1- an external entity A selects an applet APP on logical channel 0 and establishes a secure channel.
2- another external entiry B selects the same applet on channel 1 without establishing a secure channel.
3- B exchanges a few commands and responses with the APP.
4- The execution of the commands in (3) leads to calling secureChannel.resetSecurity() within APP.
5- secureChannel.resetSecurity() returns the error code 6985 which means conditions of use not satisfied.
It looks like the secure channel that was established when the APP was selected through the logical channel 0, cannot be reset while the APP is selected on a different logical channel.
Has anyone faced this situation before? Any ideas how to reset the secure channel under the described circumstances?
Logical channel 0 is the basic channel. Have you tried having all host applications on a logical channel other than 0?
As a rule, we only ever used GP secure channel to secure card issuance/updates or to secure updating the main transport key on the card (the private key had to be encrypted). These actions only ever had one channel to the card open. All other communication was done through a secure channel that was handled by the applet (AES based) that did not rely on the card platform keys so this wasn't an issue in our case.
