智能卡阅读器“拒绝访问”同时在Chrome上声称与Webusb接口 [英] SmartCard reader "Access denied" while claiming interface with Webusb on chrome

问题描述

我正在开发一个JavaScript库，通过chrome webusb API使用CCID协议来执行智能卡操作。当我在Linux和MacOS上插入智能卡读卡器时，一切顺利，但是当我尝试声明界面时，我遇到了窗口卡住的问题。
我试图以管理员身份运行chrome，在Windows上禁用智能卡服务/
CCID驱动程序，以防这些驱动程序声称该界面，但没有任何效果。我一直持有
无法声明界面：访问被拒绝（权限不足）
消息。这真的是一个权限问题吗？或者它是一些Windows服务我不知道阻止访问？

编辑：我尝试在另一个mac上，读者didn没有工作。从CCID驱动程序info.plist中删除特定的供应商ID /产品ID后，我设法使其工作。所以我想在windows上也会出现同样的问题，CCID驱动程序会阻止访问接口。设备描述符：

 设备描述符：
 bLength 18 
 bDescriptorType 1 
 bcdUSB 1.10 
 bDeviceClass 0（定义于接口级别）
 bDeviceSubClass 0 
 bDeviceProtocol 0 
 bMaxPacketSize0 8 
 idVendor 0x1a44 VASCO数据安全国际
 idProduct 0x0001 Digipass 905智能卡读卡器
 bcdDevice 1.02 
 iManufacturer 1 VASCO 
 iProduct 2 DP905v1.1 
 iSerial 0 
 bNumConfigurations 1 
配置描述符：
 bLength 9 
 bDescriptorType 2 
 wTotalLength 93 
 bNumInterfaces 1 
 bConfigurationValue 1 
 iConfiguration 0 
 bmAttributes 0x80 
（总线供电）
 MaxPower 50mA 
接口描述符：
 bLength 9 
 bDescriptorType 4 
 bInterfaceNumber 0 
 bAlternateSetting 0 
 bNumEndpoints 3 
 bInterfaceClass 11芯片/智能卡
 bInterfaceSubClass 0 
 bInterfaceProtocol 0 
 iInterface 0 
 ChipCard接口描述符：
 bLength 54 
 bDescriptorType 33 
 bcdCCID 1.00 
 nMaxSlotIndex 0 
VoltageSupport 3 5.0V 3.0V 
 dwProtocols 3 T = 0 T = 1 
 dwDefaultClock 3700 
 dwMaxiumumClock 3700 
 bNumClockSupported 1 
 dwDataRate 9946 bps 
 dwMaxDataRate 318280 bps 
 bNumDataRatesSupp。 53 
 dwMaxIFSD 254 
 dwSyncProtocols 00000007 2线3线I2C 
 dw机械00000000 
 dwFeatures 000404BE 
基于ATR 
的自动配置插入时自动激活$ b b $ b自动电压选择
自动时钟变化
自动波特率变化
由CCID制作的自动PPS 
自动IFSD交换
简短和扩展的APDU电平交换
 dwMaxCCIDMsgLen 272 
 bClassGetResponse echo 
 bClassEnvelope echo 
 wlcdLayout none 
 bPINSupport 0 
 bMaxCCIDBusySlots 1 
端点描述符：
 bLength 7 
 bDescriptorType 5 
 bEndpointAddress 0x81 EP 1 IN 
 bmAttributes 3 
传输类型中断
同步类型无
使用类型数据
 wMaxPacketSize 0x00 04 1x 4字节
 b间隔32 
终点描述符：
 bLength 7 
 bDescriptorType 5 
 bEndpointAddress 0x02 EP 2 OUT 
 bmAttributes 2 
传输类型Bulk 
 Synch Type None 
使用类型数据
 wMaxPacketSize 0x0010 1x 16字节
 bInterval 0 
端点描述符：
 bLength 7 
 bDescriptorType 5 
 bEndpointAddress 0x83 EP 3 IN 
 bmAttributes 2 
传输类型批量
同步类型无
使用类型数据
 wMaxPacketSize 0x0010 1x 16字节
 b间隔0 
  

解决方案

如果CCID驱动程序阻止访问设备，Chrome则无法访问它。此外，在Windows上，操作系统必须知道要针对设备加载WinUSB.sys驱动程序（随Windows一起提供），否则任何用户空间应用程序（如Chrome）都无法访问它。这可以使用INF文件来完成，例如这一个或通过添加 Microsoft操作系统描述符到设备将兼容ID设置为WINUSB。

如果您正在构建自己的设备，后一个选项是更可取的，因为它将提供插件，为用户提供即插即用的支持，而前者仍需要Windows用户的手动安装步骤。

如果您正在使用现有设备，但可以控制Windows系统然后，类似于编辑MacOS驱动程序的Info.plist，您可以进入Windows设备管理器并使用类似上述的INF文件替换现有的WinUSB.sys驱动程序。

I am developing a javascript library to perform smart card operations using the CCID protocol over chrome webusb API. Everything goes well when I plug the smart card reader on Linux and MacOS, however I get stuck on windows when I try to claim the interface. I tried to run chrome as an administrator, disable smart card services / CCID drivers on windows in case those were claiming the interface, but nothing does it. I keep having the "Failed to claim interface: Access denied (insufficient permissions)" message. Is it really a permission problem ? Or is it some windows service I am not aware of blocking the access ?

Edit: I tried on another mac, on which the reader didn't work. After removing the specific vendor id / product id from the CCID driver info.plist, I managed to make it work. So I suppose the same problem is happening on windows, a CCID driver is "blocking" the access interface. What are my alternatives ?

The device descriptor:

Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               1.10
  bDeviceClass            0 (Defined at Interface level)
  bDeviceSubClass         0 
  bDeviceProtocol         0 
  bMaxPacketSize0         8
  idVendor           0x1a44 VASCO Data Security International
  idProduct          0x0001 Digipass 905 SmartCard Reader
  bcdDevice            1.02
  iManufacturer           1 VASCO
  iProduct                2 DP905v1.1
  iSerial                 0 
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                 9
    bDescriptorType         2
    wTotalLength           93
    bNumInterfaces          1
    bConfigurationValue     1
iConfiguration          0 
    bmAttributes         0x80
  (Bus Powered)
MaxPower               50mA
Interface Descriptor:
  bLength                 9
  bDescriptorType         4
  bInterfaceNumber        0
  bAlternateSetting       0
  bNumEndpoints           3
  bInterfaceClass        11 Chip/SmartCard
  bInterfaceSubClass      0 
  bInterfaceProtocol      0 
  iInterface              0 
  ChipCard Interface Descriptor:
    bLength                54
    bDescriptorType        33
    bcdCCID              1.00
    nMaxSlotIndex           0
    bVoltageSupport         3  5.0V 3.0V 
    dwProtocols             3  T=0 T=1
    dwDefaultClock       3700
    dwMaxiumumClock      3700
    bNumClockSupported      1
    dwDataRate           9946 bps
    dwMaxDataRate      318280 bps
    bNumDataRatesSupp.     53
    dwMaxIFSD             254
    dwSyncProtocols  00000007  2-wire 3-wire I2C
    dwMechanical     00000000 
    dwFeatures       000404BE
      Auto configuration based on ATR
      Auto activation on insert
      Auto voltage selection
      Auto clock change
      Auto baud rate change
      Auto PPS made by CCID
      Auto IFSD exchange
      Short and extended APDU level exchange
    dwMaxCCIDMsgLen       272
    bClassGetResponse    echo
    bClassEnvelope       echo
    wlcdLayout           none
    bPINSupport             0 
    bMaxCCIDBusySlots       1
  Endpoint Descriptor:
    bLength                 7
    bDescriptorType         5
    bEndpointAddress     0x81  EP 1 IN
    bmAttributes            3
      Transfer Type            Interrupt
      Synch Type               None
      Usage Type               Data
    wMaxPacketSize     0x0004  1x 4 bytes
    bInterval              32
  Endpoint Descriptor:
    bLength                 7
    bDescriptorType         5
    bEndpointAddress     0x02  EP 2 OUT
    bmAttributes            2
      Transfer Type            Bulk
      Synch Type               None
      Usage Type               Data
    wMaxPacketSize     0x0010  1x 16 bytes
    bInterval               0
  Endpoint Descriptor:
    bLength                 7
    bDescriptorType         5
    bEndpointAddress     0x83  EP 3 IN
    bmAttributes            2
      Transfer Type            Bulk
      Synch Type               None
      Usage Type               Data
    wMaxPacketSize     0x0010  1x 16 bytes
    bInterval               0

解决方案

The insight in your edit is correct, if the CCID driver is blocking access to the device then Chrome cannot access it. In addition on Windows the operating system must know to load the WinUSB.sys driver (which comes with Windows) against the device or else any userspace application such as Chrome cannot access it. This can be accomplished using an INF file like this one or by adding Microsoft OS descriptors to the device to set the "compatible ID" to "WINUSB".

If you are building your own device the latter option is preferable as it will provide plug-and-play support for your users while the former still requires a manual installation step for Windows users.

If you are working with an existing device but have control over the Windows system then, similar to editing the Info.plist for the macOS driver, you can go into the Windows Device Manager and replace the existing driver with WinUSB.sys using an INF file like the above.

这篇关于智能卡阅读器“拒绝访问”同时在Chrome上声称与Webusb接口的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！