verificationfingerprintapdunxp-microcontrolleriso-7816-4

Error 69 82 when doing APDU verify instruction with biometric


I want to implemente match on card verification on my device.

The first two steps (parameter with Threshold and Rotation ) proceed successfully with a 9000 response, but during the verification step, I receive a failure with the 6982 error code (SW_SECURITY_STATUS_NOT_SATISFIED) by using the exact same fingerprint.

I'm seeking guidance on the security requirements and necessary steps to resolve this issue during biometric verification.

I'm Using iso standard 7816;

First step :

Send=>8024008724B0007F6075800100830100A1178101088201058702010188020005B10786020EC987011E
Get<=9000

Seconde step :

Send=>8024008758B0007F2E538151500F9C26109B15199C341C9A15239D2D2B9C4F2BBB5C2B5B1F31BB5B379A193D9D46419B34459C09479F286EBB2F759C0778411E7D5F597DB80980A32783BB0B90A62D935A279A9C24A79E1BADA73AB995
Get<=9000

verification step :

Send=>0020008758B0007F2E538151500F9C26109B15199C341C9A15239D2D2B9C4F2BBB5C2B5B1F31BB5B379A193D9D46419B34459C09479F286EBB2F759C0778411E7D5F597DB80980A32783BB0B90A62D935A279A9C24A79E1BADA73AB995
Get<=6982

I am having a 6982 error that means : 6982 SW_SECURITY_STATUS_NOT_SATISFIED Access condition for verification not met OR Attempt to present PIN without SM. And I dont know how to fix that.


Solution

  • I finally found the solution to the problem.

    Error 6982 means SW_SECURITY_STATUS_NOT_SATISFIED: Access condition for verification not met. Attempt to present PIN without SM.

    I had to change my command and also finish pre-personalization of the chip. Here is the result I obtained: Finger enrollment:

    8024008725B0017F6081B9800100830100A1178101088201098702010188020005B10786020EC987011E
    
    Send=>8024008725B0017F6081B9800100830100A1178101088201098702010188020005B10786020EC987011E
    Get<=9000
    
    
    802400879CB0017F2E8196818193160D5F2A0F5E55155D4417BE25219F59229C192D7F442F9D1636A233369E0844A50C5BA56C64B90F6BA6306B62196D43396DBD1A7267447A5D217E683C81616E8BB70F8EAC3E8F6137966A0F9A4C589D562A9E6F389E7830A0493CA3B735A5721BABB12BAF9061B05611B2AE0ABB4E72C45616C87464CF5970D69B7DD6571BDD5579DE9B7DE55E5FED9E12EF9750F39C1CF698
    Send=>802400879CB0017F2E8196818193160D5F2A0F5E55155D4417BE25219F59229C192D7F442F9D1636A233369E0844A50C5BA56C64B90F6BA6306B62196D43396DBD1A7267447A5D217E683C81616E8BB70F8EAC3E8F6137966A0F9A4C589D562A9E6F389E7830A0493CA3B735A5721BABB12BAF9061B05611B2AE0ABB4E72C45616C87464CF5970D69B7DD6571BDD5579DE9B7DE55E5FED9E12EF9750F39C1CF698
    Get<=9000
    

    Verification with the same finger:

    00200F879A7F2E8196818193160D5F2A0F5E55155D4417BE25219F59229C192D7F442F9D1636A233369E0844A50C5BA56C64B90F6BA6306B62196D43396DBD1A7267447A5D217E683C81616E8BB70F8EAC3E8F6137966A0F9A4C589D562A9E6F389E7830A0493CA3B735A5721BABB12BAF9061B05611B2AE0ABB4E72C45616C87464CF5970D69B7DD6571BDD5579DE9B7DE55E5FED9E12EF9750F39C1CF698
    Send=>00200F879A7F2E8196818193160D5F2A0F5E55155D4417BE25219F59229C192D7F442F9D1636A233369E0844A50C5BA56C64B90F6BA6306B62196D43396DBD1A7267447A5D217E683C81616E8BB70F8EAC3E8F6137966A0F9A4C589D562A9E6F389E7830A0493CA3B735A5721BABB12BAF9061B05611B2AE0ABB4E72C45616C87464CF5970D69B7DD6571BDD5579DE9B7DE55E5FED9E12EF9750F39C1CF698
    Get<=9000
    

    Verification with another finger:

    00200F87627F2E5F815D190987240FA8281E460F1F4A2E2169352F6A2433493A35863B3BAB1D3DAD40416C4844AC5D4CA66D4FB908514D19518D2D538D26546E615B75695CB76261754162705263B367677614704F2B7C7142827263A4B773B3585EBA5755C358
    Get<=63CE
    

    63CE means that the number of remaining attempts is (E) 14