APDU commands for Globalplatform card

Hi,
I'm trying to develop embedded software that talks to a Oberthur Cosmo 64 card via low level APDU commands. I've looked at the Globalplatform 2.1.1 specs as well as the cosmo 64 technical brief, but it seems that there are only a few APDU commands. I've only worked with native cards before this, and native cards seem to have a lot more commands. For example, I can't even find a "Get Challenge" command nor any kind of authentication/key generation/pin verification commands.
Would like to know how I can get started just sending simple APDU commands for key generation, challenge-response, authentication, etc?

galapogos wrote:
Well I only see 10 commands under Part IV(APDU Command Reference) of the GPP 2.1.1 specs.
However when I see Appendix D I realize there's actually an initialize update and external authenticate APDU command, neither of which are found in Part IV.Yes, the commands for secure channel protocol are located in the Appendices. One can argue if this commands should be listed in APDU Command Reference, but GP Committee wanted to make is as flexible as possible in case another SCP is added, with different commands.
From what I've read so far in Appendices D/E, it seems that the difference is that
1) SCP01 supports mutual auth while for SCP02, only the card auths the host, with an option for the reverse.
2) For SCP01, card ensures host is genuine, but no mention of the reverse to be true. For SCP02, both host and card must be ensured to be genuine.
3) For SCP01, data from host to card is not susceptible to sniffing(encryption?), but no mention of the reverse to be true. For SCP02, both directions are not susceptible to sniffing.You are referencing the R-MAC option. It is only present in SCP02. There is no encryption from the card side (smthg like R-ENCRYPTION), you would need to handle this in your Applet. Be aware that R-MAC is optional, depending on the security policy of the issuer. For example in JCOP, only C-MAC and C-DECRYPTION is supported. Another differences between SCP01 and SCP02:
- The DEK in SCP02 is a session key, and in SCP01 it is static
- The INITIALIZE UPDATE command is different regarding the P2 parameter and the structure of the response
In the latest version of GP 2.2 SCP01 is deprecated.
Seems like other than the initial authentication, SCP02 is always more secure than SCP01?I would only conclude this if R-MAC is supported in SCP02.
Also, where can I find Java Card 2.2.1/2.2.2 specs? I'm not interested in using the API since I'm developing embedded firmware, so I need to talk to the card directly via APDU commands.http://java.sun.com/products/javacard/specs.html

Similar Messages

PowerTool Command for Network Card Firmware Details

I need following network card firmware information through powertool command, please let me know if anyone knows about any command for this.

Hi,
This might help:
Get-UcsFirmwareBootUnit | Where-Object {$_.dn -eq "sys/chassis-1/blade-1/adaptor-1/mgmt/fw-boot-def/bootunit-combined"}
AdminState      : triggered
IgnoreCompCheck : no
Image           : running
OperState       : pending-next-boot
PrevVersion     : 2.1(2a)
ResetOnActivate : no
Type            : combined
Version         : 2.1(1e)
Dn              : sys/chassis-1/blade-1/adaptor-1/mgmt/fw-boot-def/bootunit-combined
Rn              : bootunit-combined
Status          :
Ucs             : UCSPOD-A-B
AdminState      : triggered
IgnoreCompCheck : no
Image           : running
OperState       : pending-next-boot
PrevVersion     : 2.1(2a)
ResetOnActivate : no
Type            : combined
Version         : 2.1(1e)
Dn              : sys/chassis-1/blade-1/adaptor-1/mgmt/fw-boot-def/bootunit-combined
Rn              : bootunit-combined
Status          :
Ucs             : UCSPOD-A-B

"GemSafeXpresso Card returns "6D 00" for most of APDU commands"

Hi everyone,
I am confused with GemSafeXpresso smart card, GemSafeXpresso card can be authenticate with CardManager but I can not delete the instance of applet with GlobalPlatform Delete APDU command,it returns "6D 00"
In following you can find what was happend on my card:
At first,I installed GemSafe V2.04 applet that is placed on Rom of the card,I mean I created an instance of GemSafe applet with "A0 00 00 00 18 0A 00 00 01 63 42 00" ID successfully, after that I selectd GemSafe applet and Root and then I created some EFs under root ,but now I can not delete the instance of applet that I have created,The card returns "6D 00" ,I can authenticate with CardManager but I can not delete , create or install ,...
I should say ,at first I installed and deleted the instance some times but I can not do now ,I would like to know what is the reason of this problem.
I appreciate for any help,
Yours sincerely,
Orchid

Dear lexdabear,
Thanks a lot for your reply,
Gemalto has written GemSafe applet and has loaded on Rom of GemSafeXpresso card but I can just install it and make an instance of it on the card ,So I don not have source of applet.
In following you can find the APDU command for install ,delete ,...
Authenticate
key file: C:\GemXpressoJCardManager\keyfiles\jc2.2.1 - gp2.1.1\default.keys
key set 0 (Card Defined)
Select the CardManager
-> 00 A4 04 00 08 A0 00 00 00 18 43 4D 00
<- 61 1B [Normal ending of the command with <27> bytes of extra information.]
Initialize Update
80 50 00 01 08 00 01 02 03 04 05 06 07 (00)
4D 00 72 38 02 04 7D 89 0C 77 FF 01 D2 89 12 21 AA 07 FE 36 07 F0 51 9F 2D D1 88 10, 90 00 [Normal ending of the command.]
Card info KeySet=-1
(SCP 01,implementation i05)
External Authenticate
84 82 00 00 10 01 93 6B 90 77 1F 72 F7 A4 6F 6D 63 B5 D3 0D AF
90 00 [Normal ending of the command.]
*1)Install for Install*
80 E6 04 00 44 10 A0 00 00 00 18 30 08 01 00 00 00 00 00 00 00 FF 10 A0 00 00 00 18 30 08 01 00 00 00 00 00 00 00 00 0C A0 00 00 00 18 0A 00 00 01 63 42 00 01 00 11 C9 0F DF 0A 06 02 0F 00 01 0C 01 DF 0B 03 06 E1 E1 00 (00)
00, 90 00 [Normal ending of the command.]
2) Install for Make Selectable
80 E6 08 00 13 00 00 0C A0 00 00 00 18 0A 00 00 01 63 42 00 01 00 00 00 (00)
00, 90 00 [Normal ending of the command.]
3)*Select Applet*
00 A4 04 00 0C A0 00 00 00 18 0A 00 00 01 63 42 00 (10)
90 00 [Normal ending of the command.]
4) Select Root
00 A4 00 00 02 3F 00 (30)
6F 17 83 02 3F 00 8C 03 06 E1 E1 84 0C A0 00 00 00 18 0C 00 00 01 63 42 00, 90 00 [Normal ending of the command.]
5)*Create EF SN-0001*
00 E0 00 00 15 62 13 81 02 00 08 82 01 01 83 02 00 01 8A 01 01 8C 03 03 FF 00
90 00 [Normal ending of the command.]
6) Authenticate
key file: C:\GemXpressoJCardManager\keyfiles\jc2.2.1 - gp2.1.1\default.keys
Select the CardManager
-> 00 A4 04 00 08 A0 00 00 00 18 43 4D 00
<- 61 1B [Normal ending of the command with <27> bytes of extra information.]
key set 0 (Card Defined)
Initialize Update
-> 80 50 00 01 08 00 01 02 03 04 05 06 07 (00)
<- 4D 00 72 38 02 04 7C 89 0C 77 FF 01 6A E1 C6 FD AB 43 12 E1 18 CC 97 8C 3A B2 25 29, 90 00 [Normal ending of the command.]
Card info KeySet=-1
(SCP 01,implementation i05)
External Authenticate
-> 84 82 00 00 10 6B AD 05 2C 70 42 67 01 C5 53 31 90 1B 50 15 10
<- 90 00 [Normal ending of the command.]
7)*Delete instance of applet*
-> 80 E4 00 00 0E 4F 0C A0 00 00 00 18 0A 00 00 01 63 42 00 (00)
[ERROR ] <- 6D 00
[ERROR ] <- Invalid instruction.
Thanks in advance for your help.
yours sincerely,
Orchid
Edited by: NewOrchid on May 8, 2008 7:40 AM

Support for smart-card authentication in PowerBuilder based application

Hi, I have an application on PB11.5 with an Oracle DB back-end (11.2g). My DoD customer wants the application to use their DoD CAC Card (Smart Card) to authenticate against the Enterprise - Windows Active Directory domain, currently the application uses user-id\password for user authentication. Is this something newer versions of PB can support and implement? Thank you.

You have a couple of choices:
1. Depending on how old their workstations are, or if they have ACTIVCLIENT installed, you could call the CAPICOMM ActiveX using OLE commands
2. A solution that doesn't require that ActiveX is to use the Smart Card SDK built into newer versions of Windows. It does require a lot lower level coding though, as you have to issue specific APDU commands to the card and know how to handle the responses.
I posted a sample of the latter to the NNTP groups back in 2011. I suppose I should get around to creating a blog entry explaining how to use it.

How to use GPShells open_sc command for a SC02 option 15 Card (J2A, J3A)?

Hi,
my cards tell me as response to get-data 0066 command, that they are using SC02 option 15:
Global Platform version : 2.1.1
Global Platform Secure Channel Protocol: 02 option 15
What are the right parameters for GPShells open_sc command?
h3. GPShell help says:
open_sc -keyind x -keyver x -key xyz -mac_key xyz -enc_key xyz -kek_key xyz -security x -scp x -scpimpl x -keyDerivation x
For OpenPlatform 2.0.1' card only -keyind, -keyver, -mac_key and -enc_key are necessary.
For GlobalPlatform 2.1.1 cards -scp and -scpimpl should be not necessary to supply. But you must also specify -kek_key. If your card supports a Secure Channel Protocol Implementation with only one base key, specify this key with -key and omit the other keys.
If you have a card which uses key derivation you must enable the derivation mode with the -keyDerivation option and you must specify with -key the master (mother) key. -kek_key, -mac_key and -enc_key are not relevant, because they are calculated from the master key. See the sections #Options and #Key Derivation.
h3. GP-2.1.1-Spec says for SC Protocol 02 with option 15:
Initiation mode explicit, C-MAC on modified APDU, ICV set to zero, ICV encryption for CMAC session, 3 Secure Channel Keys,
h3. So, What are the right parameters for GPShells open_sc command?
Assumtions:
1. As my cards support GP 2.1.1 I sould not need to supply -scp and -scpimpl (acc. to GPShell help)
2. SCP 02 option 15 has three Secure Channel Keys (acc. to GP2.1.1. Spec) and does not support SCPImpl with only one base key (as mentioned in GPShell help).
Questions:
1. Are the 3 Secure Channel Keys mentioned in the Spec the keys -mac_key -enc_key -kek_key mentioned in GPShell help?
2. Where can I look for the correct values of -keyind and -keyver?
3. How can I check wether my card uses key derivation?
4. Can I freely choose the -security parameter from [ 0: clear, 1: MAC, 3: MAC+ENC ]
or is this determined by the SCP 02 option 15 to 1: MAC?
5. GPShells listgp211.txt uses
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
But that does not work for me (in fact: how can one open_sc command match for all GP Cards, if they use different
SCP 02 but with different options (as it is 15 in my case?)
It is no prob for me to dig into the specs, but I feel like there are some points not too clear there,
so I need experience too: trial and error.
That would be fine for me but locking all these cards does not feel so well, I'd be glad to perform some successful auth
to reset that damn counter ;)
Cheers,
Max

I managed to connect sucessfully to J2A-Card:
Main insight is that you have to specify 3 keys (can be the same key three times)
open_sc -security 1 -keyind 0 -keyver 0 -mac_key x -enc_key x -kek_key xh1. GPShell Trace:
mode_211
enable_trace
establish_context
card_connect
select -AID a000000003000000
Command --> 00A4040008A000000003000000
Wrapped command --> 00A4040008A000000003000000
Response <-- 6F658408A000000003000000A5599F6501FF9F6E06479181023100734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104012A026E01029000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f
Command --> 80CA006600
Wrapped command --> 80CA006600
Response <-- 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104012A026E01029000
Command --> 805000000860A1D92C0D5BA76800
Wrapped command --> 805000000860A1D92C0D5BA76800
Response <-- 00000093014854952092FF020004B1B79602B1CB9486C7A12DEB85139000
Command --> 8482010010273C6B2808F0F5391350C479076D6951
Wrapped command --> 8482010010273C6B2808F0F5391350C479076D6951
Response <-- 9000
get_status -element 10
Command --> 80F21000024F0000
Wrapped command --> 84F210000A4F008EB97807E3B04F9200
Response <-- 07A000000003535001000108A0000000035350410948454C4C4F4A434F500100010A48454C4C4F4A434F50419000
List of Ex. Load File (AID state Ex. Module AIDs)
a0000000035350     1
     a000000003535041
48454c4c4f4a434f50     1
     48454c4c4f4a434f5041
get_status -element 20
Command --> 80F22000024F0000
Wrapped command --> 84F220000A4F00530272F4C196EACD00
Response <-- 07A000000003535001000948454C4C4F4A434F5001009000
List of elements (AID state privileges)
a0000000035350     1     0
48454c4c4f4a434f50     1     0
get_status -element 40
Command --> 80F24000024F0000
Wrapped command --> 84F240000A4F00F4B9DB41BAF2486E00
Response <-- 0A48454C4C4F4A434F504107009000
List of elements (AID state privileges)
48454c4c4f4a434f5041     7     0
card_disconnect
release_contexth1. JCOP Tools Trace
--Opening terminal
/card -a a000000003000000 -c com.ibm.jc.CardManager--Waiting for card...
ATR=3B F8 18 00 FF 81 31 FE 45 4A 43 4F 50 76 32 34    ;.....1.EJCOPv24
    31 43                                              1C
ATR: T=1, FI=1/DI=8 (31clk/etu), N=-1, IFSC=254, BWI=4/CWI=5, Hist="JCOPv241"
=> 00 A4 04 00 08 A0 00 00 00 03 00 00 00 00          ..............
(24218 usec)
<= 6F 65 84 08 A0 00 00 00 03 00 00 00 A5 59 9F 65    oe...........Y.e
    01 FF 9F 6E 06 47 91 81 02 31 00 73 4A 06 07 2A    ...n.G...1.sJ..*
    86 48 86 FC 6B 01 60 0C 06 0A 2A 86 48 86 FC 6B    .H..k.`...*.H..k
    02 02 01 01 63 09 06 07 2A 86 48 86 FC 6B 03 64    ....c...*.H..k.d
    0B 06 09 2A 86 48 86 FC 6B 04 02 15 65 0B 06 09    ...*.H..k...e...
    2B 85 10 86 48 64 02 01 03 66 0C 06 0A 2B 06 01    +...Hd...f...+..
    04 01 2A 02 6E 01 02 90 00                         ..*.n....
Status: No Error
cm> set-key 255/1/DES-ECB/404142434445464748494a4b4c4d4e4f 255/2/DES-ECB/404142434445464748494a4b4c4d4e4f 255/3/DES-ECB/404142434445464748494a4b4c4d4e4f
cm> init-update 255
=> 80 50 00 00 08 51 C6 9C 29 E2 B2 9E 89 00          .P...Q..).....
(49458 usec)
<= 00 00 00 93 01 48 54 95 20 92 FF 02 00 05 BD 1A    .....HT. .......
    6B E9 D3 D5 5C 10 15 5A 3B FE 74 3B 90 00          k...\..Z;.t;..
Status: No Error
cm> ext-auth plain
=> 84 82 00 00 10 80 2B 5E A2 9A E4 CB AC FB 4B 10    ......+^......K.
    A2 5F E3 1A 87                                     ._...
(52746 usec)
<= 90 00                                              ..
Status: No ErrorCheers,
Max

'Get Response' APDU command in a script for apdutool

Dear all,
I'm facing some problems with apdutool (javacard 2.2.2 distribution) in executing the 'Get Response' command.
In fact its syntax differs from the one specified for other APDU commands accepted by apdutool, as Lc is replaced by the expected response lenght, i.e. by Le.
I tried inserting a fake P3 (Lc), but I always get ParseException errors.
All previous commands in the script are properly executed, including the one for which the subsequent 'Get Response' is tried. In particular, the SW2 byte returned by the latter command contains the right expected length.
I'm working with T0 algorithm and non-extended mode is specified in the APDU script.
Thank you very much to anyone who could help.
Best regards
Marco

Hi,
You could ensure that both of the text fields are not empty on your 'dashboard' before executing the FS00 tcode. This would negate the popup from ever appearing.
To do this you can use the "IF <text field control ID> Is Empty" statement in your script and then output a custom error message to another text box if the condition is true. then use an "IF <text field control ID> Is NOT Empty" statement to copy the value/s execute the FS00 tcode if the condition is true.
Now if you're going to check multiple fields for entries before executing the FS00 you'll have to get a little more creative and do something like I did in one my scripts (thanks again to Steve Rumsby for the tips) and create a 'check field' where you can enter values for items checked successfully and then use a little bit of javascript to count up the checks and check the result before executing the next part of the script.
Another idea is to check for the existence of the popup and navigate past it in your script, to do this you can use the "IF <control ID> control exists" statement.
Either one should work.

Status 69c2 on Verify APDU command

Hi,
I have successfully complete the APDU command new CommandAPDU(0x00, 0x20, 0x00, 0x01, new byte[]{ 0x31, 0x32, 0x33, 0x34, (byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF } ) for verify with the correct pin code (1234). I get status 0x9000.
But when i try with wrong pin code i get status response 0x69C2. Why I get this status instead of 0x63Cx, as ISO7816-4 states? If i get 0x63Cx i can use the last value to calculate how many tries remaining!
Beside this, not so much information exist for status response 0x69C2. It means "swAccessDenied 69C2 -The required access conditions were not satisfied".
What an i doing wrong? What to do to get status 0x63Cx if the pin is wrong?
Thank you
Edited by: Valentino on Aug 22, 2012 5:02 AM

Hi,
Valentino wrote:
Is this behavior normal?The status word bytes SW1-SW2 are defined by specification for your card application. What application are you using?
May be a developer of your card application mistook with the status word SW1 0x69 instead of 0x63 for VERIFY command as a status for wrong PIN-code? ;)
The value x in the status word SW2 0xCx defines the amount of the attempts remained.
So it would be normal for each next wrong PIN-code entered to get the status words: 69C2 -> 69C1 -> 69C0 -> 6983

APDU command chaining

Hello, I am sending some byte array by portions of 255 bytes to my on-card Applet using a sequence of APDU command-response operations. I just wanted to know, in case there is any possibility to make on-side chaining: send some sequence of APDU commands and receive only one response from the applet after the last portion of data received.
Best regards,
Eve

According to ISO 7816-4 the chaining possibilities are
- Extended APDU --> up to 65k data field
- Command chaining --> ICCD responds after each APDU
Your requirement would fit only to extended APDU. Java Card adopts only a certain class of the APDU structure from ISO 7816-4, which does not allow extended APDU: JC 2.2.1 API, javacard.framework.APDU (p. 44) ..
This class does not support extended length fields.
..This is one of the reasons it won't work with a card compliant to Java Card. The other reason are the fixed constants for the ISO7816 interface (e.g. javacard.framework.ISO7816.OFFSET_CDATA, which is 5 --> extended length field not possible).

Old DLL made for old card with filesystem - Help!

Hi,
I have an old DLL that is used to access an old smartcard with file system. The DLL is using standard ISO calls like Select, Read etc. from these files. I am now finishing an applet with filesystem created as byte arrays which works fine BUT. How can I make these files visible to the DLL? Are the old ISO filesystem calls still there or do I catch the these APDU commands and handle them my self within the applet?
And, where can I read about these calls and whether they still work on "pure java cards"?
Pls help :-)

Thing is, I have en old DLL that has been in use for many years! Card is no longer available so now switching to java platform. DLL must still be able to communicate with card for "file access". I have not got a clue what commands the DLL sends but know what the data looks like. This is the reason for looking at what the DLL does. When I know, I am asking: Can I handle the APDU commands from this DLL that before went to the file system directly, in my applet? AND to learn more about the old file handeling, where can I read about those APDU commands, such as select write & read?

Issuing apdu commands

I am experiencing problems running the demos that come with the java card kit such as the wallet and javapurse. i am able to run the apdutool utility with the the specified script file as input without any problems. But does it just end there? I thought it was possible for me to key in specific commands for crediting or debiting electronic cash in the wallet applet, for example. My question is-once I generate the output file, how do i proceeed from there - so that finally i can be able to send specific apdu commands to the sample applets. I would appreciate help soon so that i can be able to apply in a project i am undertaking.

I am experiencing problems running the demos that come with the java card kit such as the wallet and javapurse. i am able to run the apdutool utility with the the specified script file as input without any problems. But does it just end there? I thought it was possible for me to key in specific commands for crediting or debiting electronic cash in the wallet applet, for example. My question is-once I generate the output file, how do i proceeed from there - so that finally i can be able to send specific apdu commands to the sample applets. I would appreciate help soon so that i can be able to apply in a project i am undertaking.

NFC for Java Card

Hi guys
I'm a new one with NFC, especially for the field that I'm investigating right now, Java Cards. Hence, would you mind to help me with the initialization? I mean what am I supposed to begin with (name of documents, materials,...)?
Any of your help would be appreciated.
Thanks in advance
Jason

Jason,
I'm not sure what you mean by NFC integrated Java Card. Could you give me the name of the document you downloaded from Global Platform?
Java Card knows about the transport type between itself and the reader: contact (T=0, T=1 : ISO/IEC 7816) or contactless (T=CL : ISO/IEC 14443). But that is all; a Java Card applet should not know or care about the lower transport layers.
As for the relationship between GSM, UICC and NFC, have a look at the document "NFC Stepping Stones" from SIMAlliance: http://www.simalliance.org/en?t=/documentManager/sfdoc.file.supply&fileID=1308660607647
EDIT:
For more on STK applets (GSM), read the Gemalto introduction to the SIM Toolkit: http://developer.gemalto.com/home/technology/sim-toolkit.html
The best standard for you to start with is probably 3GPP 43.019.
As reference, here is a partial list of (I hope) relevant standards. If you find more, please post them here!
ISO/IEC:
ISO/IEC 7816-1
ISO/IEC 7816-2
ISO/IEC 7816-3 (T=0)
ISO/IEC 7816-4 (Limited to command set required for GSM compliance.)
Java Card:
Runtime Environment Specification Java Card Platform, Version 2.2.1 V2.2.1
Virtual Machine Specification Java Card Platform, Version 2.2.1 V2.2.1
Application Programming Interface Java Card Platform, Version 2.2.1 V2.2.1
Global Platform:
Global Platform Card Specification 2.1.1 V2.1.1
GSM:
GSM 11.11 version 8.3.0
GSM 11.12 version 4.3.1
GSM 11.14 version 8.3.0
GSM 11.17 version 7.0.2
GSM 11.18 version 7.0.1
GSM Comp128-1, 2, 3
SIM:
TS 23.040 V.6 Technical realization of the Short Message Service (SMS)
TS 43.019 V.6 Subscriber Identity Module Application Programming Interface (SIM API) for Java Card; Stage 2
TS 51.011 V.5 Specification of the Subscriber Identity Module - Mobile Equipment (SIM-ME) interface
TS 51.014 V.4 Specification of the SIM Application Toolkit for the Subscriber Identity Module - Mobile Equipment (SIM - ME) interface
USIM:
TS 31.102 V.6 Characteristics of the Universal Subscriber Identity Module (USIM) application
TS 31.111 V.6 Universal Subscriber Identity Module (USIM) Application Toolkit (USAT)
TS 31.115 V.6 Secured packet structure for (Universal) Subscriber Identity Module (U)SIM Toolkit applications
TS 31.116 V.6 Remote APDU Structure for (Universal) Subscriber Identity Module (U)SIM Toolkit applications
TS 31.124 V.6 Mobile Equipment (ME) conformance test specification; Universal Subscriber Identity Module Application Toolkit (USAT) conformance test specification
TS 31.900 V.6 SIM/USIM internal and external interworking aspects
TR 31.919 V.6 2G/3G Java Card™ Application Programming Interface (API) based applet interworking
ETSI TS 135.208 Technical Specification Universal Mobile Telecommunications System (UMTS); 3G Security; Specification of the MILENAGE algorithm set
UICC:
TS 31.101 V.6 UICC-terminal interface; Physical and logical characteristics
TS 31.121 V.6 UICC-terminal interface; Universal Subscriber Identity Module (USIM) application test specification
ETSI TS 102.220 ETSI numbering system for telecommunication application providers
ETSI TS 102.221 Smart cards; UICC-Terminal interface; Physical and logical characteristics
ETSI TS 102.222 IC Cards Admin Commands for Telecom
ETSI TS 102.223 Card Application Toolkit
ETSI TS 102 241 "Technical Specification Smart Cards; UICC Application Programming Interface (UICC API) for Java Card"
OTA:
ETSI TS 102.224 Security mechanisms for UICC based Applications -Functional requirements
ETSI TS 102.225 Secured packet structure for UICC based applications
ETSI TS 102.226 Remote APDU structure for UICC based applications
TS 23.040 V.6 Technical realization of the Short Message Service (SMS) Point-to-Point (PP)
TS 23.041 V.6 Technical realization of Cell Broadcast Service (CBS)
(U)SAT:
TS 23.048 V.5 Security Mechanisms for the (U)SIM application toolkit
TS 31.111 V.6 Specification of the USIM Application Toolkit
TS 31.112 V.6 Universal Subscriber Identity Module Application Toolkit (USAT) interpreter architecture description
TS 31.113 V.6 Universal Subscriber Identity Module Application Toolkit (USAT) interpreter byte codes
TS 31.114 V.6 Universal Subscriber Identity Module Application Toolkit (USAT) interpreter protocol and administration
TS 51.014 V.4 Specification of the SIM Application Toolkit for the Subscriber Identity Module - Mobile Equipment (SIM-ME) interface
ETSI TS 102 223 Card Application Toolkit (CAT)
SIM Alliance:
S@T 01.00 Specification 2009 SIMalliance S@T Byte Code
S@T 01.10 Specification 2009 SIMalliance S@T Markup Language
S@T 01.20 Specification 2009 SIMalliance S@T Session Protocol
S@T 01.21 Specification 2009 SIMalliance S@T Administrative Commands
S@T 01.22 Specification 2009 SIMalliance S@T Operational Commands
S@T 01.23 Specification 2009 SIMalliance S@T Push Commands
S@T 01.30 Specification 2007 SIMalliance S@T Validation Test Plan System Functional Tests
S@T 01.50 Specification 2009 SIMalliance S@T Browser Behaviour Guidelines
S@T 01.60 Gateway Implement 2009 SIMalliance S@T Gateway Implement
Security & Algorithm
TS 33.102 V.6 3G security; Security architecture
TS 33.105 V.6 Cryptographic algorithm requirements
TS 35.205 V.6 3G Security; Specification of the MILENAGE algorithm set: An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 1: General
TS 35.206 V.6 3G Security; Specification of the MILENAGE algorithm set: An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 2: Algorithm specification
TS 55.205 V.6 Specification of the GSM-MILENAGE algorithms: An example algorithm set for the GSM Authentication and Key Generation Functions A3 and A8
Test specification
TS 31.048 V.5 Security mechanisms for the (U)SIM application toolkit; Test specification
TS 31.120 V.6 UICC-terminal interface; Physical, electrical and logical test specification
TS 31.121 V.6 UICC-terminal interface; Universal Subscriber Identity Module (USIM) application test specification
TS 31.122 V.6 Universal Subscriber Identity Module (USIM) conformance test specification
TS 31.130 V.6 (U)SIM Application Programming Interface (API); (U)SIM API for Java Card
TS 31.213 V.6 Test specification for subscriber (U)SIM; Application Programming Interface (API) for Java Card™
TS 35.203 V.6 Specification of the 3GPP confidentiality and integrity algorithms; Document 3: Implementors' test data
TS 35.207 V.6 3G Security; Specification of the MILENAGE algorithm set: An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 3: Implementors’ test data
TS 35.208 V.6 3G Security; Specification of the MILENAGE algorithm set: An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 4: Design conformance test data
TR 35.909 V.6 3G Security; Specification of the MILENAGE algorithm set: an example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 5: Summary and results of design and evaluation
TS 51.013 V.5 Test specification for Subscriber Identity Module (SIM) Application Programming Interface (API) for Java Card
TS 51.017 V.4 Subscriber Identity Module (SIM) test specification
Adriaan
Edited by: Adriaan on Feb 14, 2012 1:34 AM

APDU Commands - How they work ?

Hi,
Iam all new to the JavaCard programming and wanted to understand some basics. The APDU Commands (CLA, INS, P1, P2, ...) are they reserved commands (as in reserved words). If so, how do I get a listing of the same.
Eg. I am looking into one of the programs which have the following few lines,
SetLength(DataToSend, 13);
DataToSend[0] := $88;
DataToSend[1] := $10;
DataToSend[2] := $11;
DataToSend[3] := $00;
DataToSend[4] := $08;
DataToSend[5] := $F9;
DataToSend[6] := $FD;
DataToSend[7] := $CE;
DataToSend[8] := $8B;
DataToSend[9] := $F6;
DataToSend[10] := $F4;
DataToSend[11] := $14;
DataToSend[12] := $E0;
FSCard.SendCustomAPDU(DataToSend, ReceiveBuffer);
I believe the above writes info. to the card.
If Yes, how do I retrive the same from Card?
If No, then what does the instruction stand for?
Appreciate your help ....

hI,
Iam trying to write a sample code by trying to write data to card using XOR, converting the same back in the applet to the original string and retriving the same. The return value is still in XOR value and not the original i sent. Please let me know what iam doing wrong here?
WRITING DATA:
CLIENT PROGRAM:
SetLength(DataToSend, 9);
DataToSend[0] := $88;
DataToSend[1] := $10;
DataToSend[2] := $9A;
DataToSend[3] := $00;
DataToSend[4] := $4;
DataToSend[5] := $A;
DataToSend[6] := $B;
DataToSend[7] := $C;
DataToSend[8] := $D;
DataToSend[5] := DataToSend[5] XOR DataToSend[6];
DataToSend[6] := DataToSend[6] XOR DataToSend[7];
DataToSend[7] := DataToSend[7] XOR DataToSend[8];
DataToSend[8] := DataToSend[8] XOR DataToSend[5];
FSCard.SendCustomAPDU(DataToSend, ReceiveBuffer);
APPLET CALLS THIS PROCEDURE :
private void SetStringSec5(APDU apdu) {
          byte buffer[] = apdu.getBuffer();
          byte size = (byte)(apdu.setIncomingAndReceive());
          byte index;
byte indexsn;
indexsn=0;
          // Store the length of the string and the string itself
          TheBuffer[80] = size;
          for (index = 80; index < (byte)(81+(int)(size)); index++){
               TheBuffer[(byte)(index + 1)] = buffer[(byte)(ISO7816.OFFSET_CDATA + indexsn)];
indexsn++;
          CalcSri();
apdu.setOutgoing();
          apdu.setOutgoingLength((short)size);
apdu.sendBytesLong(TheBuffer,(short)0,(short)size);
          return;
private void CalcSri() {
          TheBuffer[(byte)(8)]=(byte)(((int)(TheBuffer[(byte)(5)])) ^ ((int)(TheBuffer[(byte)(8)])));
TheBuffer[(byte)(7)]=(byte)(((int)(TheBuffer[(byte)(8)])) ^ ((int)(TheBuffer[(byte)(7)])));
          TheBuffer[(byte)(6)]=(byte)(((int)(TheBuffer[(byte)(7)])) ^ ((int)(TheBuffer[(byte)(6)])));
          TheBuffer[(byte)(5)]=(byte)(((int)(TheBuffer[(byte)(6)])) ^ ((int)(TheBuffer[(byte)(5)])));
          return;
READING DATA:
CLIENT PROGRAM :
//Get string from the card
SetLength(DataToSend, 5);
DataToSend[0] := $88;
DataToSend[1] := $10;
DataToSend[2] := $BE;
DataToSend[3] := $00;
DataToSend[4] := $4;
FSCard.SendCustomAPDU(DataToSend, ReceiveBuffer);
APPLET CODE CALLING THE PROCEDURE:
private void GetStr(APDU apdu) {
          byte buffer[] = apdu.getBuffer();
          byte numBytes = buffer[ISO7816.OFFSET_LC];
          apdu.setOutgoing();
          apdu.setOutgoingLength(numBytes);
          byte index;
byte indexsn;
indexsn=0;
          for (index = 80; index <= (byte)(80+(int)(numBytes)); index++){
               buffer[(byte)(indexsn)] = TheBuffer[(byte)(index + 1)];
indexsn++;
apdu.sendBytesLong(buffer,(short)0,(short)numBytes);
          return;
}

[svn:bz-trunk] 21277: Added ds-console source to package-oem and removed copy command for datavisualization .swc which doesn't exist in the specified location.

Revision: 21277
Revision: 21277
Author:   [email protected]
Date:     2011-05-18 11:35:28 -0700 (Wed, 18 May 2011)
Log Message:
Added ds-console source to package-oem and removed copy command for datavisualization.swc which doesn't exist in the specified location. I do not find it in the most recent package-oem.zip neither
Modified Paths:
    blazeds/trunk/build.xml

Gusar wrote:No, it's not. I have actually seen cases where software rendering gave a higher glxgears score than hardware rendering (and no, it wasn't about vsync). Of course, with *actual* apps on the same machine, software rendering sucked compared to hardware rendering.
Please do not jump to conclusions and make assumptions here like 'when will people finally get it??'. I never said it was a benchmark. I have also seen many examples of where it's results do not go with conventional performance. I have a Radeon 9000 that goes faster on glxgears than a Geforce FX 5600 running Nouveau. Which is the faster card? The FX by miles. It is not a benchmark as it can not be compared between configurations. What I know is that on this individual system, from prior experience over many years when 3D acceleration is working glxgears gets between 300 and 400 fps. When it is not working it gets less than 10. That is a fact but does not mean it is benchmarkable. Yes, a Quake 3 timedemo (I have these numbers too and they very much correlate to glxgears performance for this system given just how slow it is) would be a benchmark but when it runs less than 0.1fps and even the 2D rendering means that navigating the menu is impossible, there just isn't the time to find out. Hence if playing around with drivers on this system I would use glxgears to check that 3D acceleration is working but not to benchmark. Glxinfo does not give you all this evidence.
But to clarify, I wouldn't use glxgears as a benchmark, benchmarking is different and I do a lot of that too.

Finding firmware version for HBA card

Does anybody knows a command in solaris 9 to display firmware version for HBA cards or other pci cards currently in system

I've not heard of a way of reading add-on card firmware levels from the OBP...
However, you might be lucky insofar that the firmware levels get displayed at boot time. Emulex cards always do this as one of the very first things that pass on the screen after powering up.

AAA Radius Authentication for Calling Card Platform

Hi,
I am using AS5350 and I am using it for calling card application using Clear Box as my RADIUS Server for AAA. My question now, how would I know if cisco is sending the dtmf for "enter card number.au" on the RADIUS server ? Does the card number included on the VSA ? below are my configurations and the debug info. The problem here is that the card number that I entered doesn't able to match against the configuration on my Clear Box/SQL Database. I want to know what should I expect from CiscoAS5350 to send a vsa for enter_card_number ?
aaa new-model
aaa group server radius ClearBox
server 192.168.1.1 auth-port 1812 acct-port 1813
aaa authentication login default local
aaa authentication login h323 group ClearBox
aaa authorization exec h323 group ClearBox
aaa accounting exec default start-stop group ClearBox
aaa accounting network default start-stop group ClearBox
aaa accounting connection h323 start-stop group ClearBox
aaa session-id unique
radius-server host 192.168.1.1 auth-port 1812 acct-port 1813
radius-server key 7 0355481F031F761D
radius-server vsa send accounting
radius-server vsa send authentication
call application voice prepaid tftp://192.168.1.2/debitcard-multi-lang-Cisco.1.1.0.2.tcl
call application voice prepaid pin-len 10
call application voice prepaid warning-time 300
call application voice prepaid redirect-number 8662195822
call application voice prepaid language 1 en
call application voice prepaid language 2 sp
call application voice prepaid language 3 ch
call application voice prepaid set-location en 0 tftp://192.168.1.2/prompts/
call application voice prepaid set-location sp 0 tftp://192.168.1.2/prompts/
call application voice prepaid set-location ch 0 tftp://192.168.1.2/prompts/
gw-accounting aaa
==================================================
Getting session id for NET(00003600) : db=6418E654
AA/ACCT/NET(00003600): add, count 1
Getting session id for NET(00003601) : db=6410D098
AAA/ACCT/NET(00003601): add, count 1
AAA/ACCT/CONN(00003601): Pick method list 'h323'
AAA/ACCT/SETMLIST(00003601): Handle 94000002, mlist 62D3B124, Name h323
Getting session id for CONN(00003601) : db=6410D098
AAA/ACCT/CONN(00003601): Queueing record is START
AAA/ACCT(00003601): Accouting method=ClearBox (RADIUS)
AAA/ACCT/EVENT/(00003601): ATTR ADD
AAA/ACCT/CONN(00003601): START protocol reply PASS
AAA/ACCT/EVENT/(00003601): VOICE DOWN
AAA/ACCT/HC(00003601): Update VOICE/000020D3
AAA/ACCT/HC(00003601): VOICE/000020D3 [sess] (rx/tx) base 0/0 pre 0/0 call 0/0
AAA/ACCT/HC(00003601): VOICE/000020D3 [sess] (rx/tx) adjusted, pre 0/0 call 0/0
AAA/ACCT/CONN(00003601): Queueing record is STOP osr 1
AAA/ACCT(00003601): del node, session 174133
AAA/ACCT/CONN(00003601): free_rec, count 1
AAA/ACCT/CONN(00003601): Setting session id 174144 : db=6410D098
AAA/ACCT/HC(00003601): Update VOICE/000020D3
AAA/ACCT/HC(00003601): Deregister VOICE/000020D3
AAA/ACCT/EVENT/(00003601): CALL STOP
AAA/ACCT/CALL STOP(00003601): Sending stop requests
AAA/ACCT(00003601): Send all stops
AAA/ACCT/NET(00003601): STOP
AAA/ACCT/NET(00003601): Method list not found
AAA/ACCT/CONN(00003601): STOP protocol reply PASS
AAA/ACCT/CONN(00003601) Record not present

VSAs are collected by the RADIUS server during the accounting process when AAA is configured with the Debit Card feature. Data items are collected for each call leg created on the gateway. A call leg is the internal representation of a connection on the gateway. Each call made through the gateway consists of two call legs: incoming and outgoing. The call leg information emitted by the gateways can be correlated by the connection ID, which is the same for all call legs of a connection.
Use the H.323 VSA method of accounting when configuring the AAA application.
There are two modes:
â¢Overloaded Session-ID
Use the gw-accounting h323 syslog command to configure this mode.
â¢VSA
Use the gw-accounting h323 vsa command to configure this mode.

APDU commands for Globalplatform card

Similar Messages

Maybe you are looking for