Java Card

Hello all,

I'm a newby in Java Card, but in my last project I get some experiences with java card. I have a java card from NXP with OS JCOP 2.4.2 R1 with not personalized GP Card Manager(default card keys). I have developed and test my own applet - everything without any problem. I can succesfull load applet to the card - so I don't have any problems with building a secure channel(SCP02). Now, when everything is working fine, I would like to secure this java card and terminate the develoment process. And in this stage I am a little bit confused... I don't know how perform the last step to terminate the card for using in our customer.

I read Global platform Card Specification v2.2 several times but I have some question.
The secure chanell SCP02 is initiated using default set of three 16B keys - 0x404142....4F. Is it possible to change this default security domains keys to another value? Or this default keys cannot be deleted and I can only use the new set of keys? How can be this keys inserted to the card(the answer, use put key APDU command is not enough for me)?

Next question is about modifying security status of the java card for end customer using. What is needed to do when I want, that nobody can change the content of java card(isntall applet, delete applet)? When the card is secured, is it possible to build secure chanell or this option is in secured state disabled and changing the default keys has no sense?

When the card will be secured, will be my appplet selectable and will be working?


I will be grateful for any answer!
Thanks,
Milanatik