智能卡阅读器“拒绝访问”同时在Chrome上声称与Webusb接口 [英] SmartCard reader "Access denied" while claiming interface with Webusb on chrome
问题描述
我正在开发一个JavaScript库,通过chrome webusb API使用CCID协议来执行智能卡操作。当我在Linux和MacOS上插入智能卡读卡器时,一切顺利,但是当我尝试声明界面时,我遇到了窗口卡住的问题。
我试图以管理员身份运行chrome,在Windows上禁用智能卡服务/
CCID驱动程序,以防这些驱动程序声称该界面,但没有任何效果。我一直持有
无法声明界面:访问被拒绝(权限不足)
消息。这真的是一个权限问题吗?或者它是一些Windows服务我不知道阻止访问?
编辑:我尝试在另一个mac上,读者didn没有工作。从CCID驱动程序info.plist中删除特定的供应商ID /产品ID后,我设法使其工作。所以我想在windows上也会出现同样的问题,CCID驱动程序会阻止访问接口。设备描述符:
设备描述符:
bLength 18
bDescriptorType 1
bcdUSB 1.10
bDeviceClass 0(定义于接口级别)
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 8
idVendor 0x1a44 VASCO数据安全国际
idProduct 0x0001 Digipass 905智能卡读卡器
bcdDevice 1.02
iManufacturer 1 VASCO
iProduct 2 DP905v1.1
iSerial 0
bNumConfigurations 1
配置描述符:
bLength 9
bDescriptorType 2
wTotalLength 93
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 0
bmAttributes 0x80
(总线供电)
MaxPower 50mA
接口描述符:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 3
bInterfaceClass 11芯片/智能卡
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 0
ChipCard接口描述符:
bLength 54
bDescriptorType 33
bcdCCID 1.00
nMaxSlotIndex 0
VoltageSupport 3 5.0V 3.0V
dwProtocols 3 T = 0 T = 1
dwDefaultClock 3700
dwMaxiumumClock 3700
bNumClockSupported 1
dwDataRate 9946 bps
dwMaxDataRate 318280 bps
bNumDataRatesSupp。 53
dwMaxIFSD 254
dwSyncProtocols 00000007 2线3线I2C
dw机械00000000
dwFeatures 000404BE
基于ATR
的自动配置插入时自动激活$ b b $ b自动电压选择
自动时钟变化
自动波特率变化
由CCID制作的自动PPS
自动IFSD交换
简短和扩展的APDU电平交换
dwMaxCCIDMsgLen 272
bClassGetResponse echo
bClassEnvelope echo
wlcdLayout none
bPINSupport 0
bMaxCCIDBusySlots 1
端点描述符:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 3
传输类型中断
同步类型无
使用类型数据
wMaxPacketSize 0x00 04 1x 4字节
b间隔32
终点描述符:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
传输类型Bulk
Synch Type None
使用类型数据
wMaxPacketSize 0x0010 1x 16字节
bInterval 0
端点描述符:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 2
传输类型批量
同步类型无
使用类型数据
wMaxPacketSize 0x0010 1x 16字节
b间隔0
如果CCID驱动程序阻止访问设备,Chrome则无法访问它。此外,在Windows上,操作系统必须知道要针对设备加载WinUSB.sys驱动程序(随Windows一起提供),否则任何用户空间应用程序(如Chrome)都无法访问它。这可以使用INF文件来完成,例如这一个或通过添加 Microsoft操作系统描述符到设备将兼容ID设置为WINUSB。
如果您正在构建自己的设备,后一个选项是更可取的,因为它将提供插件,为用户提供即插即用的支持,而前者仍需要Windows用户的手动安装步骤。
如果您正在使用现有设备,但可以控制Windows系统然后,类似于编辑MacOS驱动程序的Info.plist,您可以进入Windows设备管理器并使用类似上述的INF文件替换现有的WinUSB.sys驱动程序。
I am developing a javascript library to perform smart card operations using the CCID protocol over chrome webusb API. Everything goes well when I plug the smart card reader on Linux and MacOS, however I get stuck on windows when I try to claim the interface. I tried to run chrome as an administrator, disable smart card services / CCID drivers on windows in case those were claiming the interface, but nothing does it. I keep having the "Failed to claim interface: Access denied (insufficient permissions)" message. Is it really a permission problem ? Or is it some windows service I am not aware of blocking the access ?
Edit: I tried on another mac, on which the reader didn't work. After removing the specific vendor id / product id from the CCID driver info.plist, I managed to make it work. So I suppose the same problem is happening on windows, a CCID driver is "blocking" the access interface. What are my alternatives ?
The device descriptor:
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 1.10
bDeviceClass 0 (Defined at Interface level)
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 8
idVendor 0x1a44 VASCO Data Security International
idProduct 0x0001 Digipass 905 SmartCard Reader
bcdDevice 1.02
iManufacturer 1 VASCO
iProduct 2 DP905v1.1
iSerial 0
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 93
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 0
bmAttributes 0x80
(Bus Powered)
MaxPower 50mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 3
bInterfaceClass 11 Chip/SmartCard
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 0
ChipCard Interface Descriptor:
bLength 54
bDescriptorType 33
bcdCCID 1.00
nMaxSlotIndex 0
bVoltageSupport 3 5.0V 3.0V
dwProtocols 3 T=0 T=1
dwDefaultClock 3700
dwMaxiumumClock 3700
bNumClockSupported 1
dwDataRate 9946 bps
dwMaxDataRate 318280 bps
bNumDataRatesSupp. 53
dwMaxIFSD 254
dwSyncProtocols 00000007 2-wire 3-wire I2C
dwMechanical 00000000
dwFeatures 000404BE
Auto configuration based on ATR
Auto activation on insert
Auto voltage selection
Auto clock change
Auto baud rate change
Auto PPS made by CCID
Auto IFSD exchange
Short and extended APDU level exchange
dwMaxCCIDMsgLen 272
bClassGetResponse echo
bClassEnvelope echo
wlcdLayout none
bPINSupport 0
bMaxCCIDBusySlots 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0004 1x 4 bytes
bInterval 32
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0010 1x 16 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0010 1x 16 bytes
bInterval 0
The insight in your edit is correct, if the CCID driver is blocking access to the device then Chrome cannot access it. In addition on Windows the operating system must know to load the WinUSB.sys driver (which comes with Windows) against the device or else any userspace application such as Chrome cannot access it. This can be accomplished using an INF file like this one or by adding Microsoft OS descriptors to the device to set the "compatible ID" to "WINUSB".
If you are building your own device the latter option is preferable as it will provide plug-and-play support for your users while the former still requires a manual installation step for Windows users.
If you are working with an existing device but have control over the Windows system then, similar to editing the Info.plist for the macOS driver, you can go into the Windows Device Manager and replace the existing driver with WinUSB.sys using an INF file like the above.
这篇关于智能卡阅读器“拒绝访问”同时在Chrome上声称与Webusb接口的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!