“Matthew N. White” wrote:

I’m developing a system that makes use of a smartcard during
certain filesystem operations. The system will make use of a
programmable smartcard platform. Does anyone know if any smartcard
development platforms exist that would allow a filesystem filter driver
to call ioctls or some API on a smart card driver from kernel-mode?
Most smartcards and standards I have seen so far seem to cater toward
user apps that need smartcard services. I guess I could use an inverted
call model to call from user mode, but would like to avoid such
performance penalties if possible. Any advice is appreciated!

With one caveat I’ll mention, you can use IoRegisterPlugPlayNotification
to enumerate readers on your system. With the resulting symbolic link
names, you can call IoGetDeviceObjectPointer. Then you can send the
documented IOCTLs to the driver.

The caveat is that the user-mode resource manager (SCARDSVR) normally
has handles open to all SmartCard readers, and most drivers only allow
one handle to be open at a time. There’s a good reason for this, too:
the interaction with the card usually entails several APDUs that leave
the card in a state where you really don’t want other people sneaking in
to perform their *own* APDUs. If you’re sure that what you’re doing
isn’t going to screw up the state machine in the card’s OS, you could
install a filter driver that would provide you with a back door for
submitting transactions to the card.

–
Walter Oney, Consulting and Training
Basic and Advanced Driver Programming Seminars
Check out our schedule at http://www.oneysoft.com

OSR_Community_User · July 16, 2003, 11:48pm

How low latency are smart cards that you’re concerned the overhead of a
kernel-to-user signalling mechanism would be noticable in comparison to
a query/response to the card?

-p

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Matthew N. White
Sent: Wednesday, July 16, 2003 3:24 PM
To: Windows System Software Developers Interest List
Subject: [ntdev] Smartcards from kernel mode?

Hi all,
I’m developing a system that makes use of a smartcard during
certain filesystem operations. The system will make use of a
programmable smartcard platform. Does anyone know if any smartcard
development platforms exist that would allow a filesystem filter driver
to call ioctls or some API on a smart card driver from kernel-mode?
Most smartcards and standards I have seen so far seem to cater toward
user apps that need smartcard services. I guess I could use an inverted
call model to call from user mode, but would like to avoid such
performance penalties if possible. Any advice is appreciated!

Thanks and advance,
Matt

You are currently subscribed to ntdev as: xxxxx@microsoft.com To
unsubscribe send a blank email to xxxxx@lists.osr.com