×

Discussion Board

Results 1 to 5 of 5
  1. #1
    Registered User
    Join Date
    Jul 2007
    Posts
    9

    SATSA and PKCS#15 applet

    Hi,

    I'm trying to open a channel to a PKCS#15 applet, previously installed in the SIM card, through a MIDlet but I get a security exception when using A0:00:00:00:63:50:4B:43:53:2D:31:35 AID. I've tested the MIDlet and it works with any other AID value.
    Does anyone know why I get this kind of exception?? Is there any way to solve it without changing the applet ID?
    The MIDlet is signed as a 3rd party trusted domain and is the SATSA library who, without sending any information to the SIM card, refuses the applet connection. What would happen if I have the MIDlet signed as an Operator or a Manufacturer domain? The MIDlet would then have the permissions to send any kind of APDU, without filtering??

    Thanks!

    joana.

  2. #2
    Super Contributor
    Join Date
    Apr 2003
    Location
    USA, CA
    Posts
    7,191

    Re: SATSA and PKCS#15 applet

    The command APDUs you can send to the applet on the SIM card has to be listed on the Access Control List on the SIM card. It does not matter if your MIDlet is in trusted 3rd party and operator domain (the differences between those domains are that there are less confirmations asked and that operator MIDlets have access to SAT)

    The Appendix A in SATSA specification contains a lot of information about the SATSA security.

    Hartti

  3. #3
    Registered User
    Join Date
    Jul 2007
    Posts
    9

    Re: SATSA and PKCS#15 applet

    Hi Hartti,

    Thanks for your answer, it helped a lot heading us into the right direction.

    We bypassed the original problem changing the AID. But now, while connected to the applet, the verify chv APDU has to be sent and it's rejected with a SecurityException.
    We are trying to create an ACL file inside our PKCS#15 profile. As you recommended us, we've read the satsa appendix A and it is very clear saying what we have to do but not how.
    Do you have some experience creating OID Data Objects? Can you give us some clue? As you see, we are stuck in the first step....

    Thanks again,

    joana&co.

  4. #4
    Super Contributor
    Join Date
    Apr 2003
    Location
    USA, CA
    Posts
    7,191

    Re: SATSA and PKCS#15 applet

    I have not tried to add information in the ACL. I would say you have to get that done by the card manufacturer or the operator...but I might be wrong in here too..

    Hartti

  5. #5
    Registered User
    Join Date
    Jul 2007
    Posts
    9

    Re: SATSA and PKCS#15 applet

    Is it possible that on s40 3rd ed FP2 the static access control mechanism is not supported?
    After reading the Optional APIs Porting Guide we have come to the conclusion that a card with the PKCS#15 application but without ACLs should revoke all permissions on APDU commands (look here).
    Instead of this behaviour we can send almost all APDUs except the PIN Management ones.

    Thanks!

Similar Threads

  1. Jsr#177 (satsa)
    By MCrill in forum Mobile Java General
    Replies: 0
    Last Post: 2004-09-24, 10:38

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×