Error 69 87 when do APDU verify instruction with biometric

Question

I'm doing a fingerprint verification process with a Chilean ID card. It compliant with: ICAO 9303 Part 3, Volume 2 • ICAO Technical Report LDS 1.7 • IAS ECC v1.0.1 specification • ISO 14443, Type B • ISO 7810 • ISO 7816-15 • ISO 19794-2 • ISO 19794-5 • Java Card 2.2.2 • Global Platform 2.1.1

It have Match On Card fingerprint verification.

It use iso 19794-2:2005 smart card. I convert minutiae from ANSI 378 TO iso 19794-2:2005 smart card. I did all process of security, challenger, mutual authentication, etc. But when i send a encrypt APDU with INS 21 ( verify) I have this return message: 69 87 : Expected secure messaging (SM) object missing. I don't know what mean because when we sent unencrypted message it return 69 88, and we check that enc key, mac , etc are ok. Anyone can help to discovery what mean? we did try with different APDU ( with code 20,21, with tag 81 and 95, etc) This is the last APU that we are using:

00210000BE7F2EBB81B4600b5c1f33800b082e334150087240411109720d991130c00d032e30412a033b40411b0c3b12a11b4140120f2e4141220f314041101031178110184017022e18413902520041111752229c112a8022082e2a4160082e40410e202e2ea10e3c402e0e173c205b0e264020062226304306144030052e144140055b00411a255b359c1a3d8035082e3d414f087140410f2c713f9a0f44c03f041744207304494020082d49405f084b80400b174b21420b04402104329503080910

Thanks!!

Answer 1

Usually error SW=6987 means that your secure channel protocol is not implemented correctly. For example, secured case 3 command should contain DO 87 (87-L-01-encrypted data) and DO 8E (8E-L-MAC). If you don't put DO 8E in the end of secured APDU data field, you'll have error "Expected secure messaging DOs missing". By the way, Doc 9303 compliant cards don't store minutiae data. They store fingerprint image.