3.11. Auth Objects : UserID¶
As user ID is kind of Symmetric Identifier that is used to authenticate a session.
3.11.1. User ID - Provisioning / Injection¶
To provision / inject the key, the process is like this:

Step |
Operation |
---|---|
10 |
We establish physical connection to SE |
11 |
We create a UserId object, Attestation Type is |
3.11.2. User ID - Use for connection / authentication¶
To use the key, the process is like this:

Step |
Operation |
---|---|
20 |
Host establishes physical connection to SE |
21 |
Host calls |
22 |
As a part of |
23 |
Host calls At this point, we pass the Value that we are going to use. (Host must already know the value of the PIN that is used/chosen in step 21.) |
24 |
Finally, Host calls |
3.11.3. User ID - Applet Spec Notes¶
From SE050 APDU Spec:
3.2.1.9 UserID
A UserID object is a byte array that holds a value that is linked to a
user.
UserID objects can only be created as Authentication object. By default,
the maximum number of allowed authentication attempts is set to 255.
Length = 1 up to 16 bytes
From SE051 APDU Spec:
3.3.1.9 UserID
A User ID object is a value which is used to logically group secure objects. UserID
objects can only be created as Authentication objects (see Section 3.3.3). They cannot
be updated once created (i.e. the value of an existing UserID can not be changed).
A session that is opened by a UserID Authentication Object is not applying secure
messaging (so no encrypted or MACed communication).
By default, the maximum number of allowed authentication attempts is set to infinite. Its
length is 4 up to 16 bytes. It is intended for use cases where a trusted operating system
on a host MCU/MPU is isolating applications based e.g. on application ID.