Table of Contents


PART IV
APPENDIXES

Appendix A
The ISO/IEC 7816-4 Command Set
Appendix B
The Multiflex Command Set

APPENDIX A
THE ISO 7816-4 COMMAND SET

The ISO 7816-4 standard defines a set of inter-industry commands that are meant to be included on smart cards. These commands are included in whole, or in part, on many smart cards available on the market today. This appendix gives an overview of the individual commands in this set, a summary of the status/error messages that may be returned, which command application protocol data unit (APDU) is sent to the APDU processor on a smart card, and, where feasible, an example APDU for this command.

APDU Structures

The APDU structures in which these commands would be transported is reviewed in Chapter 4, “Smart Card Commands.” The constituent elements of the structures are

  CLA—The 1-byte designation of a family of commands.
  INS—The 1-byte designation of a specific command in this family.
  P1—A 1-byte parameter passed along as part of the [CLA,INS] command that elaborates on the exact meaning of the command; a command modifier.
  P2—A 1-byte parameter passed along as part of the [CLA,INS] command that elaborates on the exact meaning of the command; a command modifier.
  Lc field—a field that specifies the length of the data field (which follows). For essentially all existing cards, the size of this field is 1 byte, so it can define a data field length up to 256 bytes. However, it should be noted that a mechanism is defined within the ISO 7816-4 standard through which a card can define an extended address space which would allow longer fields to be specified. We will limit our discussion to the typical case where the Lc field is 1 byte in length.
  Data field—a string of bytes whose length is specified by the Lc field. These bytes are conveyed via the APDU to the card’s APDU processor.
  Le field—a field that specifies the length of the body of the response APDU (to this command); this number of bytes is returned by the card’s APDU processor on successful completion of the command. As with the Lc field, a card can define an extended addressing facility; however, we will limit our current review to 1 byte Le fields.

Security Status

Access to files through the commands described in this appendix is limited by a requirement that the security status of the card satisfy the security attributes defined for the files being accessed. The security status of the card is typically established through the successful execution of commands defined in the section “Security” later in this appendix.

Security attributes ascribed to a file can require the reader-side application component to present knowledge of a password (known by the card), providing knowledge of a key that’s shared with the card, or through the use of secure messaging.

File System

The file system commands comprise a set of commands through which a file system on the card can be accessed by a reader-side application. It is interesting to note that two file operations that you would typically find associated with a file system are not present within this family; that is, a file create command and a file delete command. Commands such as these are found on many smart cards (such as the Multiflex card); however, their semantics are not defined through the ISO 7816-4 Standard.

Read Binary

Description

This command causes a portion of the selected file to be read and passed back through the response message. The file segment to be read is specified through a byte offset from the beginning of the file and a byte count of the number of bytes to be read. This command uses a Case 2 APDU structure; that is, the APDU includes a complete header along with an Le field which specifies the number of bytes to be returned.

When this command is executed, a Select File command will typically already have been issued to select the file to actually read. However, the Select File command may have pointed at a DF, which contains the EF to be read by this command. In that case, the P1 parameter can be used to convey a short EF identifier (that is, a 5-bit value that uniquely specifies an EF within a DF).

Command Application Protocol Data Unit
CLA INS Parameter 1 Parameter 2 Parameter 3

C016 B016 Short EF identifier Offset of first byte read Number of bytes to be read

Data Field 1 Data Field 2

N/A N/A

Response Application Protocol Data Unit
Response

The number of bytes that were requested to be read, followed by the 2-byte status

Example of Use
APDU Interpretation

C016 B016 0016 0016 1016 Read 16 bytes from the currently selected transparent file starting with the first byte in the file

Error Codes (As Specified by ISO/IEC 7816-4: 1995(E))
Status Meaning Status Meaning

628116 Return data error 628216 Premature EOF
670016 Incorrect field 698116 Bad command
698216 Invalid security status 698616 EF not selected
6A8116 Invalid function 6A8216 File missing
6B0016 Invalid parameters 6CXX16 Incorrect Le field

Write Binary

Description

This command provides for setting the values of specified bytes of the selected file. Depending on the file’s attributes, the write operation may result in ANDing or ORing the bytes specified in the command with the values already in the file.

Command Application Protocol Data Unit
CLA INS Parameter 1 Parameter 2 Parameter 3

C016 D016 Short EF identifier Offset of first byte written Number of bytes to be written

Data Field 1 Data Field 2

String of bytes to be written Empty

Response Application Protocol Data Unit
Response

2-byte status

Example of Use
APDU Interpretation

C016 D016 0116 0116 0116 FF16 Select EF file 1 (by short identifier) within the currently selected DF, and then write all 1s in the second byte of the file, assuming that file attributes are correct

Error Codes (As Specified by ISO/IEC 7816-4: 1995(E))
Status Meaning Status Meaning

63CX16 Success with retries 658116 Invalid write
670016 Invalid Le field 698116 Bad command
698216 Invalid security status 698616 EF not selected
6A8116 Invalid function 6A8216 File missing
6B0016 Invalid parameters    

Update Binary

Description

This command provides for setting the values of specified bytes of the selected file. This command functions essentially like a file write command. The resulting values of the file are those indicated in the command.

Command Application Protocol Data Unit
CLA INS Parameter 1 Parameter 2 Parameter 3

C016 D616 Short EF identifier Offset of first byte written Number of bytes to be written

Data Field 1 Data Field 2

Byte string to be written Empty

Response Application Protocol Data Unit
Response

2-byte status

Example of Use
APDU Interpretation

C016 D616 0116 0116 0116 FF16 Select EF file 1 (by short identifier) within the currently selected DF, and then write all 1s in the second byte of the file

Error Codes (As Specified by ISO/IEC 7816-4: 1995(E))
Status Meaning Status Meaning

63CX16 Success with retries 658116 Invalid write
670016 Incorrect Le field 698116 Bad command
698216 Invalid security status 698616 EF not selected
6A8116 Invalid function 6A8216 File missing
6B0016 Invalid parameters    

Erase Binary

Description

This command results in the setting of specified bytes of the selected file to a logical erased state. In general, this state is equivalent to a 0 value. The command works by spacing across the offset number of bytes and starting to erase. It then terminates on the byte specified by the parameters, or at the end of the file. So, it’s possible to erase a segment of bytes within a file if that is desired.

Command Application Protocol Data Unit
CLA INS Parameter 1 Parameter 2 Parameter 3

C016 0E16 Short EF identifier Offset of first byte erased If not zero this is length of data field 1

Data Field 1 Data Field 2

If present, this is the offset of the first byte not erased; this offset must be greater than the offset in parameter 2 Empty

Response Application Protocol Data Unit
Response

2-byte status

Example of Use
APDU Interpretation

C016 0E16 0116 0116 0116 0616 Select EF file 1 (by short identifier) within the currently selected DF, and then erase the second byte of the file through the sixth byte of the file

Error Codes (As Specified by ISO/IEC 7816-4: 1995(E))
Status Meaning Status Meaning

63CX16 Success with retries 658116 Invalid write
670016 Incorrect Le field 698116 Bad command
698216 Invalid security status 698616 EF not selected
6A8116 Invalid function 6A8216 File missing
6B0016 Invalid parameters    

Read Record

Description

This command provides for reading one to several records of a file that has an internal record structure.

Command Application Protocol Data Unit
CLA INS Parameter 1 Parameter 2 Parameter 3

C016 B216 Index of the record to be read (0116, 0216, ..., FF16) OR 0016 if the current record is to be read Selection of record to be read: 00 first record; 01 last record; 02 next record; 03 previous record; 04 current record; if index is 0 or index record if it isn’t The number of bytes to be read from the record identified by P1 and P2; must be equal to the length of the record in the file

Data Field 1 Data Field 2

Empty Empty

Response Application Protocol Data Unit
Response

The number of bytes in the record if the command is successful followed by the usual 2-byte status

Example of Use
APDU Interpretation

C016 B216 0616 0416 1416 The records in the selected fixed-length record file are 20 bytes long; this command reads the sixth record in the file

Error Codes (As Specified by ISO/IEC 7816-4: 1995(E))
Status Meaning Status Meaning

628116 Return data error 628216 Premature EOF
670016 Incorrect Le field 698116 Bad command
698216 Invalid security status 6A8116 Invalid function
6A8216 File missing 6A8316 Missing record
6CXX16 Wrong Le length    

Write Record

Description

This command provides for writing one record into a file that has an internal record structure. Depending on the file’s attributes, the write operation may result in ANDing or ORing the bytes specified in the command with the values already in the file. For the example, we’ll assume that the attributes are set for a one-time-write operation; that is, this will be the initial writing of data into this record of the file.

Command Application Protocol Data Unit
CLA INS Parameter 1 Parameter 2 Parameter 3

C016 D216 Index of the record to be written to (0116, 0216, …, FF16) OR 0 if the current record is to be overwritten Selection of record to be affected: 00 first record; 01 last record; 02 next record; 03 previous record; 04 current record; if index is 0 or index record if it isn’t The number of bytes to be merged into the record identified by Parameter 1 and Parameter 2; must be equal to the length of the record in the file

Data Field 1 Data Field 2

The data bytes to be written into the record identified by P1 and P2 Empty

Response Application Protocol Data Unit
Response

2-byte status

Example of Use
APDU Interpretation

C016 D216 0616 0416 1416 5316 6116 6C16 6C16 7916 2016 4716 7216 6516 6516 6E16 0016 0016 0016 0016 0016 0016 0016 0016 0016 The records in the selected fixed-length record file are 20 bytes long; this command writes Sally Green into the sixth record in this file

Error Codes (As Specified by ISO/IEC 7816-4: 1995(E))
Status Meaning Status Meaning

63CX16 Success with retries 658116 Invalid write
670016 Incorrect Le field 698116 Bad command
698216 Invalid security status 698616 EF not selected
6A8116 Invalid function 6A8216 File missing
6A8316 Missing record 6A8416 Insufficient file space
6A8516 Invalid TLV    

Append Record

Description

This command provides for either the appending of a record at the end of an EF with a linear structure or the writing of the first record of a cyclic, structured file.

Command Application Protocol Data Unit
CLA INS Parameter 1 Parameter 2 Parameter 3

C016 E216 00 Short EF file identifier The number of bytes in the append record

Data Field 1 Data Field 2

Contents of the append record Empty

Response Application Protocol Data Unit
Response

2-byte status

Example of Use
APDU Interpretation

C016 D216 0016 0016 1416 5316 6116 6C16 6C16 7916 2016 4716 7216 6516 6516 6E16 0016 0016 0016 0016 0016 0016 0016 0016 0016 The records in the selected fixed-length record file are 20 bytes long; this command appends Sally Green onto the end of the EF

Error Codes (As Specified by ISO/IEC 7816-4: 1995(E))
Status Meaning Status Meaning

63CX16 Success with retries 658116 Invalid write
670016 Incorrect Le field 698116 Bad command
698216 Invalid security status 698616 EF not selected
6A8116 Invalid function 6A8216 File missing
6A8316 Missing record 6A8416 Insufficient file space
6A8516 Invalid TLV    

Update Record

Description

This command provides for updating (writing) a specific set of bytes in a specified record of a file.

Command Application Protocol Data Unit
CLA INS Parameter 1 Parameter 2 Parameter 3

C016 DC16 Index of the record to be overwritten (0116, 0216, ..., FF16) OR 0 if the current record is to be overwritten Selection of record to be overwritten: 00 first record; 01 last record; 02 next record; 03 previous record; 04 current record; if index is 0 or index record if it isn’t The number of bytes to be written into the record identified by Parameter 1 and Parameter 2; must be equal to the length of the record in the file

Data Field 1 Data Field 2

The data bytes to be written into the record identified by P1 and P2 Empty

Response Application Protocol Data Unit
Response

2-byte status

Example of Use
APDU Interpretation

C016 DC16 0616 0416 1416 5316 6116 6C16 6C16 7916 2016 4716 7216 6516 6516 6E16 0016 0016 0016 0016 0016 0016 0016 0016 0016 The records in the selected fixed-length record file are 20 bytes long; this command writes Sally Green into the sixth record in this file

Error Codes (As Specified by ISO/IEC 7816-4: 1995(E))
Status Meaning Status Meaning

63CX16 Success with retries 658116 Invalid write
670016 Incorrect Le field 698116 Bad command
698216 Invalid security status 698616 EF not selected
6A8116 Invalid function 6A8216 File missing
6A8316 Missing record 6A8416 Insufficient file space
6A8516 Invalid TLV    

Get Data

Description

This command provides for the reading of one primitive data object. In the context of this class of commands, a data object is one of two types of data structures: a BER-TLV structure or a SIMPLE-TLV structure. TLV means a tag, length, and value structure (that is, a structure where a tag field gives an identity to the structure, a length field gives a size [in bytes], and a value field contains the piece of information that is the reason for the existence of the structure).

In a SIMPLE-TLV data object, the tag field is a single byte containing a number that identifies the data object, the length field consists of 1 or 3 bytes in length (if 1 byte the length is 0 to 254 bytes, if three the length is 0 to 64K bytes), and the value field is a string of bytes of length given by the length field. A BER-TLV structure is defined by the ISO/IEC 8825 standard.

Command Application Protocol Data Unit
CLA INS Parameter 1 Parameter 2 Parameter 3

CO16 CA16 Data object Identifier Size of response Le

Data Field 1 Data Field 2

Empty Empty

Response Application Protocol Data Unit
Response

Le bytes of data followed by 2-byte status

Example of Use
APDU Interpretation

CO16 CA16 0216 0116 1416 This command retrieves up to 20 bytes of the value of a SIMPLE-TLV structure with ID = 01

Error Codes (As Specified by ISO/IEC 7816-4: 1995(E))
Status Meaning Status Meaning

628116 Returned data error 670016 Incorrect Le field
698216 Invalid security status 698516 Invalid conditions
6A8116 Invalid function 6A8816 Missing data object
6CXX16 Wrong Le length    

Put Data

Description

This command provides for the writing of one data object or of several data objects that have been packed into one constructed data object.

Command Application Protocol Data Unit
CLA INS Parameter 1 Parameter 2 Parameter 3

C016 DA16 Data object Identifier Length of data field

Data Field 1 Data Field 2

Data to be written Empty

Response Application Protocol Data Unit
Response

2-byte status

Example of Use
APDU Interpretation

CO16 DA16 0216 0116 0116 FF16 This command stores a 1-byte value of all ones in the SIMPLE-TLV structure with ID = 01

Error Codes (As Specified by ISO/IEC 7816-4: 1995(E))
Status Meaning Status Meaning

63CX16 Success with retries 658116 Invalid write
670016 Incorrect Le field 698216 Invalid security status
698516 Invalid conditions 6A8016 Incorrect data parameters
6A8116 Invalid function 6A8416 Insufficient file space
6A8516 Invalid TLV    

Select File

Description

This command establishes a specific file which will then be the target of any subsequent file operation commands.

Command Application Protocol Data Unit
CLA INS Parameter 1 Parameter 2 Parameter 3

C016 A416 0016 0016 0216

Data Field 1 Data Field 2

2-byte file identifier N/A

Response Application Protocol Data Unit
Response

2-byte status; if the high-order byte of the status word is 6116, then the low-order byte is the number of bytes of file description data that can be retrieved with a subsequent Get Response command

Example of Use
APDU Interpretation

C016 A416 0016 0016 0216 3F16 0016 The master file becomes the currently selected directory

Error Codes (As Specified by ISO/IEC 7816-4: 1995(E))
Status Meaning Status Meaning

628316 File cancelled 6628416 Improper file format
6A8116 Invalid function 6A8216 File missing
6A8616 P1 and P2 error 6A8716 Wrong Lc

Security

ISO/IEC 7816-4 specifies an application interface for security operations for a smart card. These commands provide mechanisms through which a reader-side application can authenticate its identity to a card, a card can authenticate itself to a reader-side application, and a cardholder can authenticate his or her identity to the card. These mechanisms are used by applications to establish a known security status on a card and hence gain access to data or computational services which are protected by checks on access privileges.

Verify

Description

This command starts the comparison (in the card) of the verification data sent from the reader/terminal with the reference data stored in the card.

Command Application Protocol Data Unit
CLA INS Parameter 1 Parameter 2 Parameter 3

C016 2016 0016 Qualifier of reference data Length of data field or empty

Data Field 1 Data Field 2

Verification data or empty Empty

Response Application Protocol Data Unit
Response

2-byte status

Example of Use
APDU Interpretation

C016 2016 0016 0016 0316 5316 6116 5316 This command checks to see whether the card password is SAS

Error Codes
Status Meaning Status Meaning

630016 Invalid verify 63CX16 Success with retries
698316 Invalid authentication 698416 Data cancelled
6A8616 P1 and P2 error 6A8816 Missing data object

Internal Authenticate

Description

This command starts the computation of the authentication data by the card using the challenge data sent from the reader/terminal and a secret (key) stored in the card.

Command Application Protocol Data Unit
CLA INS Parameter 1 Parameter 2 Parameter 3

C016 8816 ID of algorithm in card ID of secret (key) field Length of data

Data Field 1 Data Field 2

Challenge data Maximum number of bytes expected in response (Le)

Response Application Protocol Data Unit
Response

Le bytes of response to the challenge plus 2-byte status

Example of Use
APDU Interpretation

C016881600160016 03160316021601160316 This command passes the challenge 321 from the reader to the card; it encrypts this with its known algorithm and key then returns the encrypted challenge back to the reader

Error Codes
Status Meaning Status Meaning

698416 Data cancelled 698516 Invalid conditions
6A8616 P1 and P2 error 6A8816 Missing data object

External Authenticate

Description

This command conditionally updates the security status using the result of the computation by the card based on a challenge previously issued by the card, a (secret) key stored in the card, and authentication data supplied by the reader/terminal.

Command Application Protocol Data Unit
CLA INS Parameter 1 Parameter 2 Parameter 3

C016 8216 ID of algorithm in card ID of secret (key) field or empty Length of data

Data Field 1 Data Field 2

Empty or response to challenge Empty

Response Application Protocol Data Unit
Response

2-byte status

Example of Use
APDU Interpretation

C016821600160016 03160316021601160316 The card has previously generated a challenge number and sent it to the reader; the reader has encrypted it with a key it shares with the card and is now returning the encrypted challenge number to the card; if the card can validate it, then the response to this command will be a success status

Error Codes
Status Meaning Status Meaning

630016 Invalid verify 63CX16 Success with retries
670016 Incorrect Lc field 698316 Invalid authentication
698416 Data cancelled 698516 Invalid conditions
6A8616 P1 and P2 error 6A8816 Missing data object

Get Challenge

Description

This command forces the issuing of a challenge (such as a random number) for use in a security related procedure such as an External Authenticate command.

Command Application Protocol Data Unit
CLA INS Parameter 1 Parameter 2 Parameter 3

C016 8416 0000 Empty Le field length

Data Field 1 Data Field 2

Empty Empty

Response Application Protocol Data Unit
Response

Le bytes of challenge data plus 2-byte status

Example of Use
APDU Interpretation

C016841600160016 0616 This command essentially asks the card to generate a 6-byte challenge string and return it to the reader-side application

Error Codes
Status Meaning Status Meaning

6A8116 Invalid function 6A8616 P1 and P2 error

Manage Channel

Description

This command is used to open and close logical channels. A logical channel is essentially a connection between a reader-side application and a file. This is one mechanism that can be used to provide multiple reader-side applications “simultaneous” access to multiple files (applications) on the card.

Command Application Protocol Data Unit
CLA INS Parameter 1 Parameter 2 Parameter 3

C016 7016 0016=open Channel ID Empty or 000016
    8016=close 0016-0316  

Data Field 1 Data Field 2

Empty Empty

Response Application Protocol Data Unit
Response

Empty or logical channel number plus 2-byte status

Example of Use
APDU Interpretation

C016701600160116 This command causes the card to assign logical channel 1; in subsequent commands such as Select File, channel 1 can be indicated in the CLA value

Error Codes
Status Meaning

620016 Insufficient data

Get Response

Description

This command is used to transmit from the card to the reader APDUs or parts of APDUs which otherwise would not be transmitted by the protocols in use.

Command Application Protocol Data Unit
CLA INS Parameter 1 Parameter 2 Parameter 3

C016 C016 0016 0016 The number of bytes of data to retrieve (Le)

Data Field 1 Data Field 2

Empty Empty

Response Application Protocol Data Unit
Response

Le bytes of APDU response plus 2-byte response

Example of Use
APDU Interpretation

C016 C016 0016 0016 1416 Retrieve the 20 bytes of information created when a Select File command is issued for a directory

Error Codes
Status Meaning Status Meaning

61XX16 Processing okay 628116 Return data error
670016 Incorrect Le field 6A8616 P1 and P2 error
6CXX16 Wrong Le length    

Envelope

Description

This command is used to transmit from the reader to the card APDUs or parts of APDUs that otherwise would not be transmitted by the protocols in use. Specifically, this allows a complete APDU to be encapsulated in the body of this APDU. This is necessary if you want to make use of secure messaging when using the T=0 link-level protocol.

Command Application Protocol Data Unit
CLA INS Parameter 1 Parameter 2 Parameter 3

C016 C216 0016 0016 Length of data field (Lc)

Data Field 1 Data Field 2

Encapsulated APDU Empty or length (Le)

Response Application Protocol Data Unit
Response

Empty or part of APDU plus 2-byte status

Example of Use
APDU Interpretation

C016 C216 0016 0016 0716 C016 A416 0016 0016 0216 3F16 0016 This command encapsulates a Select File APDU inside it

Error Codes
Status Meaning

670016 Incorrect Lc field


Table of Contents