Information about each Generic Smart Cards LLC Application
The Smart Card Diagnostic (SCD) application provides a comprehensive analysis of and reporting on any smart card supporting the Personal Identification Verification (PIV) data model and corresponding smart card command set. The SCD also has full support for the Transportation Worker Identification Credential (TWIC) card application that resides in addition to the PIV card application on the smart card.
The SCD is a seventh generation Windows .NET application proven over many, many PIV compatible cards scanned in both a laboratory environment (i.e. prior to an issuance event of a card) and in an operational setting (at locations wanting to check whether the card, the reader, or both have any issues).
The SCD provides several capabilities including:
1. Reading a smart card using either a contact or contactless PC/SC reader connected (and installed) on a Windows based computer.
2. Reporting summary information on a main screen. Additional screens can be selected by the operator from the main screen while the card remains presented to the reader.
3. A set of "Details" buttons on the main screen support launching an additional information screen available for the supported applications found in the card.
4. Option to report operator observations via a "Notes" dialogue on the physical appearance of the card or anything else using the free form text editor. The operator is obligated to enter the physical identification number from the card that can then be coordinated in the continuous audit log.
5. Ability to view end-entity certificates in detail and optionally save the card resident certificate(s) to the PC.
6. Support for revising the card Personal Identification Number (PIN) if the current card PIN is known.
7. A separate "Communications Check" dialogue to rapidly check a given card is communicating in contact or contactless; no application selection or reading of the card is performed in this special mode.
8. Operator selectable "Minimum" or "All" tests to be performed.
9. Unique to TWIC, an option to update the Canceled Card List (CCL) when an Internet connection is available.
10. Capture of data from a scanned to a "card image" text file. This is especially useful for card issuers to validate what is on the card matches the card personalization requirements. It is also useful for field operations in those cases where the issuance source is not closely located with the readers using the issued cards.
11. Logging of all communications (APDU command-response pairs) between the PC and the smart card inclusive of time-stamping each command-response pair.
12. Transaction record for each scan with over 35 fields in each record possible.
This application supports contactless reads (via NFC with Android KitKat 4.4.4 or higher) and optionally contact reads using the CCID reader from Advanced Card Systems (ACS) ACR38U-ND. Check if your contact interface uses micro-USB (such as Samsung phones) or full size USB before ordering your ACS reader!
This application performed the following functions:
1. Reads the Personal Identification Verification (PIV) signed Cardholder Unique Identifier (CHUID).
2. Decodes the CHUID Federal Agency Smart Credential Number (FASC-N).
3. Reports the Globally Unique ID (GUID) in the Universal Unique ID (UUID) format.
4. Reports the Expiration date (if active) otherwise indicates the credential has expired.
5. Validates the CHUID data message digest and Content Signing certificate signature of data.
6. For Transportation Worker Identification Credential (TWIC) cards, checks the FASC-N value against the Canceled Card List (CCL). Reports the card is ACTIVE (if trusted) or CANCELED (if an entry is found on the CCL).
7. Performs Certificate Authority signature checks. Only TWIC Certificate Authority certificates are in the application trusted CA certificate store at this time but additional CA certificates may be supported in the future.
8. For TWIC cards, supports a menu item (and menu bar button) to update the CCL from the card issuer website. An Internet connection is required.
9. In contact mode, reports on the status of the PIN (Active or Blocked and in the Details view the number of Retries remaining and if a PIn was entered for this session).
10. In contact mode, performs a card authentication challenge / response if the card authentication certificate and key pair exists on the card. Reports the result of this challenge (e.g., Card is Authentic, Card Challenge FAILED.)
11. In contact mode, prompts user to enter the card PIN.
12. In contact mode, if PIN was successfully entered, retrieves PIN protected data including the Facial Image and Printed Information.
13. Supports a menu item (and menu bar button) to email the result of the most recent scan. Email includes card information specific to which interface was used, PIN protected information if PIN protected objects were reachable, location information, a Face attachment if available (and the card held the face as a JPEG image), and a message digest to validate the email was not altered.
NOTE USE OF NFC (contactless reader) INTERFACE: Due to several technology challenges, PIV cards (including TWIC and DoD CAC) issued after 2010 require an Android implementation of KitKat 4.4.4 or higher (based on testing) to ensure a scan completes. Your experience may vary. Samsung Galaxy S5 and Note 4 have been fully tested with older and newer PIV, TWIC and DoD CAC cards. Earlier versions may "beep" which indicates the card was powered and is attempting to communicate (i.e. card is working over the contactless interface).
NOTE CONTACT USE: The card will only scan from the MAIN screen. The card must be removed to navigate to either the EMAIL or DETAILS activities.
All rights reserved. © 2019 Generic Smart Cards LLC. ScanMyTWICeval and Generic Smart Cards LLC may not be used without permission. All other trademarks, service marks, and product or service names are trademarks or registered trademarks of their respective owners