For some applications, such as passports and ID, it may be a requirement that the MULTOS chip does not provide any information, via its card edge commands, that could aid someone trying to
compromise the security of the device.
The primitive Set Silent Mode can be used by an application to control the behaviour of the GET CONFIGURATION DATA, GET MANUFACTURER DATA, GET MULTOS DATA and OPEN MEL card edge commands (note it does not affect the information returned by MULTOS to applications using
primitives).
When in Silent Mode, the device public key certificate is not returned and the MCD_ID and INIT_DATE values are set to be all equal to 0x00.
Silent Mode was introduced in MULTOS 4.3.1 where it was possible using the primitive to turn it on or off. In MULTOS 4.3.2, the ability turn Silent Mode on but then temporarily suspend it until the next reset was added.
4.8.1 Overview
This functionality allows applications to execute and process more events than just the application APDUs. For example, following a SELECT APDU the application can be made to execute immediately to process the select event, giving the application the opportunity to test the P2 value and to return the required response data (e.g. the FCI and the SW). To enhance applications further other process events are supported: automatic application selection, application reselection, application deselection, application creation and application deletion.
The application is able to reject the event that it is processing. For example, when processing a SELECT APDU it can reject the select, making the application not selected when the SELECT APDU processing has completed.
Applications are able to process these events if bit 10 (numbered from 0) of the application’s access list is set in the application load certificate.
4.8.2 Primitives
There are two primitives that an application can call to get the process event and to reject the current process event.
The Get Process Event primitive can be called by any application to get the number of the application process event that caused the application to be executed by MULTOS.
The Reject Process Event primitive can be called by any application to request that the current
application process event is rejected by MULTOS. The application continues to execute normally, with MULTOS processing the request when the application exits. The effect of calling this primitive
depends upon the event that is being rejected (see below). 4.8.3 SELECT Processing
The functionality of the SELECT command changes if it is used to select an application that has bit 10 of its access list set. In this case MULTOS does not test the most significant 6 bits of P2. The
processing of the least significant 2 bits of P2 remain unchanged – i.e. they are used to control whether the first (00b) or next (10b) application is to be selected.
4.8.4 Event Processing
When bit 10 of the application’s access list is set then the application will be executed by MULTOS for each of the following process events.
Number Process Event
0 An APDU has been received and is to be executed by the application. Note that this is the only possible process event for applications that do not have bit 10 of the application’s access list set.
1 The application has been selected by a SELECT APDU. It is the responsibility of the application to call Check Case (case 3 or 4) as required and to return the SELECT response data (e.g. FCI) and SW. 2 The application has been automatically selected by MULTOS (e.g.
following a reset because it is a shell application or default application). 3 The application has been reselected by a SELECT APDU. It is the
responsibility of the application to call Check Case (case 3 or 4) as required and to return the SELECT response data (e.g. FCI) and SW.
4 The application has been deselected by a SELECT APDU (e.g. because another application has been selected).
5 The application has just been created. Note that this will result in the MF being selected if there is no shell application loaded. If there is a shell application loaded then it is automatically reselected.
6 The application is about to be deleted. Note that this will result in the MF being selected if there is no shell application loaded. If there is a shell application loaded then it is automatically reselected.
4.8.5 Event Rejection
An application can call the Reject Process Event primitive to request that the current application process event is rejected by MULTOS. The effect of this primitive depends upon the event that is being rejected as below.
Number Process Event Effect of Event Rejection Request
0 An APDU has been received and is to
be executed by the application. MULTOS returns 6D00. 1 The application has been selected by
a SELECT APDU. The MF is selected.
2 The application has been
automatically selected by MULTOS (e.g. following a reset because it is a shell application).
No effect (i.e. it is not possible to prevent an automatic select).
3 The application has been reselected
by a SELECT APDU. The MF is selected.
4 The application has been deselected. No effect (i.e. it is not possible to prevent an automatic deselect). 5 The application has just been
created. The application is automatically deleted and an SW of 9D1C (application conditions not satisfied) is returned.
6 The application is about to be
deleted. The application is not deleted and an SW of 9D1C (application conditions not satisfied) is returned.
4.8.6 Card Unblock Primitive
The Card Unblock primitive can only perform a card unblock if the process event number is 0 (i.e. the application is processing an application APDU).
5
MULTOS Applications
This chapter is intended to provide an understanding of MULTOS application basics. These consist of application session, application execution and examples of how to read and write data.