3 Replies Latest reply: Nov 7, 2012 9:22 AM by 950748 RSS

    get-cplc / global platform Card Life Cycle Mapping

    873691
      Hi,

      is there any correlation between the get-cplc response and the Global Platform Car Live Cycle definitions?

      I got an get-cplc output:
      ------
      cm> get-cplc
      => 80 CA 9F 7F 00 .....
      (12102 usec)
      <= 9F 7F 2A 47 90 50 40 47 91 81 02 31 00 83 58 00 ..*G.P@G...1..X.
      11 68 91 45 81 48 12 83 65 00 00 00 00 01 2F 31 .h.E.H..e...../1
      30 31 31 36 38 00 00 00 00 00 00 00 00 90 00 01168..........
      Status: No Error
      IC Fabricator : 4790
      IC Type : 5040
      Operating System ID : 4791
      Operating System release date : 8102 (11.4.2008)
      Operating System release level : 3100
      IC Fabrication Date : 8358 (23.12.2008)
      IC Serial Number : 00116891
      IC Batch Identifier : 4581
      IC Module Fabricator : 4812
      IC Module Packaging Date : 8365 (30.12.2008)
      ICC Manufacturer : 0000
      IC Embedding Date : 0000
      IC Pre-Personalizer : 012F
      IC Pre-Perso. Equipment Date : 3130 (10.5.2003)
      IC Pre-Perso. Equipment ID : 31313638
      IC Personalizer : 0000
      IC Personalization Date : 0000
      IC Perso. Equipment ID : 00000000
      -------

      Can I somehow check in what GP Card Live Cycle State my Card is?

      Cheers,
      Max
        • 1. Re: get-cplc / global platform Card Life Cycle Mapping
          safarmer
          Hi,

          This does not tell you the card life cycle state.

          If your card has too many failed authentication attempts it will be TERMINATED.

          From GP 2.1.1:
          The state TERMINATED signals the end of the card Life Cycle and the card. The state transition from any other state to TERMINATED is irreversible. When in the state TERMINATED, all APDU commands shall be routed to the Issuer Security Domain and the Issuer Security Domain shall only respond to the GET DATA command.
          You can try any command other than GET DATA that should be allowed without a secure channel to see if the card is terminated.

          Cheers,
          Shane

          Edited by: safarmer on 11/07/2011 13:08
          • 2. Re: get-cplc / global platform Card Life Cycle Mapping
            873691
            Hi, following your advice I tried this:
            cm>  /terminal "winscard:4|RICOH Company, Ltd. RICOH SmartCard Reader 0"
            --Opening terminal
            
            /card
            --Waiting for card... ATR=3B F8 18 00 FF 81 31 FE 45 4A 43 4F 50 76 32 34    ;.....1.EJCOPv24     31 43                                              1C ATR: T=1, FI=1/DI=8 (31clk/etu), N=-1, IFSC=254, BWI=4/CWI=5, Hist="JCOPv241" => 00 A4 04 00 07 A0 00 00 00 03 00 00 00             ............. (24503 usec) <= 6F 65 84 08 A0 00 00 00 03 00 00 00 A5 59 9F 65    oe...........Y.e     01 FF 9F 6E 06 47 91 81 02 31 00 73 4A 06 07 2A    ...n.G...1.sJ..*     86 48 86 FC 6B 01 60 0C 06 0A 2A 86 48 86 FC 6B    .H..k.`...*.H..k     02 02 01 01 63 09 06 07 2A 86 48 86 FC 6B 03 64    ....c...*.H..k.d     0B 06 09 2A 86 48 86 FC 6B 04 02 15 65 0B 06 09    ...*.H..k...e...     2B 85 10 86 48 64 02 01 03 66 0C 06 0A 2B 06 01    +...Hd...f...+..     04 01 2A 02 6E 01 02 90 00                         ..*.n.... Status: No Error cm>  /send 00000000 => 00 00 00 00                                        .... (7342 usec) <= 6E 00                                              n. Status: CLA value not supported
            If I got you and the Spec right, if the card was terminated the CardManager should not respond to
            this zero-APDU because it is not an GET DATA Command, so response "CLA not supported"
            is exceptionally something I can be happy about: it means NOT TERMINATED?

            Cheers
            and thanks again!
            • 3. Re: get-cplc / global platform Card Life Cycle Mapping
              950748
              You need to send command Get Status to ISD
              You need do the folowing steps^
              1. Select ISD
              2. Init-Update
              3. External Authentificate
              4. Get Status

              If you are using Jcop Tool you need do the speps 1-3, and then write "ls"