I am programming DESFire EV1 and DESFire EV2 cards via DESFire commands as wrapped APDUs. When a card is presented I use the GetVersion command to fetch the UID (which I then use to look up card history and to diversify keys). I send this command to get the card version info:
90 60 00 00 00
Normally I get a response of some bytes plus 91 AF indicating that there is more information to request which we repeat etc as per docs. This works nicely for DESFire EV1 and DESFire EV2 cards until we use them in an OMNIKEY 5x21 reader (readers are in two models of HID card printers, HDP5000 and DTC4500e). When we do that we get the response 91 0B
and no data - but only from the EV2 cards we see no issues with EV1. I do not see this response documented anywhere and I'm unclear as to what it might mean.
To re-iterate - we only see this in the omnikey readers with DESFire EV2 cards. DESFire EV1 cards do not do this and we don’t see this at all with other card readers (so far).
We have had some limited success in rotating the cards. One of our remote engineers had success with a particular orientation of the cards which suggests there is some EM/range/antenna issue but QA and production can not reproduce this at all so far.
I also posted this question to the NXP forums with no response. This post has a little more detail.
Update in 2020: I just had the pleasure of encountering 91 0B as a response from a Desfire card again, searching for the error and finding my old post from years ago. The circumstances are completely different but I can now add this much: a response of 91 0B means:
Command is received in a state where this command is not supported, or a totally unknown command is received.
I saw HID's firmware source code for OMNIKEY readers and I can tell you it's a catastrophic mess. The OK5x21 reader is quite old, so I would suggest you to contact HID directly and request a firmware update. This helped me back then in many cases because the outdated firmware wasn't able to communicate properly to newer smartcards like DESFire EV2, resulting in weird response statuses etc.
Related
I am currently developing my iOS application which includes some feature uploading images in one time along with its album name.
I came up with a solution to use encoding base64 image in order to send nested json format instead of using multipart form data method.
My question is on my localhost, it seems like my application is capable to send many pictures in one time, let say 15 pictures. However, when it comes to sending through my web server (Amazon EC2 free tier), it seems like my application is capable to send up to 4 pictures at a time, if there are more than 4 pictures, nothing would appear.
I have tried to debug on networking part, it turns out that status 200 is returned with no images sent. My question is that does the problem occur due to server stuff or something ??
Updated
I think I've found some important insight. I will classify into two scenarios. What I have found on simulator debugging is that
i) I use a simulator to connect with my server. When I send only one picture, the size of it is around 252 bytes. Sending two pictures, they are 450 bytes. The weird thing is that sending more than 3 pictures, its size is calculated to be only 208 bytes. This is very weird, it is supposed to be higher when a number of pictures increases.
However, I remember that things work perfectly fine on my localhost; thus I try to debug on a simulator that connects with localhost to figure it out more.
ii) I use a simulator to connect with localhost. When I send one picture, it has 252 bytes. Sending 2 pictures, it is around 450 bytes and sending 4 pictures, it is around 1152 bytes. We can see that data's size here is growing when the number of pictures is increasing. The scenario ii) does make sense.
Anyway, I still have no idea what causes this problem; I believe this should involve with server stuff for sure. Please help !!
So after MUCH research online, I'm coming to the one place I know someone will be able to help me!
We have a site that WILL accept credit card payments via PayPal's Classic API. More specifically, we'll be accepting credit cards for recurring payments. I know I have to be PCI compliant, and after speaking to PayPal today, I have been told (in writing) that:
"Once your account has processed over 20 transaction in the last 3 weeks (or 100 in a year), you will be able to register with Trustwave to become PCI compliant."
AND that I
"do not need to prove your compliance before reaching these levels"
Not sure what it is, but something doesn't sit right with me. Mainly, that I think I should be PCI compliant from the get-go. I think what they're saying is that I won't need to prove anything until then, but that I should be PCI compliant.
If anyone could give me a bit of guidance on this, it would be great. Here's a little bit more about our situation:
We will not store ANY customer card details on any system we run.
We send the details to the PayPal API by a regular old HTML POST form.
Recurring payments don't allow for a hosted solution by Paypal, so we are required to do it via our own form.
I'm sure I'm missing something here, but know that someone here will have had experience/be able to point me in the right direction!
Cheers guys!
You do indeed fall under PCI requirements immediately as a web page in your environment captures card-holder data and then transmits (the key term) it to PayPal. PCI/DSS does not have a volume threshold below which it does not apply.
Perhaps the thing that doesn't feel right is that they are happy to brush off any and all responsibility for your PCI compliancy by presenting the option of signing up with "Trustwave" whom I guess will present you with a SAQ to fill in and then take care of your quarterly scans.
l was just curious if there are any techniques to record email opens other than using a hosted pixel/image.
I've read a few places that facebook uses bgsound src tag's to do this, but it doesn't seem to work in the web based gmail client for me.
Any suggestions?
Facebook definitely uses standard tracking pixels (as do nearly all others across the email-sending spectrum). You can also track via click redirection (if someone clicks a link, they can go to your site first, where you record that as evidence of an open, then perform a 301 redirect to another site), but that requires a click, which isn't guaranteed.
At the moment, tracking pixels are the defacto standard. As long as you adhere to good operating principles (pixels should be 1x1, be zero bytes in size, and the HTTP headers should indicate a standard image format and 200 response code), your tracking pixels should operate cleanly.
I've been searching the net over a week, and I still can figure out how receipt printer works especially how to send commands.
I need to print a receipt to this "PRP-085IIIT" printer. The printer is connected via USB and using a Generic\Text Only driver.
I found this link http://support.microsoft.com/kb/322091 to send raw data to the printer. I manage to print but I can't cut the page at the end. From what I found, I need to sent command to the printer in order to cut the page. That my main problem, I can't figure out how to send command to the printer.
Also I'm using C# to develop my application.
Any kind of help would be appreciated because I'm out of resources.
Thanks a lot for your help.
You don't need to send command for the cutting of the receipt, you just have to set the DIMM setting at the back of the printer. See the manuals for more info abt the setting.
I'm writing a POS application for the iPhone/iPod combination, using the same exact hardware used in Apple Stores:: EasyPay.
Ok, my hurdle is this: how do I identify which credit card type is being used as text is entered in the uitextfield?
I assume I've to use textField:shouldChangeCharactersInRange:replacementString:? However, I've got ideas floating around, but I simple cannot put them together to form code :/
Any help is appreciated!
Maybe I didn't uderstand your problem, but I think you can have a BIN's list (Bank Identification Number). For example, most credit card numbers beginning with '4' are Visa. If they begin with '5', they are probably Mastercard. This is only an example, you should have a complete list to identify each possible card. Unfortunately, a complete and updated list is paid, but you can have a good list searching for free information on the Web, like here.
You can make a reasonable stab at guessing the card type from the first six digits of the card number, which is known as the Issuer Identification Number (IIN)
The trouble is, you'll struggle to get a complete list of IINs. Even the major acquirers struggle to keep an up to date list, as issuers frequently add or remove ranges.
Luckily, the card type shouldnt generally matter. You should be able to perform basic validation of the length, and luhn check digit, then submit the card to the processor for validation and authorization.
You can contact Visa/MC and sign up for the BIN list updates. Visa is free but I believe MC has a fee. Once you sign up, you will get a cd mailed to you with the current BIN ranges monthly.
You can also go through a processor or ISO (independent sales org) if you are working with one. I assume since you have a payment app you have some sort of relationship with an ISO that sets ups merchant accounts for your customers. The ISO should be able to get the BIN list for you from the processor and probably for free.
I think you are on the right track with textField:shouldChangeCharactersInRange:replacementString:, as this gets called each time the user changes the content in the text field. It sounds like you do not actually want to change the textField, but instead want to change another, related control that identifies the card type. You can use the algorithm described in Determine Credit Card Type By Number as a helper function to adjust credit card type accordingly when the user begins typing.
You may want to skip the full verification until the input string has the correct number of characters.
Update: an interesting response in the same thread mentions that actually letting the user pick credit card type is a good idea because it at least shows the user the list of credit cards you accept.