Senin, 20 Oktober 2008

RFIDIOt is an open source python library for exploring RFID devices. It's called "RFIDIOt" for two reasons:

I like puns. This one stands for "RFID IO tools"
Since I haven't done any serious programming for a long time, I felt like an idiot having to learn a whole new language and the code probably looks like it's written by an idiot. However, python rocks, so it was worth it!

MRTD - Machine Readable Travel Document

JMRTD

A Free Implementation of Machine Readable Travel Documents

JMRTD is a free implementation of the Machine Readable Travel Document (MRTD) standards as specified by the International Civil Aviation Organization (ICAO). The electronic passport (or "ePassport"), which by now has been introduced in many countries, is an implementation of these standards.

Both a card side application (the "passport applet") and a host side API for accessing electronic passports are developed. The passport applet makes it possible to create your own passports (in case you're starting your own country). The applet is written in Java Card.

The host side API makes it possible to authenticate with a passport and read the information on the chip. The host side API is written in Java.

Downloads

The host API can be downloaded as an automatic installer.

The current version of the host API is jmrtd_installer-0.3.jar
The current version of the applet is passportapplet-0.0.1.zip
Or you could check out the SVN repository (we're using the Subclipse plugin for Eclipse)

Note that the host API currently requires JDK 1.6.

Documentation

Available documentation:

License (it's LGPL)
Installation instructions
API docs of the host API

Specifications

Most of the specifications are open (as in: can be purchased). Here's our list.

The ICAO specs consist of two technical reports:
- ICAO TR PKI - v1.1
- ICAO TR LDS - v1.7
The MRZ (DG1) is specified in ICAO Doc 9303:
Biometric data (DG2 a.o.):
- ISO/IEC CD 19794-5: Biometric Data Interchange Formats - Part 5: Face Image Data: Specification of Face image.
Specs dealing with crypto (SOd):
- RFC 3369: Cryptographic Message Syntax: Specification of the data-structure used in the security object.
- ISO/IEC 9796-2:2002 Digital signature schemes giving message recovery: Specification of the padding used in secure messaging and of the active authentication cryptogram.

Certificates

We have a list of country signing certificates that Google found.

External Links

Our project page on SourceForge.net.
Similar projects (in alphabetical order):
- cmrtd is a sibling project of JMRTD written in C.
- The Golden Reader Tool (GRT) by BSI.
- JMRTD is the obligatory recursive link.
- JSmex is a smart card explorer which supports MRTDs.
- The OpenMRTD.org project by Harald Welte.
- The RFIDIOt project by Adam Laurie.
- THC-ePassport by THC/vonJeek is the JavaCard applet used in the August 2008 Times articles.
- wzPass is Windows software for reading ePassports by Johann Dantant.
General information:
- ICAO site and ICAO/MRTD site.
- Wikipedia entries on Biometric passport, ePassport, and MRTD.
- Paspoort informatie (in Dutch) by the Dutch government.
Opinions and/or blogs on the ePassport by other people:
- E-passports without the big picture: Jaap-Henk Hoepman and Bart Jacobs on ePassports, identity management, and privacy.
- MRTD Analysis.org: Lukas Grunwald's site
- The ePassport cloning myth never dies: A blog entry on ePassport "hacks" by ZDNet's George Ou.
- Bio Paspoort.blogspot.com: An anonymous blog (in Dutch) about the passport
- The practical nomad: Edward Hasbrouck's blog.
- Beveiliging elektronisch paspoort: FAQ (in Dutch) by the System & Network Engineering group at UvA about the August 2008 articles in The Times.
- Passport cloning in perspective: Cees-Bart Breunesse of Riscure on ePassport cloning.

Selasa, 07 Oktober 2008

Contactless Payment Resources

Contactless Payments Resources

The launch of contactless payments across North America has begun in earnest. American Express, MasterCard, and Visa have all launched contactless payment initiatives, with leading banks issuing millions of contactless credit and debit cards to consumers. Major retailers across the U.S. are installing contactless readers that can accept contactless payment and are integrated with point-of-sale (POS) systems. Research shows that consumers, issuers and merchants benefit from the use of contactless payments. Consumers enjoy added convenience, speed and ease of use, while issuers and merchants enjoy faster transaction times, increased spending per transaction, lower operational costs and penetration into the cash payment market.

The resources below were compiled by the Smart Card Alliance Contactless Payments Council to provide up-to-date information on the status of the contactless payments programs being launched by the financial industry in the U.S.

Contactless Payments Reports and Presentations
Contactless Payments Issuers - See Sidebar
Merchants Accepting Contactless Payments - See Sidebar
Contactless Payments in the U.S.: Recent Articles and News

Contactless Payments Reports and Presentations

Contactless Payments: Merchant ROI Model, Smart Card Alliance Contactless Payments Council Merchant Work Group, August 2008
Proximity Mobile Payments Business Scenarios: Research Report on Stakeholder Perspectives, Smart Card Alliance Contactless Payments Council white paper, July 2008
Proximity Mobile Payments: Leveraging NFC and the Contactless Financial Payments Infrastructure, Smart Card Alliance Contactless Payments Council white paper, September 2007
Contactless Payments: The Retailer Experience, July 19, 2007, web seminar produced in partnership with STORES Magazine
Accepting Contactless Payments: A Merchant Guide, Smart Card Alliance Contactless Payments Council white paper, July 2007
Contactless Payments: Issuers Meet Demand for Speed and Convenience, May 3, 2007 web seminar produced in partnership with SourceMedia
Contactless Payments: Frequently Asked Questions, Smart Card Alliance Contactless Payments Council publication, February 2007
Retail Contactless Payment Systems Benchmark Report: Improving Customer Retention and Loyalty, Aberdeen Group report, January 2007
The What, Who and Why of Contactless Payments, Smart Card Alliance Contactless Payments Council position paper, December 2006
Smart Card Alliance Contactless Payments Security Q&A, December 2006
Smart Card Alliance Contactless Payment Security Statement, November 2006
Contactless Payments: Consumer Attitudes and Acceptance in the United States, Smart Card Alliance and Javelin Strategy & Research report, November 2006
Contactless Payments: A New Era of Payments for Retailers, February 22, 2006 web seminar produced in partnership with the National Retail Federation STORES Magazine. The seminar includes presentations by Bob Riesenbach, Wawa, David Sanderson, KeyBank, George Wilcox, Chase Paymentech, and Randy Vanderhoof, Smart Card Alliance.
Americas Smart Card Market Analysis, Frost & Sullivan report developed in collaboration with the Smart Card Alliance, September 2005
Paying with a Wave, Tap and ‘blink’: Contactless Payments in the U.S., Smart Card Talk article, August 2005
Contactless Payments: Delivering Merchant and Consumer Benefits, Smart Card Alliance report, March 2004

NFC Forum

The NFC Forum

Mission

The Near Field Communication Forum was formed to advance the use of Near Field Communication technology by developing specifications, ensuring interoperability among devices and services, and educating the market about NFC technology. Formed in 2004, the Forum now has 150 members. Manufacturers, applications developers, financial services institutions, and more all work together to promote the use of NFC technology in consumer electronics, mobile devices, and PCs.

Goals

The goals of the NFC Forum are to:

Develop standards-based Near Field Communication specifications that define a modular architecture and interoperability parameters for NFC devices and protocols
Encourage the development of products using NFC Forum specifications
Work to ensure that products claiming NFC capabilities comply with NFC Forum specifications
Educate consumers and enterprises globally about NFC

The NFC Forum provides a highly stable framework for extensive application development, seamless interoperable solutions, and security for NFC-enabled transactions. The NFC Forum has organized the efforts of dozens of member organizations by creating Committees and Working Groups.

In June, 2006, only 18 months after its founding, the Forum formally outlined the architecture for NFC technology. In August, 2006, the Forum released the first four Forum-approved specifications. The specifications – along with the release of four initial tag formats – provide a “road map” that enables all interested parties to create powerful new consumer-driven products.

Online Smartcard Training

Smart cards are now being used globally in financial, healthcare, identity, security, transportation and telecommunications applications. It’s important to be grounded in the basic fundamentals of this emerging and evolving technology.

The online Fundamentals of Smart Card Technology course provides a thorough overview of the state of the smart card industry, the basic components of smart card technology and the applications used throughout the global marketplace. The course covers a broad array of topics from why people are moving to smart cards to how the basic structure of smart card architecture is formed and utilized.

Based on the successful Smart Card Alliance Educational Institute classes, this course consists of nine modules and takes approximately six hours to complete. Users can enter and exit the course at will and always return to the last viewed page. Topics include:

Module One: Introduction to Smart Card Technology
Module Two: Smart Card Security
Module Three: Contactless Smart Card Technology
Module Four: Access Control Applications
Module Five: Biometrics
Module Six: Public Key Infrastructure
Module Seven: Smart Card Financial Applications
Module Eight: Card Issuance and Personalization
Module Nine: Smart Card Implementation

The online training course costs US$99 per user.

Click here to enroll and take the Fundamentals of Smart Card Technology Course.

Senin, 06 Oktober 2008

Baca ISO8583 di Java

Tutorial ISO-8583

Pada dasarnya aplikasi jPos dibagi menjadi 2 (dua) mode, yaitu client mode atau server mode.
Perbedaan kedua mode ini terletak kepada siapa yang akan melakukan initiate request terlebih dulu.
Jika berlaku sebagai client mode maka send request message akan dikirim terlebih dulu kemudian menunggu reply, sedangkan di sisi server akan menunggu incoming message kemudian akan di reply lagi ke sisi client.

International Bank Account Number (IBAN)

About IBAN

The International Bank Account Number (IBAN) is an international standard for identifying bank accounts across national borders. It was originally adopted by the European Committee for Banking Standards, and was later adopted as ISO 13616:1997 and now as ISO 13616:2003. The official IBAN registrar under ISO 13616:2003 is SWIFT and the IBAN registry is currently at SWIFT.

The IBAN consists of a ISO 3166-1 alpha-2 country code, followed by two check digits (represented by kk in the examples below), and up to thirty alphanumeric characters for the domestic bank account number, called the BBAN (Basic Bank Account Number). It is up to each country's national banking community to decide on the length of the BBAN for accounts in that country, but its length must be fixed for any given country.

The IBAN must not contain spaces when stored electronically. When printed on paper, however, the norm is to express it in groups of four characters, the last group being of variable length.

Acquirer Systems Software

Acquirer System

Acquirer Systems is a leading independent software provider of test and certification solutions to the payment card industry.

For over ten years we have built and maintained a reputation for accuracy, speed and performance.

Our solutions enable the testing and certification of high-end issuing and acquiring hosts, through to back-office systems, payment terminals and EMV chip cards.

Customers use our software to bring their payment products to market fully functional, on time and within budget.

TELKOM e-Payment (Host to Host)

E-Payment Telkom

TELKOM e-Payment (Host to Host)

DESKRIPSI
Host to Host merupakan sistem transaksi Online (real-time approach) yang menghubungkan antara Host / Server pemilik tagihan (selanjutnya disebut Biller) dengan Host / Server collecting Agent (selanjutnya disebut CA) secara langsung.

Transaksi dalam sistem Host to Host menggunakan mekanisme terdelegasi dimana Host CA diberi otoritas untuk melakukan transaksi dengan aturan tertentu sesuai aturan protokol ISO 8583

Dengan sistem Host to Host, CA dapat melakukan integrasi layanan ke sistem Perbankan yang dapat disesuaikan dengan seluruh perangkat CPE dari CA [mis : ATM, Teller, PhoneBanking, dll]. Sistim pelaporan transaksi dilakukan di masing-masing Host [Host Biller, Host CA dan Host DataCommunicator]. Jika ada perbedaan dalam laporan transaksi, dilakukan rekonsiliasi dan serangkaian proses penyamaan (adjusment).

Host to Host TELKOM yang selanjutnya disebut dengan layanan TELKOM E-payment, adalah sistem komunikasi data yang dikelola oleh DIVMEDIA dan berfungsi untuk menyampaikan data billing pelanggan dari Host Biller ke Host CA untuk keperluan penerimaan pembayaran jasa telekomunikasi.

Proses Bisnis Sistem TELKOM E-Payment ini melibatkan 3 (tiga) pihak yang saling berhubungan, yaitu : Biller, Data Communicator dan Collecting Agent (CA).

1. Biller merupakan institusi yang memiliki tagihan dan memerlukan pembayaran secara online oleh pelanggan. Umumnya sistem di Biller menggunakan database yang berisi data pelanggan dan Account Receiveble (A/R). Misalnya TELKOM, TELKOMSEL, PLN, PAM dlsb.

2. Collecting Agent (CA) yaitu institusi yang memiliki kemampuan untuk bertindak sebagai perantara dalam penerimaan tagihan dari pelanggan. Proses transaksi H2H menggunakan standar protokol ISO-8583. CA umumnya menggunakan sarana pengumpulan (collecting point) pembayaran berupa : ATM, Cash Teller, Phone Banking, Internet Banking dlsb.

3. Data Communicator merupakan institusi yang memiliki switch yang berfungsi untuk menjembatani sistem perbankan dengan sistem di Biller. Data Comunicator menyediakan modul-modul interface di sisi Biller untuk dapat berinteraksi langsung ke CA dengan protokol ISO-8583.

Proses bisnis untuk operasional layanan TELKOM E-payment dituangkan dalam dokumen SOP & SMP yang disepakati bersama antara Biller, CA dan Data Communicator

FAQ Layanan TELKOM e-Payment

1. Apa itu Host to Host (TELKOM E-Payment) yang merupakan salah satu produk TELKOM ?
“Host to Host merupakan sistem transaksi Online (real-time approach) yang menghubungkan antara Host / Server pemilik tagihan (Biller) dengan Host / Server collecting Agent (CA) secara langsung”.

2. Apa tujuan atau manfaat dari layanan TELKOM E-Payment ?
Tujuan dari penyediaan layanan ini adalah :

Agar pelanggan (dari Biller terkait) dapat melakukan pembayaran atas tagihan layanan secara online memalui seluruh sistem terminal atau distribution point [mis : ATM, CashTeller dll) yang dimiliki oleh perbankan
Agar Biller dapat meningkatkan layanan melalui penyediaan sistem pembayaran tagihan secara online. Sistim Host to Host merupakan tools untuk ”customer loyalty program”.
Agar Komunitas perbankan dapat memperluas layanannya melalui penyediaa fasilitas pembayaran tagihan rekening layanan publik.

3. Apa yang dimaksud dengan Biller itu ?
Biller merupakan institusi yang memiliki tagihan dan memerlukan pembayaran secara online oleh pelanggan. Umumnya sistem di Biller menggunakan database yang berisi data pelanggan dan Account Receiveble (A/R). Misalnya TELKOM, PLN, PDAM dlsb.

4. Apa yang dimaksud dengan Collecting Agent (CA) ?
Collecting Agent (CA) yaitu institusi yang memiliki kemampuan untuk bertindak sebagai perantara dalam penerimaan tagihan dari pelanggan. Proses transaksi H2H menggunakan standar protokol ISO-8583. CA umumnya menggunakan sarana pengumpulan (collecting point) pembayaran berupa : ATM, Cash Teller, Phone Banking, Internet Banking dlsb.

5. Apa yang dimaksud dengan Data Comunicator ?
Data Communicator merupakan institusi yang memiliki switch yang berfungsi untuk menjembatani sistem perbankan dengan sistem di Biller. Data Comunicator menyediakan modul-modul interface di sisi Biller untuk dapat berinteraksi langsung ke CA dengan protokol ISO-8583.

6. Apa manfaat menjadi CA dari layanan TELKOM E-Payment ?
Bagi CA, layanan TELKOM E-Payment memiliki manfaat berupa :

Memudahkan pembayaran tagihan bagi pelanggan CA.
Menjadikan CA sebagai Bank yang unggul, karena dapat melakukan berbagai pembayaran secara mudah dan efisien.
Memperoleh biaya/fee collecting agent.
Optimalisasi perangkat outlet perbankan, melliputi :
ATM
Terminal Teller
Phone Banking
Internet Banking
Mobile Banking

7. Apa manfaat menjadi Biller dari layanan TELKOM E-Payment ?
Bagi Biller, layanan TELKOM E-Payment memiliki manfaat berupa :

Kemudahan membayar tagihan, tanpa memandang area pelayanan. Pelanggan telepon di Bogor dapat membayar tagihannya melalui salah satu CA yang telah terhubung secara Host to Host di mana saja.
Perluasan outlet pembayaran :

Secara nasional, sesuai jangkauan CA.
Secara internasional, jika CA telah menggunakan sistem Phone Banking maupun Internet Banking.

Efisiensi jaringan, dibanding dengan sistem SOPP Point to Host (P2H) yang memerlukan 1 (satu) line telepon untuk setiap terminal :

Menambah peluang pendapatan atas satu saluran telepon yang tadinya untuk terminal SOPP P2H.
Menambah traffik data di internal CA, sehingga menambah peluang pendapatan TELKOM dalam bisnis link data.

Menghindari kasus pembayaran ganda, seperti pada kasus off-line.

8. Apa bedanya dengan layanan Point to Host ?
Point to Host :

Biller harus mengelola banyak jaringan (kesetiap teller pembayaran)
Jumlah teler dan area pembayaran terbatas
Biaya operasional tinggi
Security : low

Host to Host :

Hanya mengelola satu jaringan yang menghubungkan Host Biller ke Host Bank (Collecting agent)
Jumlah tempat pembayaran dapat memanfaatkan semua distribution channel Bank (saat ini sudah 25 Bank, dengan distribution channel ATM, Teller, PhoneBanking)
Proses settlement lebih sederhana
Biaya operasional rendah
Security : high

9. Bagaimana Layanan Help Desk dari TELKOM E-Payment ?
Layanan Help Desk 7 X 24 Jam Help Desk Multimedia

10. Kapan proses rekonsiliasi dilakukan ?
Rekonsiliasi transaksi dilakukan setiap hari dengan asumsi transaksi hari ini dilakukan pada hari n+1

11. Bagaimana Posisioning layanan TELKOM E-Payment ?
Posisioning Layanan TELKOM E-Payment adalah Kemudahan Pembayaran secara online melalui koneksi langsung ke Institusi Perbankan.

12. Saat ini sudah berapa biller yang terhubung ke TELKOM E-Payment ?
Saat ini komunitas yang sudah terhubung al :

Seluruh DIVRE TELKOM (1-7)
Garuda Indonesia
Telkomsel (July 2004)

13. Berapa jumlah CA yang terhubung ke TELKOM E-Payment ?
CA yang terhubung sebanyak 25 CA.

14. Apa itu TEL-75 ?
TEL-75 adalah Daftar rincian transaksi penerimaan harian yang dicetak dari SISKA pembayaran Jastel per nomor telepon dari SISKA.

Payment Solution