Java Card Authentication

Hi,
i have a card manager secured and for uploading and deleting applet i have to make authentication. Do i have to authenticate in order to select my applet and
to send APDU?
Which is the APDU command for ATR?
Thanks

Once you are ready to send APDU from a terminal, the terminal has already received the ATR. If you look up the ISO 7816 specifications you'll see that the ATR is sent by the card on power-up automatically to setup communication with the terminal (baudrates etc.)
If you have to authenticate for more complex applet functions depends on the application itself. But you can surely send a SELECT command APDU without prior authentication.
Best regards
paulizist

Similar Messages

Java Card and OID Implementation

Hi
Has anyone used java card (Smart card) authentication and authorization with Oracle Internet Directory. Can it be done using the Identity Managment Component.
More specifically speaking , I want to create the trade partner user in internet directory and wants to enable the JAAS in oracle application server for authentication and authorization.
There are other types of users ( patient) who are having the biometric smart card (i.e. Java card). When these user swipes the finger, client based authentication is performed using the fingerprints and connects to the oid to get the authorization and personal details.
Please let me know the exact suggestion to implement these type of identification and authorizaiton. Please let me know if there is any oracle technical paper which addresses the mentioned problem.
Thanks in Advance.
with regards
Mazhar

I am interested in this also. We are currently trying to move our website to java card authentication with an OID directory. I know it has been done before but have not thoroughly researched it yet.

External Authentication with Java Card through HSM

Hi All,
How to do External Authentication process in Javacard through HSM (Hardware Security Module). Does any HSM supports this?
My requirement is to store the Card KMC in HSM and i should authenticate the terminal application with the Java Card through HSM.
Does anyone have the idea on this. Because i should not expose the Card KMC to outside world.

Hi,
Megaa1207 wrote:
My requirement is to store the Card KMC in HSM and i should authenticate the terminal application with the Java Card through HSM.If you cannot create a functional module for your HSM to perform external authenticate, you can use the PKCS11 libraries (cryptoki) to perform the primitive operations to generate your KDC's and to use them for generating session keys and cryptograms. All the sensitive data will be able to stay secured inside the HSM. You would perform the cryptographic operations on the derivation data and store the result as a key object inside the HSM. There is quite a lot of documentation on the PKCS11 operations on the RSA web site.
Cheers,
Shane

Java Card biometric authentication using OID

Hi
Has anyone used java card (Smart card) authentication and authorization with Oracle Internet Directory. Can it be done using the Identity Managment Component.
More specifically speaking , I want to create the trade partner user in internet directory and wants to enable the JAAS in oracle application server for authentication and authorization.
There are other types of users ( patient) who are having the biometric smart card (i.e. Java card). When these user swipes the finger, client based authentication is performed using the fingerprints and connects to the oid to get the authorization and personal details.
Please let me know the exact suggestion to implement these type of identification and authorizaiton. Please let me know if there is any oracle technical paper which addresses the mentioned problem.
Thanks in Advance.
with regards
Mazhar

If you look at the JCDK samples, there is a PIN applet you can look at for user pin.
What do you want to authenticate? Is it host to applet or host to card manager?
Cheers,
Shane

Java card user authentication

Hi
Im Using Gemalto TOP DL V2 Java card
it supports java card 2.2.2 version.
Will some one guide how to write program to authenticate..
it support 3DES ,AES encryption
how i can write user pin inside EEPROM( i hope pin.update )
what is the use of Mother key they provided with Card?
Details
SID A000000003000000

If you look at the JCDK samples, there is a PIN applet you can look at for user pin.
What do you want to authenticate? Is it host to applet or host to card manager?
Cheers,
Shane

How SDA and DDA works in Java Card?

Hi Friends,
I want to know how exactly SDA and DDA works in Java Card technology..
Yes, i know that SDA (Static Data Authentication) is valid for every transactions, but the key used is always same for every transaction made..
and DDA (Dynamic Data Authentication) uses dynamic key for every transactions, it means that one key is valid for one transaction..
But, i'm a little bit confused how this is implemented in Java Card..
Is it related with SCP01 and SCP02?..
Please help me regarding this..
Thanks in advance

Hi,
I want to know how exactly SDA and DDA works in Java Card technology..This is an EMV concept and as such is not implemented in Java Card as such. You would have to create an implementation to be able to use SDA and DDA.
But, i'm a little bit confused how this is implemented in Java Card..
Is it related with SCP01 and SCP02?..It is not implemented natively in Java Card and are not related to SCP. SDA and DDA are for the EMV card application (card application data updates) and SCP is for the card manager (card content updates). While they could be considered similar concepts, they are not related in a Java Card sense.
Cheers,
Shane

How to communicate java card from java classes???

hi all....
please help me to program java card stuff for my project...
I am want to use the java as as authentication module to identify the some sort of signature.
please let me know the codes or steps do i have to follows....
i am using jcop2.2 .....
do i have to learn the javacard shell programming too..? i am good in java but not this technology...
i have tried the sample example in java_card_kit-2_2_1 but i could not do anything...:(
please help me
cheers
lanaka

It's like u r asking someone to do ur homework.
1. sample example you have mentioned can't work on JCOP
2. yep, you'll have to learn how to work with JCShell if u want to use jcop tools.
3. Read HELP that is provided with 2.2 tools. It's from big help for beginners.
(there is even one signature example in it)

How can I choose java card?

I'm new for smart card.
I want to do project about security (It use authentication by MAC.) How can I choose the card and reader/writer? Have vender in thailand?
If I bought normal smart card and reader/writer, can I write java on it? If it's possible , how can I do?
Note that: I want only basic java card.
Thanks

I go to Schlumberger website. I found e-gate SDK kit ID. 401140.
I want to know that it have more basic can I get to do my project?
About gemplus? I go to gemplus website too, but I don't found more enough information to decided.
Cloude you advise version of card and reader that can I get to do my project? (I have budget about $250)
Can it work with Java Card 2.2 Development Kit by sun, if I buy only card and card reader?
Thanks,

Please help error regarding GPShell 1.4.2 with Java Card 2.2.1

Hi masters..
please help me regarding GPShell + Smart Card Reader (namely Omnikey Cardman 5321)..
currently i've a smart card reader (Omnikey) and a sample java card that support for Java Card 2.2.1..
i've installed Smart card reader's driver, and it has already completely function..
When i try to run this command in GPShell 1.4.2, i get this report :
C:\GPShell-1.4.2>GPShell helloInstallgemXpressoProR3_2E64.txt
mode_201
gemXpressoPro
enable_trace
establish_context
card_connect
* reader name OMNIKEY CardMan 5x21 0
card_connect() returns 0x80100069 (The smart card has been removed, so that furt
her communication is not possible.
select -AID A000000018434D00
Command --> 00A4040008A000000018434D00
Wrapped command --> 00A4040008A000000018434D00
select_application() returns 0x00000006 (The handle is invalid.
Yes, i know that in that script (helloInstallgemXpressoProR3_2E64.txt), there's a script for load helloworld.cap into Java card..
i tried that because i just want to make sure whether my Java Card run well or not..
Please help me regarding this..
Thanks in advance..

Hi safarmer, thanks for your reply :)..
Sorry before, i still don't understand about your last reply.. :(
especially for check the crytpogram.. :(
could you describe what mean of each line of code from that snippet code?..
Sequence : 0002
challenge : 598dd3961bfd
cryptogram : 24cccf18c18437bb
host : 5a7787ba91497948
DEBUG [] - Input to session S-ENC derivation: 01820002000000000000000000000000
DEBUG [] - S-ENC: adc1163ba2a146fbb94af44c8676fb7cadc1163ba2a146fb
DEBUG [] - Input to session DEK derivation : 01810002000000000000000000000000
DEBUG [] - S-DEK: fd01086b6db03bdfe0d5cb61d03ed3abfd01086b6db03bdf
DEBUG [] - Input to session CMAC derivation: 01010002000000000000000000000000
DEBUG [] - S-MAC: 3e07b0c8fdfd798a573b9b9889d0cb513e07b0c8fdfd798a
Input to card cryptogram verification: 5a7787ba914979480002598dd3961bfd8000000000000000
DEBUG [] - Signature : 24cccf18c18437bb
DEBUG [] - Cryptogram: 24cccf18c18437bb
Card cryptogram authenticated=======================================================================================
=======================================================================================
i've added script "mode_211" to my script, as follow :
mode_211
enable_trace
establish_context
card_connect -readerNumber 2
select -AID a0000000030000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
delete -AID a00000006203010c0101
delete -AID a00000006203010c01
delete -AID a00000006203010c0101
install -file HelloWorld.cap -nvDataLimit 500 -instParam 00 -priv 2
card_disconnect
release_contextbut when i executed that script in the console, i got this :
C:\GPShell-1.4.2>GPShell helloInstallChan.txt
mode_211
enable_trace
establish_context
card_connect -readerNumber 2
* reader name OMNIKEY CardMan 5x21-CL 0
select -AID a0000000030000
Command --> 00A4040007A0000000030000
Wrapped command --> 00A4040007A0000000030000
Response <-- 6F108408A000000003000000A5049F6501FF9000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4
f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
Command --> 80CA006600
Wrapped command --> 80CA006600
Response <-- 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864
886FC6B03640B06092A864886FC6B040215650B06092B8510864864020102660C060A2B060104012
A026E01029000
Command --> 80500000083C4E03633407EC1800
Wrapped command --> 80500000083C4E03633407EC1800
Response <-- 0000715457173C2B8FC1FF020002598DD3961BFD8B6F2963C070FF949000
Command --> 8482010010E17B69E2A3DFEA320B0B457657362614
Wrapped command --> 8482010010E17B69E2A3DFEA320B0B457657362614
Response <-- 9000
delete -AID a00000006203010c0101
Command --> 80E400800C4F0AA00000006203010C010100
Wrapped command --> 84E40080144F0AA00000006203010C0101D259A163E654B99900
Response <-- 6A88
delete_applet() returns 0x80206A88 (6A88: Referenced data not found.)
delete -AID a00000006203010c01
Command --> 80E400800B4F09A00000006203010C0100
Wrapped command --> 84E40080134F09A00000006203010C01094A9BF13AD2CC3E00
Response <-- 6A88
delete_applet() returns 0x80206A88 (6A88: Referenced data not found.)
delete -AID a00000006203010c0101
Command --> 80E400800C4F0AA00000006203010C010100
Wrapped command --> 84E40080144F0AA00000006203010C010156679B9711B83FAB00
Response <-- 6A88
delete_applet() returns 0x80206A88 (6A88: Referenced data not found.)
install -file HelloWorld.cap -nvDataLimit 500 -instParam 00 -priv 2
file name HelloWorld.cap
Command --> 80E602001F09A00000006203010C0107A0000000030000000AEF08C60201A8C80201
F40000
Wrapped command --> 84E602002709A00000006203010C0107A0000000030000000AEF08C60201
A8C80201F400D35F07F1D11A31E500
Response <-- 6985
install_for_load() returns 0x80206985 (6985: Command not allowed - Conditions of use not satisfied.)What it does mean?..
so, can i reset THE RETRY COUNTER of my Java Card?..
could you give me an example script that reset the Retry Counter?..
Thanks in advance..
Sorry i really confuse.. :(

I cannot load my java card applet Response APDU: 69 85

I know there have been many threads on this subject, I am a newbie to Java card development.
Please someone help me.
I am using the gpj for downloading the applet.
The following is the output from the command "java -jar gpj.jar -load JCHelloWorld.cap -install"
Thanks in advance
run:
Found terminals: [PC/SC terminal Generic PCSC Smartcard Reader 0]
Found card in terminal: Generic PCSC Smartcard Reader 0
ATR: 3B DB 96 00 80 B1 FE 45 1F 83 00 31 C0 64 C7 FC 10 00 01 90 00 74
INFO: Selecting Security Domain OP201a, AID=A000000003000000
DEBUG: Command APDU: 00 A4 04 00 08 A0 00 00 00 03 00 00 00
DEBUG: Response APDU: 6F 6E 84 08 A0 00 00 00 03 00 00 00 A5 62 73 2F 06 07 2A 86 48 86 FC 6B 01 60 0C 06 0A 2A 86 48 86 FC 6B 02 02 01 01 63 09 06 07 2A 86 48 86 FC 6B 03 64 0B 06 09 2A 86 48 86 FC 6B 04 01 05 9F 6E 2A 48 20 50 2B 82 31 80 30 00 63 03 12 63 00 07 BB 03 00 11 42 12 97 11 43 12 97 11 44 12 97 01 00 00 00 00 00 00 00 00 00 00 00 9F 65 01 FF 90 00
Successfully selected Security Domain OP201a A0 00 00 00 03 00 00 00
DEBUG: Command APDU: 80 50 00 00 08 FC 81 DB FE 80 72 19 28
DEBUG: Response APDU: 00 00 03 12 63 00 07 BB 03 00 FF 01 DA 26 EF 49 10 B7 72 00 9A 24 7F B4 A0 1F C7 C8 90 00
INFO: INITIALIZE UPDATE Successful
DEBUG: Command APDU: 84 82 00 00 10 D5 41 CE BE F4 A8 E4 DD 36 6C C5 3E 19 9C 77 93
DEBUG: Response APDU: 90 00
DEBUG: Command APDU: 84 82 00 00 08 D5 41 CE BE F4 A8 E4 DD
DEBUG: Response APDU: 90 00
INFO: External Authentication Successful
DEBUG: packagePath: com/samptah/card/javacard/
DEBUG: package: com.samptah.card
DEBUG: package AID: 9C 25 F6 5E AB 3F
DEBUG: applet AIDs: [9C 25 F6 5E AB CD ]
DEBUG: Command APDU: 80 E6 02 00 13 06 9C 25 F6 5E AB 3F 08 A0 00 00 00 03 00 00 00 00 00 00
DEBUG: Response APDU: 00 90 00
DEBUG: Command APDU: 80 E8 00 00 FF C4 82 01 4C 01 00 10 DE CA FF ED 01 02 04 00 01 06 9C 25 F6 5E AB 3F 02 00 1F 00 10 00 1F 00 0A 00 15 00 2E 00 0C 00 7F 00 18 00 12 00 00 00 6F 00 02 00 01 00 0B 02 01 00 04 00 15 02 04 01 07 A0 00 00 00 62 01 01 00 01 07 A0 00 00 00 62 00 01 03 00 0A 01 06 9C 25 F6 5E AB CD 00 08 06 00 0C 00 80 03 00 FF 00 07 01 00 00 00 1C 07 00 7F 00 01 10 18 8C 00 00 7A 05 30 8F 00 01 3D 8C 00 02 18 1D 04 41 18 1D 25 8B 00 03 7A 02 23 18 8B 00 04 60 03 7A 19 8B 00 05 2D 1A 03 25 11 00 FF 53 5B 32 1A 04 25 11 00 FF 53 5B 29 04 1F 10 80 6A 08 11 6E 00 8D 00 06 16 04 75 00 10 00 01 00 00 00 09 18 19 8C 00 07 70 08 11 6D 00 8D 00 06 7A 05 22 19 8B 00 05 2D 7B 00 08 92 32 7B 00 08 03 1A 03 1F 8D 00 09 3B 19 03 1F 8B 00 0A 7A 08 00 18 00 02 00 01 00 01 03 00 0B 48 65 6C 6C
DEBUG: Response APDU: 69 85
net.sourceforge.gpj.cardservices.exceptions.GPLoadException: Load failed, SW: 69 85
at net.sourceforge.gpj.cardservices.GlobalPlatformService.loadCapFile(GlobalPlatformService.java:707)
at net.sourceforge.gpj.cardservices.GlobalPlatformService.main(GlobalPlatformService.java:1675)
at gpj.Main.main(Main.java:26)
BUILD SUCCESSFUL (total time: 1 second)

Quite similar problem here. Here's what I got from GPShell:
enable_trace
establish_context
card_connect
select -AID a0000000030000
Command --> 00A4040007A0000000030000
Wrapped command --> 00A4040007A0000000030000
Response <-- 6F658408A000000003000000A5599F6501FF9F6E06479181023100734A06072A864
886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B0
40215650B06092B8510864864020103660C060A2B060104012A026E01029000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4
f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
Command --> 805000000804C1C46CBC9932AA00
Wrapped command --> 805000000804C1C46CBC9932AA00
Response <-- 000010700108859552580101AA4F3AEC5503E7A7435A0560E047AF489000
Command --> 84820100100C2766279A1FC158181037B7A811AB93
Wrapped command --> 84820100100C2766279A1FC158181037B7A811AB93
Response <-- 9000
delete -AID D0D1D2D3D4D50101
Command --> 80E400000A4F08D0D1D2D3D4D5010100
Wrapped command --> 84E40000124F08D0D1D2D3D4D501014018673D5E89975900
Response <-- 6A88
delete() returns 0x80206A88 (6A88: Referenced data not found.)
delete -AID D0D1D2D3D4D501
Command --> 80E40000094F07D0D1D2D3D4D50100
Wrapped command --> 84E40000114F07D0D1D2D3D4D501887135A5C0B424D500
Response <-- 6A88
delete() returns 0x80206A88 (6A88: Referenced data not found.)
delete -AID D0D1D2D3D4D50101
Command --> 80E400000A4F08D0D1D2D3D4D5010100
Wrapped command --> 84E40000124F08D0D1D2D3D4D501017144DF5DE0D2DE9F00
Response <-- 6A88
delete() returns 0x80206A88 (6A88: Referenced data not found.)
install -file helloworld.cap -nvDataLimit 500 -instParam 00 -priv 2
Command --> 80E602001907D0D1D2D3D4D50107A00000000300000006EF04C60201600000
Wrapped command --> 84E602002107D0D1D2D3D4D50107A00000000300000006EF04C602016000
C6EDAE8F91652A3B00
Response <-- 6A88
install_for_load() returns 0x80206A88 (6A88: Referenced data not found.)And this is what I've got from gpj
Found terminals: [PC/SC terminal ACS ACR1281 1S Dual Reader ICC 0, PC/SC termina
l ACS ACR1281 1S Dual Reader PICC 0, PC/SC terminal ACS ACR1281 1S Dual Reader S
AM 0]
Found card in terminal: ACS ACR1281 1S Dual Reader ICC 0
ATR: 3B F8 18 00 00 81 31 FE 45 4A 43 4F 50 76 32 34 31 BC
DEBUG: Command APDU: 00 A4 04 00 07 A0 00 00 01 51 00 00
DEBUG: Response APDU: 6A 82
Failed to select Security Domain GP211 A0 00 00 01 51 00 00 , SW: 6A 82
DEBUG: Command APDU: 00 A4 04 00 08 A0 00 00 00 18 43 4D 00
DEBUG: Response APDU: 6A 82
Failed to select Security Domain GemaltoXpressPro A0 00 00 00 18 43 4D 00 , SW:
6A 82
DEBUG: Command APDU: 00 A4 04 00 08 A0 00 00 00 03 00 00 00
DEBUG: Response APDU: 6F 65 84 08 A0 00 00 00 03 00 00 00 A5 59 9F 65 01 FF 9F 6
E 06 47 91 81 02 31 00 73 4A 06 07 2A 86 48 86 FC 6B 01 60 0C 06 0A 2A 86 48 86
FC 6B 02 02 01 01 63 09 06 07 2A 86 48 86 FC 6B 03 64 0B 06 09 2A 86 48 86 FC 6B
04 02 15 65 0B 06 09 2B 85 10 86 48 64 02 01 03 66 0C 06 0A 2B 06 01 04 01 2A 0
2 6E 01 02 90 00
Successfully selected Security Domain OP201a A0 00 00 00 03 00 00 00
DEBUG: Command APDU: 80 50 00 00 08 A5 6A EB 5F E3 31 30 37
DEBUG: Response APDU: 00 00 10 70 01 08 85 95 52 58 01 01 2E 43 22 1A A3 0A 65 4
0 AA 8B D1 2A D5 89 8D 70 90 00
DEBUG: Command APDU: 84 82 00 00 10 B8 3A E1 AD 36 01 D8 E3 5F CC 77 B4 A7 F2 B
E 68
DEBUG: Response APDU: 90 00
DEBUG: Command APDU: 84 82 00 00 08 B8 3A E1 AD 36 01 D8 E3
DEBUG: Response APDU: 90 00
DEBUG: packagePath: com/tru/card/javacard/
DEBUG: package: com.tru.card
DEBUG: package AID: C3 79 3E 65 A1 00 EB F3 FD 20
DEBUG: applet AIDs: [C3 79 3E 65 A1 C9 85 3B ]
DEBUG: Command APDU: 80 E6 02 00 17 0A C3 79 3E 65 A1 00 EB F3 FD 20 08 A0 00 0
0 00 03 00 00 00 00 00 00
DEBUG: Response APDU: 00 90 00
DEBUG: Command APDU: 80 E6 02 00 17 0A C3 79 3E 65 A1 00 EB F3 FD 20 08 A0 00 0
0 00 03 00 00 00 00 00 00
DEBUG: Response APDU: 00 90 00
DEBUG: Command APDU: 80 E8 00 00 FF C4 82 04 32 01 00 14 DE CA FF ED 01 02 04 0
0 01 0A C3 79 3E 65 A1 00 EB F3 FD 20 02 00 1F 00 14 00 1F 00 0C 00 15 00 86 00
12 02 CE 00 0A 00 53 00 00 00 F9 00 00 00 00 00 00 02 01 00 04 00 15 02 04 01 07
A0 00 00 00 62 01 01 00 01 07 A0 00 00 00 62 00 01 03 00 0C 01 08 C3 79 3E 65 A
1 C9 85 3B 00 01 06 00 12 00 80 03 0C 00 06 04 04 00 00 00 0C FF FF FF FF 01 27
07 02 CE 00 02 30 8F 00 0C 3D 8C 00 0E 3B 7A 01 10 18 8C 00 0D AD 00 8B 00 0F 7A
05 10 18 8C 00 10 18 10 08 88 01 18 11 3F 02 89 02 18 11 3F 03 89 03 18 11 3F 0
4 89 04 18 11 3F 05 89 05 18 8B 00 1E 18 10 08 90 0B 3D 03 10 54 38 3D 04 10 52
38 3D 05 10 55 38 3D 06 10 53 38 3D 07 10 4D 38 3D 08 10 41 38 3D 10 06 10 52 38
3D 10 07 10 54 38 87 06 18 10 06 90 0B 3D 03 10 54 38 3D 04 10 53 38 3D 05 10 4
3
DEBUG: Response APDU: 6A 80
DEBUG: Command APDU: 80 E8 00 00 FF C4 82 04 32 01 00 14 DE CA FF ED 01 02 04 0
0 01 0A C3 79 3E 65 A1 00 EB F3 FD 20 02 00 1F 00 14 00 1F 00 0C 00 15 00 86 00
12 02 CE 00 0A 00 53 00 00 00 F9 00 00 00 00 00 00 02 01 00 04 00 15 02 04 01 07
A0 00 00 00 62 01 01 00 01 07 A0 00 00 00 62 00 01 03 00 0C 01 08 C3 79 3E 65 A
1 C9 85 3B 00 01 06 00 12 00 80 03 0C 00 06 04 04 00 00 00 0C FF FF FF FF 01 27
07 02 CE 00 02 30 8F 00 0C 3D 8C 00 0E 3B 7A 01 10 18 8C 00 0D AD 00 8B 00 0F 7A
05 10 18 8C 00 10 18 10 08 88 01 18 11 3F 02 89 02 18 11 3F 03 89 03 18 11 3F 0
4 89 04 18 11 3F 05 89 05 18 8B 00 1E 18 10 08 90 0B 3D 03 10 54 38 3D 04 10 52
38 3D 05 10 55 38 3D 06 10 53 38 3D 07 10 4D 38 3D 08 10 41 38 3D 10 06 10 52 38
3D 10 07 10 54 38 87 06 18 10 06 90 0B 3D 03 10 54 38 3D 04 10 53 38 3D 05 10 4
3
DEBUG: Response APDU: 6A 80
net.sourceforge.gpj.cardservices.exceptions.GPLoadException: Load failed, SW: 6A
80
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.loadCapFile(Un
known Source)
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.main(Unknown S
ource)
javax.smartcardio.CardNotPresentException: No card present
        at sun.security.smartcardio.TerminalImpl.connect(Unknown Source)
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.main(Unknown S
ource)
Caused by: sun.security.smartcardio.PCSCException: SCARD_W_REMOVED_CARD
        at sun.security.smartcardio.PCSC.SCardConnect(Native Method)
        at sun.security.smartcardio.CardImpl.<init>(Unknown Source)
        ... 2 more
Found card in terminal: ACS ACR1281 1S Dual Reader PICC 0
java.lang.NullPointerException
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.main(Unknown S
ource)
javax.smartcardio.CardNotPresentException: No card present
        at sun.security.smartcardio.TerminalImpl.connect(Unknown Source)
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.main(Unknown S
ource)
Caused by: sun.security.smartcardio.PCSCException: SCARD_W_REMOVED_CARD
        at sun.security.smartcardio.PCSC.SCardConnect(Native Method)
        at sun.security.smartcardio.CardImpl.<init>(Unknown Source)
        ... 2 more
Found card in terminal: ACS ACR1281 1S Dual Reader SAM 0
java.lang.NullPointerException
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.main(Unknown S
ource)What can I do to fix this? Did I missed any steps? Thanks for any reply.

Security in each byte of Java card's EEPROM

as i undrestand until now in my applet I define a variable and store data in that variable,
Is it a way to know where these data are stored, I mean I wanna define the memory address of that data by myself,
caz my card application is multi-app, and maybe in future I want to let someone else load his/her applet in that card beside my applets to do other application
but from know I wanna think of security that in future let that person to have the memory address from i.e 0x01 up to 0x05
and have no right to read or write in other memory bytes
and also each part of memory address should have a security code for authentication...
what's your idea about this post and what do u sudggest?
Regards
Hana

I'm sorry for my ignorance, but i think that you do not want to mess around with the Card Issuer Keys unless you are the Card Issuer which does not seems like the case.
I think that you want to use the Secure Channel Protocol inside your own applet(which is what i want to do also) and use your own issued keys.
Why? Because in a real situation you will not want that your Java Card stuck with only one App, you want it to have as many as the user wants to. For that to happen, the card issuer keeps a keyset to load&install applets, but, when the applet is installed you want to maintain your privacy from the card issuer(and everyone else), so you will need an extra keyset for your own Secure Channel Protocol.
What i'm saying is that:
When you enter the Cards Security Domain, you need the cards security domain keys.
When you select your applet, all your comunications become "plain-text" and you will not have any transaction security.
I would like to know how to open this SCP channel from my app, but unfortunatelly i cannot help you any further.
Edited by: rochajoel on Aug 31, 2009 9:48 AM

UPDATED: jcManager - Java Card Programming Visual Tool

UPDATED with the following features, as requested:
- new and improved GUI
- possibility to select the reader
- better output - display all commands sent to card and the replies
- specify card manager AID
- specify applet install command parameters
... and many more
[Download here|http://www.brokenmill.com/2010/03/java-secure-card-manager/]
Enjoy
Stefan
... sorry for the double post...

Thanks Stefan for your reply..
i want to know, what versions of Java Card OS that supported by jcManager..
Currently i use Java Card 2.2.1, but when i tried to load .CAP file using this tool, i always get this error :
Open terminal ...
EstablishContext(): ...
Wait for card in a certain reader ...
Pick reader ...
Selecting Card Manager
-> 00 A4 04 00 08 A0 00 00 00 03 00 00 00
<- 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 01 FF 90 00
Init Update
-> 80 50 00 00 08 7D 01 2C 52 CB 41 62 FB
<- 00 00 71 54 57 17 3C 2B 8F C1 FF 02 00 53 CC D9 DE 61 D9 80 8E 65 D6 84 59 F5 DC 7C 90 00
HostChallenge: 7D 01 2C 52 CB 41 62 FB
CardChallenge: CC D9 DE 61 D9 80
Card Calculated Card Cryptogram: 8E 65 D6 84 59 F5 DC 7C
Derivation Data is 01 82 00 53 00 00 00 00 00 00 00 00 00 00 00 00
Host Cryptogram Data (to encrypt) 00 53 CC D9 DE 61 D9 80 7D 01 2C 52 CB 41 62 FB 80 00 00 00 00 00 00 00
Card Cryptogram Data (to encrypt for verification) 7D 01 2C 52 CB 41 62 FB 00 53 CC D9 DE 61 D9 80 80 00 00 00 00 00 00 00
S_ENC: 03 82 60 2B BA CF 22 AC 27 4F 34 81 E6 66 0E 68 03 82 60 2B BA CF 22 AC
The Current session MAC key is B3 D1 2B 42 AA 64 C3 A2 84 47 1E E5 AD 6A 01 FB
The Current session DEK key is 56 47 C9 B7 A9 BC 67 63 1E BE 05 DC 39 1D B4 8B
Encrypted CardCryptoGram is 3B C0 CF 36 E3 83 D2 38 83 61 10 D8 36 75 5F A7 8E 65 D6 84 59 F5 DC 7C
Encrypted HostCryptoGram is 6F 72 46 A5 6B 01 64 6E 28 E9 16 1B D7 74 58 14 3E A2 C2 92 53 05 A9 D5
-> 84 82 03 00 10 3E A2 C2 92 53 05 A9 D5 8E FE D9 90 92 D3 EC 1B
<- 90 00
Authenticated
UplaodCAP
Get AID from header.cap file
FOR LOAD DATA: EF 04 C6 02 01 9B
AID:A0 00 00 00 62 03 01 0C 01
Applet AID:A0 00 00 00 62 03 01 0C 01 01
Try to delete if existing...
-> 84 E4 00 00 18 D6 11 44 FF FD 6D EF 28 70 A1 30 70 ED BA 78 8C B1 DB C6 AF 6C 86 0A A3
<- 6A 88
-> 84 E4 00 00 18 2C CA A4 41 C1 05 BD 3F 5E 26 13 D9 A1 AA BD AA B7 0E EF 02 1F CC 55 F9
<- 6A 88
Loading cap file. Please wait...
Install for Load
-> 84 E6 02 00 28 19 99 78 6D 57 F3 F8 E3 AE 41 D8 00 00 7F 92 5E AD 51 D6 E3 CB 70 D0 B5 9F 8E 19 FD EE 8A 26 37 B0 1D C8 E9 4A ED 9B FC
<- 00 90 00
Load CAP
-> 84 E8 80 00 10 7C 0A D8 32 F3 D6 DF 00 80 BA 28 8F CD 90 02 DD
<- 6A 80
-> 84 E6 0C 00 38 19 99 78 6D 57 F3 F8 E3 7F 53 52 F0 15 33 97 38 0E D9 AB B1 12 BB 63 EA F8 6C CB 8B 93 47 DC 6C 88 71 7B F1 F7 25 4E E0 37 40 7F C9 0A 47 94 3F B5 3E 1C B4 4A 4E BC AE
<- 6A 88
Could not load applet. See debug for more infoDo you know why?, but it could be strange for me because when i tried to load HelloWorld.cap that shipped with GPShell 1.4.2, it could work well..
Please help me..
Thanks in advance..

NFC for Java Card

Hi guys
I'm a new one with NFC, especially for the field that I'm investigating right now, Java Cards. Hence, would you mind to help me with the initialization? I mean what am I supposed to begin with (name of documents, materials,...)?
Any of your help would be appreciated.
Thanks in advance
Jason

Jason,
I'm not sure what you mean by NFC integrated Java Card. Could you give me the name of the document you downloaded from Global Platform?
Java Card knows about the transport type between itself and the reader: contact (T=0, T=1 : ISO/IEC 7816) or contactless (T=CL : ISO/IEC 14443). But that is all; a Java Card applet should not know or care about the lower transport layers.
As for the relationship between GSM, UICC and NFC, have a look at the document "NFC Stepping Stones" from SIMAlliance: http://www.simalliance.org/en?t=/documentManager/sfdoc.file.supply&fileID=1308660607647
EDIT:
For more on STK applets (GSM), read the Gemalto introduction to the SIM Toolkit: http://developer.gemalto.com/home/technology/sim-toolkit.html
The best standard for you to start with is probably 3GPP 43.019.
As reference, here is a partial list of (I hope) relevant standards. If you find more, please post them here!
ISO/IEC:
ISO/IEC 7816-1
ISO/IEC 7816-2
ISO/IEC 7816-3 (T=0)
ISO/IEC 7816-4 (Limited to command set required for GSM compliance.)
Java Card:
Runtime Environment Specification Java Card Platform, Version 2.2.1 V2.2.1
Virtual Machine Specification Java Card Platform, Version 2.2.1 V2.2.1
Application Programming Interface Java Card Platform, Version 2.2.1 V2.2.1
Global Platform:
Global Platform Card Specification 2.1.1 V2.1.1
GSM:
GSM 11.11 version 8.3.0
GSM 11.12 version 4.3.1
GSM 11.14 version 8.3.0
GSM 11.17 version 7.0.2
GSM 11.18 version 7.0.1
GSM Comp128-1, 2, 3
SIM:
TS 23.040 V.6 Technical realization of the Short Message Service (SMS)
TS 43.019 V.6 Subscriber Identity Module Application Programming Interface (SIM API) for Java Card; Stage 2
TS 51.011 V.5 Specification of the Subscriber Identity Module - Mobile Equipment (SIM-ME) interface
TS 51.014 V.4 Specification of the SIM Application Toolkit for the Subscriber Identity Module - Mobile Equipment (SIM - ME) interface
USIM:
TS 31.102 V.6 Characteristics of the Universal Subscriber Identity Module (USIM) application
TS 31.111 V.6 Universal Subscriber Identity Module (USIM) Application Toolkit (USAT)
TS 31.115 V.6 Secured packet structure for (Universal) Subscriber Identity Module (U)SIM Toolkit applications
TS 31.116 V.6 Remote APDU Structure for (Universal) Subscriber Identity Module (U)SIM Toolkit applications
TS 31.124 V.6 Mobile Equipment (ME) conformance test specification; Universal Subscriber Identity Module Application Toolkit (USAT) conformance test specification
TS 31.900 V.6 SIM/USIM internal and external interworking aspects
TR 31.919 V.6 2G/3G Java Card™ Application Programming Interface (API) based applet interworking
ETSI TS 135.208 Technical Specification Universal Mobile Telecommunications System (UMTS); 3G Security; Specification of the MILENAGE algorithm set
UICC:
TS 31.101 V.6 UICC-terminal interface; Physical and logical characteristics
TS 31.121 V.6 UICC-terminal interface; Universal Subscriber Identity Module (USIM) application test specification
ETSI TS 102.220 ETSI numbering system for telecommunication application providers
ETSI TS 102.221 Smart cards; UICC-Terminal interface; Physical and logical characteristics
ETSI TS 102.222 IC Cards Admin Commands for Telecom
ETSI TS 102.223 Card Application Toolkit
ETSI TS 102 241 "Technical Specification Smart Cards; UICC Application Programming Interface (UICC API) for Java Card"
OTA:
ETSI TS 102.224 Security mechanisms for UICC based Applications -Functional requirements
ETSI TS 102.225 Secured packet structure for UICC based applications
ETSI TS 102.226 Remote APDU structure for UICC based applications
TS 23.040 V.6 Technical realization of the Short Message Service (SMS) Point-to-Point (PP)
TS 23.041 V.6 Technical realization of Cell Broadcast Service (CBS)
(U)SAT:
TS 23.048 V.5 Security Mechanisms for the (U)SIM application toolkit
TS 31.111 V.6 Specification of the USIM Application Toolkit
TS 31.112 V.6 Universal Subscriber Identity Module Application Toolkit (USAT) interpreter architecture description
TS 31.113 V.6 Universal Subscriber Identity Module Application Toolkit (USAT) interpreter byte codes
TS 31.114 V.6 Universal Subscriber Identity Module Application Toolkit (USAT) interpreter protocol and administration
TS 51.014 V.4 Specification of the SIM Application Toolkit for the Subscriber Identity Module - Mobile Equipment (SIM-ME) interface
ETSI TS 102 223 Card Application Toolkit (CAT)
SIM Alliance:
S@T 01.00 Specification 2009 SIMalliance S@T Byte Code
S@T 01.10 Specification 2009 SIMalliance S@T Markup Language
S@T 01.20 Specification 2009 SIMalliance S@T Session Protocol
S@T 01.21 Specification 2009 SIMalliance S@T Administrative Commands
S@T 01.22 Specification 2009 SIMalliance S@T Operational Commands
S@T 01.23 Specification 2009 SIMalliance S@T Push Commands
S@T 01.30 Specification 2007 SIMalliance S@T Validation Test Plan System Functional Tests
S@T 01.50 Specification 2009 SIMalliance S@T Browser Behaviour Guidelines
S@T 01.60 Gateway Implement 2009 SIMalliance S@T Gateway Implement
Security & Algorithm
TS 33.102 V.6 3G security; Security architecture
TS 33.105 V.6 Cryptographic algorithm requirements
TS 35.205 V.6 3G Security; Specification of the MILENAGE algorithm set: An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 1: General
TS 35.206 V.6 3G Security; Specification of the MILENAGE algorithm set: An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 2: Algorithm specification
TS 55.205 V.6 Specification of the GSM-MILENAGE algorithms: An example algorithm set for the GSM Authentication and Key Generation Functions A3 and A8
Test specification
TS 31.048 V.5 Security mechanisms for the (U)SIM application toolkit; Test specification
TS 31.120 V.6 UICC-terminal interface; Physical, electrical and logical test specification
TS 31.121 V.6 UICC-terminal interface; Universal Subscriber Identity Module (USIM) application test specification
TS 31.122 V.6 Universal Subscriber Identity Module (USIM) conformance test specification
TS 31.130 V.6 (U)SIM Application Programming Interface (API); (U)SIM API for Java Card
TS 31.213 V.6 Test specification for subscriber (U)SIM; Application Programming Interface (API) for Java Card™
TS 35.203 V.6 Specification of the 3GPP confidentiality and integrity algorithms; Document 3: Implementors' test data
TS 35.207 V.6 3G Security; Specification of the MILENAGE algorithm set: An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 3: Implementors’ test data
TS 35.208 V.6 3G Security; Specification of the MILENAGE algorithm set: An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 4: Design conformance test data
TR 35.909 V.6 3G Security; Specification of the MILENAGE algorithm set: an example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3, f4, f5 and f5*; Document 5: Summary and results of design and evaluation
TS 51.013 V.5 Test specification for Subscriber Identity Module (SIM) Application Programming Interface (API) for Java Card
TS 51.017 V.4 Subscriber Identity Module (SIM) test specification
Adriaan
Edited by: Adriaan on Feb 14, 2012 1:34 AM

Does java card support PIN encryption on APDU Verify Command???

hello
I want to know if java card allows PIN encryption in the APDU verify command? because such an action necessits that a section key has to be set between the server (SC applet) and the client application.
thanks a lot

Many Java cards support the GlobalPlatform Open Platform specification
which can be downloaded for free from http://www.globalplatform.org .
This specification contains a mechanism called "secure messaging".
All APDUs sent to applications or the cardmanager and the corresonding
responses can be enrypted when using secure messaging.
In order to use secure messaging a "mutual authentication" is necessary
where the off-card entity authenticates itself to an application,
e.g. the card manager, and the application authenticates itself to the
off-card entity.
Naturally, this involves static keys on/off-card and session keys.

Novice in Java Card

Hi! I'm a novice in Java Card and I'm trying to study with the examples that I find in the Internet. I get this code, that I compile with successful. But, now, what I have to do? how can I debbug and test?
Thanks.
package bank;
import javacard.framework.*;
//import javacardx.framework.*;
public class Wallet extends Applet {
/* constants declaration */
// code of CLA byte in the command APDU header
final static byte Wallet_CLA =(byte)0xB0;
// codes of INS byte in the command APDU header
final static byte VERIFY = (byte) 0x20;
final static byte CREDIT = (byte) 0x30;
final static byte DEBIT = (byte) 0x40;
final static byte GET_BALANCE = (byte) 0x50;
// maximum balance
final static short MAX_BALANCE = 0x7FFF;
// maximum transaction amount
final static byte MAX_TRANSACTION_AMOUNT = 127;
// maximum number of incorrect tries before the
// PIN is blocked
final static byte PIN_TRY_LIMIT =(byte)0x03;
// maximum size PIN
final static byte MAX_PIN_SIZE =(byte)0x08;
// signal that the PIN verification failed
final static short SW_VERIFICATION_FAILED = 0x6300;
// signal the PIN validation is required
// for a credit or a debit transaction
final static short SW_PIN_VERIFICATION_REQUIRED = 0x6301;
// signal invalid transaction amount
// amount > MAX_TRANSACTION_MAOUNT or amount < 0
final static short SW_INVALID_TRANSACTION_AMOUNT = 0x6A83;
// signal that the balance exceed the maximum
final static short SW_EXCEED_MAXIMUM_BALANCE = 0x6A84;
// signal the balance becomes negative
final static short SW_NEGATIVE_BALANCE = 0x6A85;
/* instance variables declaration */
OwnerPIN pin;
short balance;
private Wallet(byte[] bArray, short bOffset, byte bLength){
// It is good programming practice to allocate
// all the memory that an applet needs during
// its lifetime inside the constructor
pin = new OwnerPIN(PIN_TRY_LIMIT, MAX_PIN_SIZE);
// The installation parameters contain the PIN
// initialization value
pin.update(bArray, bOffset, bLength);
register();
public static void install(byte[] bArray, short bOffset, byte bLength) {
// create a Wallet applet instance
new Wallet(bArray, bOffset, bLength);
public boolean select() {
// The applet declines to be selected
// if the pin is blocked.
if (pin.getTriesRemaining() == 0) return false;
return true;
public void deselect() {
// reset the pin value
pin.reset();
public void process(APDU apdu) {
// APDU object carries a byte array (buffer) to
// transfer incoming and outgoing APDU header
// and data bytes between card and CAD
// At this point, only the first header bytes
// [CLA, INS, P1, P2, P3] are available in
// the APDU buffer.
// The interface javacard.framework.ISO7816
// declares constants to denote the offset of
// these bytes in the APDU buffer
byte[] buffer = apdu.getBuffer();
// check SELECT APDU command
if ((buffer[ISO7816.OFFSET_CLA] == 0) &&
(buffer[ISO7816.OFFSET_INS] == (byte)(0xA4))) return;
// verify the reset of commands have the
// correct CLA byte, which specifies the
// command structure
if (buffer[ISO7816.OFFSET_CLA] != Wallet_CLA)
ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
switch (buffer[ISO7816.OFFSET_INS]) {
case GET_BALANCE: getBalance(apdu);
return;
case DEBIT: debit(apdu);
return;
case CREDIT: credit(apdu);
return;
case VERIFY: verify(apdu);
return;
default: ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
} // end of process method
private void credit(APDU apdu) {
// access authentication
if ( !pin.isValidated()) ISOException.throwIt(SW_PIN_VERIFICATION_REQUIRED);
byte[] buffer = apdu.getBuffer();
byte Lc; //denotes the number of bytes in the
// data field of the command APDU
byte numBytes = buffer[ISO7816.OFFSET_LC];
// indicate that this APDU has incoming data
// and receive data starting at the offset
// ISO7816.OFFSET_CDATA following the 5 header
// bytes.
byte byteRead = (byte)(apdu.setIncomingAndReceive());
// it is an error if the number of data bytes
// read does not match the number in Lc byte
if (byteRead != 1) ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
// get the credit amount
byte creditAmount = buffer[ISO7816.OFFSET_CDATA];
// check the credit amount
if ( ( creditAmount > MAX_TRANSACTION_AMOUNT) || ( creditAmount < 0 ) )
ISOException.throwIt(SW_INVALID_TRANSACTION_AMOUNT);
// check the new balance
if ( ( balance + creditAmount) > MAX_BALANCE ) ISOException.throwIt(SW_EXCEED_MAXIMUM_BALANCE);
// credit the amount
balance = (short)(balance + creditAmount);
} // end of deposit method
private void debit(APDU apdu) {
// access authentication
if ( ! pin.isValidated()) ISOException.throwIt(SW_PIN_VERIFICATION_REQUIRED);
byte[] buffer = apdu.getBuffer();
byte numBytes = (byte)(buffer[ISO7816.OFFSET_LC]);
byte byteRead = (byte)(apdu.setIncomingAndReceive());
if (byteRead != 1) ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
// get debit amount
byte debitAmount = buffer[ISO7816.OFFSET_CDATA];
// check debit amount
if ((debitAmount > MAX_TRANSACTION_AMOUNT) || (debitAmount < 0 ) )
ISOException.throwIt(SW_INVALID_TRANSACTION_AMOUNT);
// check the new balance
if ((balance - debitAmount) < 0) ISOException.throwIt(SW_NEGATIVE_BALANCE);
balance = (short) (balance - debitAmount);
} // end of debit method
private void getBalance(APDU apdu) {
byte[] buffer = apdu.getBuffer();
// inform system that the applet has finished
// processing the command and the system should
// now prepare to construct a response APDU
// which contains data field
short le = apdu.setOutgoing();
if ( le < 2 ) ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
//informs the CAD the actual number of bytes
//returned
apdu.setOutgoingLength((byte)2);
// move the balance data into the APDU buffer
// starting at the offset 0
buffer[0] = (byte)(balance >> 8);
buffer[1] = (byte)(balance & 0xFF);
// send the 2-balance byte at the offset
// 0 in the apdu buffer
apdu.sendBytes((short)0, (short)2);
} // end of getBalance method
private void verify(APDU apdu) {
byte[] buffer = apdu.getBuffer();
// retrieve the PIN data for validation.
byte byteRead = (byte)(apdu.setIncomingAndReceive());
// check pin
// the PIN data is read into the APDU buffer
// at the offset ISO7816.OFFSET_CDATA
// the PIN data length = byteRead
if ( pin.check(buffer, ISO7816.OFFSET_CDATA,byteRead) == false )
ISOException.throwIt(SW_VERIFICATION_FAILED);
}

Win nt 4 and Win 2000 are the only supported windows platforms at this time.

Java Card Authentication

Similar Messages

Maybe you are looking for