Previous | Table of Contents | Next |
The Envelope Command
The Envelope command supports the use of secure messaging via the T=0 link-level protocol. In secure messaging, the full command APDU should be encrypted. However, since the CLA and INS bytes from the APDU overlay elements of the TPDU, these bytes (in the TPDU) cannot be encrypted if the link-level protocol is still to work correctly. So the Envelope command allows a full APDU to be encrypted and then included in the Envelope commands data section (of its APDU). The cards APDU processor can then extract the real command and cause it to be executed.
The Get Response Command
The Get Response command is another command which allows the use of the T=0 link-level protocol for conveying the full range of APDUs. Specifically, the Case 4 type of APDU body cannot be supported with the T=0 protocol. That is, you cant send a body of data to the card and then receive a body of data back as a direct response to that command. For this type of command, by using the T=0 protocol, the initial command results in a response which indicates that more data is waiting (in the card). The Get Response command is then used to retrieve that waiting data.
Note that no other command can be interleaved between the original command and the Get Response command.
This chapter reviews the two protocol layers through which smart card-aware applications communicate between reader-side components and card-side components. The initial power-up, reset, and ATR sequence establishes a physical (half-duplex) channel between the reader and the card. The card and reader then negotiate a link-level protocol, often resolving to either a T=0 or a T=1 protocol. An application-level protocol is then established on top of the link-layer by using the APDU mechanisms defined in ISO/IEC 7816-4.
Two APIs are examined qualitatively: One provides access to a file system on the smart card and the other provides access to security services on the smart card. Multiple logical channels can be supported between the reader-side application and the smart cards APDU (file or security) processing components. Further, by using cryptographic capabilities, a rudimentary secure messaging facility can be put in place between the reader-side application components and the card-side application components.
A more quantitative review of the functions provided through these APIs is found in Appendix A.
Previous | Table of Contents | Next |