Table of Contents |
The ISO 7816-4 standard defines a set of inter-industry commands that are meant to be included on smart cards. These commands are included in whole, or in part, on many smart cards available on the market today. This appendix gives an overview of the individual commands in this set, a summary of the status/error messages that may be returned, which command application protocol data unit (APDU) is sent to the APDU processor on a smart card, and, where feasible, an example APDU for this command.
The APDU structures in which these commands would be transported is reviewed in Chapter 4, Smart Card Commands. The constituent elements of the structures are
Access to files through the commands described in this appendix is limited by a requirement that the security status of the card satisfy the security attributes defined for the files being accessed. The security status of the card is typically established through the successful execution of commands defined in the section Security later in this appendix.
Security attributes ascribed to a file can require the reader-side application component to present knowledge of a password (known by the card), providing knowledge of a key thats shared with the card, or through the use of secure messaging.
The file system commands comprise a set of commands through which a file system on the card can be accessed by a reader-side application. It is interesting to note that two file operations that you would typically find associated with a file system are not present within this family; that is, a file create command and a file delete command. Commands such as these are found on many smart cards (such as the Multiflex card); however, their semantics are not defined through the ISO 7816-4 Standard.
Description
This command causes a portion of the selected file to be read and passed back through the response message. The file segment to be read is specified through a byte offset from the beginning of the file and a byte count of the number of bytes to be read. This command uses a Case 2 APDU structure; that is, the APDU includes a complete header along with an Le field which specifies the number of bytes to be returned.
When this command is executed, a Select File command will typically already have been issued to select the file to actually read. However, the Select File command may have pointed at a DF, which contains the EF to be read by this command. In that case, the P1 parameter can be used to convey a short EF identifier (that is, a 5-bit value that uniquely specifies an EF within a DF).
CLA | INS | Parameter 1 | Parameter 2 | Parameter 3 |
---|---|---|---|---|
C016 | B016 | Short EF identifier | Offset of first byte read | Number of bytes to be read |
Data Field 1 | Data Field 2 |
---|---|
N/A | N/A |
Response |
---|
The number of bytes that were requested to be read, followed by the 2-byte status |
APDU | Interpretation |
---|---|
C016 B016 0016 0016 1016 | Read 16 bytes from the currently selected transparent file starting with the first byte in the file |
Status | Meaning | Status | Meaning |
---|---|---|---|
628116 | Return data error | 628216 | Premature EOF |
670016 | Incorrect field | 698116 | Bad command |
698216 | Invalid security status | 698616 | EF not selected |
6A8116 | Invalid function | 6A8216 | File missing |
6B0016 | Invalid parameters | 6CXX16 | Incorrect Le field |
Description
This command provides for setting the values of specified bytes of the selected file. Depending on the files attributes, the write operation may result in ANDing or ORing the bytes specified in the command with the values already in the file.
CLA | INS | Parameter 1 | Parameter 2 | Parameter 3 |
---|---|---|---|---|
C016 | D016 | Short EF identifier | Offset of first byte written | Number of bytes to be written |
Data Field 1 | Data Field 2 |
---|---|
String of bytes to be written | Empty |
Response |
---|
2-byte status |
APDU | Interpretation |
---|---|
C016 D016 0116 0116 0116 FF16 | Select EF file 1 (by short identifier) within the currently selected DF, and then write all 1s in the second byte of the file, assuming that file attributes are correct |
Status | Meaning | Status | Meaning |
---|---|---|---|
63CX16 | Success with retries | 658116 | Invalid write |
670016 | Invalid Le field | 698116 | Bad command |
698216 | Invalid security status | 698616 | EF not selected |
6A8116 | Invalid function | 6A8216 | File missing |
6B0016 | Invalid parameters | ||
Description
This command provides for setting the values of specified bytes of the selected file. This command functions essentially like a file write command. The resulting values of the file are those indicated in the command.
CLA | INS | Parameter 1 | Parameter 2 | Parameter 3 |
---|---|---|---|---|
C016 | D616 | Short EF identifier | Offset of first byte written | Number of bytes to be written |
Data Field 1 | Data Field 2 |
---|---|
Byte string to be written | Empty |
Response |
---|
2-byte status |
APDU | Interpretation |
---|---|
C016 D616 0116 0116 0116 FF16 | Select EF file 1 (by short identifier) within the currently selected DF, and then write all 1s in the second byte of the file |
Status | Meaning | Status | Meaning |
---|---|---|---|
63CX16 | Success with retries | 658116 | Invalid write |
670016 | Incorrect Le field | 698116 | Bad command |
698216 | Invalid security status | 698616 | EF not selected |
6A8116 | Invalid function | 6A8216 | File missing |
6B0016 | Invalid parameters | ||
Description
This command results in the setting of specified bytes of the selected file to a logical erased state. In general, this state is equivalent to a 0 value. The command works by spacing across the offset number of bytes and starting to erase. It then terminates on the byte specified by the parameters, or at the end of the file. So, its possible to erase a segment of bytes within a file if that is desired.
CLA | INS | Parameter 1 | Parameter 2 | Parameter 3 |
---|---|---|---|---|
C016 | 0E16 | Short EF identifier | Offset of first byte erased | If not zero this is length of data field 1 |
Data Field 1 | Data Field 2 |
---|---|
If present, this is the offset of the first byte not erased; this offset must be greater than the offset in parameter 2 | Empty |
Response |
---|
2-byte status |
APDU | Interpretation |
---|---|
C016 0E16 0116 0116 0116 0616 | Select EF file 1 (by short identifier) within the currently selected DF, and then erase the second byte of the file through the sixth byte of the file |
Status | Meaning | Status | Meaning |
---|---|---|---|
63CX16 | Success with retries | 658116 | Invalid write |
670016 | Incorrect Le field | 698116 | Bad command |
698216 | Invalid security status | 698616 | EF not selected |
6A8116 | Invalid function | 6A8216 | File missing |
6B0016 | Invalid parameters | ||
Description
This command provides for reading one to several records of a file that has an internal record structure.
CLA | INS | Parameter 1 | Parameter 2 | Parameter 3 |
---|---|---|---|---|
C016 | B216 | Index of the record to be read (0116, 0216, ..., FF16) OR 0016 if the current record is to be read | Selection of record to be read: 00 first record; 01 last record; 02 next record; 03 previous record; 04 current record; if index is 0 or index record if it isnt | The number of bytes to be read from the record identified by P1 and P2; must be equal to the length of the record in the file |
Data Field 1 | Data Field 2 |
---|---|
Empty | Empty |
Response |
---|
The number of bytes in the record if the command is successful followed by the usual 2-byte status |
APDU | Interpretation |
---|---|
C016 B216 0616 0416 1416 | The records in the selected fixed-length record file are 20 bytes long; this command reads the sixth record in the file |
Status | Meaning | Status | Meaning |
---|---|---|---|
628116 | Return data error | 628216 | Premature EOF |
670016 | Incorrect Le field | 698116 | Bad command |
698216 | Invalid security status | 6A8116 | Invalid function |
6A8216 | File missing | 6A8316 | Missing record |
6CXX16 | Wrong Le length | ||
Description
This command provides for writing one record into a file that has an internal record structure. Depending on the files attributes, the write operation may result in ANDing or ORing the bytes specified in the command with the values already in the file. For the example, well assume that the attributes are set for a one-time-write operation; that is, this will be the initial writing of data into this record of the file.
CLA | INS | Parameter 1 | Parameter 2 | Parameter 3 |
---|---|---|---|---|
C016 | D216 | Index of the record to be written to (0116, 0216, , FF16) OR 0 if the current record is to be overwritten | Selection of record to be affected: 00 first record; 01 last record; 02 next record; 03 previous record; 04 current record; if index is 0 or index record if it isnt | The number of bytes to be merged into the record identified by Parameter 1 and Parameter 2; must be equal to the length of the record in the file |
Data Field 1 | Data Field 2 |
---|---|
The data bytes to be written into the record identified by P1 and P2 | Empty |
Response |
---|
2-byte status |
APDU | Interpretation |
---|---|
C016 D216 0616 0416 1416 5316 6116 6C16 6C16 7916 2016 4716 7216 6516 6516 6E16 0016 0016 0016 0016 0016 0016 0016 0016 0016 | The records in the selected fixed-length record file are 20 bytes long; this command writes Sally Green into the sixth record in this file |
Status | Meaning | Status | Meaning |
---|---|---|---|
63CX16 | Success with retries | 658116 | Invalid write |
670016 | Incorrect Le field | 698116 | Bad command |
698216 | Invalid security status | 698616 | EF not selected |
6A8116 | Invalid function | 6A8216 | File missing |
6A8316 | Missing record | 6A8416 | Insufficient file space |
6A8516 | Invalid TLV | ||
Description
This command provides for either the appending of a record at the end of an EF with a linear structure or the writing of the first record of a cyclic, structured file.
CLA | INS | Parameter 1 | Parameter 2 | Parameter 3 |
---|---|---|---|---|
C016 | E216 | 00 | Short EF file identifier | The number of bytes in the append record |
Data Field 1 | Data Field 2 |
---|---|
Contents of the append record | Empty |
Response |
---|
2-byte status |
APDU | Interpretation |
---|---|
C016 D216 0016 0016 1416 5316 6116 6C16 6C16 7916 2016 4716 7216 6516 6516 6E16 0016 0016 0016 0016 0016 0016 0016 0016 0016 | The records in the selected fixed-length record file are 20 bytes long; this command appends Sally Green onto the end of the EF |
Status | Meaning | Status | Meaning |
---|---|---|---|
63CX16 | Success with retries | 658116 | Invalid write |
670016 | Incorrect Le field | 698116 | Bad command |
698216 | Invalid security status | 698616 | EF not selected |
6A8116 | Invalid function | 6A8216 | File missing |
6A8316 | Missing record | 6A8416 | Insufficient file space |
6A8516 | Invalid TLV | ||
Description
This command provides for updating (writing) a specific set of bytes in a specified record of a file.
CLA | INS | Parameter 1 | Parameter 2 | Parameter 3 |
---|---|---|---|---|
C016 | DC16 | Index of the record to be overwritten (0116, 0216, ..., FF16) OR 0 if the current record is to be overwritten | Selection of record to be overwritten: 00 first record; 01 last record; 02 next record; 03 previous record; 04 current record; if index is 0 or index record if it isnt | The number of bytes to be written into the record identified by Parameter 1 and Parameter 2; must be equal to the length of the record in the file |
Data Field 1 | Data Field 2 |
---|---|
The data bytes to be written into the record identified by P1 and P2 | Empty |
Response |
---|
2-byte status |
APDU | Interpretation |
---|---|
C016 DC16 0616 0416 1416 5316 6116 6C16 6C16 7916 2016 4716 7216 6516 6516 6E16 0016 0016 0016 0016 0016 0016 0016 0016 0016 | The records in the selected fixed-length record file are 20 bytes long; this command writes Sally Green into the sixth record in this file |
Status | Meaning | Status | Meaning |
---|---|---|---|
63CX16 | Success with retries | 658116 | Invalid write |
670016 | Incorrect Le field | 698116 | Bad command |
698216 | Invalid security status | 698616 | EF not selected |
6A8116 | Invalid function | 6A8216 | File missing |
6A8316 | Missing record | 6A8416 | Insufficient file space |
6A8516 | Invalid TLV | ||
Description
This command provides for the reading of one primitive data object. In the context of this class of commands, a data object is one of two types of data structures: a BER-TLV structure or a SIMPLE-TLV structure. TLV means a tag, length, and value structure (that is, a structure where a tag field gives an identity to the structure, a length field gives a size [in bytes], and a value field contains the piece of information that is the reason for the existence of the structure).
In a SIMPLE-TLV data object, the tag field is a single byte containing a number that identifies the data object, the length field consists of 1 or 3 bytes in length (if 1 byte the length is 0 to 254 bytes, if three the length is 0 to 64K bytes), and the value field is a string of bytes of length given by the length field. A BER-TLV structure is defined by the ISO/IEC 8825 standard.
CLA | INS | Parameter 1 | Parameter 2 | Parameter 3 |
---|---|---|---|---|
CO16 | CA16 | Data object | Identifier | Size of response Le |
Data Field 1 | Data Field 2 |
---|---|
Empty | Empty |
Response |
---|
Le bytes of data followed by 2-byte status |
APDU | Interpretation |
---|---|
CO16 CA16 0216 0116 1416 | This command retrieves up to 20 bytes of the value of a SIMPLE-TLV structure with ID = 01 |
Status | Meaning | Status | Meaning |
---|---|---|---|
628116 | Returned data error | 670016 | Incorrect Le field |
698216 | Invalid security status | 698516 | Invalid conditions |
6A8116 | Invalid function | 6A8816 | Missing data object |
6CXX16 | Wrong Le length | ||
Description
This command provides for the writing of one data object or of several data objects that have been packed into one constructed data object.
CLA | INS | Parameter 1 | Parameter 2 | Parameter 3 |
---|---|---|---|---|
C016 | DA16 | Data object | Identifier | Length of data field |
Data Field 1 | Data Field 2 |
---|---|
Data to be written | Empty |
Response |
---|
2-byte status |
APDU | Interpretation |
---|---|
CO16 DA16 0216 0116 0116 FF16 | This command stores a 1-byte value of all ones in the SIMPLE-TLV structure with ID = 01 |
Status | Meaning | Status | Meaning |
---|---|---|---|
63CX16 | Success with retries | 658116 | Invalid write |
670016 | Incorrect Le field | 698216 | Invalid security status |
698516 | Invalid conditions | 6A8016 | Incorrect data parameters |
6A8116 | Invalid function | 6A8416 | Insufficient file space |
6A8516 | Invalid TLV | ||
Description
This command establishes a specific file which will then be the target of any subsequent file operation commands.
CLA | INS | Parameter 1 | Parameter 2 | Parameter 3 |
---|---|---|---|---|
C016 | A416 | 0016 | 0016 | 0216 |
Data Field 1 | Data Field 2 |
---|---|
2-byte file identifier | N/A |
Response |
---|
2-byte status; if the high-order byte of the status word is 6116, then the low-order byte is the number of bytes of file description data that can be retrieved with a subsequent Get Response command |
APDU | Interpretation |
---|---|
C016 A416 0016 0016 0216 3F16 0016 | The master file becomes the currently selected directory |
Status | Meaning | Status | Meaning |
---|---|---|---|
628316 | File cancelled | 6628416 | Improper file format |
6A8116 | Invalid function | 6A8216 | File missing |
6A8616 | P1 and P2 error | 6A8716 | Wrong Lc |
ISO/IEC 7816-4 specifies an application interface for security operations for a smart card. These commands provide mechanisms through which a reader-side application can authenticate its identity to a card, a card can authenticate itself to a reader-side application, and a cardholder can authenticate his or her identity to the card. These mechanisms are used by applications to establish a known security status on a card and hence gain access to data or computational services which are protected by checks on access privileges.
Description
This command starts the comparison (in the card) of the verification data sent from the reader/terminal with the reference data stored in the card.
CLA | INS | Parameter 1 | Parameter 2 | Parameter 3 |
---|---|---|---|---|
C016 | 2016 | 0016 | Qualifier of reference data | Length of data field or empty |
Data Field 1 | Data Field 2 |
---|---|
Verification data or empty | Empty |
Response |
---|
2-byte status |
APDU | Interpretation |
---|---|
C016 2016 0016 0016 0316 5316 6116 5316 | This command checks to see whether the card password is SAS |
Status | Meaning | Status | Meaning |
---|---|---|---|
630016 | Invalid verify | 63CX16 | Success with retries |
698316 | Invalid authentication | 698416 | Data cancelled |
6A8616 | P1 and P2 error | 6A8816 | Missing data object |
Description
This command starts the computation of the authentication data by the card using the challenge data sent from the reader/terminal and a secret (key) stored in the card.
CLA | INS | Parameter 1 | Parameter 2 | Parameter 3 |
---|---|---|---|---|
C016 | 8816 | ID of algorithm in card | ID of secret (key) field | Length of data |
Data Field 1 | Data Field 2 |
---|---|
Challenge data | Maximum number of bytes expected in response (Le) |
Response |
---|
Le bytes of response to the challenge plus 2-byte status |
APDU | Interpretation |
---|---|
C016881600160016 03160316021601160316 | This command passes the challenge 321 from the reader to the card; it encrypts this with its known algorithm and key then returns the encrypted challenge back to the reader |
Status | Meaning | Status | Meaning |
---|---|---|---|
698416 | Data cancelled | 698516 | Invalid conditions |
6A8616 | P1 and P2 error | 6A8816 | Missing data object |
Description
This command conditionally updates the security status using the result of the computation by the card based on a challenge previously issued by the card, a (secret) key stored in the card, and authentication data supplied by the reader/terminal.
CLA | INS | Parameter 1 | Parameter 2 | Parameter 3 |
---|---|---|---|---|
C016 | 8216 | ID of algorithm in card | ID of secret (key) field or empty | Length of data |
Data Field 1 | Data Field 2 |
---|---|
Empty or response to challenge | Empty |
Response |
---|
2-byte status |
APDU | Interpretation |
---|---|
C016821600160016 03160316021601160316 | The card has previously generated a challenge number and sent it to the reader; the reader has encrypted it with a key it shares with the card and is now returning the encrypted challenge number to the card; if the card can validate it, then the response to this command will be a success status |
Status | Meaning | Status | Meaning |
---|---|---|---|
630016 | Invalid verify | 63CX16 | Success with retries |
670016 | Incorrect Lc field | 698316 | Invalid authentication |
698416 | Data cancelled | 698516 | Invalid conditions |
6A8616 | P1 and P2 error | 6A8816 | Missing data object |
Description
This command forces the issuing of a challenge (such as a random number) for use in a security related procedure such as an External Authenticate command.
CLA | INS | Parameter 1 | Parameter 2 | Parameter 3 |
---|---|---|---|---|
C016 | 8416 | 0000 | Empty | Le field length |
Data Field 1 | Data Field 2 |
---|---|
Empty | Empty |
Response |
---|
Le bytes of challenge data plus 2-byte status |
APDU | Interpretation |
---|---|
C016841600160016 0616 | This command essentially asks the card to generate a 6-byte challenge string and return it to the reader-side application |
Status | Meaning | Status | Meaning |
---|---|---|---|
6A8116 | Invalid function | 6A8616 | P1 and P2 error |
Description
This command is used to open and close logical channels. A logical channel is essentially a connection between a reader-side application and a file. This is one mechanism that can be used to provide multiple reader-side applications simultaneous access to multiple files (applications) on the card.
CLA | INS | Parameter 1 | Parameter 2 | Parameter 3 |
---|---|---|---|---|
C016 | 7016 | 0016=open | Channel ID | Empty or 000016 |
8016=close | 0016-0316 | |||
Data Field 1 | Data Field 2 |
---|---|
Empty | Empty |
Response |
---|
Empty or logical channel number plus 2-byte status |
APDU | Interpretation |
---|---|
C016701600160116 | This command causes the card to assign logical channel 1; in subsequent commands such as Select File, channel 1 can be indicated in the CLA value |
Status | Meaning |
---|---|
620016 | Insufficient data |
Description
This command is used to transmit from the card to the reader APDUs or parts of APDUs which otherwise would not be transmitted by the protocols in use.
CLA | INS | Parameter 1 | Parameter 2 | Parameter 3 |
---|---|---|---|---|
C016 | C016 | 0016 | 0016 | The number of bytes of data to retrieve (Le) |
Data Field 1 | Data Field 2 |
---|---|
Empty | Empty |
Response |
---|
Le bytes of APDU response plus 2-byte response |
APDU | Interpretation |
---|---|
C016 C016 0016 0016 1416 | Retrieve the 20 bytes of information created when a Select File command is issued for a directory |
Status | Meaning | Status | Meaning |
---|---|---|---|
61XX16 | Processing okay | 628116 | Return data error |
670016 | Incorrect Le field | 6A8616 | P1 and P2 error |
6CXX16 | Wrong Le length | ||
Description
This command is used to transmit from the reader to the card APDUs or parts of APDUs that otherwise would not be transmitted by the protocols in use. Specifically, this allows a complete APDU to be encapsulated in the body of this APDU. This is necessary if you want to make use of secure messaging when using the T=0 link-level protocol.
CLA | INS | Parameter 1 | Parameter 2 | Parameter 3 |
---|---|---|---|---|
C016 | C216 | 0016 | 0016 | Length of data field (Lc) |
Data Field 1 | Data Field 2 |
---|---|
Encapsulated APDU | Empty or length (Le) |
Response |
---|
Empty or part of APDU plus 2-byte status |
APDU | Interpretation |
---|---|
C016 C216 0016 0016 0716 C016 A416 0016 0016 0216 3F16 0016 | This command encapsulates a Select File APDU inside it |
Status | Meaning |
---|---|
670016 | Incorrect Lc field |
Table of Contents |