pro.javacard.gp.GPException: STRICT WARNING: Unfused JCOP detected

Question

When trying to list the content of smart card using following command

gp -l

Getting following exception :

pro.javacard.gp.GPException: STRICT WARNING: Unfused JCOP detected
at pro.javacard.gp.GlobalPlatform.printStrictWarning(GlobalPlatform.java:184)
at pro.javacard.gp.GlobalPlatform.select(GlobalPlatform.java:213)
at pro.javacard.gp.GPTool.main(GPTool.java:334)

When searched , I got to know that card is not pre-personalized. My question is what is Smart Card pre-personalization? Who does this pre-presonalization? is it a vendor?

Answer 1

Pre-personalization for JCOP Cards consists of sending a set of commands to an applet named Root Applet.

Manufacturer installed this special applet to provide some special accesses for card providers (Mr Bodewes mentioned these accesses in his answer).

Root Applet AID named Transport Key and is securely transferred to card's provider or anybody whom requested not-fused cards from NXP. (This AID is specific per card or a set of cards requested by a provider)

The commands that this applet supports included some READ and WRITE commands for restrictrd area of EEPROM.

Final step and mandatory step of pre-personalization is sending a command named FUSE command to ROOT Applet. This command make Root Applet disabled forever.

Before pre-personalization, there is no Security Domain available to select on the card, and Root Applet is the only active entity on the card, but after pre-personalization you have access to security domain and no access to Root Applet anymore.

I think this info is confidential, so do not publish them! :)

Answer 2

Most Smart card application require that certain program and/or data files be installed on each chip before the card can personalized and given to a specific cardholder.This general preparation of software or files on the card is done through an operation called pre-personalization.

So it is done by vendor or cardholder.

Answer 3

Pre-personalization for a Java Card consists mainly of setting up parameters within the operating system. You should think of things like the ATR but also for instance the Global Platform key set, memory configuration etc.. After a card is "fused" these settings cannot be changed anymore.

Pre-personalization is not standardized. This means you have to contact the card manufacturer about the details. In this case that would mean NXP Semiconductors.

Fusing means that the pre-personalization phase is finished and that the settings cannot be changed anymore. It points to fusing a resistor to disable specific chip functionality. In current chip / operating designs it may well be a logistical process instead.

Chips should normally be fused when used in the field. Usually the pre-personalization is performed at the manufacturer for demo-cards or at secured premises of card or inlay manufacturers.

In general you should be authenticated to the card to perform pre-personalization. So having an unfused card may not grand you special powers.

---

Note that if you look at the word, pre-personalization may involve anything before personalization. So this could include e.g. applet loading. In that sense it is probably better to think of the fuse command to end the initialization phase. As there is no authority on this you will hear different names for the different phases of the process of chip manufacturing.

Answer 4

Pre-personalization is like a configuration on Smart card for specific requirement. There can be following steps in pre-personalization: 1) Changing historical bytes of ATR. 2) Installation of Security Domains and or applications. 3) Storage of Global Platform Secure Channel Keys. 4) Personalization of Security Domains. ... etc...

Why we need personalization?

We make a common Smart Card operating system so that it can be configured as per the requirement. Like configuration for Visa, Master Card etc...

So after loading Smart Card OS on a chip we need to personalize the card as per the required features.

Who does this pre-presonalization?

It depends either card manufactures or Vendor may configure as per the requirement.