How the code snippet works is during the applet selection phase, the applet will go through a condition to check for ISO14443A/B interface and if it detects an ISO14443A/B interface, it will simply call it's own deselect() to deselect itself and prevent further access into it's APDU processing. This simply stops all attacks against the particular applet (save for deleting the applet via default GP keys over ISO14443) by not allowing applet selection over an "unwelcomed" interface (ISO14443).
Do note that you have to carefully use this code snippet by ensuring that your card has a contact interface to use otherwise blocking a contactless interface when your card only has a single access method via contactless (i.e. JC10M24R - only contactless interface) can be a nuisance.
The code snippet presented below have been tried and tested over an NXP JCOP dual interface card and works very quickly and well.
Code: Select all
public void process(APDU apdu) {
if (selectingApplet()) {
// Checks if APDU protocol is over ISO14443A/B contactless interface
if (((byte) (APDU.getProtocol() & APDU.PROTOCOL_MEDIA_MASK) == APDU.PROTOCOL_MEDIA_CONTACTLESS_TYPE_A)
|| ((byte) (APDU.getProtocol() & APDU.PROTOCOL_MEDIA_MASK) == APDU.PROTOCOL_MEDIA_CONTACTLESS_TYPE_B)) {
// Deselects itself to prevent connection from ISO14443A/B contactless interface for security reasons
deselect();
} else {
// Allows connection since it's not ISO14443A/B interface
return;
}
}
}