java card authenticated with JC-Manager , but received 6985 in GPJ Authentication

Question

I have a javacard, this is outputs when I want to authenticate the card via GPJ and JC-Manager :

GPJ Tool Output :

C:\Users\ghasemi\Desktop\gpj-20120310>java -jar gpj.jar
Found terminals: [PC/SC terminal ACS CCID USB Reader 0]
Found card in terminal: ACS CCID USB Reader 0
ATR: 3B 68 00 00 00 73 C8 40 12 00 90 00

DEBUG: Command  APDU: 00 A4 04 00 08 A0 00 00 00 03 00 00 00
DEBUG: Response APDU: 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 01 FF 90 00
Successfully selected Security Domain OP201a A0 00 00 00 03 00 00 00

DEBUG: Command  APDU: 80 50 00 00 08 C8 12 42 39 22 8D 5E 24
DEBUG: Response APDU: 00 00 11 60 01 00 7F 8B 0A F9 02 02 02 24 AB 7A 47 C8 17 DD 03 75 44 3F 76 8E 12 BE 90 00

DEBUG: Command  APDU: 84 82 00 00 10 B6 09 4F FF C0 0D D2 CC B0 CE B1 3E 20 57 30 D4
DEBUG: Response APDU: 69 85
DEBUG: Command  APDU: 84 82 00 00 08 B6 09 4F FF C0 0D D2 CC
DEBUG: Response APDU: 69 85

javax.smartcardio.CardException: External authenticate failed. SW: 69 85
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.openSecureChannel(Unknown Source)
        at net.sourceforge.gpj.cardservices.GlobalPlatformService.main(Unknown Source)

JC-Manager Output :

Note: Keys set to 404142434445464748494A4B4C4D4E4F

Selecting Card Manager
***********************
-> 00 A4 04 00 08 A0 00 00 00 03 00 00 00
<- 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 01 FF 90 00
************
Init Update
*************
-> 80 50 00 00 08 B6 42 6E BB DC 0E DF E8
<- 00 00 11 60 01 00 7F 8B 0A F9 02 02 02 23 7E 5D E1 67 E0 0A 3D 67 91 7E B8 D6 14 59 90 00

HostChallenge: B6 42 6E BB DC 0E DF E8
CardChallenge: 7E 5D E1 67 E0 0A
Card Calculated Card Cryptogram: 3D 67 91 7E B8 D6 14 59
Derivation Data is 01 82 02 23 00 00 00 00 00 00 00 00 00 00 00 00
Host Cryptogram Data (to encrypt) 02 23 7E 5D E1 67 E0 0A B6 42 6E BB DC 0E DF E8 80 00 00 00 00 00 00 00
Card Cryptogram Data (to encrypt for verification) B6 42 6E BB DC 0E DF E8 02 23 7E 5D E1 67 E0 0A 80 00 00 00 00 00 00 00
S_ENC: 9F 46 0D 11 18 88 F2 E2 1C D2 4A F5 00 D0 51 7D 9F 46 0D 11 18 88 F2 E2
The Current session MAC key is 99 96 8E ED 46 99 59 DE 20 B1 F8 36 0E 0C 7F DE
The Current session DEK key is 98 4D 50 CA 56 5A F3 4E 84 0E CF 12 3B E0 1D C3
Encrypted CardCryptoGram is 8E 07 30 FB E7 13 23 F4 CD D9 13 12 29 F3 7C 16 3D 67 91 7E B8 D6 14 59
Encrypted HostCryptoGram is 41 34 E9 1E C7 41 0D 62 EC D3 E1 2A 6A D1 7D 13 A9 CD 65 16 AE 5B 99 59

-> 84 82 03 00 10 A9 CD 65 16 AE 5B 99 59 1D 88 41 EF 90 09 03 32
<- 90 00
Authenticated

As you see, a same card, has two output via External AUTHENTICATION .successfully authenticate with JC-Manager , but received 6985 [ Conditions of use not satisfied ] in GPJ . Why?

Answer 1

P1 in the EXTERNAL AUTHENTICATE APDU command accept 00 or 01 or 03 values.

03 ---> C-DECRYPTION and C-MAC

01 ---> C-MAC

00 ---> No secure messaging expected

as you see in the codes that you put in the question, JC-Manager send External Authenticate with P1=03 , but GPJ send External Authenticate command with P1=00

I think your card is in SECURED state. and in SECUTED state the only way to authentate is using C-DECRYPTION and C-MAC . [I don't know why!] so, GPJ use P1=00 in authentication and it fails.