WebUSB APDU Console

Vendor interface Bulk OUT/IN. Lock is automatic: when idle, the first real traffic (CCID XfrBlock or a WebUSB APDU) wins; auto releases after 15s inactivity. Status APDU: FF 00 00 00. Response data is TLV: 01 01 state, 02 01 owner, 03 L atr.

Protocol definition

Transport

  • USB interface: Vendor class 0xFF with two bulk endpoints.
  • Each WebUSB message is one C-APDU on Bulk OUT; device replies with one RAPDU on Bulk IN.
  • Max C-APDU length: 261 bytes (short APDU only; no extended Lc/Le).
  • Bulk framing: if C-APDU length is a multiple of 64 bytes, host should send a ZLP; otherwise device accepts an idle gap as end-of-message.

Arbitration (CCID vs WebUSB)

  • Owner: none / ccid / web.
  • CCID claims ownership only when sending APDU messages (PC-to-RDR XfrBlock / T0APDU).
  • WebUSB claims ownership when sending a normal APDU (CLA != 0xFF) while owner is none.
  • Auto-release after 15 seconds of inactivity for the current owner.

Control APDU (Status)

  • Request: FF 00 00 00
  • Response: TLV data + SW1SW2 9000
TLV tags
  • 01 01 state: 00=no card, 01=present, 02=powered
  • 02 01 owner: 00=none, 01=ccid, 02=web
  • 03 L atr: ATR bytes (L=0..33)

Errors

  • If owned by CCID, a WebUSB APDU returns 6985 (busy).
  • Invalid length / unsupported APDU returns 6700 or 6D00.
Status: -

Log