问题
As you know, we prove to the card that we are the authentic user, via INITIAL UPDATE and EXTERNAL AUTHENTICATION commands, as follow :
< 80 50 00 00 08 | Host Challenge
> ...
< 84 82 03 00 10 | Host Cryptogram | MAK
> ...
I want to know, what is the differece between this authentication process and the VERIFYING process with CLA 20 P1 P2 Lc Data Le APDU?
All cards support both? or each card use one of this mechanism?
Update: As you see, I upload and install my applet on the card successfully , [Without using Verification]!
So why I need verificatin :
C:\Users\ghasemi\Desktop\gpj-20120310>gpj -load e:\helloW.cap -install
C:\Users\ghasemi\Desktop\gpj-20120310>java -jar gpj.jar -load e:\helloW.cap -ins
tall
Found terminals: [PC/SC terminal ACS CCID USB Reader 0]
Found card in terminal: ACS CCID USB Reader 0
ATR: 3B 68 00 00 00 73 C8 40 12 00 90 00
DEBUG: Command APDU: 00 A4 04 00 07 A0 00 00 01 51 00 00
DEBUG: Response APDU: 6A 82
Failed to select Security Domain GP211 A0 00 00 01 51 00 00 , SW: 6A 82
DEBUG: Command APDU: 00 A4 04 00 08 A0 00 00 00 18 43 4D 00
DEBUG: Response APDU: 6A 82
Failed to select Security Domain GemaltoXpressPro A0 00 00 00 18 43 4D 00 , SW:
6A 82
DEBUG: Command APDU: 00 A4 04 00 08 A0 00 00 00 03 00 00 00
DEBUG: Response APDU: 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 01 FF 90 0
0
Successfully selected Security Domain OP201a A0 00 00 00 03 00 00 00
DEBUG: Command APDU: 80 50 00 00 08 A7 C9 58 B7 D1 B6 84 E9
DEBUG: Response APDU: 00 00 11 60 01 00 8A 79 0A F9 FF 02 00 31 DF AA 47 16 6E 9
7 B8 02 20 8F 8E A0 1B 88 90 00
DEBUG: Command APDU: 84 82 00 00 10 0D D7 A4 DF 75 E4 CA 5C 9E EE 25 3F 96 A7 8
A 8B
DEBUG: Response APDU: 90 00
DEBUG: Command APDU: 84 82 00 00 08 0D D7 A4 DF 75 E4 CA 5C
DEBUG: Response APDU: 90 00
DEBUG: packagePath: helloWorldPackage/javacard/
DEBUG: package: helloWorldPackage
DEBUG: package AID: 01 02 03 04 05 06 07 08 09 00
DEBUG: applet AIDs: [01 02 03 04 05 06 07 08 09 00 00 ]
DEBUG: Command APDU: 80 E6 02 00 17 0A 01 02 03 04 05 06 07 08 09 00 08 A0 00 0
0 00 03 00 00 00 00 00 00
DEBUG: Response APDU: 00 90 00
DEBUG: Command APDU: 80 E6 02 00 17 0A 01 02 03 04 05 06 07 08 09 00 08 A0 00 0
0 00 03 00 00 00 00 00 00
DEBUG: Response APDU: 00 90 00
DEBUG: Command APDU: 80 E8 00 00 FF C4 82 01 49 01 00 14 DE CA FF ED 01 02 04 0
0 01 0A 01 02 03 04 05 06 07 08 09 00 02 00 1F 00 14 00 1F 00 0F 00 0B 00 2E 00
0C 00 7D 00 18 00 12 00 00 00 6F 00 02 00 01 00 0B 01 01 00 04 00 0B 01 02 01 07
A0 00 00 00 62 01 01 03 00 0F 01 0B 01 02 03 04 05 06 07 08 09 00 00 00 08 06 0
0 0C 00 80 03 00 FF 00 07 01 00 00 00 1C 07 00 7D 00 01 10 18 8C 00 00 7A 05 30
8F 00 01 3D 8C 00 02 18 1D 04 41 18 1D 25 8B 00 03 7A 02 23 18 8B 00 04 60 03 7A
19 8B 00 05 2D 1A 03 25 11 00 FF 53 5B 32 1A 04 25 11 00 FF 53 5B 29 04 1F 60 0
8 11 6E 00 8D 00 06 16 04 73 00 10 00 00 00 00 00 09 18 19 8C 00 07 70 08 11 6D
00 8D 00 06 7A 05 22 19 8B 00 05 2D 7B 00 08 92 32 7B 00 08 03 1A 03 1F 8D 00 09
3B 19 03 1F 8B 00 0A 7A 08 00 18 00 02 00 01 00 01 03 00 0B 48 65 64 61 79 74 2
0
DEBUG: Response APDU: 00 90 00
DEBUG: Command APDU: 80 E8 00 00 FF C4 82 01 49 01 00 14 DE CA FF ED 01 02 04 0
0 01 0A 01 02 03 04 05 06 07 08 09 00 02 00 1F 00 14 00 1F 00 0F 00 0B 00 2E 00
0C 00 7D 00 18 00 12 00 00 00 6F 00 02 00 01 00 0B 01 01 00 04 00 0B 01 02 01 07
A0 00 00 00 62 01 01 03 00 0F 01 0B 01 02 03 04 05 06 07 08 09 00 00 00 08 06 0
0 0C 00 80 03 00 FF 00 07 01 00 00 00 1C 07 00 7D 00 01 10 18 8C 00 00 7A 05 30
8F 00 01 3D 8C 00 02 18 1D 04 41 18 1D 25 8B 00 03 7A 02 23 18 8B 00 04 60 03 7A
19 8B 00 05 2D 1A 03 25 11 00 FF 53 5B 32 1A 04 25 11 00 FF 53 5B 29 04 1F 60 0
8 11 6E 00 8D 00 06 16 04 73 00 10 00 00 00 00 00 09 18 19 8C 00 07 70 08 11 6D
00 8D 00 06 7A 05 22 19 8B 00 05 2D 7B 00 08 92 32 7B 00 08 03 1A 03 1F 8D 00 09
3B 19 03 1F 8B 00 0A 7A 08 00 18 00 02 00 01 00 01 03 00 0B 48 65 64 61 79 74 2
0
DEBUG: Response APDU: 00 90 00
DEBUG: Command APDU: 80 E8 80 01 4E 3A 29 20 20 00 00 00 00 05 00 2E 00 0B 06 8
0 03 00 01 00 00 00 06 00 00 01 03 80 03 02 03 80 03 03 03 80 0A 01 06 80 07 01
06 00 00 5F 05 00 00 00 06 80 10 02 03 80 0A 08 09 00 12 00 00 00 0E 05 06 04 0A
07 07 1D 10 08 07 04 05 07 07
DEBUG: Response APDU: 00 90 00
DEBUG: Command APDU: 80 E8 80 01 4E 3A 29 20 20 00 00 00 00 05 00 2E 00 0B 06 8
0 03 00 01 00 00 00 06 00 00 01 03 80 03 02 03 80 03 03 03 80 0A 01 06 80 07 01
06 00 00 5F 05 00 00 00 06 80 10 02 03 80 0A 08 09 00 12 00 00 00 0E 05 06 04 0A
07 07 1D 10 08 07 04 05 07 07
DEBUG: Response APDU: 00 90 00
DEBUG: Command APDU: 80 E6 0C 00 29 0A 01 02 03 04 05 06 07 08 09 00 0B 01 02 0
3 04 05 06 07 08 09 00 00 0B 01 02 03 04 05 06 07 08 09 00 00 01 00 02 C9 00 00
DEBUG: Response APDU: 00 90 00
DEBUG: Command APDU: 80 E6 0C 00 29 0A 01 02 03 04 05 06 07 08 09 00 0B 01 02 0
3 04 05 06 07 08 09 00 00 0B 01 02 03 04 05 06 07 08 09 00 00 01 00 02 C9 00 00
DEBUG: Response APDU: 00 90 00
回答1:
Initialize update and ext auth commands are to establish secure channel between off card and on card entity. While 00 20 .... apdu is for verify card manager pin. So all cards which are GP compliance will support both. There is card manager which is the owner of card so to authenticate urself or say to reach card manager u can use initialize update and ext auth. OR u can select card manager and use 00 20... command to verify urself to card manager.
回答2:
According to : ISO 7816-4: Interindustry Commands for Interchange for smart card.
The VERIFY command initiates the comparison in the card of the verification data sent from the interface device with the reference data stored in the card (e.g. password).
The AUTHENTICATE command initiates the computation of the authentication data by the card using the challenge data sent from the interface device and a relevant secret (e.g. a key) stored in the card.
来源:https://stackoverflow.com/questions/24340584/difference-between-verification-and-authentication