. I am postgraduate student doing researh related to NFC technology. I am trying to do apply Confidential Card Content Management (GP CardSpec 2.2 Amendment A) on my Nokia 6212 classic NFC phone. It has embedded secure element in it : NXP P5CN072 (I have appropriate keyset for unlocking SE). For the communication with secure element I am using Omnikey Reader CardMan 5321. I am also using JCOP offcard API library.

In order to do so, my first question is how to create new security domain (SD) other than CardManager (ISD) on SE? I know it is just another applet, but are there any standards or interfaces that security domain must meet? For example,if it is SD with token verification priviledge, should I implement method for token verification?

Second, even if I make SD and instatiate it on the SE, how to put Application Provider (AP) public key in that SD, and how to generate new keyset on board (OBKG)? How to sign this key set with AP public key and sent it back to AP?

Third, I also have a question about delegated management. If there is SD with token verification priviledge, and token is digital signature of some request( load, install, make-selectable, or some other request) made by Issuer in order to authorize that request, does that SD need to have public key of Issuer in order to verify token?

I would highly appreciate some examples... There are so few people that have an experience with multi- application enviroment on the card.