{"id":470,"date":"2014-07-30T10:03:41","date_gmt":"2014-07-30T18:03:41","guid":{"rendered":"http:\/\/unmitigatedrisk.com\/?p=470"},"modified":"2014-07-30T10:03:41","modified_gmt":"2014-07-30T18:03:41","slug":"smart-cards-pcsc-and-chrome","status":"publish","type":"post","link":"https:\/\/unmitigatedrisk.com\/?p=470","title":{"rendered":"Smart cards, PC\/SC and Chrome"},"content":{"rendered":"

Smart cards have been around since 1974<\/a> and as a technology while they have expanded their capabilities they still work in very much the same way they did back then.<\/p>\n

These cards expose a protocol represented in Application Data Units (APDUs), the devices themselves are typically connected to computers via smart card readers (either embedded or external) that communicate via PC\/SC<\/a>.<\/p>\n

Shortly after PC\/SC was defined a class interface for USB PC\/SC devices was defined called CCID<\/a> with devices that conform to this specification one does not need vendor specific drivers to interact with the PC\/SC device.<\/p>\n

Since Chrome 26 Google has supported an interface that allows plug-ins to interact with USB devices<\/a>. While I have not looked at this interface in detail I do know that the Google Gnubby<\/a> (aka FIDO U2F<\/a>) uses this interface to interact with their devices. I also understand that the U2F devices are in simple JCOP cards with a Gnubby applet on them.<\/p>\n

Based on the above it seems rational to believe a third-party (aka someone other than Google) should also be able to create a Chrome plug-in (which is nothing more than Javascript) that allows a web-page to interact with smart-cards.<\/p>\n

This would when paired with a reasonable card-edge that supports secp256k1 enable Multi-signature Bitcoin transactions<\/a> leveraging smart cards without the need for a “fat” client.<\/p>\n","protected":false},"excerpt":{"rendered":"

Smart cards have been around since 1974 and as a technology while they have expanded their capabilities they still work in very much the same way they did back then. These cards expose a protocol represented in Application Data Units (APDUs), the devices themselves are typically connected to computers via smart card readers (either embedded […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[104,3],"tags":[102,127],"class_list":["post-470","post","type-post","status-publish","format-standard","hentry","category-bitcoin-2","category-security","tag-bitcoin","tag-smart-cards"],"_links":{"self":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/posts\/470","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=470"}],"version-history":[{"count":0,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/posts\/470\/revisions"}],"wp:attachment":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=470"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=470"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=470"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}