1 Reply Latest reply on Nov 13, 2012 1:02 AM by safarmer

    DAP and Delegated Management


      I am starting learning DAP, Mandated DAP and delegated management but it is bit tricky and i could not get them fully.
      Mandated DAP Verification allows a Controlling Authority to own a Security Domain that always requires to
      authorize a load process. This ensures that only Load File Data Blocks authorized by the Controlling Authority
      may be loaded on cards that contain this Security Domain.
      DAP Verification allows an Application Provider to own a Security Domain that requires authorizing a load
      process. This ensures that when associating a Load File to this Security Domain, the Application Provider must
      have authorized the Load File Data Block. This authorization may also serve as a means for a Security Domain to
      control the access to some of its services.
      Delegated Management allows Application Providers to perform Card Content changes (load, install and
      extradite) with pre-authorization from the Card Issuer. Applications Providers can also delete Executable Load
      Files and Applications associated to their on-card Security Domains without pre-authorization from the Card
      Above is the text i have copied from GP2.2 and need assistance in it's understanding.
      Can anybody explains their usage, implementation and purpose ?

      Thank you,
        • 1. Re: DAP and Delegated Management
          DAP is a way to have a trusted party sign your applet code so that it can be verified by the card when you load your cap files. There is a public key in the SD that handles verification that will verify the signature from a secure private key.

          Mandated DAP means that all code loaded onto the SD must have a DAP signature.

          Delegated management is a way to give a trusted third party a token that they can use to load and install applications onto an SE. They can only load and install what they have tokens for.

          - Shane