PC/SC over BLE on Windows

Once configured to run the CCID profile / PC/SC mode, a Bluetooth-attached SpringCore device is supported by SpringCard PC/SC Bridge virtual driver and its companion application.

Reference SpringCard PC/SC Bridge
Supported operating systems x64 / AMD64, Windows 10, Windows 11
Other platforms are not supported
Supported devices All SpringCore devices featuring a Bluetooth (BLE) interface
Supported interfaces Bluetooth Smart 4.2 (check that your computer features a Bluetooth LE adapter, or use an USB BLE dongle)
Requirements .NET framework runtime v4.8 or newer
Download link: https://www.springcard.com/it/download/find/file/sd20191

The SpringCard PC/SC Bridge Solution is made of three layers:

  • A virtual PC/SC driver. The driver is said to be virtual, because it is not attached to a physical device that is wire-connected to the computer’s motherboard, but rely on an underlying user-land software to communicate with the device.
  • The SpringCard.SpringCore.BleBridge.dll library is the software that runs in user-land and acts as the bridge between the BLE device and the virtual PC/SC driver,
  • The SpringCard PC/SC Bridge application is a lighweight utility that controls the driver, provides configuration screens, and runs the library in the tray of the user’s desktop.

Integrators may also use the library to develop their own bridging application.

Security considerations

The unpaired (not bonded) BLE channel is intrinsically insecure: it provides neither confidentiality nor integrity protection. It must therefore only be used for tests and demonstration purposes, not in a live application.

The bonded BLE channel is not rely better since the bonding uses the Just Works pairing method (because the SpringCore device does not have a keypad or any other mean to enter a PIN or a secret key). The link is encrypted (AES-CCM), but there is no real mutual authentication, and no protection against man-in-the-middle attacks. It provides basic confidentiality only, not strong security.

However, the SpringCore device can be adapted to operate at a much higher security level, by using a protocol-level encryption of the CCID messages, after a mutual authentication either with a shared AES key or through an ECDH key exchange. Integrators requiring such a level of security should contact SpringCard’s sales team since these features are only available as part as a dedicated project.