Previous | Table of Contents | Next |
As indicated previously, the T=0 protocol tends to mix elements of application-level protocols with elements of link-level protocols. The definition of the CLA byte is one such case in point. Each value of CLA defines an application-specific set of instructions; the individual instructions have a unique INS value. The first set of application-oriented commands is found in ISO/IEC 7816-4; the specific command sets are aimed at manipulation of a file system on a card and at accessing security commands on a card. Other standards documents define additional sets of commands (that is, additional values of the CLA byte). Some of these are listed in Table 4.1. The specific instructions found in these classes will be reviewed later in this chapter.
CLA Byte | Instruction Set |
---|---|
0X | ISO/IEC 7816-4 instructions (files and security) |
10 to 7F | Reserved for future use |
8X or 9X | ISO/IEC 7816-4 instructions |
AX | Application- and/or vendor-specific instructions |
B0 to CF | ISO/IEC 7816-4 instructions |
D0 to FE | Application- and/or vendor-specific instructions |
FF | Reserved for protocol type selection |
Within a given CLA value (that is, within a class of instructions identified by a common value of CLA), the INS byte is used to identify a specific instruction. As indicated in Table 4.1, several different standards identify collections of instructions. The ISO/IEC 7816-4 standard identifies a number of instructions used to access an on-card file system and security functions that serve to limit access to the file system and to the card in general. This instruction set is listed in Table 4.2.
INS Value | Command Name |
---|---|
0E | Erase Binary |
20 | Verify |
70 | Manage Channel |
82 | External Authenticate |
84 | Get Challenge |
88 | Internal Authenticate |
A4 | Select File |
B0 | Read Binary |
B2 | Read Record(s) |
C0 | Get Response |
C2 | Envelope |
CA | Get Data |
D0 | Write Binary |
D2 | Write Record |
D6 | Update Binary |
DA | Put Data |
DC | Update Record |
E2 | Append Record |
Note:
At this point, a portion of the discussion from Chapter 2, Physical Characteristics of Smart Cards, related to how EEPROM memory is programmed should be reiterated. In early microprocessor chips that included EEPROM memory, a separate power source (VPP) was needed to program (that is, erase and write) EEPROM memory. Integrated circuit chips used in current smart cards are able to derive programming power for nonvolatile memory from the VCC power, so any significant discussion regarding VPP has been omitted. When the ISO/IEC 7816 standard was adopted, however, the proper manipulation of the VPP power was necessary and was subsequently embedded rather deeply into the T=0 protocol. Specifically, the manner in which the INS byte is defined and in which the ACK procedure byte is returned are, in effect, the control mechanisms for VPP. Suffice it to say that all INS values must be even because the low order bit allows control over VPP to be exercised. Further, in the absence of any manipulation of VPP, the ACK procedure byte is always returned as an exact copy of the INS byte in the command TPDU to which the procedure bytes form a response.
There are additional constraints on the values the INS byte can take; specifically, the high-order half-byte cannot have the value of either 6 or 9. In both cases, the restricted values are related to control mechanisms used to manipulate the VPP power source. See the ISO/IEC 7816-4 standard for further information.
The command header parameters P1 and P2, although defined at what should be the link-protocol level, are actually dependent (for their specific definition) on the actual instruction specified; that is, their definition is actually dependent on application protocol information. P1 and P2 provide control or addressing parameters for the various application-specific instructions. For example, one application instruction (which is examined later in this chapter) involves the selection of a specific file within the cards file system; selecting a file allows subsequent operations, such as reading or writing, to be performed on the selected file. For this specific instruction, the parameter P1 is used to control how the file is referred to in the select operation (that is, whether it will be referred to by an identifier, by name, or by path). When the Select File instruction is reviewed, the strict definitions of those terms will be considered; however, readers familiar with general file systems on various computer systems can readily infer the meanings. For the Select File instruction, the parameter P2 offers further refinement of which file is to be selected.
The command header parameter P3 is also an application-level parameter. For many instructions, the P3 parameter can take on rather complex connotations (for example, multiple parameters are defined within it). When the TPDU structure is examined, it is found that P3 generally defines the number of data bytes that are to be transmitted during the execution of the INS specified instruction. The direction of movement of these bytes is dependent on the instruction. The convention of movement of data is card-centric; that is, outgoing means data moving from the card to the reader, whereas incoming means data moving from the reader to the card. A value of P3=0 for an instruction specifying an outgoing data transfer means that 256 bytes of data will be transferred from the card to the reader.
Previous | Table of Contents | Next |