How to configure a Puck as a reader to read a SpringPass virtual card using keyboard emulation?

SpringCard Puck family products can be used to read contactless passes carried by NFC smartphones. In the SmartReader operating mode, the reader is standalone to run and the computer receives RFID/NFC pass data as if someone would type it on the keyboard.

SpringPass by SpringCard is a service for generating NFC passes in order to dematerialize contactless cards or RFID badges by virtualizing them on mobile phones (smartphones). On Apple iOS (iPhone) architectures, the system is based on Apple VAS technology. On Android architectures, the system is based on Google Smart Tap technology.

Read More

How to read RFID/NFC passes with SpringCard PC/SC couplers

SpringCard contactless PC/SC couplers (NFC/RFID HF) can be used to read contactless passes carried by NFC smartphones.

In particular, the Prox'N'Roll HSP PC/SC and the PUCK configured as PC/SC have been certified :

  • by Apple for reading NFC passes stored in the Apple Wallet application ("Apple VAS" protocol, formerly branded as "PassKit"),
  • by Google for reading NFC passes stored in the Google Pay application ("Google VAS" protocol, still branded as "Smart Tap" or now "Google Wallet").

Read More

Using SpringCard PC/SC Couplers with a Raspberry Pi 4

SpringCard PC/SC Couplers like the H663 family (CrazyWriter HSP, Prox'N'Roll HSP, TwistyWriter HSP...) and the new SpringCore family (PUCK...) are well supported by Linux systems thanks the open-source PCSC-Lite stack and its CCID driver. All these devices are easy to operate on early Raspberry Pi with little to no specificities.

This has changed on Raspberry Pi 4 and Raspian Bullseye and their new power-saving policy: by default, the system now shuts down any USB device that appears as being "unused" -- which is namely the case of any PC/SC Coupler until a card is inserted or presented ;-).

For correct operations of any SpringCard PC/SC Coupler with a Raspberry Pi 4 and Raspian Bullseye, the integrator must therefore disable the USB power control, and this article explains how to do so. It may also be useful to anyone trying to troubleshoot disconnection issues affecting any PC/SC device when used together with an embedded Linux system where USB power saving is enabled by default.

Read More

Storing ECC private keys in the SpringCore's Secure Element

Devices in the SpringCore family feature on or more Secure Elements (SE) to store the security keys that are involved in your system. This covers both the keys used by the Smart Reader template engine or a PC/SC application for authenticating and validating the user credentials (contactless card or NFC pass) and the keys used for securing the communication between the device and the back-end system (MQTT over TLS to interact with a cloud system, secure BLE, secure UDP or TCP protocols, etc.).

Both Puck and SpringPark feature a Microchip ATECC chip (formerly an Atmel reference) to store ECC private keys (NIST P-256 curve a.k.a. secp256r1 and prime256v1). Such private keys are typically involved in three use cases:

  • To authenticate and decipher (decrypt) an Apple VAS NFC pass (Passkit),
  • To activate, authenticate and decipher (decrypt) a Google VAS NFC pass (Smart Tap),
  • To open a SSL/TLS secure communication channel with a server over a TCP/IP network, providing client-side authentication of the device.

This article shows how-to insert existing ECC private keys into the SpringCore's ATECC.

Read More

Using master cards to configure the SpringCore devices

SpringCore is the umbrella name to the new generation of SpringCard devices (Puck, SpringPark, etc.) that share the same MCU platform and the same overall architecture. All the devices in this family could be configured easily and securely thanks to SpringCard 2nd generation of master cards.

A master card v2 is a Desfire EV1 (or later) contactless card, that contains the configuration parameters you want to apply to many devices. The data are protected by AES128 for authentication and secure communication, and their authenticity is validated by an ECC256 digital signature.

Thanks to this robust security scheme, only your devices can read and accept your master cards, while refusing (and being actually unable to read) master cards created by 3rd parties. Symmetrically, only the devices that you have commissioned with your own key-set are able to read your master cards, thus protecting your assets (secret keys and specific configuration parameters) against any unwanted disclosure, even if the master card is lost or stolen.

This article shows how-to create master cards v2 using springcoremastercard.exe tool and/or SpringCard Companion, and what are the best practices to use them efficiently and securely.

Read More

Writing a configuration with springcoreconfig.exe

SpringCore is the umbrella name to the new generation of SpringCard devices (Puck, SpringPark, etc.) that share the same MCU platform and the same overall architecture. springcoreconfig.exe, a software from the SpringCore Tools suite, is the command-line utility to manipulate device configurations. It is typically intended to upload a complete configuration at once, but is also able to edit registers one by one.

This article shows how springcoreconfig.exe works.

Read More

Flashing a new firmware with springcoreflash.exe

SpringCore is the umbrella name to the new generation of SpringCard devices (Puck, SpringPark, etc.) that share the same MCU platform and the same overall architecture. springcoreflash.exe, a software from the SpringCore Tools suite, is the command-line utility to change a device's firmware (i.e. to "flash" a firmware).

This article shows how springcoreflash.exe works.

Read More

Retrieving device's data with springcoretool.exe

SpringCore is the umbrella name to the new generation of SpringCard devices (Puck, SpringPark, etc.) that share the same MCU platform and the same overall architecture. springcoretool.exe, a software from the SpringCore Tools suite, is the command-line utility to retrieve and display all device's technical data.

This article shows how springcoretool.exe works.

Read More

Installing the SpringCore Tools on Windows, macOS and Linux

SpringCore is the umbrella name to the new generation of SpringCard devices (Puck, SpringPark, etc.) that share the same MCU platform and the same overall architecture.

To manage, configure and update these devices, SpringCard has developed SpringCard Companion, a complete and versatile hybrid solution that combines the ergonomics of a modern web application with the power of a gateway service running on Windows 10 (or later).

Read More

Getting started with SpringCard Companion

SpringCard Companion is the new all-in-one solution to manage, configure and update the latest generation of SpringCard "SpringCore" devices (Puck, SpringPark, etc). SpringCard Companion is an hybrid application that combines a clean, efficient and always up-to-date web front-end with a tiny local software, the Companion Service, that is the gateway between the cloud and the devices connected to your computer or local network.

As such, the Companion Service is also the base component to connect any application built for the web with the 'physical world' of PC/SC couplers and Smart Readers, using only simple WebSocket and REST API calls.

Before you start using SpringCard Companion Web application (available at companion.springcard.com) you should install the Companion Service on a Windows computer.

Read More