Java Card Security domain

Hi ,
According to the visa Open platform architecture, each Java card applet is associated with a Security domain.
I am using GemXpressoRAD211 toolkit for developing Java Card applets.
In the Gemxpresso211IS card, the default security domain is the Card Manager, whose AID is A0 00 00 00 03 00 00 . It is basically the card issuer security domain.
When I install an applet to the card , the Card Manager is assumed to be the associated security domain .
My questions are....
1.
How can I associate my applet to application provider security domain rather than the card issuer security domain? Form where Do I get this security domain ? Do I need to write my own security domain, or some body else provide it ?

there's a card issuer, with its ISD
then there's another company who wants to have ability to install/remove some applets on this card
we create another SD for this company and "delegate" some limited capabilities to manage the contents of the card
read about the delegated managament in GP
regards
Kuba

Similar Messages

Security in each byte of Java card's EEPROM

as i undrestand until now in my applet I define a variable and store data in that variable,
Is it a way to know where these data are stored, I mean I wanna define the memory address of that data by myself,
caz my card application is multi-app, and maybe in future I want to let someone else load his/her applet in that card beside my applets to do other application
but from know I wanna think of security that in future let that person to have the memory address from i.e 0x01 up to 0x05
and have no right to read or write in other memory bytes
and also each part of memory address should have a security code for authentication...
what's your idea about this post and what do u sudggest?
Regards
Hana

I'm sorry for my ignorance, but i think that you do not want to mess around with the Card Issuer Keys unless you are the Card Issuer which does not seems like the case.
I think that you want to use the Secure Channel Protocol inside your own applet(which is what i want to do also) and use your own issued keys.
Why? Because in a real situation you will not want that your Java Card stuck with only one App, you want it to have as many as the user wants to. For that to happen, the card issuer keeps a keyset to load&install applets, but, when the applet is installed you want to maintain your privacy from the card issuer(and everyone else), so you will need an extra keyset for your own Secure Channel Protocol.
What i'm saying is that:
When you enter the Cards Security Domain, you need the cards security domain keys.
When you select your applet, all your comunications become "plain-text" and you will not have any transaction security.
I would like to know how to open this SCP channel from my app, but unfortunatelly i cannot help you any further.
Edited by: rochajoel on Aug 31, 2009 9:48 AM

Who shall create a specific Security Domain compliant to GP 2.1?

Particularly, in case of the delegated management, the GP card specification 2.1.1 decribes as follows:
"Security Domains authorized by the Card Issuer to perform Card Content changes shall request the OPEN to load, install, extradite, and delete applications."
I think that the Security Domain is implemented by the Application Provider using GP API. The OPEN is ,however, the component of the Card Manager which should be implemented by a GP compliant JCVM provider or a GP component provider.
My questions are:
1. How does a Security Domain request the OPEN to load, install.. ? How do they interface with each other? Does the GP compliant JCVM provider have to provide the specific interfaces used to change Card Contents for the Application Providers who implement their own Security Domain?
2. If the GP compliant JCVM provider is also responsible for implementing a specific Security Domain, what is the role of the Application Provider? only as a provider of his own security policy for the GP compliant JCVM provider? Can't a Application Provider implement his own Security Domain himself (using only GP2.1 public API)?
I am grateful to you for a kind assistance.

I think that the Security Domain is implemented by theApplication Provider using GP API. The OPEN is
,however, the component of the Card Manager which
should be implemented by a GP compliant JCVM provider
or a GP component provider. Typically and due to the fact that the GP specification is missing the API that would allow a Security Domain to be loaded on the card, Security Domains are developed by the card vendor and present on the card at production. The vendor can decide which features are implemented in the Security Domain e.g. Secure Channel services, DAP Verification, Delegated Management. If, as an Application Provider, you wish to develop your own Security Domain, your vendor may be willing to provide you with details of their proprietary API but this would be specific to this vendors product.
>
My questions are:
1. How does a Security Domain request the OPEN to
load, install.. ? How do they interface with each
other? Does the GP compliant JCVM provider have to
provide the specific interfaces used to change Card
Contents for the Application Providers who implement
their own Security Domain?Yes.
>
2. If the GP compliant JCVM provider is also
responsible for implementing a specific Security
Domain, what is the role of the Application Provider?
only as a provider of his own security policy for the
GP compliant JCVM provider? Can't a Application
Provider implement his own Security Domain himself
(using only GP2.1 public API)?No.
>
I am grateful to you for a kind assistance.

How can i change my JAVA card life cycle state to secured?

when I install a applet ,the Card Manager state is OP_READY
I want to lock the card .now I need to go to the secured status .but what GP command should I send to transfer the state from OP_READY to secured .

Thank you for your reply,but you say I must insure that the applet is personalized. I also have anther question for your help.
when I already install the applet as follows:
Card Manager AID   : A000000003000000
Card Manager state : OP_READY
    Application: SELECTABLE (---L--P-) A0000000000101
    Load File :      LOADED (--------) A0000000035350   (Security Domain)
     Module    :                        A000000003535041
    Load File :      LOADED (--------) A000000000
     Module    :                        A0000000000101
in order to personalize,I select the applet (send 00a4040007A0000000000101) ,then send personalize commends. now the applet is personalized.
the next is to change the card manage to SECURED.
But after I send   00A4040008A00000000300000000 to select the Card Manager AID,the SET STATUS commend (/send 80f0800708A000000003000000) return "6985"
where is wrong?
If I don't select the Card Manager AID, the SET STATUS commend is also wrong because the applet AID is selected just now.
cm> send 00A4040008A00000000300000000
=> 00 A4 04 00 08 A0 00 00 00 03 00 00 00 00          ..............
(700998 nsec)
<= 6F 65 84 08 A0 00 00 00 03 00 00 00 A5 59 9F 65    oe...........Y.e
    01 FF 9F 6E 06 47 91 81 07 31 00 73 4A 06 07 2A    ...n.G...1.sJ..*
    86 48 86 FC 6B 01 60 0C 06 0A 2A 86 48 86 FC 6B    .H..k.`...*.H..k
    02 02 01 01 63 09 06 07 2A 86 48 86 FC 6B 03 64    ....c...*.H..k.d
    0B 06 09 2A 86 48 86 FC 6B 04 02 15 65 0B 06 09    ...*.H..k...e...
    2B 85 10 86 48 64 02 01 03 66 0C 06 0A 2B 06 01    +...Hd...f...+..
    04 01 2A 02 6E 01 02 90 00                         ..*.n....
Status: No Error
cm> /send 80f0800708A000000003000000
=> 80 F0 80 07 08 A0 00 00 00 03 00 00 00             .............
(696032 nsec)
<= 69 85
thanks.

Secure object sharing in java card

Who has the complete code in secure object sharing in java card which is written by Michael Montgomery. I want to look at the code in this article. I wish somebody can help me!!!

Who has the complete code in secure object sharing in java card which is written by Michael Montgomery. I want to look at the code in this article. I wish somebody can help me!!!

How can i change my JAVA card life cycle state to OP_READY?

I found the below script in this link and run it via `GPShell` on my java card and now I can't run `gpj -list` in `GPJ`!
My questions:
1- What is this code for? changing Card Domain Manager status from OP_READY to Secured?
2- Why I can't find anywhere `80F0800708A000000003000000` And `80F0800F08A000000003000000` APDUs that used in script?! I searched `GP Specification 2.2` and `ISO 7814-4` for an APDU with `F0` in `CLA` section! But I found nothing!
3- Is the operation of the below script reversible by another script?
The Script :
    mode_211
    enable_trace
    establish_context
    card_connect
    select -AID A0000000
    open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key
    404142434445464748494a4b4c4d4e4f
    send_apdu -sc 1 -APDU 80F0800708A000000003000000
    send_apdu -sc 1 -APDU 80F0800F08A000000003000000
    card_disconnect
    release_context
And this is it's output in Console :
    C:\Users\ghasemi\Desktop\GPShell-1.4.4>gpshell lcchange.txt
    mode_211
    enable_trace
    establish_context
    card_connect
    select -AID a00000
    Command --> 00A4040003A00000
    Wrapped command --> 00A4040003A00000
    Response <-- 6F108408A000000003000000A5049F6501FF9000
    open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4
    f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4
    d4e4f
    Command --> 80CA006600
    Wrapped command --> 80CA006600
    Response <-- 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864
    886FC6B03640B06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104012
    A026E01029000
    Command --> 805000000823CE2F4C2B6C689B00
    Wrapped command --> 805000000823CE2F4C2B6C689B00
    Response <-- 0000116001007F8B0AF9020201D1C94E4F787D75DD54805A7488BCF79000
    Command --> 84820100100BCCFE8818D2DFC6E5B48EA4B6892457
    Wrapped command --> 84820100100BCCFE8818D2DFC6E5B48EA4B6892457
    Response <-- 9000
    send_apdu -sc 1 -APDU 80F0800708A000000003000000
    Command --> 80F0800708A000000003000000
    Wrapped command --> 84F0800710A0000000030000007AA29B3A708E6E75
    Response <-- 9000
    send_APDU() returns 0x80209000 (9000: Success. No error.)
    send_apdu -sc 1 -APDU 80F0800F08A000000003000000
    Command --> 80F0800F08A000000003000000
    Wrapped command --> 84F0800F10A0000000030000004FCFC15FD7EBDE9A
    Response <-- 9000
    send_APDU() returns 0x80209000 (9000: Success. No error.)
    card_disconnect
    release_context
Thankyou.

Hi,
Ad.1
Yes, this script is dedicated to change ISD state from OP_READY to SECURED (cards compatible with GP 2.1.1 specs).
Ad.2
The script commands are constructed basing on GP 2.1.1 specs. As far as I know, the definition of SET STATUS command in GP 2.2 is the same as in GP 2.1.1 specs.
Ad. 3
The change of state from SECURED to OP_READY is irreversible. Sorry.
Regards

Extradition of an AID to a security domain that is in "selectable" state

following this post: http://forum.java.sun.com/thread.jspa?messageID=10227711
in following this example (i've found it very helpful), i want to know if it is a requirement that the SSD be personalized instead of in "Selectable" state? if so, that would explain the errors i get when i try to extradite an AID to it from the ISD.
your example:
GP 2.1.1, SSD section (concept) and APDU commands Install [for load], [install] and [extradition].
Example:
- select ISD
- open a secure channel
- Install [for install & make selectable] on a pre-loaded SD package/module --> optionally you need to specify in the install parameters that this SD accepts extradition
- select SSD
- open a secure channel (using the default keys)
- personalize (put secure channel keys)
- install [for load] an application, specify the SSD to be associated

Clemson wrote:
... errors i get when i try to extradite an AID to it from the ISD.
GlobalPlatform Card Specification 2.1.1, 03/25/2003, p. 70
+6.4.3 Content Extradition+
The GlobalPlatform Card Content extradition process is designed to allow the association, to a different Security Domain, of a previously installed Application. The Issuer Security Domain shall verify the extradition request before the OPEN will allow the extradition.
Runtime Behavior
The following runtime behavior requirements apply to the OPEN during the Card Content extradition process.
The OPEN shall:
+...+
Check that this Security Domain is in a valid Life Cycle State (i.e. PERSONALIZED)+,
+...+
Therefore, the SD which should accept the applet has to be in state PERSONALIZED.

Security Domain

Hello , Im a newbie to Java Card and have loads of questions, but ill start with the Security Domain. Could the experts please help me on this topic?? Main question :
1) What is a Security Domaain?? GP spec. says it is an application.
2) If it is an application, is it implemented in Java???
3) Are the metods unwrap(), decrypt() etc specified in GP spec. called within the Security Domain??
3) Any reference to Security Domain [ doc/implementation] apart from GP spec ?
Any pseudo code for implementing a SD would be highly appreciated. Thanks.

1) What is a Security Domaain?? GP spec. says it is an application.correect. it's an app with special privileges, such as interaction with the OS.
>2) If it is an application, is it implemented in Java???
no, or maybe some parts only.
>3) Are the metods unwrap(), decrypt() etc specified in GP spec. called within the Security Domain??
no, called within the applet using native tricks to use the sec dom keys, this is unspecified and vendor dependent.
>3) Any reference to Security Domain [ doc/implementation] apart from GP spec ?
google
>Any pseudo code for implementing a SD would be highly appreciated. Thanks.
my turn:
1) why would you want to implement a SD?
2) good luck. no. wake up instead, and lurk moar about GlobalPlatform, young padawan. if you want to play with security domains, you'd better work within a company that builds javacard/GP OSes.
regards

I cannot load my java card applet Response APDU: 69 85

I know there have been many threads on this subject, I am a newbie to Java card development.
Please someone help me.
I am using the gpj for downloading the applet.
The following is the output from the command "java -jar gpj.jar -load JCHelloWorld.cap -install"
Thanks in advance
run:
Found terminals: [PC/SC terminal Generic PCSC Smartcard Reader 0]
Found card in terminal: Generic PCSC Smartcard Reader 0
ATR: 3B DB 96 00 80 B1 FE 45 1F 83 00 31 C0 64 C7 FC 10 00 01 90 00 74
INFO: Selecting Security Domain OP201a, AID=A000000003000000
DEBUG: Command APDU: 00 A4 04 00 08 A0 00 00 00 03 00 00 00
DEBUG: Response APDU: 6F 6E 84 08 A0 00 00 00 03 00 00 00 A5 62 73 2F 06 07 2A 86 48 86 FC 6B 01 60 0C 06 0A 2A 86 48 86 FC 6B 02 02 01 01 63 09 06 07 2A 86 48 86 FC 6B 03 64 0B 06 09 2A 86 48 86 FC 6B 04 01 05 9F 6E 2A 48 20 50 2B 82 31 80 30 00 63 03 12 63 00 07 BB 03 00 11 42 12 97 11 43 12 97 11 44 12 97 01 00 00 00 00 00 00 00 00 00 00 00 9F 65 01 FF 90 00
Successfully selected Security Domain OP201a A0 00 00 00 03 00 00 00
DEBUG: Command APDU: 80 50 00 00 08 FC 81 DB FE 80 72 19 28
DEBUG: Response APDU: 00 00 03 12 63 00 07 BB 03 00 FF 01 DA 26 EF 49 10 B7 72 00 9A 24 7F B4 A0 1F C7 C8 90 00
INFO: INITIALIZE UPDATE Successful
DEBUG: Command APDU: 84 82 00 00 10 D5 41 CE BE F4 A8 E4 DD 36 6C C5 3E 19 9C 77 93
DEBUG: Response APDU: 90 00
DEBUG: Command APDU: 84 82 00 00 08 D5 41 CE BE F4 A8 E4 DD
DEBUG: Response APDU: 90 00
INFO: External Authentication Successful
DEBUG: packagePath: com/samptah/card/javacard/
DEBUG: package: com.samptah.card
DEBUG: package AID: 9C 25 F6 5E AB 3F
DEBUG: applet AIDs: [9C 25 F6 5E AB CD ]
DEBUG: Command APDU: 80 E6 02 00 13 06 9C 25 F6 5E AB 3F 08 A0 00 00 00 03 00 00 00 00 00 00
DEBUG: Response APDU: 00 90 00
DEBUG: Command APDU: 80 E8 00 00 FF C4 82 01 4C 01 00 10 DE CA FF ED 01 02 04 00 01 06 9C 25 F6 5E AB 3F 02 00 1F 00 10 00 1F 00 0A 00 15 00 2E 00 0C 00 7F 00 18 00 12 00 00 00 6F 00 02 00 01 00 0B 02 01 00 04 00 15 02 04 01 07 A0 00 00 00 62 01 01 00 01 07 A0 00 00 00 62 00 01 03 00 0A 01 06 9C 25 F6 5E AB CD 00 08 06 00 0C 00 80 03 00 FF 00 07 01 00 00 00 1C 07 00 7F 00 01 10 18 8C 00 00 7A 05 30 8F 00 01 3D 8C 00 02 18 1D 04 41 18 1D 25 8B 00 03 7A 02 23 18 8B 00 04 60 03 7A 19 8B 00 05 2D 1A 03 25 11 00 FF 53 5B 32 1A 04 25 11 00 FF 53 5B 29 04 1F 10 80 6A 08 11 6E 00 8D 00 06 16 04 75 00 10 00 01 00 00 00 09 18 19 8C 00 07 70 08 11 6D 00 8D 00 06 7A 05 22 19 8B 00 05 2D 7B 00 08 92 32 7B 00 08 03 1A 03 1F 8D 00 09 3B 19 03 1F 8B 00 0A 7A 08 00 18 00 02 00 01 00 01 03 00 0B 48 65 6C 6C
DEBUG: Response APDU: 69 85
net.sourceforge.gpj.cardservices.exceptions.GPLoadException: Load failed, SW: 69 85
at net.sourceforge.gpj.cardservices.GlobalPlatformService.loadCapFile(GlobalPlatformService.java:707)
at net.sourceforge.gpj.cardservices.GlobalPlatformService.main(GlobalPlatformService.java:1675)
at gpj.Main.main(Main.java:26)
BUILD SUCCESSFUL (total time: 1 second)

Quite similar problem here. Here's what I got from GPShell:
enable_trace
establish_context
card_connect
select -AID a0000000030000
Command --> 00A4040007A0000000030000
Wrapped command --> 00A4040007A0000000030000
Response <-- 6F658408A000000003000000A5599F6501FF9F6E06479181023100734A06072A864
886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B0
40215650B06092B8510864864020103660C060A2B060104012A026E01029000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4
f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
Command --> 805000000804C1C46CBC9932AA00
Wrapped command --> 805000000804C1C46CBC9932AA00
Response <-- 000010700108859552580101AA4F3AEC5503E7A7435A0560E047AF489000
Command --> 84820100100C2766279A1FC158181037B7A811AB93
Wrapped command --> 84820100100C2766279A1FC158181037B7A811AB93
Response <-- 9000
delete -AID D0D1D2D3D4D50101
Command --> 80E400000A4F08D0D1D2D3D4D5010100
Wrapped command --> 84E40000124F08D0D1D2D3D4D501014018673D5E89975900
Response <-- 6A88
delete() returns 0x80206A88 (6A88: Referenced data not found.)
delete -AID D0D1D2D3D4D501
Command --> 80E40000094F07D0D1D2D3D4D50100
Wrapped command --> 84E40000114F07D0D1D2D3D4D501887135A5C0B424D500
Response <-- 6A88
delete() returns 0x80206A88 (6A88: Referenced data not found.)
delete -AID D0D1D2D3D4D50101
Command --> 80E400000A4F08D0D1D2D3D4D5010100
Wrapped command --> 84E40000124F08D0D1D2D3D4D501017144DF5DE0D2DE9F00
Response <-- 6A88
delete() returns 0x80206A88 (6A88: Referenced data not found.)
install -file helloworld.cap -nvDataLimit 500 -instParam 00 -priv 2
Command --> 80E602001907D0D1D2D3D4D50107A00000000300000006EF04C60201600000
Wrapped command --> 84E602002107D0D1D2D3D4D50107A00000000300000006EF04C602016000
C6EDAE8F91652A3B00
Response <-- 6A88
install_for_load() returns 0x80206A88 (6A88: Referenced data not found.)And this is what I've got from gpj
Found terminals: [PC/SC terminal ACS ACR1281 1S Dual Reader ICC 0, PC/SC termina
l ACS ACR1281 1S Dual Reader PICC 0, PC/SC terminal ACS ACR1281 1S Dual Reader S
AM 0]
Found card in terminal: ACS ACR1281 1S Dual Reader ICC 0
ATR: 3B F8 18 00 00 81 31 FE 45 4A 43 4F 50 76 32 34 31 BC
DEBUG: Command APDU: 00 A4 04 00 07 A0 00 00 01 51 00 00
DEBUG: Response APDU: 6A 82
Failed to select Security Domain GP211 A0 00 00 01 51 00 00 , SW: 6A 82
DEBUG: Command APDU: 00 A4 04 00 08 A0 00 00 00 18 43 4D 00
DEBUG: Response APDU: 6A 82
Failed to select Security Domain GemaltoXpressPro A0 00 00 00 18 43 4D 00 , SW:
6A 82
DEBUG: Command APDU: 00 A4 04 00 08 A0 00 00 00 03 00 00 00
DEBUG: Response APDU: 6F 65 84 08 A0 00 00 00 03 00 00 00 A5 59 9F 65 01 FF 9F 6
E 06 47 91 81 02 31 00 73 4A 06 07 2A 86 48 86 FC 6B 01 60 0C 06 0A 2A 86 48 86
FC 6B 02 02 01 01 63 09 06 07 2A 86 48 86 FC 6B 03 64 0B 06 09 2A 86 48 86 FC 6B
04 02 15 65 0B 06 09 2B 85 10 86 48 64 02 01 03 66 0C 06 0A 2B 06 01 04 01 2A 0
2 6E 01 02 90 00
Successfully selected Security Domain OP201a A0 00 00 00 03 00 00 00
DEBUG: Command APDU: 80 50 00 00 08 A5 6A EB 5F E3 31 30 37
DEBUG: Response APDU: 00 00 10 70 01 08 85 95 52 58 01 01 2E 43 22 1A A3 0A 65 4
0 AA 8B D1 2A D5 89 8D 70 90 00
DEBUG: Command APDU: 84 82 00 00 10 B8 3A E1 AD 36 01 D8 E3 5F CC 77 B4 A7 F2 B
E 68
DEBUG: Response APDU: 90 00
DEBUG: Command APDU: 84 82 00 00 08 B8 3A E1 AD 36 01 D8 E3
DEBUG: Response APDU: 90 00
DEBUG: packagePath: com/tru/card/javacard/
DEBUG: package: com.tru.card
DEBUG: package AID: C3 79 3E 65 A1 00 EB F3 FD 20
DEBUG: applet AIDs: [C3 79 3E 65 A1 C9 85 3B ]
DEBUG: Command APDU: 80 E6 02 00 17 0A C3 79 3E 65 A1 00 EB F3 FD 20 08 A0 00 0
0 00 03 00 00 00 00 00 00
DEBUG: Response APDU: 00 90 00
DEBUG: Command APDU: 80 E6 02 00 17 0A C3 79 3E 65 A1 00 EB F3 FD 20 08 A0 00 0
0 00 03 00 00 00 00 00 00
DEBUG: Response APDU: 00 90 00
DEBUG: Command APDU: 80 E8 00 00 FF C4 82 04 32 01 00 14 DE CA FF ED 01 02 04 0
0 01 0A C3 79 3E 65 A1 00 EB F3 FD 20 02 00 1F 00 14 00 1F 00 0C 00 15 00 86 00
12 02 CE 00 0A 00 53 00 00 00 F9 00 00 00 00 00 00 02 01 00 04 00 15 02 04 01 07
A0 00 00 00 62 01 01 00 01 07 A0 00 00 00 62 00 01 03 00 0C 01 08 C3 79 3E 65 A
1 C9 85 3B 00 01 06 00 12 00 80 03 0C 00 06 04 04 00 00 00 0C FF FF FF FF 01 27
07 02 CE 00 02 30 8F 00 0C 3D 8C 00 0E 3B 7A 01 10 18 8C 00 0D AD 00 8B 00 0F 7A
05 10 18 8C 00 10 18 10 08 88 01 18 11 3F 02 89 02 18 11 3F 03 89 03 18 11 3F 0
4 89 04 18 11 3F 05 89 05 18 8B 00 1E 18 10 08 90 0B 3D 03 10 54 38 3D 04 10 52
38 3D 05 10 55 38 3D 06 10 53 38 3D 07 10 4D 38 3D 08 10 41 38 3D 10 06 10 52 38
3D 10 07 10 54 38 87 06 18 10 06 90 0B 3D 03 10 54 38 3D 04 10 53 38 3D 05 10 4
3
DEBUG: Response APDU: 6A 80
DEBUG: Command APDU: 80 E8 00 00 FF C4 82 04 32 01 00 14 DE CA FF ED 01 02 04 0
0 01 0A C3 79 3E 65 A1 00 EB F3 FD 20 02 00 1F 00 14 00 1F 00 0C 00 15 00 86 00
12 02 CE 00 0A 00 53 00 00 00 F9 00 00 00 00 00 00 02 01 00 04 00 15 02 04 01 07
A0 00 00 00 62 01 01 00 01 07 A0 00 00 00 62 00 01 03 00 0C 01 08 C3 79 3E 65 A
1 C9 85 3B 00 01 06 00 12 00 80 03 0C 00 06 04 04 00 00 00 0C FF FF FF FF 01 27
07 02 CE 00 02 30 8F 00 0C 3D 8C 00 0E 3B 7A 01 10 18 8C 00 0D AD 00 8B 00 0F 7A
05 10 18 8C 00 10 18 10 08 88 01 18 11 3F 02 89 02 18 11 3F 03 89 03 18 11 3F 0
4 89 04 18 11 3F 05 89 05 18 8B 00 1E 18 10 08 90 0B 3D 03 10 54 38 3D 04 10 52
38 3D 05 10 55 38 3D 06 10 53 38 3D 07 10 4D 38 3D 08 10 41 38 3D 10 06 10 52 38
3D 10 07 10 54 38 87 06 18 10 06 90 0B 3D 03 10 54 38 3D 04 10 53 38 3D 05 10 4
3
DEBUG: Response APDU: 6A 80
net.sourceforge.gpj.cardservices.exceptions.GPLoadException: Load failed, SW: 6A
80
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.loadCapFile(Un
known Source)
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.main(Unknown S
ource)
javax.smartcardio.CardNotPresentException: No card present
        at sun.security.smartcardio.TerminalImpl.connect(Unknown Source)
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.main(Unknown S
ource)
Caused by: sun.security.smartcardio.PCSCException: SCARD_W_REMOVED_CARD
        at sun.security.smartcardio.PCSC.SCardConnect(Native Method)
        at sun.security.smartcardio.CardImpl.<init>(Unknown Source)
        ... 2 more
Found card in terminal: ACS ACR1281 1S Dual Reader PICC 0
java.lang.NullPointerException
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.main(Unknown S
ource)
javax.smartcardio.CardNotPresentException: No card present
        at sun.security.smartcardio.TerminalImpl.connect(Unknown Source)
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.main(Unknown S
ource)
Caused by: sun.security.smartcardio.PCSCException: SCARD_W_REMOVED_CARD
        at sun.security.smartcardio.PCSC.SCardConnect(Native Method)
        at sun.security.smartcardio.CardImpl.<init>(Unknown Source)
        ... 2 more
Found card in terminal: ACS ACR1281 1S Dual Reader SAM 0
java.lang.NullPointerException
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.main(Unknown S
ource)What can I do to fix this? Did I missed any steps? Thanks for any reply.

Problem Installing the loaded applet in Samsung java card (S3CC9P9).

Hi all,
Am trying to install the applets already loaded into the Samsung java card(S3CC9P9), because am unable to select the applet which are loaded into the card. I got to know that the applets are only loaded, they are not installed in the card, without installing the applet ,we cannot select the applet. Am using gpj(version 20120310 ) to install the applets into the card.
When i execute : java -jar gpj.jar -list
i get the list of applets in the card as :
AID: A0 00 00 00 03 00 00 00 |........| ISD LC: 1 PR: 0x1A
AID: A0 00 00 00 03 10 |......| Exe LC: 1 PR: 0x00
AID: D4 10 65 09 90 00 10 00 |..e.....| Exe LC: 1 PR: 0x00
AID: 31 50 41 59 2E |1PAY.| Exe LC: 1 PR: 0x00
AID: D4 10 65 09 90 00 30 00 |..e...0.| Exe LC: 1 PR: 0x00
AID: D4 10 65 09 90 00 20 00 |..e... .| Exe LC: 1 PR: 0x00
Here am able to select only the first applet i.e., A0 00 00 00 03 00 00 00
SO, when i try to install the other applets, for example A0 00 00 00 03 10, its fails.
When i execute : java -jar gpj.jar -install -applet A00000000310
i get :
Found terminals: [PC/SC terminal ACS ACR38U 00 00]
Found card in terminal: ACS ACR38U 00 00
ATR: 3B 69 00 00 80 63 31 46 DF 83 FF 90 00
DEBUG: Command APDU: 00 A4 04 00 07 A0 00 00 01 51 00 00
DEBUG: Response APDU: 6A 82
Failed to select Security Domain GP211 A0 00 00 01 51 00 00 , SW: 6A 82
DEBUG: Command APDU: 00 A4 04 00 08 A0 00 00 00 18 43 4D 00
DEBUG: Response APDU: 6A 82
Failed to select Security Domain GemaltoXpressPro A0 00 00 00 18 43 4D 00 , SW: 6A 82
DEBUG: Command APDU: 00 A4 04 00 08 A0 00 00 00 03 00 00 00
DEBUG: Response APDU: 6F 19 84 08 A0 00 00 00 03 00 00 00 A5 0D 9F 6E 06 10 01 76 DE 00 05 9F 65 01 7F 90 00
Successfully selected Security Domain OP201a A0 00 00 00 03 00 00 00
DEBUG: Command APDU: 80 50 00 00 08 AE 2A B8 CE 3A BB E0 B0
DEBUG: Response APDU: 00 00 61 41 01 09 38 2F 09 5A FF 01 3F D9 93 D9 FE 9A FA 3B E4 B7 21 89 6A 34 AB 18 90 00
DEBUG: Command APDU: 84 82 00 00 10 A2 63 07 96 0B D8 A3 A9 93 A2 5C 7C 6D B7 E0 54
DEBUG: Response APDU: 90 00
DEBUG: Command APDU: 84 82 00 00 08 A2 63 07 96 0B D8 A3 A9
DEBUG: Response APDU: 90 00
java.lang.NullPointerException
at net.sourceforge.gpj.cardservices.GlobalPlatformService.installAndMakeSelecatable(Unknown Source)
at net.sourceforge.gpj.cardservices.GlobalPlatformService.main(Unknown Source)
Can anyone please tell me where am wrong and how to make the applets selectable.
Thanks in advance

hy
1. do you have a reader with a serial (com1) connection?
if so, the reader has to be connected before starting windows. so windows recognizes it.
2. have a look to the control panel. is there a tool - installed during driver installation - to test and configure the reader?
if so try it.
if all that works, the jcop tools communicate with the reader over the installed driver.
snoopy

Applet's associated security domain

Hi All.
I have the mobile device with embededd secure element:
Global Platform version : 2.1.1
Global Platform Secure Channel Protocol: 02 option 15
Java Card version : 2.2
There is the content of it:
Card Manager AID : A000000003000000
Card Manager state : SECURED
Application: SELECTABLE (--------) "2PAY.SYS.DDF01"
Application: SELECTABLE (--------) A0000000041010
Application: SELECTABLE (--------) A0000000041010BB5449435301
Sec. Domain:PERSONALIZED (S-------) A00000000353504101
Load File : LOADED (--------) A0000000035350 (Security Domain)
Module : A000000003535041
Load File : LOADED (--------) 4D66344D0002
Module : A0000003964D66344D0002
Load File : LOADED (--------) "2PAY."
Module : "2PAY.SYS.DDF01"
Load File : LOADED (--------) A000000004
Module : A00000000410100001
Module : A0000000041010
Applet with AID A0000000041010BB5449435301 has been extradited to supplementary security domain with AID A00000000353504101.
Other applets belongs to ISD.
Is there any possibilities to discover this relations?
GP GET STATUS command does not have such options in GP Card Spec v2.1.1.
In v2.2.1 I found optional tag CC (Associated Security Domain's AID) in GET STATUS command description and tag 2F00 (List of Applications belonging to the Security Domain) in GET DATA description.
But I need to get this info from card 2.1.1.
Thanks in advance.
Vasiliy.
Edited by: 1010453 on Jun 7, 2013 7:00 PM

i have same problem in GP2.1.1,
i think if Applet A associated with SD A, then when I select ISD, i cannot delete Applet A. but i'm wrong. JCOP also deleted it

How to Install .CAP file in the Java Card?

Hi Friends..
How to install *.CAP* file in the Java Card?..
I've GPShell script as follows :
mode_211
enable_trace
establish_context
card_connect -readerNumber 2
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f
install_for_load -pkgAID a00000006203010c01 -nvCodeLimit 500 -sdAID A000000003000000
load -file HelloWorld.cap
card_disconnect
release_contextwith that script i can load HelloWorld.cap file successfully..
Now, how to install the HelloWorld.cap file?..
if i add script : load -file HelloWorld.cap i got this error :
install -file HelloWorld.cap
file name HelloWorld.cap
Command --> 80E602001B09A00000006203010C0107A00000015100000006EF04C60201A80000
Wrapped command --> 84E602002309A00000006203010C0107A00000015100000006EF04C60201
A80030C859793049B85300
Response <-- 6985
install_for_load() returns 0x80206985 (6985: Command not allowed - Conditions of
use not satisfied.)i ask this question because when i tried to select the applet through its AID, by this script :
establish_context
card_connect -readerNumber 2
select -AID a00000006203010c0101i got this message error : select_application() returns 0x80216A82 (6A82: The application to be selected could not be found.)
but there's exactly any that AID in my Java Card..
here's is the list of AID from My Java Card :
C:\GPShell-1.4.2>GPShell listgp211.txt
mode_211
enable_trace
establish_context
card_connect -readerNumber 3
* reader name OMNIKEY CardMan 5x21-CL 0
select -AID a000000003000000
Command --> 00A4040008A000000003000000
Wrapped command --> 00A4040008A000000003000000
Response <-- 6F108408A000000003000000A5049F6501FF9000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4
f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
Command --> 80CA006600
Wrapped command --> 80CA006600
Response <-- 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864
886FC6B03640B06092A864886FC6B040215650B06092B8510864864020102660C060A2B060104012
A026E01029000
Command --> 8050000008AAF7A87C6013BC0300
Wrapped command --> 8050000008AAF7A87C6013BC0300
Response <-- 0000715457173C2A8FC1FF0200937A55C288805D8F2A04CCD43FA7E69000
Command --> 848201001023CA18742D36165ED992CFF2146C3D51
Wrapped command --> 848201001023CA18742D36165ED992CFF2146C3D51
Response <-- 9000
get_status -element 10
Command --> 80F21000024F0000
Wrapped command --> 84F210000A4F004FF8BE1492F7275400
Response <-- 0CF0544C00004D4F44554C415201000009A00000006203010C010100010AA000000
06203010C01019000
GP211_get_status() returned 2 items
List of Ex. Load File (AID state Ex. Module AIDs)
f0544c00004d4f44554c4152        1
a00000006203010c01      1
        a00000006203010c0101
card_disconnect
release_contextPlease help me..
And please correct me if i'm wrong,,
Thanks in advance..

Any suggestions for my question?..
Please help me..
Thanks in advance..

In RSA Authentication Manager 7.1, how create multiple security domains

Hi,
RSA Authentication Manager 7.1 in configured with LDAP(Sun java system directory server); how create multiple security domains 7.1, is this security domains is releted to LDAP?
thanks

I think what you need to do is create an identity sequence with RSA as the selection in
Authentication and Attribute Retrieval Search List and AD in Additional Attribute Retrieval Search List. Then select this sequence as the result in the identity policy for the service

How can I create a new Security Domain ?

Hi everyone,
I would like to know how can I create an Security Domain other than ISD ?(If my card support multi SD and delegated management)
I read Global Platform v2.1.1 ,but I don't know how can I create new SD practically(how can I write it's code ,how can I install it and how can I associate an applet to it,...).
if there is any document or link can help me ,please inform me.
I'll appreciate for any one if explain it to me step by step.
yours sincerely.
Orchid.

You're right, it is not visible looking at your script, but at the APDU log. /card is an internal JCShell script to do the following:
cm> /card
resetCard with timeout: 0 (ms)First the card is reset. This is analogous with /atr
--Waiting for card...
ATR=3B FA 13 00 00 81 31 FE 45 4A 43 4F 50 34 31 56    ;.....1.EJCOP41V
    32 33 31 97                                        231.
ATR: T=1, FI=1/DI=3 (93clk/etu), N=0, IFSC=254, BWI=4/CWI=5, Hist="JCOP41V231"Then an /identify command is issued.
=> 00 A4 04 00 09 A0 00 00 01 67 41 30 00 FF          .........gA0..
(163429 nsec)
<= 09 01 01 29 00 00 00 00 50 48 36 35 30 41 00 00    ...)....PH650A..
    6A 82                                              j.
Status: File not foundNow the Issuer Security Domain (ISD) is selected. You can do the same sending the JCShell 'select' command.
=> 00 A4 04 00 07 A0 00 00 00 03 00 00 00             .............
(650082 nsec)
<= 6F 65 84 08 A0 00 00 00 03 00 00 00 A5 59 9F 65    oe...........Y.e
    01 FF 9F 6E 06 40 51 70 92 29 00 73 4A 06 07 2A    ...n.@Qp.).sJ..*
    86 48 86 FC 6B 01 60 0C 06 0A 2A 86 48 86 FC 6B    .H..k.`...*.H..k
    02 02 01 01 63 09 06 07 2A 86 48 86 FC 6B 03 64    ....c...*.H..k.d
    0B 06 09 2A 86 48 86 FC 6B 04 02 15 65 0B 06 09    ...*.H..k...e...
    2B 85 10 86 48 64 02 01 03 66 0C 06 0A 2B 06 01    +...Hd...f...+..
    04 01 2A 02 6E 01 02 90 00                         ..*.n....
Status: No ErrorThe answer is the File Control Information (FCI) returned by the ISD. The format is also described in GP.

Java Card Please Help!

Please I am doing my final year project on secure mobile application using Java Card Technology.
I need to write and an application that can send SMS on a SIM card to another SIM card with the same application. The application will have a server side which manage the storage of messages and at the same time communicate information to the client on the SIM remotely. I am suppose to use wi-fi (TCP/IP) for transmission.
Can anybody please give me ideas and possible working codes and simulators.
I mean step by step procedure of how to start.
THANK YOU.

Hi,
I found the following resources helpful when starting out in JavaCard.
JavaCard documentation:
Java Card Technology for Smart Cards: Architecture and Programmer's Guide (Book)
http://java.sun.com/docs/books/javacard/index.html
JavaCard specifications:
http://java.sun.com/products/javacard/specs.html
Global Platform specifications:
http://www.globalplatform.org/specificationview.asp?id=card
Communication between SmartCards and terminals is based on ISO 7816 part 3 and 4 so if you�re completely new to the SmartCard environment it may be helpful getting an overview regarding these specifications. Unfortunately these specifications are not free, they�re available from.
http://www.iso.org/iso/en/ISOOnline.frontpage
Software:
The basis for all development is the JavaCard and Java Development kits.
Java Development Kit
http://java.sun.com/j2se/1.4.2/download.html
JavaCard Development Kit
http://java.sun.com/products/javacard/dev_kit.html
Full installation instructions can be found in JCDevKit_User_Guide.pdf which is contained in the JavaCard Development Kit distribution.
Several companies provide IDE�s that will aid you in developing and deploying applets to JavaCard.
For example:
Aspects Developer
http://www.aspectssoftware.com/devtools/index.html
There are others out there as well. You may need to also buy physical sample cards; however, the IDE�s usually have simulators built in.
Hardware:
To interact with physical cards you�ll require a PCSC compatible card reader.
Omnikey
http://www.omnikey.com/
GemPlus
http://support.gemplus.com/gemdownload/readers/index.aspx
Hope this helps.
Cheers,
Alasdair

Java Card Security domain

Similar Messages

Maybe you are looking for