3.9. Auth Objects : UserID

As user ID is kind of Symmetric Identifier that is used to authenticate a session.

3.9.1. User ID - Provisioning / Injection

To provision / inject the key, the process is like this:

../../_images/auth-object-pin-create.png
Steps to provision

Step

Operation

10

We establish physical connection to SE

11

We create a UserId object, Attestation Type is Auth

3.9.2. User ID - Use for connection / authentication

To use the key, the process is like this:

../../_images/auth-object-pin-use.png
Steps

Step

Operation

20

Host establishes physical connection to SE

21

Host calls Se05x_API_CreateSession() and use the 32bit id of UserId that we are going to use.

22

As a part of Se05x_API_CreateSession() API, Applet returns an 8 byte Session ID. We use this in future communication with the SE.

23

Host calls Se05x_API_VerifySessionUserID().

At this point, we pass the Value that we are going to use. (Host must already know the value of the PIN that is used/chosen in step 21.)

24

Finally, Host calls Se05x_API_ExchangeSessionData() API

3.9.3. User ID - Applet Spec Notes

From APDU Spec:

3.2.1.9 UserID

A UserID object is a byte array that holds a value that is linked to a
user.

UserID objects can only be created as Authentication object. By default,
the maximum number of allowed authentication attempts is set to 255.

Length = 1 up to 16 bytes