[Pcsclite-muscle] HELP! Any experience on smart card chip wearing?
Arne Ansper
arne
Mon Sep 8 01:22:36 PDT 2014
Some time ago we implemented system where smartcard signed continously. In
order to have some understanding how reliable this might be, I did a test.
I had laptop with Ubuntu or Debian, smartcard with CardOS 4.3 (IIRC) from
Siemens, CCID smartcard reader from Omnikey and small program that just
signed continously. This experiment ran successfully for 540 days and
created approximately 118 million signatures. The process ended with:
card-cardos.c:838:cardos_compute_signature: returning with: Internal error
Hardware was still ok, I was able to restart the process.
Best regards,
Arne
On Mon, 8 Sep 2014, Ludovic Rousseau wrote:
> 2014-09-08 9:30 GMT+02:00 Umberto Rustichelli <umberto.rustichelli at gt50.org>:
>> Dear all, I do not know if this is the right place to ask but I think it is
>> the only place where the best experience with smart cards is shared.
>
> Hello,
> Maybe the best would be to contact the smart card manufacturer or reseller.
>
>> I'm recently struggling with some issues when using smart cards for massive
>> signatures production where massive means a few millions consecutive
>> signatures for each card (what you wouldn't do to meet the absurd customers'
>> demand!)...
>>
>> I think it is irrelevant but let me point out that this applies to cards
>> from two different vendors and with 2 different (USB) card readers; the
>> environment can handle up to 98 smart cards (yes, I changed a few parameters
>> in header files) but just 14 are connected. In production, only one card
>> type (InCard 34v2 common used in Italy) and only one reader type are used.
>>
>> To make it short, does anybody know of any predictable limit that can cause
>> failures (after "many" signatures the *cards disconnect*, one by one) among
>> the following:
>>
>> - cards cannot reliably work for more than N signatures
>> ...I know that RAM in cards should work well for N * 10^5
>> write operations, considering that some writing operations
>> may be involved when signing, that can be an issue and
>> would point to chip wearing?
>>
>> - some counters in the PCSC / CCID code that may be
>> troublesome after a number of operations (honestly,
>> I found none but I'm not an expert here)?
>>
>> - any known issue with smart card drivers, in the specific case
>> the proprietary InCard driver? The SW involved is
>> pcsc-lite, cccid, (OpenSC) pkcs11_engine for OpenSSL
>> and, of course, the driver itself
>>
>> Did anybody try such massive use of cards?
>> Please help if you have any experience to share on this or point me to some
>> documents or forum that can be more appropriate.
>
> I guess the problem is more with EEPROM [1] and not RAM of the smart card.
>
> Accordiong to Wikipedia a typical EEPROM supports 1 million of
> read/write/erase cycles. So I am not surprised that you get errors
> after a few millions signatures.
>
> pcsc-lite and the libccid driver do not have counters that could
> produce an error.
> The smart card may have a signature counter and certainly have a
> ratification counter for the PIN code. If the PIN needs to be
> presented before each signature then the PIN counter will be updated
> twice for each signature.
>
> Do you get an error message from the smart card?
> Do the smart card just become mute?
>
> Bye
>
> [1] https://en.wikipedia.org/wiki/EEPROM
>
>
More information about the pcsclite-muscle
mailing list