IAS/ECC card from Oberthur

Link to the manufacturer's Web site page for the card:  ID-ONE IAS-ECC

This card comes with one application: generic PKI.

In contrast to Gemalto's MultiApp ID IAS ECC card, this card from Oberthur does not strictly follow the  IAS/ECC v1.0.1 specification.

Notably, the creation of new key-slots and other SDOs is still possible (but created SDO cannot be deleted).

The xDF files of the PKCS#15 file system can be re-created; also, the size of these files can be changed with the proprietary command.

Oberthur's IAS/ECC card has some minor deviations from the  IAS/ECC v1.0.1 and ISO7816-15 standards.





Oberthur's IAS/ECC Card and Middleware Deviations from Standards

EF.ATR Content

Actual content of EF.ATR file:

OpenSC [3F00]> cat 2F01

00000000: 80 00 01 B8 46 04 15 BF EC C1 47 03 94 01 80 47 ....F.....G....G

00000010: 10 F0 4F 54 20 49 41 53 20 41 57 50 43 76 30 2E ..OT IAS AWPCv0.

00000020: 32 E0 10 02 02 00 FF 02 02 00 FF 02 02 01 00 02 2...............

00000030: 02 01 00 78 08 06 06 2B 81 22 F8 78 02 82 02 90 ...x...+.".x....

00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Should be:

OpenSC [3F00]> cat 2F01

00000000: 80 00 43 01 B8 46 04 15 BF EC C1 47 03 94 01 80 4F ....F.....G....G

00000011: 10 F0 4F 54 20 49 41 53 20 41 57 50 43 76 30 2E ..OT IAS AWPCv0.

00000021: 32 E0 10 02 02 00 FF 02 02 00 FF 02 02 01 00 02 2...............

00000031: 02 01 00 78 08 06 06 2B 81 22 F8 78 02 82 02 90 ...x...+.".x....

00000041: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

missing tag '43' of the Card service data tag;

invalid tag ('47' instead of '4F') of the Application Identifier;

presented Application Identifier cannot be selected;

Card service tag states the MF presence, but MF does not exist.

Invalid AuthID for Imported RSA Key

The CommonObjectAttributes of the RSA key, imported with Firefox as an PKCS#12 container, contains an invalid reference to the authentication object:

OpenSC [E828BD080FF2504F5420415750]> asn1 7002
Printing tags for buffer of length 750
30 Univ: tag 0x10, length 125: SEQUENCE
  30 Univ: tag 0x10, length  67: SEQUENCE                 ; CommonObjectAttributes
    0C Univ: tag 0x0C, length  19: UTF8STRING [Certificat importé]
    03 Univ: tag 0x03, length   2: BIT STRING [11]
    04 Univ: tag 0x04, length   1: OCTET STRING [C0]          ; authID 'C0' <--- no authentication object with this ID exists
.....

The card does not contain authentication object with reference 0xC0. (The existing PINs have references 01, 04, 05, and 06).

AuthID of generated key is correct.

Back to Index