ISO 7816 part 4, section..1 2 3 4 5 6 7 8 9 annex.. A B C D E F
For the latest version of ISO7816 part 4, please contact ISO in Switzerland.
6.1 READ BINARY command
6.2 WRITE BINARY command
6.3 UPDATE BINARY command
6.4 ERASE BINARY command
6.5 READ RECORD(S) command
6.6 WRITE RECORD command
6.7 APPEND RECORD command
6.8 UPDATE RECORD command
6.9 GET DATA command
6.10 PUT DATA command
6.11 SELECT FILE command
6.12 VERIFY command
6.13 INTERNAL AUTHENTICATE command
6.14 EXTERNAL AUTHENTICATE command
6.15 GET CHALLENGE command
6.16 MANAGE CHANNEL command
It shall not be mandatory for all cards complying to this part of ISO/IEC 7816 to support all the described commands or all the options of a supported command.
When international interchange is required, a set of card system services and related commands is defined in clause 9.
Table 11 provides a summary of the commands defined in this part of ISO/IEC 7816.
The impact of secure messaging (see 5.6) on the message structure is not described in this clause.
The list of error and warning conditions give in each clause 6.X.5 is not exhaustive (see 5.4.5).
6.1.1 Definition and scope
6.1.2 Conditional usage and security
6.1.3 Command message
6.1.4 Response message (nominal case)
6.1.5 Status conditions
The Read Binary response message gives (part of) the content of an EF with transparent structure.
When the command contains a valid short EF identifier, it sets the file as current EF. The command is processed on the currently selected EF.
The command can be performed only if the security status satisfies the security attributes defined for this EF for the read function.
The command shall be aborted if it is applied to an EF without transparent structure.
Table 27 – READ BINARY command APDU
CLA | As defined in 5.4.1 |
INS | ‘B0’ |
P1-P2 | See text below |
Lc field | Empty |
Data field | Empty |
Le field | Number of bytes to be read |
If bit8=1 in P1, then bit7-6 are set to 0. bit3-1 of P1 are a short EF (Elementary File) identifier and P2 is the offset of the first byte to be read in date units from the beginning of the file.
If bit8=0 in P1, then P1||P2 is the offset of the first byte to be read in data units from the beginning of the file.
If the Le field contains only zeroes, then within the limit of 256 for short length or 65536 for extended length, all the bytes until the end of the file should be read.
Table 28 – READ BINARY response APDU
Data field | Data read (Le bytes) |
SW1-SW2 | Status bytes |
The following specific warning conditions may occur.
SW1=’62’ with SW2=
The following specific error conditions may occur.
SW1=’67’ with SW2=
SW1=’69’ with SW2=
SW1=’6A’ with SW2=
SW1=’6B’ with SW2=
SW1=’6C’ with SW2=
6.2.1 Definition and scope
6.2.2 Conditional usage and security
6.2.3 Command message
6.2.4 Response message (nominal case)
6.2.5 Status conditions
The WRITE BINARY command message initiates the writing of binary values into an EF.
Depending upon the file attributes, the command shall perform one of the following operations :
When no indication is given in the data coding byte, the logical OR behavior shall apply.
When the command contains a valid short EF identifier, it sets the file as current EF.
The command is processed on the currently selected EF. The command can be performed only if the security status satisfies the security attributes for the write functions.
Once a WRITE BINARY has been applied to a data unit of a one-time write EF, any further write operation referring to this data unit will be aborted if the content of the data unit or the logical erased state indicator (if any) attached to this data unit is different from the logical erased state.
The command shall be aborted if is is applied to an EF without transparent structure.
Table 29 – WRITE BINARY command APDU
CLA | As defined in 5.4.1 |
INS | ‘D0’ |
P1-P2 | See text below |
Lc field | Length of the subsequent data field |
Data field | String of data units to be written |
Le field | Empty |
If b8=1 in P1, then bit7-6 are set to 0 (RFU bits). bit5-1 of P1 are a short EF identifier and P2 is the offset of the first byte to be written in data units from the beginning of the file.
If b8=0 in P1, then P1||P2 is the offset of the first byte to be written in data units from the beginning of the file.
Table 30 – WRITE BINARY response APDU
Data field | Empty |
SW1-SW2 | Status bytes |
The following specific warning conditions may occur.
SW1=’62’ with SW2=
The following specific error conditions may occur.
SW1=’65’ with SW2=
SW1=’67’ with SW2=
SW1=’69’ with SW2=
SW1=’6A’ with SW2=
SW1=’6B’ with SW2=
6.3.1 Definition and scope
6.3.2 Conditional usage and security
6.3.3 Command message
6.3.4 Response message (nominal case)
6.3.5 Status conditions
The UPDATE BINARY command message initiates the update of the bits already present in an EF with the bits given in the command APDU.
When the command contains a valid short EF identifier, it sets the file as current EF.
The command is processed on the currently selected EF. The command can be performed only if the security status satisfies the security attributes for the update function.
The command shall be aborted if it is applied to an EF without transparent structure.
Table 31 – UPDATE BINARY command APDU
CLA | As defined in 5.4.1 |
INS | ‘D6’ |
P1-P2 | See text below |
Lc field | Length of the subsequent data field |
Data field | String of data units to be updated |
Le field | Empty |
If b8=1 in P1, then b6-5 are set to 0 (RFU bits). bit5-1 of P1 are a short EF identifier and P2 is the offset of the first byte to be updated in data units from the beginning of the file.
If b7=1 in P1, then P1||P2 is the offset of the first byte to be written in data units from the beginning of the file.
Table 32 – UPDATE BINARY response APDU
Data field | Empty |
SW1-SW2 | Status bytes |
The following specific warning conditions may occur.
SW1=’62’ with SW2=
The following specific error conditions may occur.
SW1=’65’ with SW2=
SW1=’67’ with SW2=
SW1=’69’ with SW2=
SW1=’6A’ with SW2=
SW1=’6B’ with SW2=
6.4.1 Definition and scope
6.4.2 Conditional usage and security
6.4.3 Command message
6.4.4 Response message (nominal case)
6.4.5 Status conditions
The ERASE BINARY command message sets (part of) the content of an EF to its logical erased state, sequentially starting from a given offset.
When the command contains a valid short EF identifier, it sets the file as current EF.
The command is processed on the currently selected EF. The command can be performed only if the security status satisfies the security attributes for the erase function.
The command shall be aborted if it is applied to an EF without transparent structure.
Table 33 – ERASE BINARY command APDU
CLA | As defined in 5.4.1 |
INS | ‘0E’ |
P1-P2 | See text below |
Lc field | Empty or ’02’ |
Data field | See text below |
Le field | Empty |
If b8=1 in P1, then b7-6 are set to 0 (RFU bits). bit5-1 are a short EF identifier and P2 is the offset of the first byte to be updated in data units from the beginning of the file.
If b8=0 in P1, then P1||P2 is the offset of the first byte to be written in data units from the beginning of the file.
Table 34 – ERASE BINARY response APDU
Data field | Empty |
SW1-SW2 | Status bytes |
The following specific warning conditions may occur.
SW1=’62’ with SW2=
The following specific error conditions may occur.
SW1=’65’ with SW2=
SW1=’67’ with SW2=
SW1=’69’ with SW2=
SW1=’6A’ with SW2=
SW1=’6B’ with SW2=
6.5.1 Definition and scope
6.5.2 Conditional usage and security
6.5.3 Command message
6.5.4 Response message (nominal case)
6.5.5 Status conditions
The READ RECORD(S) response message gives the contents of the specified record(s) (or the beginning part of one record) of an EF.
The command can be performed only if the security status satisfies the security attributes for this EF for the read function.
If an EF is currently selected at the time of issuing the command, then this command may be processed without identification of this file.
When the command contains a valid short EF identifier, it sets the file as current EF and resets the current record pointer.
The command shall be aborted if applied to an EF without record structure.
Table 35 – READ RECORD(S) command APDU
CLA | As defined in 5.4.1 |
INS | ‘B2’ |
P1 | Record number or record identifier of the first record to be read (’00’ indicates the current record) |
P2 | Reference control, according to table 36 |
Lc field | Empty |
Data field | Empty |
Le field | Number of bytes to be read |
Table 36 – Coding of the reference control P2
b8 b7 b6 b5 b4 b3 b2 b1 | Meaning |
---|---|
0 0 0 0 0 — — — | Currently selected EF |
x x x x x — — — | Short EF identifier |
1 1 1 1 1 — — — | RFU |
— — — — — 1 x x | Usage of record number in P1 |
— — — — — 1 0 0 | – Read record P1 |
— — — — — 1 0 1 | – Read all records from P1 up to the last |
— — — — — 1 1 0 | – Read all records from the last up to P1 |
— — — — — 1 1 1 | RFU |
— — — — — 0 x x | Usage of record identifier in P1 |
— — — — — 0 0 0 | – Read first occurrence |
— — — — — 0 0 1 | – Read last occurrence |
— — — — — 0 1 0 | – Read next occurrence |
— — — — — 0 1 1 | – Read previous occurrence |
If the Le field contains only zeros, then depending on bit3-1 of P2 and within the limit of 256 for short length or 65536 for extended length, the command should read completely
Table 37 – READ RECORD(S) response APDU
Data field | Lr (may be equal to Le) bytes, see table 38 |
SW1-SW2 | Status bytes |
When the record are SIMPLE-TLV data objects (see 5.4.4), tables 38-1 and 38-2 illustrate the format of the data field of the response message.
Table 38-1 – Data field of the response when reading for one record
Case A – Partial read of one record
Tn (1 byte) | Ln (1 or 3 byte) | First data bytes of the record |
This case applies when the Le field does not contain only zeroes.
Case B – Complete read of one record
Tn (1 byte) | Ln (1 or 3 byte) | Whole data bytes of the record Ln bytes |
This case applies when the Le field contains only zeroes.
Table 38-2 – Data field of the response when reading for several records
Case C – Partial read of a record sequence
Record #n Tn||Ln||Vn | … | First bytes of record #n+m Tn+m||Ln+m||Vn+m |
This case applies when the Le field does not contain only zeroes.
Case D – Read multiple records up to the file end
Record #n Tn||Ln||Vn | … | Record #n+m Tn+m||Ln+m||Vn+m |
This case applies when the Le field contains only zeroes.
The comparison of the length of the data field with its TLV structure gives the nature of the data: the unique record (read one record) or the last record (read all records) is incomplete, complete or padded.
NOTE – If TLV coding is not used, then the read-all-records function results in receiving server records without standard delimitation of the records.
The following specific warning conditions may occur.
SW1=’62’ with SW2=
The following specific error conditions may occur.
SW1=’67’ with SW2=
SW1=’69’ with SW2=
SW1=’6A’ with SW2=
SW1=’6C’ with SW2=
6.6.1 Definition and scope
6.6.2 Conditional usage and security
6.6.3 Command message
6.6.4 Response message (nominal case)
6.6.5 Status conditions
The WRITE RECORD command message initiates one of the following operations :
When no indication is given in the data coding byte, the logical OR operation shall apply.
When using current record addressing the command shall set the record pointer on the successfully written record.
The command can be performed only if the security status satisfies the security attributes for this EF for the write functions.
If an EF is currently selected at the time of issuing the command, then this command may be processed without identification of this file.
When the command contains a valid short EF identifier, it sets the file as current EF and resets the current record pointer.
The command shall be aborted if applied to an EF without record structure.
The previous option of the command (P2=xxxxx011) applied to a cyclic file, has the same behavior as APPEND RECORD.
Table 39 – WRITE RECORD command APDU
CLA | As defined in 5.4.1 |
INS | ‘D2’ |
P1 | P1=’00’ designates the current record P1!=’00’ is the number of the specified record |
P2 | According to table 40 |
Lc field | Length of the subsequent data field |
Data field | Record to be written |
Le field | Empty |
Table 40 – Coding of the reference control P2
b8 b7 b6 b5 b4 b3 b2 b1 | Meaning |
---|---|
0 0 0 0 0 — — — | Currently selected EF |
x x x x x — — — | Short EF identifier |
1 1 1 1 1 — — — | RFU |
— — — — — 0 0 0 | First record |
— — — — — 0 0 1 | Last record |
— — — — — 0 1 0 | Next record |
— — — — — 0 1 1 | Previous record |
— — — — — 1 0 0 | Record number given in P1 |
Any other value | RFU |
When the records are SIMPLE-TLV data objects (see 5.4.4), table 41 illustrates the format of the data field of the command message.
Table 41 – Data field of the command
Complete write of one record
Tn (1 byte) | Ln (1 or 3 bytes) | Whole data bytes of the record (Ln bytes) |
Table 42 – WRITE RECORD response APDU
Data field | Data read (Le bytes) |
SW1-SW2 | Status bytes |
The following specific warning conditions may occur.
SW1=’62’ with SW2=
The following specific error conditions may occur.
SW1=’65’ with SW2=
SW1=’67’ with SW2=
SW1=’69’ with SW2=
SW1=’6A’ with SW2=
SW1=’6C’ with SW2=
6.7.1 Definition and scope
6.7.2 Conditional usage and security
6.7.3 Command message
6.7.4 Response message (nominal case)
6.7.5 Status conditions
The APPEND RECORD command message initiates either the appending of a record at the end of an EF of linear structure or the writing of record number 1 in an EF of cyclic structure.
The command shall set the record pointer on the successfully appended record.
The command can be performed only if the security status satisfies the security attributes for this EF for the append function.
If an EF is currently selected at the time of issuing the command, then this command may be processed without identification of this file.
When the command contains a valid short EF identifier, it sets the file as current EF and resets the current record pointer.
The command shall be aborted if applied to an EF without record structure.
NOTE – If this command is applied to an EF of cyclic structure full of records, then the record with the highest record number is replaced. This record becomes record number 1.
Table 43 – APPEND RECORD command APDU
CLA | As defined in 5.4.1 |
INS | ‘E2’ |
P1 | Only P1=’00’ is valid |
P2 | According to table 44 |
Lc field | Length of the subsequent data field |
Data field | Record to be appended |
Le field | Empty |
Table 44 – Coding of the reference control P2
b8 b7 b6 b5 b4 b3 b2 b1 | Meaning |
---|---|
0 0 0 0 0 0 0 0 | Currently selected EF |
x x x x x 0 0 0 | Short EF identifier |
1 1 1 1 1 0 0 0 | RFU |
Any other value | RFU |
When the records are SIMPLE-TLV data objects (see 5.4.4), table 45 illustrates the format of the data field of the command message.
Table 45 – Data field of the command
Complete write of one record
Tn (1 byte) | Ln (1 or 3 bytes) | Whole data bytes of the record (Ln bytes) |
Table 46 – APPEND RECORD response APDU
Data field | Data read (Le bytes) |
SW1-SW2 | Status bytes |
The following specific warning conditions may occur.
SW1=’62’ with SW2=
The following specific error conditions may occur.
SW1=’65’ with SW2=
SW1=’67’ with SW2=
SW1=’69’ with SW2=
SW1=’6A’ with SW2=
SW1=’6C’ with SW2=
6.8.1 Definition and scope
6.8.2 Conditional usage and security
6.8.3 Command message
6.8.4 Response message (nominal case)
6.8.5 Status conditions
The UPDATE RECORD command message initiates the updating of a specific record with the bits given in the command APDU.
When using current record addressing, the command shall set the record pointer on the successfully updated record.
The command can be performed only if the security status satisfies the security attributes for this EF for the update function.
If an EF is currently selected at the time of issuing the command, then this command may be processed without identification of this file.
When the command contains a valid short EF identifier, it sets the file as current EF and resets the current record pointer.
The command shall be aborted if applied to an EF without record structure.
When the command applies to an EF with linear fixed or cyclic structure, the it shall be aborted if the record length is different form the length of the existing record.
When the command applies to an EF with linear variable structure, then it may be carried out when the record length is different from the length of the existing record.
The previous option of the command (P2=0x03), applied to a cyclic file, has the same behaviour as APPEND RECORD.
Table 47 – UPDATE RECORD command APDU
CLA | As defined in 5.4.1 |
INS | ‘DC’ |
P1 | P1=’00’ designates the current record P1!=’00’ is the number of the specified record |
P2 | According to table 48 |
Lc field | Length of the subsequent data field |
Data field | Record to be updated |
Le field | Empty |
Table 48 – Coding of the reference control P2
b8 b7 b6 b5 b4 b3 b2 b1 | Meaning |
---|---|
0 0 0 0 0 — — — | Currently selected EF |
x x x x x — — — | Short EF identifier |
1 1 1 1 1 — — — | RFU |
— — — — — 0 0 0 | First record |
— — — — — 0 0 1 | Last record |
— — — — — 0 1 0 | Next record |
— — — — — 0 1 1 | Previous record |
— — — — — 1 0 0 | Record number given in P1 |
Any other value | RFU |
When the records are SIMPLE-TLV data objects (see 5.4.4), table 41 illustrates the format of the data field of the command message.
Table 49 – Data field of the command
Complete write of one record
Tn (1 byte) | Ln (1 or 3 bytes) | Whole data bytes of the record (Ln bytes) |
Table 50 – UPDATE RECORD response APDU
Data field | Data read (Le bytes) |
SW1-SW2 | Status bytes |
The following specific warning conditions may occur.
SW1=’62’ with SW2=
The following specific error conditions may occur.
SW1=’65’ with SW2=
SW1=’67’ with SW2=
SW1=’69’ with SW2=
SW1=’6A’ with SW2=
SW1=’6C’ with SW2=
6.9.1 Definition and scope
6.9.2 Conditional usage and security
6.9.3 Command message
6.9.4 Response message (nominal case)
6.9.5 Status conditions
The GET DATA command is used to retrieve one or more data objects within the current context (e.g. application specific environment)
The GET DATA command can be performed only if the security status satisfies the security conditions defined by the application within the context for the function.
The command can be performed only if the security status satisfies the security conditions defined by the application within the context for the function.
Table 51 – GET DATA command APDU
CLA | As defined in 5.4.1 |
INS | ‘CA’ |
P1-P2 | See table 52 | Lc field | Empty |
Data field | Empty |
Le field | Number of bytes expected in response |
Table 52 – Coding of the reference control P1-P2
b8 b7 b6 b5 b4 b3 b2 b1 | Meaning |
---|---|
‘0000’-‘003F’ | RFU |
‘0040’-’00FF’ | BER-TLV tag (1 byte) in P2 |
‘0100’-’01FF’ | Application data (proprietary coding) |
‘0200’-’02FF’ | SIMPLE-TLV tag in P2 |
‘0300’-‘3FFF’ | RFU |
‘4000’-‘FFFF’ | BER-TLV tag (2 bytes) in P1-P2 |
Get application data
Get data objects
When a primitive data object is requested, the data field of the response message shall contain the value of the corresponding primitive data object.
When a constructed data object is requested, the data field of the response message shall contain the value of the constructed data object, i.e. data objects including their tag, length and value.
Table 53 – GET DATA response APDU
Data field | Lr (may be equal to Le) bytes |
SW1-SW2 | Status bytes |
The following specific warning conditions may occur.
SW1=’62’ with SW2=
The following specific error conditions may occur.
SW1=’67’ with SW2=
SW1=’69’ with SW2=
SW1=’6A’ with SW2=
SW1=’6C’ with SW2=
6.10.1 Definition and scope
6.10.2 Conditional usage and security
6.10.3 Command message
6.10.4 Response message (nominal case)
6.10.5 Status conditions
The PUT DATA command is used for storing one primitive data object or one or more data objects contained in a constructed data object within the current context (e.g. application-specific environment or current DF). The exact storing functions (writing once and/or updating and/or appending) are to be induced by the definition or the nature of the data objects.
NOTE – The command could be used for example to update data objects.
The command can be performed only if the security status satisfies the security conditions defined by the application within the context for the function(s).
Table 54 – PUT DATA command APDU
CLA | As defined in 5.4.1 |
INS | ‘DA’ |
P1-P2 | See table 55 |
Lc field | Length of the subsequent data field |
Data field | Parameters and data to be written |
Le field | Empty |
Table 55 – Coding of the reference control P1-P2
b8 b7 b6 b5 b4 b3 b2 b1 | Meaning |
---|---|
‘0000’-‘003F’ | RFU |
‘0040’-’00FF’ | BER-TLV tag (1 byte) in P2 |
‘0100’-’01FF’ | Application data (proprietary coding) |
‘0200’-’02FF’ | SIMPLE-TLV tag in P2 |
‘0300’-‘3FFF’ | RFU |
‘4000’-‘FFFF’ | BER-TLV tag (2 bytes) in P1-P2 |
Store application data
Store data objects
When a primitive data object is requested, the data field of the command message shall contain the value of the corresponding primitive data object.
When a constructed data object is provided, the data field of the command message shall contain the value of the constructed data object, i.e. data objects including their tag, length and value.
Table 56 – PUT DATA response APDU
Data field | Data read (Le bytes) |
SW1-SW2 | Status bytes |
The following specific warning conditions may occur.
SW1=’63’ with SW2=
The following specific error conditions may occur.
SW1=’65’ with SW2=
SW1=’67’ with SW2=
SW1=’69’ with SW2=
SW1=’6A’ with SW2=
SW1=’6C’ with SW2=
6.11.1 Definition and scope
6.11.2 Conditional usage and security
6.11.3 Command message
6.11.4 Response message (nominal case)
6.11.5 Status conditions
A successful Select File sets a current file within a logical channel. Subsequent command may implicitly refer to the current file through that logical channel.
Selecting a DF (which may be the MF) sets it as current DF. After such a selection, an implicit current EF may be referred to through that logical channel.
Selecting an EF sets a pair of current files: the EF and its parent file.
After the answer to reset, the MF is implicitly selected through the basic logical channel, unless specified differently in the historical bytes or in the initial date string.
NOTE – A direct selection by DF name can be used for selecting applications registered according to part 5 of ISO 7816.
The following conditions shall apply to each open logical channel.
Unless otherwise specified, the correct execution of the command modifies the security status according to the following rules :
Table 57 – SELECT FILE command APDU
CLA | As defined in 5.4.1 |
INS | ‘A4’ |
P1 | Selection control, see table 58 |
P2 | Selection control, see table 59 |
Lc field | Empty or length of the subsequent data field |
Data field | If present according to P1-P2
|
Le field | Empty or maximum length of data expected in response |
Table 58 – Coding of the reference control P1
b8 b7 b6 b5 b4 b3 b2 b1 | Meaning |
---|---|
0 0 0 0 0 0 x x | Selection by file identifier |
0 0 0 0 0 0 0 0 | – Select MF, DF or EF (data field=identifier or empty) |
0 0 0 0 0 0 0 1 | – Select child DF (data field=DF identifier) |
0 0 0 0 0 0 1 0 | – Select EF under current DF (data field=EF identifier) |
0 0 0 0 0 0 1 1 | – Select parent DF of the current DF (empty data field) |
0 0 0 0 0 1 x x | Selection by DF name |
0 0 0 0 0 1 0 0 | – Direct selection by DF name (data field=DF name) |
0 0 0 0 1 x x x | Selection by path (see 5.1.2) |
0 0 0 0 1 0 0 0 | – Select from MF (data field=path without the identifier of the MF) |
0 0 0 0 1 0 0 1 | – Select from current DF (data field=path without the identifier of the current DF) |
Any other value | RFU |
When P1=’00’, the card knows either because of a specific coding of the file identifier or because of the context of execution of the command if the file to select is the MF, a DF or an EF.
When P1-P2=’0000′, if a file identifier is provided, then it shall be unique in the following environments :
If P1-P2=’0000′ and if the data field is empty or equal to ‘3F00’, then select the MF.
When P1=’04’, the data field is a DF name, possibly right trunctated. When supported, successive such commands with the same data field shall select DFs whose names match with the data field, i.e. start with the command data field. If the card accepts the SELECT FILE command with an empty data field, then all or a subset of the DFs can be successively selected.
NOTE – See 8.3.6 for the selection methods supported by the card.
Table 59 – Coding of the selection options P2
b8 b7 b6 b5 b4 b3 b2 b1 | Meaning |
---|---|
0 0 0 0 — — 0 0 | First record |
0 0 0 0 — — 0 1 | Last record |
0 0 0 0 — — 1 0 | Next record |
0 0 0 0 — — 1 1 | Previous record |
0 0 0 0 x x — — | File control information option (see 5.1.5) |
0 0 0 0 0 0 — — | – Return FCI, optional template |
0 0 0 0 0 1 — — | – Return FCP template |
0 0 0 0 1 0 — — | – Return FMD template |
Any other value | RFU |
If the Le field contains only zeroes, then within the limit of 256 for short length or 65536 for extended length, all the bytes corresponding to the selection option should be returned.
Table 60 – SELECT FILE response APDU
Data field | Information according to P2 (at most Le bytes) |
SW1-SW2 | Status bytes |
The following specific warning conditions may occur.
SW1=’62’ with SW2=
The following specific error conditions may occur.
SW1=’6A’ with SW2=
6.12.1 Definition and scope
6.12.2 Conditional usage and security
6.12.3 Command message
6.12.4 Response message (nominal case)
6.12.5 Status conditions
The VERIFY command initiates the comparison in the card of the verification data sent from the interface device with the reference data stored in the card (e.g. password).
The security status may be modified as a result of a comparison. Unsuccessful comparisons may be recorded in the card (e.g. to limit the number of further attempts of the use of the reference data).
Table 61 – VERIFY command APDU
CLA | As defined in 5.4.1 |
INS | ‘20’ |
P1 | Only P1=’00’ is valid (other values are RFU) |
P2 | Qualifier of the reference data, see table 62 |
Lc field | Empty or length of the subsequent data field |
Data field | Empty or verification data |
Le field | Empty |
Table 62 – Coding of the reference control P2
b8 b7 b6 b5 b4 b3 b2 b1 | Meaning |
---|---|
0 0 0 0 0 0 0 0 | No information is given |
0 — — — — — — — | Global reference data (e.g. card password) |
1 — — — — — — — | Specific reference data (e.g. DF specific password) |
— — — x x x x x | Reference data number |
Any other value | RFU |
NOTES
If the Le field contains only zeroes, then within the limit of 256 for short length or 65536 for extended length, all the bytes corresponding to the selection option should be returned.
Table 63 – VERIFY response APDU
Data field | Information according to P2 (at most Le bytes) |
SW1-SW2 | Status bytes |
The following specific warning conditions may occur.
SW1=’63’ with SW2=
The following specific error conditions may occur.
SW1=’69’ with SW2=
SW1=’6A’ with SW2=
6.13.1 Definition and scope
6.13.2 Conditional usage and security
6.13.3 Command message
6.13.4 Response message (nominal case)
6.13.5 Status conditions
The INTERNAL AUTHENTICATE command initiates the computation of the authentication data by the card using the challenge data sent from the interface device and a relevant secret (e.g. a key) stored in the card.
When the relevant secret is attached to the MF, the command may be used to authenticate the card as a whole.
When the relevant secret is attached to another DF, the comand may be used to authenticate that DF.
The successful execution of the command may be subject to successful completion of prior commands (e.g. Verify, Select File) or selections (e.g. the relevant secret).
If a key and an algorithm are currently selected when issuing the command then the command may implicitly use the key and the algorithm.
The number of times the command is issued may be recorded in the card to limit the number of further attempts of using the relevant secret or the algorithm.
Table 64 – INTERNAL AUTHENTICATE command APDU
CLA | As defined in 5.4.1 |
INS | ‘88’ |
P1 | Reference of the algorithm in the card |
P2 | Reference of the secret, see table 65 |
Lc field | Length of the subsequent data field |
Data field | Authentication related data (e.g. challenge) |
Le field | Maximum number of bytes expected in response |
P1=’00’ indicates that no information is given. The reference of the algorithm is known either before issuing the command or is provided in the data field.
P2=’00’ indicates that no information is given. The reference of the secret is known either before issuing the command or is provided in the data field.
Table 65 – Coding of the reference control P2
b8 b7 b6 b5 b4 b3 b2 b1 | Meaning |
---|---|
0 0 0 0 0 0 0 0 | No information is given |
0 — — — — — — — | Global reference data (e.g. an MF secific key) |
1 — — — — — — — | Specific reference data (e.g. DF specific key) |
— — — x x x x x | Number of the secret |
Any other value | RFU |
NOTE – The number of the secret may be for example a key number or a short EF identifier.
Table 66 – INTERNAL AUTHENTICATE response APDU
Data field | Authentication related data (e.g. response to the callenge) |
SW1-SW2 | Status bytes |
The following specific error conditions may occur.
SW1=’69’ with SW2=
SW1=’6A’ with SW2=
6.14.1 Definition and scope
6.14.2 Conditional usage and security
6.14.3 Command message
6.14.4 Response message (nominal case)
6.14.5 Status conditions
The EXTERNAL AUTHENTICATE command conditionally updates the security status using the result (yes or no) of the computation by the card based on a challenge previously issued by the card (e.g. by a GET CHALLENGE command ) a key possibly secret stored in the card and authentication data transmitted by the interface device.
The successful execution of the command requires that the last challenge obtained from the card is valid.
Unsuccessful comparisons may be recorded in the card (e.g. to limit the number of further attempts of the use of the reference data).
Table 67 – EXTERNAL AUTHENTICATE command APDU
CLA | As defined in 5.4.1 |
INS | ‘B2’ |
P1 | Reference of the algorithm in the card |
P2 | Reference of the secret, see table 68 |
Lc field | Empty or length of the subsequent data field |
Data field | Empty or authentication related data (e.g. response to the challenge) |
Le field | Empty |
P1=’00’ indicates that no information is given. The reference of the algorithm is known either before issuing the command or is provided in the data field.
P2=’00’ indicates that no information is given. The reference of the secret is known either before issuing the command or is provided in the data field.
Table 68 – Coding of the reference control P2
b8 b7 b6 b5 b4 b3 b2 b1 | Meaning |
---|---|
0 0 0 0 0 0 0 0 | No information is given |
0 — — — — — — — | Global reference data (e.g. an MF secific key) |
1 — — — — — — — | Specific reference data (e.g. DF specific key) |
— — — x x x x x | Number of the secret |
Any other value | RFU |
NOTES
Table 69 – EXTERNAL AUTHENTICATE response APDU
Data field | Authentication related data (e.g. response to the callenge) |
SW1-SW2 | Status bytes |
The following specific warning conditions may occur.
SW1=’63’ with SW2=
The following specific error conditions may occur.
SW1=’67’ with SW2=
SW1=’69’ with SW2=
SW1=’6A’ with SW2=
6.15.1 Definition and scope
6.15.2 Conditional usage and security
6.15.3 Command message
6.15.4 Response message (nominal case)
6.15.5 Status conditions
The GET CHALLENGE command requires the issuing of a challenge (e.g. random number) for use in a security related procedure (e.g. EXTERNAL AUTHENTICATE command).
The challenge is valid at least for the next command. No further condition is specified in this part of ISO/IEC 7816.
Table 70 – GET CHALLENGE command APDU
CLA | As defined in 5.4.1 |
INS | ‘B4’ |
P1-P2 | ‘0000’ (other values are RFU) |
Lc field | Empty |
Data field | Empty |
Le field | Maximum length of the expected response |
Table 71 – EXTERNAL AUTHENTICATE response APDU
Data field | Challenge |
SW1-SW2 | Status bytes |
The following specific error conditions may occur.
SW1=’6A’ with SW2=
6.16.1 Definition and scope
6.16.2 Conditional usage and security
6.16.3 Command message
6.16.4 Response message (nominal case)
6.16.5 Status conditions
The MANAGE CHANNEL command opens and closes logical channels.
The open function opens a new logical channel other than the basic one. Options are provided for the card to assign a logical channel number or for the logical channel number to be supplied to the card.
The close function explicitly closes a logical channel other than the basic one. After the successful closing the logical channel shall be available for re-use.
When the open function is performed from the basic logical channel then after a successful open the MF shall be implicitly selected as the current DF and the security status for the new logical channel should be the same as for the basic logical channel after ATR. The security status of the new logical channel should be separate from that of any other logical channel.
When the open function is performed from a logical channel which is not the basic one then after a successful open the current DF of the logical channel from which the command was issued shall be selected as the current DF and the security status for the new logical channel should be the same as for the logical channel from which the open function was performed.
After a successful close function the security status related to this logical channel is lost.
Table 72 – MANAGE CHANNEL command APDU
CLA | As defined in 5.4.1 |
INS | ‘70’ |
P1 | P1=’00’ to open a logical channel P1=’80’ to close a logical channel (other values are RFU) |
P2 | ’00’-’03’ (other values are RFU) |
Lc field | Empty |
Data field | Empty |
Le field | ’01’ if P1-P2=’0000′ Empty if P1-P2!=’0000′ |
b8 of P1 is used to indicate the open function or the close function. If b8 is 0 then MANAGE CHANNEL shall open a logical channel and if b8 is 1 then MANAGE CHANNEL shall close a logical channel.
For the open function (P1=’00’), the b1 and b2 of P2 are used to code the logical channel number in the same manner as in the class byte (see 5.4.1), the other bits of P2 are RFU.
Table 73 – MANAGE CHANNEL response APDU
Data field | Authentication related data (e.g. response to the callenge) |
SW1-SW2 | Status bytes |
The following specific warning conditions may occur.
SW1=’62’ with SW2=