deselect()-function and card tears
I'm wondering if anyone has a clear idea as to how the deselect() function is called during card tears. I've been doing some trying myself, and it appears that deselect is called on the next insertion of the card (upon selecting the cardmanager).
The reason that I'm wondering is that I need to make sure that all PIN authentications are reset whenever the card leaves a terminal. To ensure this, would it be best to have the reset()-calls in select() or deselect()? I.e., is it possible to send APDUs to a smart card without selecting the cardmanager first?
[574 byte] By [
Lillesanda] at [2007-11-27 10:05:09]
# 1
The tear mechanism is described in detail in the JCRE (3.6 and 4.1). Remember that with a GP card, if no applet is default selected, the CardManager is the default selected application. With a default selected application you don't need to select the applet, but it is automatically selected on power up. The select() method is called upon the first APDU. If the APDU was a SELECT on another applet, the default applet's deselect() method is called before the other applet is selected.
# 2
best practice would have the PIN Management functions reset upon successful PIN validation. Nothing is called during a card tear simply because how would it be called ? the card is removed and theres no processing. card tears will also reset the PIN.
Deselect is invoked when another applet is selected.
You don't have to call cardmanager first. I don't know where you got that from. You only need to call the cardmanager if you intend to manage the applets on the card. Once instantiated, you may call ur applet without calling the cardmanager.
# 3
Hi.Isn't card manager (ISD) applet select by default after ATR? It enables to select your own proper applets. But nothing has to be done manually, suppose. How it can be seen in JCOP Shell, it is the first APDU command after successfull ATR.Best regards,Eve
Ievaa at 2007-7-13 0:40:09 >
# 4
I stated above that the CM is by default selected after the ATR. No APDU command is needed. To check that the select method is called for the default selected application, just implement a counter each time the method is called and another counter in the deselect method.
# 5
I think I found the answer to my question in the JCRE Specification as lexdabear said: "The applet that was selected when power was lost (or reset occurred) becomes implicitly deselected. (In this case the deselect method is not called.)" Thus, the best overall security will be achieved by resetting PIN validation in select(), as it is bound to be called upon re-inserting the card.
As for Joseph's reply, I think I must have expressed myself a bit unclear there. Resetting PIN authentication immediately upon validation would be kind off pointless, as the reason for authenticating is to be able to perform later actions with a high access level. Then again, I might be misunderstanding what you mean :).
Anyways, am I right in my understanding that the default applet will always be selected upon reinserting the card after a tear (well, upon receiving ATR), and the default default applet (phew) is the CM?
# 6
> Anyways, am I right in my understanding that the
> default applet will always be selected upon
> reinserting the card after a tear (well, upon
> receiving ATR), and the default default applet (phew)
> is the CM?
Id you do not install any other applet with the default selected privilege (see GP2.1.1, Table 9-7), the CM is default selected.
