This content has been marked as final. Show 6 replies
you can send APDU only to one card? or to both?1 person found this helpful
The host application can only send commands to one card (let's call it the master). Then, that master card must process the command and, in some cases, it must send/receive commands to the second card (the slave).
The slave card belongs to our customer (each employee has its own card, we do not have access to that card), and it cannot be reached by the host application (for security reasons).
The master card belongs to us (it will contain our applet).
i do not think it is possible then. One card can not send commands to another.
Task which you have described looks like work with SAM-module. But it works when communication with both, SAM and "slave" cards, is possible:
- app, which does not have secret key of slave card, asks SAM, which has or can diversify secret key, to construct correct APDU for slave card;
- app gets answer from SAM;
- app sends this answer to slave card.
The key point is that the app must not have access to the slave card, that is why we wanted to place the master card between the app and the slave card, in order to allow the master to act as a "router".
Unfortunately Java card is passive and only responds to APDU's. You would need a controller application that handles the communication. You would need to ensure that the controller cannot interfere with the commands and responses if you do not trust the host, but this is still something that is possible.
Thanks. I will dig in that way.