EMV INTERNAL AUTHENTICATE 6985 Respond

Question

I am trying to a Dynamic Data Authentication (DDA). But when I sent the INTERNAL AUTHENTICATE I got 6985 responds. I am not sure What I am doing wrong.

This are my APDU commands and responds.

send:00A404000E325041592E5359532E444446303100 resp:6F5B840E325041592E5359532E4444463031A549BF0C4661224F07A0000000031010500A5649534120444542495487010142034741655F5502555361204F07A00000009808405008555320444542495487010242034741655F550255539000

send:00A4040007A000000003101000 resp:6F4F8407A0000000031010A544500A564953412044454249548701019F38189F66049F02069F03069F1A0295055F2A029A039C019F37045F2D02656EBF0C129F5A0511084008405F5502555342034741659000

send:80A800002383212700400000000000000300000000000008400000000000084022121000E153F3E800 resp:7781E7820220009408080606001001030057134242424242424242D22010110000000718001F5F200F43415244484F4C4445522F564953415F3401009F100706061203A000009F260855C7CDB65C5FEFE09F2701809F360201289F4B8180FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5C9810BE00EBEB933E55312CDA041DCA6BCAB1E537A854799E0E157ABB03C8FB1AC6F197EDA255D7205B195A226CB1FBD5A6E826329BA61D003C95625FD073660F3C55CEEEF26F670A49681834A138B0CB1C14BC534775190BC9D44FE9C4DA6D75BCC2D0BBCC24675CC4C857549238DCB59F6C0200009F6E04207000009000

send:0088000004E153F3E800 resp:6985

Card should respond with a certificate containing that random number encrypted under ICC private key

Answer 1

You are very wrong about what the card is supposed to do.

What you already have in the response to GPO is signed data and instead of issuing internal authenticate you should be recovering the keys to verify the signature.

You are dealing with a card that supports fDDA, not DDA and therefore are looking at incorrect standard. Please refer to documentation of contactless kernel 3 (EMV CL Book C-3) for fDDA.

If you are indeed implementing DDA, you should be testing it over contact interface and referring to EMV Book 2 and Book 3 for details as you have not implemented the process of recovering keys (you skipped AFL processing).