Smart Card

activedirectory 验证方法Active Directory 是由微软开发的一种目录服务，它提供了一种集中管理和组织网络中的用户、计算机和其他网络资源的方法。

在企业网络中，用户需要通过验证才能访问网络资源。

因此，Active Directory 验证方法是非常重要的。

本文将介绍几种常用的 Active Directory 验证方法。

1. 基本身份验证（Basic Authentication）基本身份验证是最简单的验证方法之一。

用户在登录时输入用户名和密码，并将其发送给 Active Directory 服务器进行验证。

如果用户名和密码正确，用户将获得访问权限；否则，将被拒绝访问。

2. NTLM 身份验证（NTLM Authentication）NTLM 身份验证是一种基于 Windows 操作系统的验证方法。

它使用单向散列函数来加密用户的密码，并将加密后的密码发送给服务器进行验证。

NTLM 身份验证支持单向和双向身份验证，在安全性和性能方面都有一定的优势。

3. Kerberos 身份验证（Kerberos Authentication）Kerberos 身份验证是一种网络身份验证协议，用于在非安全网络上进行安全身份验证。

它使用票据和票据授权服务器来验证用户的身份，并为用户生成访问票据，以便在网络上访问资源。

Kerberos 身份验证提供了更高的安全性和可扩展性。

4. Smart Card 身份验证（Smart Card Authentication）Smart Card 身份验证是一种基于智能卡的验证方法。

用户需要插入智能卡并输入密码才能进行身份验证。

智能卡中存储了用户的证书和私钥，用于加密和解密身份验证信息。

Smart Card 身份验证提供了更高的安全性，因为智能卡很难被伪造或盗用。

5. 多因素身份验证（Multi-Factor Authentication）多因素身份验证结合了多个验证方法，以提供更高的安全性。

智能一卡通管理中心Smart card management center管理中心产品特点1. 智能一卡通：管理使用脱机运行2. 开放式积木式扩展式3。

提供API OR SDK4. 智能一卡通：管理使用一卡一库一平台5. 模块化简单化智能化傻瓜化产品说明写卡器软件SOFTKEY多串口卡通讯转换器调试卡Features of the Management Center1 smart card：the management and use of offline operation2 Open building block extension type3 Provide API OR SDK4 Smart card: the management and use of a card，a library and a platform5 modular simplified intelligent foolProduct DescriptionSmart card deviceSoftwareSOFTKEYMultiport serial cardsCommunication converterDebug card什么是智能一卡通系统？What is a smart card system？“智能一卡通”是以IC卡技术为核心,以计算机和通信技术为手段，将智能建筑内部的各项设施连接成为一个有机的整体，用户通过一张IC卡便可完成通常的钥匙、资金结算、考勤和某些控制操作，如用lC卡开启房门、IC卡就餐、购物、娱乐、会议、停车、巡更、办公、收费服务等各项活动.而不必像以往携带多把沉重的钥匙开门，去各个对应部门交费等繁杂的操作。

整个系统可根据需要对各部门进行监控管理和决策, 各局部系统和终端可自动将收集到的信息整理归纳，供系统查询、汇总、统计、管理和决策。

通过IC卡可互相沟通，既满足各个职能管理的独立性，又保证整体管理的一致性。

外文原文SMART CARD for SMART CAMPUSKFUPM Case StudyTala1 Halawani and Mohamed MohandesKing Fahd University of Petroleum and Mineralsmohandes@. SaAbstractSmart card is the latest addition in the world of information technology. The vision of the smart card program is to provide access to services that is secure, fast,friendly, easy to use, flexible, personal, and is accessible by the users kom anyplace at any time. A smart card is of the size of a conventional credit card with an embedded computer chip that stores and transacts data between users and devices. This data is associated with either value or information or both and is stored and processed within the chip of the card. The card data is transacted via a card reader attached to a computing system as a peripheral device. Smart cards are extensively used through several key applications like education, healthcare, banking, entertainment, and transportation.1. IntroductionSmart card is a mini-computer capable of storing and processing data. Although, at -present, they are most popular as single-function cash cards and long-distance calling cards, their capabilities range from retaining tickets, money, frequent flyer miles, travel preferences, insurance information, key demographic data, links to a patient’s medical records, to allowing access into a building, logging onto a network, etc. The potential of the smart card is limitless. With the added bonus of these functions being performed on a single card, smart cards have the ability to become indispensable tools.Smart cards were first introduced in Europe a couple of decades ago as a stored value tool for pay phones to reduce theft [I]. As smart cards and other chip-based cards advanced, people found new ways to use them, such as charging cards for creditpurchases and for record keeping in place of paper. Smart cards provide tamper-proof storage of user and account identity. They provide protection against a full range of security threats, kom careless storage of user passwords to sophisticated system hacks. Smart card can be multi-functional through the use of several applications stored on the card. This paper starts with the history of smart cards and describes the different types of smart cards with characteristics of each type. Finally, the paper will detail KFUPM smart card system as an important case study in the field.2. The History of Smart CardsThe first plastic payment card for general use was issued by the Dinners Club in 1950. At first the card’s functions were quite simp le [2]. They initially served as data carriers that were secure against forgery and tampering. General information, such as the card issuer’s name, was printed on the surface while personal data elements, such as the cardholder’s name and the card number were embossed. Further more, many cards bad a signature field. Protection against forgery was provided by visual features. Therefore, the system’s security depended completely on the retail staff accepting the cards. However, this was not an overwhelming p roblem due to the card‘s initial exclusivity. There was a pressing need for machine-readable cards to reduce handling cost in addition to the fact that card issuer’s losses due grew from year to year due to fraud [2].The first improvement consisted of a magnetic strip on the back of the card. This allowed digital data to be stored on the card in a machine-readable form as a supplement to the visual data. Additionally, security is enhanced by the use of a secret personal identification number (PIN) that is compared to a reference number stored in the magnetic strip [3].Although the embossed card with a magnetic strip is still the most commonly used type of payment card, they suffer from a severe weakness in that data stored on the strip can be read, deleted and rewritten by anyone with access to the appropriate equipment. PIN must be stored in the host system in a secure environment, instead of on the magnetic strip. Most systems that employ magnetic strip cards have on-line connectionsto the system’s host computer for security reasons. However, this generates considerable data transmission costs.The development of the smart card, combined with the expansion of electronic data processing has created completely new possibilities for solving this problem. Progress in microelectronics in the 1970’s made it possible to integrate data storage and arithmetic logic on a single silicon chip measuring a few square millimeters [2]. The ideas of incorporating such an integrated circuit into an ID card was contained in a patent application filed in Japan by Kunitaka Arimura in Japan concerning “a plastic card incorporating one or more integrated circuit chips for the generationof distinguishing signals” in1970 [3]. However, the first real progress in the development of smart cards came when Ronal Moreno registered his smart card patent on “an independent electronic object with memory” in France in 1974.A breakthrough was achieved in 1984, when the French telecommunication authorities decided to use prepaid chip cards for public pay phones due to the increasing vandalism and theft. Chip cards were demonstrated to be a cost effective solution. The French example was followed by many other countries. Today, more than 100 countries use chip cards for their public phone systems. By 1990 the total number of smart cards reached 60 million cards [4]. Today, several billion smart cards are in use worldwide.3. Types of Smart CardsSmart cards are composed of a chip, an interface between the chip and the card reader, and a plastic body. Smart cards are classified according to the chip type; memory chip cards as well as microprocessor chip cards. They can also be classified according to the method of communication with the reader. Cards may communicate with readers either through direct physical contacts (contact cards) or through a radio kequency signals (contactless cards).3.1 Memory Chip CurdsMemory cards have no sophisticated processing power and cannot manage filesdynamically. They are used for data storage and applications. Data can consist of the identification number, serial number of the card, installed applications and the information required to a specific application in case of mudti-appliciation cards. The main use for memory smart cards is to store card’s operating sy stem, nm-time e:nvironment, issuer security domain, card issuer application, keys, and certificates for cryptography. Keys function as passwords to secure environments, and certificates verify the authenticity of keys. Memory smart cards are built wi.th erasable programmable read-only memory (EPROM) or electrically EPROM (EEPROM) chi,ps. EPROM is often used in prepaid service cards such as phone cards that count off minutes used and then are discarded. EEPROM, which can be changed up to 100,000 times, includes built-in logic that can be used to update a. counter in prepaid service cards.3.2 Microprocessor Chip CurdsThese cards have on card dynamic data processing capabilities. The chip contains a microprocessor or a microcontroller that manages memory allocations and file access. It manages data in organized file structures, via a card operating system (COS). Unlike other operating systems, this software controls access to the on card user memory. Thi,s capability permits different and multiple functions and/or different applications to reside on tkle card. The microprocessor chips used for cards are smaller, slower versions of the central processing units used in PCs. Their pro,gamming capability provides support to functionality of the card. Microprocessor smart cards are required for applications that manipulate or compare data, such as public key infrastructure (PKI), dataencryption, Java applets, and electronic purses. Every microprocessor smart card bas a COS on the chip to operate the internal functions of the application. The COS loads off the read-onlymemory (ROM), much like: a basic inputloutput system (BIOS) on a PC [Z].3.3 Contact Smart CmdsIn addition to the classification of smart card based on the chip type, smart cards can be classified based on communication type. Contact smart card requires a phyriical contact between card and the reader. They use an eight or six pin contacts on the top of the card to physically connect to the card reader. Their ch.ip could be memory or microprocessor type [5].3.4 Contactless Smart CurdsContactless smart cards use an antenna to communicate with the reader. They are powered from an RF field generated by the card reader. The RF field also transfers data between the card and the reader [4]. Employee identification badges for building access are typically contactless smart cards. Additionally, most cards used for transportation are contactless as well.3.5 Combination Smart CardsMultipurpose combination smart cards are a hybrid mix of the contact and contactless designs. They include contacts for communication with a contact type reader, and also include an antenna for communication with an RF type reader [5].4. KFUPM Smart Card SystemUniversities need simple identity cards for all employees and students who are granted access to certain data, equipment and departments according to their status. Multifunction, microprocessor based smart cards incorporate identity with access privileges and also stores value for use in various locations, such as cafeterias and stores. Numerous universities around the world are utilizing smart cards. KFUPM is one of the first universities in the area to adopt a comprehensive multifunctional smart card system. KFUPM card is a dual card that bas two chips; one for contact applications and the other is for contactless applications. The contact chip will be utilized to store cardholder photo in addition for future bank services while the contactless chip will be utilized for all other functions. The card systemwill provide the following functions:Photo IDLibrary borrowing privilegesElectronic purseRecreation center sewicesMedical center servicesE-LeamingAccess control to university facilities Logical access to PCs and the internet These functions are controlled from a control management center (CMC) as shown in Figure.1. The CMC will host a file database server that is connected to the university network, enabling the system to access the student information system (SIS) and personnel payroll databases (PPS). An additional database is created for the cardholder database and will be residing in the system's server. There are several components of the CMC.Figure.1 Card Management CenterThe function of the card issuing System (CIS) is to capture the digital photograph and the biometrics template of the cardholder [6-71. As can be seen in Figure.2, the CIS consists of a card printer, biometrics scanner, digital camera, and a workstation. The CIS workstation is connected to the network to access the databases for the required information and data. However, records under processing could be stored for a sbort period in the CIS local database before it is passed onto the cardholder database to reduce the load on KFUPM network.Figure.2 Card Issuance CenterCard personalization system (CPS) performs the chip personalization in addition to defining the door access level for the cardbolder. CPS works on a cliendserver configuration, where the application used for the personalization process resides on the server. Therefore, each defined CPS workstation uses the KFUPM network to access and invoke the CPS application in the server. The CPS application can access the SIS and PPS through the KFUPM network. CPS consists of biometrics scanner, contact card reader and contactless reader as seen in Figure.3.Figure.3 Card Personalization SystemDue to the presence of contact and contactless chips, personalization has to be performed twice. Once the personalization process is complete, the system performs a biometrics verification process to insure that biometrics templates match the actual physical cardholder.Access control system (ACS) is responsible for controlling all defined accesscontrolled areas. It is also used to define the various group levels, which allow proper control of the movement of students and personnel in the university. This system provides access control to the university gates, buildings,Laboratories, library, recreation centers and car parks, as shown in Figure.4. ACS tracks and records movement of staff and students in controlled regions.Figure.4 Access control systemPayment management system (PMS) is responsible for collecting the various E-purse and university account transactions performed at the point of sale (POS) terminals. These POS terminals would be available at restaurants, library, recreation center, medical center, and coffee shops. The POS system accepts cash payments, make payments via university account, and make payments and provide refunds using the E-Purse system. Figure.5 shows the POS system.Figure5 Point of Sale SystemConclusionsThis paper introduced smart card technology. It presented the history and Ines of smart cards. Additionally, it highlighted the important points of KFUPM smart card system. Upon completion of the system, it is hoped that KFUPM smart card project will be an important case study for other universities in the are.% to follow.中文译文校园智能卡摘要智能卡的诞生是对世界信息技术的一种补充。

This guide describes the HID OMNIKEY Smart Card Reader installation. Reference your driver documentation (readme) for a list of supported windows versions.Three types of installation exist:• Unattended (preferred installation)• Automatic (internet connection required)• Manual UnattendedThe Unattended installation is the preferred method. Unattended installation files are found at /omnikey . Optionally, obtain these files from an installation CD (if available).1. T o download the latest HID OMNIKEY Unattended setupdrivers, go to: /omnikey , and select Download OMNIKEY drivers .2. Select your OMNIKEY product and operating system.3. From the list, select the Unattended Setup Installer andconfirm the license agreement.4. Double-click the executable file and follow the instructionsdisplayed in the setup window.Note: In addition, download API drivers. The SYNC-API is required for applications with memory or contactless (iCLASS ®) cards. The CT-API is often required for PIN Pad readers (electronic signature applications), as well as health care applications.In standard installations, installing these APIs is suggested.For driver installation local administration rights may be required.Do not plug in the OMNIKEY reader into your computer until setup is complete.5. Execute the Unattended Setup.EXE file and follow theInstall Wizard instructions.Note: For uninstalling the OMNIKEY drivers, restart the setup or (from the control panel) use Add/Remove Programs .6. After finishing the installation, plug in your reader to the port(USB, ExpressCard ®, or PCMCIA).7. Windows automatically detects and installs the newhardware connected to the port (USB, ExpressCard, or PCMCIA).Proceed to the OMNIKEY Workbench section for testing and installation.AutomaticEnsure your computer has an online connection to the Internet.1. Connect the reader to the computer port (USB,ExpressCard, or PCMCIA).2. Windows detects the new hardware connected to the port(USB, ExpressCard, or PCMCIA) and requests the drivers.3. After the Windows Hardware Wizard opens, Windowsrequests to connect to Windows Update to search for software, click Yes, this time only .4. The OMNIKEY reader automatically is recognized and theappropriate driver installed through Windows Update.The OMNIKEY reader is ready for use.Note: If your OMNIKEY reader is CCID compliant, use a native Windows CCID driver to operate the reader. However thenative driver does not allow you to utilize the readers advanced features and functions.Proceed to the OMNIKEY Workbench section for testing the installation.ManualFor manual driver installation, local administration rights may be required.Original OMNIKEY drivers must be locally available on your computer (for example, after internet download or from a CD).1. T o download the latest OMNIKEY drivers, go to:/omnikey , and select Download OMNIKEY drivers .2. Select your OMNIKEY product and operating system.3. From the list, select the driver for download and confirm thelicense agreement.Note: In addition, download API drivers. The SYNC-API is often required for applications with memory or contactless cards (HID iCLASS). While the CT-API is often required for PIN Pad reader use (electronic signature applications), as well as health care applications.In standard installations, installing these APIs is suggested.4. After downloading the self-extracting file, execute the file toextract the drivers to the local hard drive (default path c:\HID Global ).Note: Drivers have not yet been installed.5. Select the driver location, click Next .OMNIKEY ®Smart Card Readers(USB, ExpressCard and PCMCIA)Base Models: 1021, 3021, 3121, 4040, 4121, 4321, 5021, 5025, 5121,5125, 5127, 5321, 5325, 5326, 5421, 5427, 6121, 6221, 6321U ser G Uide3121-905-ENEN, Rev A.7December 2013© 2008 - 2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.15370 Barranca Parkway Irvine, CA 92618-2215USAPage 2December 2013© 2008 - 2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.OMNIKEY Smart Card Readers (USB, ExpressCard, and PCMCIA) User Guide, 3121-905-ENEN, A.76. Once the drivers are stored on the computer, connectthe OMNIKEY reader to the port (USB, ExpressCard, or PCMCIA) and start the installation process. When the Windows Hardware Wizard requests for the driver, select Install from a list or specific location .7. Check Include this location in search and specify thelocation where the drivers are stored (for example: C:\HID Global\5x21_V1.2.9.2). Click Next . When installation is complete, click Finished .Note: If using unsigned BETA drivers, choose the Don’t search, I will choose the driver to install radio button.After finishing the installation your OMNIKEY Smart Card Reader is ready for use.Installation CheckEnsure your device is recognized and listed in the Windows Device Manager dialog, for example OMNIKEY 5x21, in the Smart Card Reader section.Note: If you are using an OMNIKEY reader with a native CCID driver, the reader is listed as a CCID compliant device.1. Open Windows Explorer. Click Start > Programs >Accessories > Click Windows Explorer .2. Open the Device Manager. Right-click Computer >Properties > click Device Manager .3. Expand the Smart card readers and ensure the OMNIKEYreader is found.Proceed to the OMNIKEY Workbench section for testing the installation.Release NotesWhen installing with Unattended or Manual options, theReadme, and Driver Release Notes are installed by default at C:\Program Files\HID Global\HID OMNIKEY Workbench .OMNIKEY Workbench1. Download the latest OMNIKEY Workbench , by goingto: /omnikey . Select Driver Downloads .2. Select your OMNIKEY product and operating system.Choose to download the OMNIKEY Workbench and confirm the license agreement. When download is complete, click Run .Note: The OMNIKEY Workbench only works with OMNIKEY readers. Older drivers use a Diagnostic tool which is available from the control panel.Start the OMNIKEY Workbench from the program shortcut. Go to Start > Programs > HID Global > OMNIKEY Workbench .OMNIKEY Workbench provides various applications. On startup the Diagnosis application shows the General Settings view with different tabs for smart card reader service status. Alsoshown is the driver file and API DLL information.The Diagnosis application also lists all connected OMNIKEY smart card reader details (per the available contact andcontactless interface).For a functional test, insert a working smart card into the reader.As a result, an ATR string and other card details will display.。

Following document will give a step by step detail about:1.CA installation2.Smart card setup on Connection server, Agent & ClientPre-requisites:∙The host machine on which CA is going to be installed must have Static IP Address.∙There should be time synchronization between View Connection Server, Agent, CA and the View Client.∙All the machines should be in same domain (View Connection Server, Agent, CA and the View Client.)1.CA Installation:Install an Enterprise Certificate Authority in Windows Server:a)Start the Server Manager.b)Click Add Roles under Roles Summary.c)Check the Active Directory Certificate Services role & Certification Authority Web Enrollment.Click Next.If you have not yet installed all of the IIS components the Web Enrollment service needs, it will ask for prerequisites to be installed. Go ahead and accept these, then click Next.d)Check on Enterprise CA, click Next.e)Choose the Root CA and click Nextf)This is a new CA without existing keys so select “Create a new private key and click Next.”g)Keep the default CSP, hashing method, and key length and click Next.h)Keep the defaults and click Next.i)Click Nextj)Accept the default database locations and click Next. Then at the confirmation screen click Install.k)After CA installation is completed ->Open the Certificate Authority through Administrative tools-> Expand the CA created->Select Certificate Templates. To make sure that Administrator has Full control over the Templates to be issued by CA follow the steps given below: ∙Right Click on Certificate Templates -> Select Manage -> “Certificate Templates Console”is opened->Sele ct Template “Enrollment Agent” -> Click “Properties” -> Open “Security”tab -> Add “Administrator” and assign Full Control∙Repeat the above step for following Templates: Smartcard Logon, Smart card User, Enrollment Agent (Computer)∙Close “Certificate Templates Console”l)Select “Certificate Templates”-> Click New-> “Certificate Template to issue”->Select Smartcard Logon, Smart card User, Enrollment Agent, Enrollment Agent (Computer) and click on OK.m)Open internet explorer -> browse to http:\\localhost\certsrv\Click on “Request a certificate” -> “Advanced certificate request” -> “Create and submit arequest to this CA” -> If prompted Allow access for “Active X control” ->Do not change anysetting and click on “Submit” -> Click on “Install”-> Go back to “Home” page using the link on top right corner-> Click “Download CA certificate, certificate chain, or CRL” -> Select “Download CA certificate” -> Save the CA certificate (certnew.cer)n)If you are using 2008 Web Enrollment∙Open Certificate Management Console by running certmgr.msc∙Select the 'Personal Store'; and from the context menu select All Tasks->Request New Certificate∙Do not change the Certificate Enrollment Policy -> Click Next∙Select “Domain Controller Authentication” to get a certificate which will later be used for signing.∙Select "Enroll" to finish the wizard and get a certificate2.Smart card setup on Connection server, Agent & ClientConnection Broker:a)Obtain the root certificate(certnew.cer) from the CAb)Add the root certificate to connection broker “Truststore”:∙On your View Connection Server, use the keytool utility to import the root certificate into the server truststore file. Open command line with Admin privilege and browse to C:\ProgramFiles\VMware\VMware View\Server\jre\bin . Run following command:keytool -import -alias alias -file root_certificate -keystore truststorefile.keyIn this command, alias is a unique case-insensitive name for a new entry in the truststore file,root_certificate is the root certificate that you obtained or exported, and truststorefile.key is the name of the truststore file that you are adding the root certificate to. If the file does not exist, it will be created in the current directory.Note: The keytool utility might prompt you to create a password for the truststore file. You will be asked to provide this password if you need to add additional certificates to the truststore file at a later time.∙Copy the truststorefile.key to the SSL gateway configuration folder on the View Connection Server host. (SSL gateway configuration folder path: C:\Program Files\VMware\VMwareView\Server\ssl gateway)For example: install_directory\VMware\VMwareView\Server\sslgateway\conf\truststorefile.key ∙Create or edit the locked.properties file in SSL gateway configuration folder on the View Connection Server or security server host. For example: install_directory\VMware\VMwareView\Server\sslgateway\conf\locked.properties∙Add the trust Keyfile, trustStore type, and useCertAuth properties to the locked.properties file.For ex:trustKeyfile=lonqa.keytrustStoretype=JKSuseCertAuth=true∙Restart the View Connection Server service or security server service to make your changes take effect.Agent:∙Install smart card drivers (\\10.112.208.1\Repository\software\SmartCard Reader)∙Install KB909520 for windows xp machine∙Restart after installClient:∙Install smart card drivers and the smart card reader(\\10.112.208.1\Repository\software\SmartCard Reader)∙RDP to CA server machine∙If you are using 2008 Web Enrollmento Open Certificate Management Console by running certmgr.msco Select the 'Personal Store'; and from the context menu select All Tasks-> Advanced Operations-> Enroll on behalf ofo Do not change the Certificate Enrollment Policy -> Click Nexto When prompted to select a signing certificate, select the "Enrollment Agent Certificate"enrolled earliero Next, it will show all the available templates, select "Smartcard Logon" or "Smartcard User" based upon the requirementClick on Details for the selected template and then select Properties for the same o On the "Private Key" tab, click on "Cryptographic Service Provider" and select“Microsoft Base Cryptographic Provider v1.0”o Select the user for whom you want to enroll the certificateo Insert the smartcard in the reader and when prompted, enter the PINo The information would be written to the smart card and you can repeat thesame process for another account or close the wizard to complete it.∙If you are using 2003 Web Enrollmento Browse to http:\\localhost\certsrvo Click “Request a certificate” -> “Advanced certificate request” -> “Create and submit a request to this CA” -> Under Key options select CSP “Microsoft Base CryptographicProvider v1.0” -> Submit.o Click on “Request a certificate”-> “Advanced certificate request” -> “Request a certificate for a smartcard on behalf of another user” -> Select Cryptographic Serviceprovider as “Microsoft Base Cryptographic Provider v1.0” -> Select Certificate->Administrator certificate should selected by default -> Select the user for whom youwant to enroll the certificate -> Enroll。

Smart Card FunctionsWindows Mobile 6.5A version of this page is also available forWindows Embedded CE 6.0 R34/8/2010The following table shows the Smart Card Services functions with a description of the purpose of each. Programming element DescriptionSCardBeginTransaction This function starts a transaction, waiting for the completion of all othertransactions before it begins.SCardCancel This function terminates all outstanding actions within a specificresource manager context.SCardConnect This function establishes a connection, using a specific resourcemanager context, between the calling application and a smart cardcontained by a specific reader.SCardControl This function gives you direct control of the reader. You can call it anytime after a successful call to SCardConnect and before a successful callto SCardDisconnect.SCardDisconnect This function terminates a connection previously opened between thecalling application and a smart card in the target reader.SCardEndTransaction This function completes a previously declared transaction, enablingother applications to resume interactions with the card.SCardEstablishContext This function establishes the resource manager context (the scope)within which database operations are performed.SCardForgetCardType This function removes an introduced smart card from the smart cardsubsystem.SCardForgetReader This function removes a previously introduced reader from control bythe smart card subsystem.SCardFreeMemory This function frees memory that has been returned from the resourcemanager using the SCARD_AUTOALLOCATE length designator.SCardGetAttrib This function gets the current reader attributes for the specified handle.SCardGetCardTypeProviderName This function returns the name of the dynamic link library (DLL)containing the provider for a given card name and provider type.SCardGetProviderId This function returns the globally unique identifier (GUID) of theprimary service provider for a specified card.SCardGetStatusChange This function blocks execution until the current availability of the cardsin a specific set of readers changes.SCardIntroduceCardType This function introduces a smart card to the smart card subsystem forthe active user by adding it to the smart card database.SCardIntroduceReader This function introduces a new name for an existing smart card reader.Smart card readers are automatically introduced to the system. SCardIsValidContext This function determines whether a smart card context handle is valid.SCardListCards This function searches the smart card database and provides a list ofnamed cards previously introduced to the system by a user. SCardListInterfaces This function provides a list of interfaces supplied by a specified card.SCardListReaders This function provides the list of readers within a set of named readergroups, eliminating duplicates.SCardLocateCards This function searches the readers listed in the rgReaderStatesparameter for a card with an Automatic Terminal Recognition (ATR)string that matches one of the card names specified in mszCards,returning immediately with the result.SCardLocateCardsByATR This function searches the readers listed in the rgReaderStatesparameter for a card with an ATR string that matches one of the ATRsspecified in rgAtrMasks, returning immediately with the result.SCardReconnect This function re-establishes an existing connection between the callingapplication and a smart card.SCardReleaseContext This function closes an established resource manager context, freeingany resources allocated under that context, including SCARDHANDLEWindows Mobile 6.5A version of this page is also available forWindows Embedded CE 6.0 R34/8/2010The following table shows the primary error values returned by smart card functions.Some error values can have the same value as existing Microsoft® Win32® error values that signify a similar condition. The following table shows these values.SCARD_E_NO_MEMORY 0x80100006L Not enough memory available to completethis command.SCARD_F_WAITED_TOO_LONG 0x80100007L An internal consistency timer has expired.SCARD_E_INSUFFICIENT_BUFFER 0x80100008L The data buffer to receive returned data is toosmall for the returned data.SCARD_E_UNKNOWN_READER 0x80100009L The specified reader name is not recognized. SCARD_E_TIMEOUT 0x8010000AL The user-specified timeout value has expired.SCARD_E_SHARING_VIOLATION 0x8010000BL The smart card cannot be accessed becauseof other connections outstanding.SCARD_E_NO_SMARTCARD 0x8010000CL The operation requires a smart card, but nosmart card is currently in the device.SCARD_E_UNKNOWN_CARD 0x8010000DL The specified smart card name is notrecognized.SCARD_E_CANT_DISPOSE 0x8010000EL The system could not dispose of the media inthe requested manner.SCARD_E_PROTO_MISMATCH 0x8010000FL The requested protocols are incompatiblewith the protocol currently in use with thesmart card.SCARD_E_NOT_READY 0x80100010L The reader or smart card is not ready toaccept commands.SCARD_E_INVALID_VALUE 0x80100011L One or more of the supplied parametersvalues could not be properly interpreted.SCARD_E_SYSTEM_CANCELLED 0x80100012L The action was cancelled by the system,presumably to log off or shut down.SCARD_F_COMM_ERROR 0x80100013L An internal communications error has beendetected.SCARD_F_UNKNOWN_ERROR 0x80100014L An internal error has been detected, but thesource is unknown.SCARD_E_INVALID_ATR 0x80100015L An ATR obtained from the registry is not avalid ATR string.SCARD_E_NOT_TRANSACTED 0x80100016L An attempt was made to end a non-existenttransaction.SCARD_E_READER_UNAVAILABLE 0x80100017L The specified reader is not currently availablefor use.SCARD_P_SHUTDOWN 0x80100018L The operation has been aborted to allow theserver application to exit.SCARD_E_PCI_TOO_SMALL 0x80100019L The PCI Receive buffer was too small.SCARD_E_READER_UNSUPPORTED 0x8010001AL The reader driver does not meet minimalrequirements for support.SCARD_E_DUPLICATE_READER 0x8010001BL The reader driver did not produce a uniquereader name.SCARD_E_CARD_UNSUPPORTED 0x8010001CL The smart card does not meet minimalrequirements for support.SCARD_E_NO_SERVICE 0x8010001DL The Smart Card Resource Manager is notrunning.SCARD_E_SERVICE_STOPPED 0x8010001EL The Smart Card Resource Manager has shutdown.SCARD_E_UNEXPECTED 0x8010001FL An unexpected card error has occurred.SCARD_E_ICC_INSTALLATION 0x80100020L No primary provider can be found for thesmart card.SCARD_E_ICC_CREATEORDER 0x80100021L The requested order of object creation is notsupported.SCARD_E_UNSUPPORTED_FEATURE 0x80100022L This smart card does not support therequested feature.SCARD_E_DIR_NOT_FOUND 0x80100023L The identified directory does not exist in thesmart card.SCARD_E_FILE_NOT_FOUND 0x80100024L The identified file does not exist in the smartcard.SCARD_E_NO_DIR 0x80100025L The supplied path does not represent a smartcard directory.SCARD_E_NO_FILE 0x80100026L The supplied path does not represent a smartcard file.SCARD_E_NO_ACCESS 0x80100027L Access is denied to this file.SCARD_E_WRITE_TOO_MANY 0x80100028L The smart card does not have enoughmemory to store the information.SCARD_E_BAD_SEEK 0x80100029L There was an error trying to set the smart cardfile object pointer.SCARD_E_INVALID_CHV 0x8010002AL The supplied PIN is incorrect.SCARD_E_UNKNOWN_RES_MNG 0x8010002BL An unrecognized error code was returnedfrom a layered component.SCARD_E_NO_SUCH_CERTIFICATE 0x8010002CL The requested certificate does not exist.SCARD_E_CERTIFICATE_UNAVAILABLE 0x8010002DL The requested certificate could not beobtained.SCARD_E_NO_READERS_AVAILABLE 0x8010002EL Cannot find a smart card reader.SCARD_E_COMM_DATA_LOST 0x8010002FL A communications error with the smart cardhas been detected. Retry the operation.SCARD_E_NO_KEY_CONTAINER 0x80100030L The requested key container does not exist onthe smart card.SCARD_E_SERVER_TOO_BUSY 0x80100031L The Smart Card Resource Manager is too busyto complete this operation.SCARD_W_UNSUPPORTED_CARD 0x80100065L The reader cannot communicate with thecard, due to ATR string configurationconflicts.SCARD_W_UNRESPONSIVE_CARD 0x80100066L The smart card is not responding to a reset.SCARD_W_UNPOWERED_CARD 0x80100067L Power has been removed from the smart card,so that further communication is not possible.SCARD_W_RESET_CARD 0x80100068L The smart card has been reset, so any sharedstate information is invalid.SCARD_W_REMOVED_CARD 0x80100069L The smart card has been removed, so furthercommunication is not possible.SCARD_W_SECURITY_VIOLATION 0x8010006AL Access was denied because of a securityviolation.SCARD_W_WRONG_CHV 0x8010006BL The card cannot be accessed because thewrong PIN was presented.SCARD_W_CHV_BLOCKED 0x8010006CL The card cannot be accessed because themaximum number of PIN entry attempts hasbeen reached.SCARD_W_EOF 0x8010006DL The end of the smart card file has beenreached.SCARD_W_CANCELLED_BY_USER 0x8010006EL The action was cancelled by the user. SCARD_W_CARD_NOT_AUTHENTICATED 0x8010006FL No PIN was presented to the smart card.。

下载驱动软件：从公司QQ群下载“写卡器安装”压缩包并解压至“写卡器安装”文件夹。

1、检查Smart Card服务是否启动开始菜单——设置——控制面板——管理工具——服务双击“服务”并在打开的系统服务列表中找到Smart Card服务：如上图，若Smart Card服务为“已启动”状态，启动类型为“自动”，则说明SmartCard服务正常。

若该服务没有启动，请在“Smart Card服务”上点击右键选择“属性”，如下图：点击“启动”按钮，并将启动类型选择为“自动”，点击应用、确定退出。

如图：2、安装驱动程序：（打开写卡器文件夹）Smart Card Reader为例：双击安装，（注意：最后若提示重新启动计算机，则点击是，重启计算机。

）3、写卡器OCX控件的安装（打开写卡器文件夹）AICard.CAB文件夹内四个文件复制到C:\windows\system32\ 目录下，点击reg运行；浏览器设置：Internet选项-安全-可信站点-添加http://130.30.15.194、验证写卡器驱动、OCX控件将写卡器正确地接到计算机上，并将白卡插入写卡器（点击联通拨号，进入联通内网），打开网址：http://130.30.15.19/getocx/loadCard.html 如图：确定写卡器正确接入计算机后点击“列出写卡器“按钮，如下图：操作错误信息为0 说明写卡器连接成功，可以使用。

注意：在上图中的“请选择写卡器”后的下拉框里如果出现多个项，请在设备管理器的智能卡阅读器下禁用除写卡器外的服务项进行验证，如图：图中只有一项即写卡器，若有其他项，则可以在其他项中点右键依次进行禁用，或者将其卸载，只保留写卡器，对于联通现有营业厅工作机其他设备，请联通网管人员自行解决兼容性问题。

（设备管理器的打开方法：我的电脑上点右键——管理——左侧目录中选择“设备管理器”）附：现场写卡所有的操作必须严格保证在http://130.30.15.19/地址上操作，使用其他地址会造成的数据错误、白卡做废、打印失败或其他类型无法挽回的错误!注意：在上图中的“请选择写卡器”后的下拉框里如果出现多个项，请禁用除写卡器外的服务项进行验证，直到只有写卡器一项：图中的第一项为写卡器，下面4项为U盾驱动，在此可以在此4项中点右键依次进行禁用，或者卸载U盾驱动。

SmartCard知识智能卡(SmartCard)，也叫IC卡，它是⼀个带有微处理器和存储器等微型集成电路芯⽚的、具有标准规格的卡⽚。

智能卡必须遵循⼀套标准，ISO7816是其中最重要的⼀个。

下⾯将从以下⼏个⽅⾯展开，对Smart Card进⾏讨论：1. 电⽓特性2. 复位应答（ATR – Answer to Reset）3. T=0 传输协议电⽓特性：ISO7816⾮常严格地要求了卡⽚的外形、厚度、触点位置和电信号。

下⾯可以看到正常Smart Card的管脚分布：l C1 电源信号VCC 3/5 Vl C2 复位信号RSTl C3 始终信号CLK 采⽤27MHz的分频 – 3.375/4.5/6.75MHzl C4 预留某些CA⼚商会加以利⽤，如NDSl C5 接地信号GNDl C6 编程电压VPP ⼀些存储芯⽚需要⾼电压（12.5/21V）进⾏编程l C7 数据通信I/Ol C8 预留对于供电⼜分两种，⼀种是5V供电，两外⼀种是3V供电。

⽬前，市⾯上见得多还是5V，左右偏差在0.25V以内，也就是说压值范围为4.75~5.25V，另外它的电流为200mA。

Smart Card⼯作的时钟信号由外部供给，⼀般来说有两个，3.579545MHz和4.9152MHz。

相⽐之下，前者⽤得更多⼀点。

当然对于这两种时钟频率，要得到数据通信所需的波特率9600s/s，那么他们的分频系数⾃然也不⼀样，分为为372分频和512分频。

复位信号是如何产⽣的呢？管脚必须满⾜5个条件，1）RST管脚拉低；2）CLK管脚拉低；3）VPP管脚不供电；4）I/O管脚拉低；5）VCC 管脚不供电。

字符传输：Smart Card的字符传输采⽤的是异步半双⼯模式，这种异步的模式很像个⼈电脑上的RS232通信。

传输⼀个字符时，除了8Bits的数据外，还加了以下⼏个Bits：起始位 -- ⽤于字符帧的同步校验位 -- ⽤于校验检测Guard Time -- 两个字符间的间隔时间Guard Time⼀般为两个bit的时钟周期，这⼀点很像PC上的UART的通信，⽤两个停⽌位来间隔相连的字符。

IC卡和ID卡有什么区别IC卡和ID卡的区别一,IC卡与ID卡定义IC卡全称集成电路卡(Integrated Circuit Card),又称智能卡(Smart Card).可读写,容量大,有加密功能,数据记录可靠,使用更方便,如一卡通系统,消费系统等,目前主要有PHILIPS的Mifare系列卡.ID卡全称身份识别卡(Identification Card),是一种不可写入的感应卡,含固定的编号,主要有台湾SYRIS的EM格式,美国HID,TI,MOTOROLA等各类ID卡.二,为什么IC卡要做初始化(即加密)工作,而ID卡不用1.IC卡在使用时,必须要先通过IC卡与读写设备间特有的双向密钥认证后,才能进行相关工作,从而使整个系统具有极高的安全保障.所以,就必须对出厂的IC卡进行初始化(即加密),目的是在出厂后的IC卡内生成不可破解的一卡通系统密钥,以保证一卡通系统的安全发放机制.2.IC卡初始化加密后,交给用户使用时,客户通过IC卡发行系统,又将各用户卡生成自己系统的专用密钥.这样,就保证了在其它用户系统发行的用户卡不能在该系统使用,保证了系统的专一性,从而保证了系统的安全使用机制.3.ID卡与磁卡一样,都仅仅使用了"卡的号码"而已,卡内除了卡号外,无任何保密功能,其"卡号"是公开,裸露的.所以说ID卡就是"感应式磁卡",也就根本谈不上需要还是不需要初始化的问题.4.初始化过程为什么不交由用户自己做呢这是因为:1)如果由用户自己初始化,就不能防范用户内部人员作弊.因为用户在使用一卡通系统时,若有员工用社会上买来的卡随意初始化,便可随意发行成住户才能使用的住户卡,甚至可随意给卡充值消费,这不仅将造成严重作弊后果,也将导致一卡通系统的安全出现使用机制上的严重漏洞.2)另外,若用户买到劣质出厂卡自己初始化,而在系统上不能使用,则会使系统使用性能不良或瘫痪,这将造成事故责任不清.3)初始化过程在厂家执行,主要是IC卡安全密钥认证机制的基本需要,也是IC卡系统集成商的行规.就像城市公共交通IC卡一样,这些卡在交给公交系统使用前,每张卡的密钥都要进行出厂加密控制.4)如果因用户缺乏专业性管理而万一丢失了初始化授权用的密钥卡,用户和厂家将无法补用该卡.所以,初始化工作由厂家做,才有安全保障.三,IC卡系统与ID卡系统的比较1.安全性:IC卡的安全性远大于ID卡.ID卡内的卡号读取无任何权限,易于仿制.IC卡内所记录数据的读取,写入均需相应的密码认证,甚至卡片内每个区均有不同的密码保护,全面保护数据安全,IC卡写数据的密码与读出数据的密码可设为不同,提供了良好分级管理方式,确保系统安全.2.可记录性:ID卡不可写入数据,其记录内容(卡号)只可由芯片生产厂一次性写入,开发商只可读出卡号加以利用,无法根据系统的实际需要制订新的号码管理制度.IC卡不仅可由授权用户读出大量数据,而且亦可由授权用户写入大量数据(如新的卡号,用户的权限,用户资料等),IC卡所记录内容可反复擦写.3.存储容量:ID卡仅仅记录卡号;而IC卡(比如Philips mifare1卡)可以记录约1000个字符的内容.4.脱机与联网运行:由于ID卡卡内无内容,故其卡片持有者的权限,系统功能操作要完全依赖于计算机网络平台数据库的支持.而IC卡本身已记录了大量用户相关内容(卡号,用户资料,权限,消费余额等大量信息),完全可以脱离计算机平台运行,实现联网与脱机自动转换的运行方式,能够达到大范围使用,少布线的需求.5.一卡通扩展应用:ID卡由于无记录,无分区,只能依赖网络软件来处理各子系统的信息,这就大大增加对网络的依赖;如果在ID卡系统完成后,用户欲增加功能点,则需要另外布线,这不仅增加了工程施工难度,而且增加了不必要的投资.所以说,使用ID卡来做系统,难以进行系统扩展,难以实现真正的一卡通.而IC卡存储区自身分为16个分区,每个分区有不同的密码,具有多个子系统独立管理功能,如第一分区实现门禁,第二分区实现消费,第三分区实现员工考勤等等.充分实现一卡通的目的,并且可以做到完全模块化设计,用户即使要增加功能点,也无需再布线,只需增加硬件和软件模块,这便于IC卡系统以后的随时升级扩展,实现平稳升级,减少重复投资.比如:某小区曾建立了ID卡一卡通系统,但由于ID卡系统的上述弊端,系统无法投入日常使用,因而只能将该系统完全作废,后改采用IC卡一卡通系统.6.智能化系统的维护和运行:比如:电脑发行了一张新的用户ID卡,就必须通过ID卡系统的网络,用人工方式将所有ID卡号一个个下载到各ID卡读卡控制器中,否则ID 卡被作为无效卡而不能使用;若要更改用户权限,则需在每个ID卡控制器上输入有权限的ID卡号.又比如:在系统投入使用后经常要新增ID卡,则每新增一张卡或修改了某一张卡片的权限,就必需在该卡可用的所有控制器上输入该卡片号码,这就增加了工作量。

专利名称：Fingerprint sensing smart card with on-card fingerprint comparison发明人：Lin, Fong-Jei,Zhu, Shengbo申请号：EP02250039.1申请日：20020104公开号：EP1326196B1公开日：20060322专利内容由知识产权出版社提供摘要：A smart card for use in conjunction with a security portal, such as a transit turnstile, a residential access gate, or a parking facility, for performing authentication checks for authorized passage. A print sensor is positioned on each major surface of the card in positions conforming to the natural placement of the thumb and a finger. The print sensors generate print pattern signals which are checked against authentic versions stored in non-volatile memory in the card, using a processor located within the card. The result of the authentication check is communicated to the associated external security portal by an r.f. circuit, which also receives r.f. energy from the external device to provide D.C. power for the circuits internal to the card. The card can be used on-the-fly without the need to stop at the check point, thereby facilitating traffic flow through the check point.申请人：MAGNEX CORP地址：US国籍：US代理机构：Frost, Alex John更多信息请下载全文后查看。

专利名称：Fingerprint sensing smart card with on-cardfingerprint comparison发明人：Lin, Fong-Jei,Zhu, Shengbo申请号：EP02250039.1申请日：20020104公开号：EP1326196A1公开日：20030709专利内容由知识产权出版社提供专利附图：摘要：A smart card for use in conjunction with a security portal, such as a transit turnstile, a residential access gate, or a parking facility, for performing authentication checks for authorized passage. A print sensor is positioned on each major surface of thecard in positions conforming to the natural placement of the thumb and a finger. The print sensors generate print pattern signals which are checked against authentic versions stored in non-volatile memory in the card, using a processor located within the card. The result of the authentication check is communicated to the associated external security portal by an r.f. circuit, which also receives r.f. energy from the external device to provide D.C. power for the circuits internal to the card. The card can be used on-the-fly without the need to stop at the check point, thereby facilitating traffic flow through the check point.申请人：Magnex Corporation地址：6284-A San Ignacio Ave. San Jose, California 95119 US国籍：US代理机构：Frost, Alex John更多信息请下载全文后查看。