Dell embedded contactless smartcard reader

Updated (2009-10-13): How to enable PC/SC support for this reader.

I recently bought a Dell Precision M6400 Covet. One of it’s cool standard features is the embedded contactless smartcard reader. This reader is located under the right palm rest, and is also available on select Latitude E-series. All this is cool, but, where is the documentation? What cards does it support? Can I access the reader from my own programs? Unfortunately Dell seems to have very little information available on their web pages, so I had to start digging myself. (I’m the type of guy who can’t have a gadget in my house without knowing what’s inside, who made it, and how can I use it in strange ways to do cool things.)

The chipset is Broadcom BCM5880, and is listed under Device Manager as “Broadcom Unified Security Hub CV w/fingerprint sensor”. There is no separate entry in “Device Manager” for “Contactless Smartcard reader”. This chipset also contains a secuity processor, contacted smartcard support, fingerprint reader support, TPM v1.2, and a so-called “credentials vault” (CV).

From BCM5880 Product Information:

“The Broadcom BCM5880 secure applications processor combines platform identification, personal identification and data protection in a single chip and includes an integrated Trusted Platform Module (TPM) 1.2 device, as well as the credential “vault” capability. It also integrates many of the authentication applications available today, such as one-time-password (OTP), fingerprint readers, smart cards, and contactless readers, into silicon, where they all can be centrally managed and utilized as part of multi-factor authentication policies”.

On a side note: Many of the same features available in the TPM is also available in the Credentials Vault. The biggest differences seems to be that CV is enabled by default, but TPM must be manually activated in BIOS (according to the requirements by the Trusted Computing Group). The TPM interface is standardized, while CV is not? Also, when authenticating to the chip (updates/modifications etc), the TPM only supports passwords, while CV supports smartcards and fingerprints as well.

Anyway, through HID Global I found a document called “Dell E-Family PBA Enrollment Application Notes AN0124” which lists the compatible card technologies for this reader:

From this table we can see that the embedded contactless reader “natively” supports HID iClass cards (in software/hardware), it does NOT support 125kHz proximity cards, and the rest of the cards (MIFARE and generic ISO14443A/B or ISO15693) are supported by means of reading the CSN/UID only. Since the CSN should be unique, this means all ISO14443A/B or ISO15693 cards, eventhough not directly supported by the Dell software, will still work with the embedded reader through the use of the Card Serial Number. But be aware, the CSN can be read by anyone, and the communication between the card and reader is unencrypted, unlike the iClass cards, where the reader and card first goes through a mutual authentication process, before the identification number is read from secure memory, and then finally transmitted in encrypted form to the reader. The encryption and mutual authentication process uses HID iClass’ Standard Master Key. This key is then diversified using the CSN, to create a unique key that is stored in each iClass card. The Standard Master Key is stored in secure memory in all authorized iClass readers. (When it comes to the Dell laptops, my guess is that this Standard Master Key is stored securely in the reader itself or the Credentials Vault).

I have tested several different HID iClass cards, 2k2, 16k2, programmed and unprogrammed, and NXP Mifare 4K, Mifare Ultralight. They all seem to work fine with the embedded contactless reader. (Although the ultralight card is not read as easily as the other cards. I had to move the card over the reader for a few seconds before it was detected). On the unprogrammed iClass cards, I suspect that it reads the CSN only, as the length of the “Access Control ID” bytes are set to 0x00, which means there is no number stored on the card. Unfortunately, the enrollment software on the Dell Laptops does not inform you weither the card you enrolled was an iClass card, or just a generic card with CSN/UID, so there is no way to know what number was actually used. I also tried with a iso14443b java card, but it was not detected by the reader, even though the table above says the reader supports the 14443 ‘B’ protocol.

I bought most of the cards from http://www.smartcardfocus.com.  They sell individual cards, unlike most other stores who only sell batches of 100/200 etc.
Any of the iClass cards they have will work, but they are all supplied unprogrammed by default. Eventhough unprogrammed cards will work with your Dell contactless reader, you might want to ask them to program the cards for you using their free programming service, as I’m not sure if it actually reads some default ID from secure memory, or just uses the CSN because the card is not “activated”.

Using the card on your Dell laptop:
Enroll the card through “Dell Security Manger” or “Wave Embassy Security Center”. Be aware when logging in: Do NOT use the numpad when entering PIN on pre boot. The numpad keys do not work correctly, and will result in “Auth Failed”.

Here are scans of some of the cards I have tested:
(I have removed the external serial numbers where they appear)

HID Dell PBA testcard (front)

HID Dell PBA testcard (back)
From the markings on the card (“iCLASS Px G6L”) we can see that this is a dual technology card (HID iClass 13.56MHz + HID Prox 125kHz).

iClass 2K 2 app (ISO 15693 only) Markings: “iClass DL + [external serial #]”

iClass 2k2 + Prox
Markings: “iCLASS Px D6L”

iClass 16k2
Markings: “iCLASS EG”

iClass 16k16 + Prox
Markings: “iCLASS Px E6L”

This is the card I use to access the building where I work, a HID DuoProx 125kHz + magnetic strip combo:
The markings say (“HID 0004k”). The front is all white.
This card will not work with the Dell contactless reader, but you can get dual technology cards that have both iClass and Prox, so you can use the same card to access buildings and your computer.

All iClass cards supports both ISO14443/B2 and ISO15693, except the 2k2 versions which only support ISO15693. However, unfortunately, iClass cards only supports up to ISO layer 2, and this makes iClass reader support pretty slim, since they can only be read by readers that are specially prepared for iClass cards (usually only HIDs own readers, like HID or OmniKey, and some other licenced readers).

PC/SC support
I have previously experimented with reading EMV cards (see saush’s excellent example here) with the embedded contacted reader, so it would be nice if I could use the contactless reader in the same way. However the reader is not listed when I enumerate the available PC/SC terminals on my system.
In the last section of this document:
http://www.hidglobal.com/documents/dell_latitude_security_broch_en.pdf
it is stated that the contactless reader supports PC/SC… I have contacted Dell ProSupport, but they could not give me an answer. I will try to contact them again soon.
It seems for now, the reader can only be used by supported Dell software.

Update (2009-10-13): I finally found the solution to enable PC/SC support for this reader.

——

Many of the contactless cards use so called number “formats” (or “encoded numbers”). All HID iClass and Prox cards use this.
This number is different from the CSN/UID (which is unique to the chip), and is stored in the card EEPROM. On iClass cards, this number is stored in the HID Application Area, and is protected by the HID Standard Key (or a custom key in some cases).

A “Format” is simply the way you interpret a number.
For example given the number: 56128902

One “Format” can be:
Facility Code = 56
Card ID = 128902

Another one can be
Facility Code = 5
Card ID = 6128902

A format also specifies how long a number can be, for example 26, 34 or 36 bits etc.

H10301 – standard 26-bit format (original wiegand format) This format is supported by almost all contactless smartcard/proximity systems.
facility code 1-255
card id number 1-65535
= total 16,711,425 ( 24bit)  (facility code ‘0’ and card id ‘0’ not allowed)

When using the Dell reader with iClass cards, what formats does it support?
I would guess the reader is format agnostic. It doesn’t care about the format, it just reads the complete number, weither 26/34/36/37 or 84 bits, the reader just sees a large number.

Understanding card data formats (the id numbers stored on cards):
http://www.hidglobal.com/documents/understandCardDataFormats_wp_en.pdf

Format Guidelines:
http://www.hidglobal.com/page.php?page_id=10

Format and Facility (Site) Code explained:
http://www.identisource.net/format_and_facility_codes_expl.cfm

Custom Wiegand formats:
http://paxton.co.uk/docs/Application%20notes/AN1010.pdf

FIPS approval for the BCM5880:
http://www.fips201.com/product/view/418

The chip manufacturer for HID cards:
http://www.insidecontactless.com/products/picopass_suite.php

—–

Other links:

http://forum.notebookreview.com/showthread.php?t=354498
http://en.community.dell.com/forums/t/19277980.aspx
http://www.hidglobal.com/iclass

Glossary:

CSN = Card Serial Number. A unique number burnt into the chip at production. Same as UID.
UID = Unique ID. Same as CSN.
Access Control ID = The “encoded number” stored in the HID Application Area on iClass cards.
Encoded number = another name for the Access Control ID