Java Card中的Applet ID和APDU

Question

In my project i want to write biometric data (like fingerprint template) on a smart card. After some good study i chose Java card for my project. But i am new to this platform and know very little about this :(

I have read tutorials from Sun also, but was unable to resolve some confusions:

1.) I just want to read and write biometric data from the card, so is it necessary to design applet for it on java card? Can't i use simple read/write functions of a smart card reader to read/write biometric data on the smart card's memory?

2.) If i create an applet for java card then how i am going to give applet id to it? Applet id is unique to each applet. And, how can i know the applet id for the pre-created applets?

3.) What are Application Protocol Data Unit (APDU's)? And, how are they going to help me in reading/writing data on the card?

I know all these are basic questions but i am really confused. So please help out guys!

Thanks in advance.

Answer 1

I will try to answer your questions:

1) If there is nothing pre-installed on the card that supports writing and reading biometric data you should create your own applet doing the job.

2) Concerning the AID you are right that you should try make it unique. The structure of the AID is the following : 5 bytes RID + 0..11 bytes PIX

RID is unique identifier of the application provider. In order to make sure that nobody else use your RID you should register it in a national or international certification institutions, depending on the scope of your application. Although, it is not mandatory to have registered RID only requirement is that you should use "F" as a start of your RID if it is not registered. It is recommend to use only registered AID if you implement serious application.

PIX is Proprietary Application Identifier Extension that application provided should maintain its uniqueness.

3) APDUs is just protocol describing the way of communicating with your applet. It wraps the instruction that you want to call together with the input and output data.

Answer 2

APDUs are the "commands" you send to the smart card.

Javacards (and applets installed on javacards) support specific APDUs depending on what applets are installed (and specific APDUs for installing applets.) The javacard documentation is the best place to start learning about this.

Some smart cards come with applets pre-installed that have space reserved for biometric data; for example, "PIV" cards (and associated applet).

If your card doesn't have an applet pre-installed for storing biometric data you will need to write and install one.

Hope this helps.

Answer 3

An example for APDU Command: 00 A4 04 00 0A A0 00 00 00 62 03 01 0C 01 01 CLA INS P1 P2 Lc Data field Le

1st byte: CLA, it is an command type. For example 80 means Global platform defined commands are used.

2nd Byte: INS, instruction code.

3rd Byte: P1, parameter 1.

4th Byte: P2, parameter 2.

5th and 6th bytes : Length of data excluding length of size, CLA, P1, P2 and le.

7th. byte to last byte: Data

Last Byte: Le which is generally 00.

For more information please see Global Platform's documents. http://globalplatform.org/specificationscard.asp