ISO/IEC 7816-9:2004
(Main)Identification cards — Integrated circuit cards — Part 9: Commands for card management
Identification cards — Integrated circuit cards — Part 9: Commands for card management
ISO/IEC 7816-9:2004 specifies interindustry commands for integrated circuit cards (both with contacts and without contacts) for card and file management, e.g. file creation and deletion. These commands cover the entire life cycle of the card and therefore some commands may be used before the card has been issued to the cardholder or after the card has expired. An annex is provided that shows how to control the loading of data (secure download) into the card, by means of verifying the access rights of the loading entity and protection of the transmitted data with secure messaging. The loaded data may contain, for example, code, keys and applets.
Cartes d'identification — Cartes à circuit intégré — Partie 9: Commandes pour la gestion des cartes
General Information
Relations
Standards Content (Sample)
INTERNATIONAL ISO/IEC
STANDARD 7816-9
Second edition
2004-06-01
Identification cards — Integrated circuit
cards —
Part 9:
Commands for card management
Cartes d’identification — Cartes à circuit intégré —
Partie 9: Commandes pour la gestion des cartes
Reference number
ISO/IEC 7816-9:2004(E)
©
ISO/IEC 2004
---------------------- Page: 1 ----------------------
ISO/IEC 7816-9:2004(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.
© ISO/IEC 2004
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2004 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 7816-9:2004(E)
Contents Page
Foreword. iv
Introduction . v
1 Scope. 1
2 Normative references . 1
3 Terms and definitions. 1
4 Abbreviations and notation. 1
5 Life cycle. 2
5.1 File life cycle. 2
6 Commands for card management. 3
6.1 CREATE FILE command . 3
6.2 DELETE FILE command. 3
6.3 DEACTIVATE FILE command. 4
6.4 ACTIVATE FILE command. 5
6.5 TERMINATE DF command. 5
6.6 TERMINATE EF command. 6
6.7 TERMINATE CARD USAGE command . 7
Annex A (informative) Examples of security attributes used for download. 8
Bibliography . 12
© ISO/IEC 2004 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC 7816-9:2004(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 7816-9 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 17, Cards and personal identification.
This second edition, together with the second editions of ISO/IEC 7816-4, ISO/IEC 7816-5, ISO/IEC 7816-6
and ISO/IEC 7816-8, after an in-depth reorganization of these five parts, cancels and replaces ISO/IEC 7816-
4:1995, ISO/IEC 7816-5:1994, ISO/IEC 7816-6:1996, ISO/IEC 7816-8:1999 and ISO/IEC 7816-9:2000. It also
incorporates the Amendments ISO/IEC 7816-4:1995/Amd.1:1997, ISO/IEC 7816-5:1994/Amd.1:1996 and
ISO/IEC 7816-6:1996/Amd.1:2000 and the Technical Corrigendum ISO/IEC 7816-6:1996/Cor.1:1998.
ISO/IEC 7816 consists of the following parts, under the general title Identification cards — Integrated circuit
cards:
Part 1: Cards with contacts — Physical characteristics
Part 2: Cards with contacts — Dimensions and location of the contacts
Part 3: Cards with contacts — Electrical interface and transmission protocols
Part 4: Organization, security and commands for interchange
Part 5: Registration of application providers
Part 6: Interindustry data elements for interchange
Part 7: Interindustry commands for Structured Card Query Language (SCQL)
Part 8: Commands for security operations
Part 9: Commands for card management
Part 10: Cards with contacts — Electronic signals and answer to reset for synchronous cards
Part 11: Personal verification through biometric methods
Part 15: Cryptographic information application
iv © ISO/IEC 2004 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC 7816-9:2004(E)
Introduction
ISO/IEC 7816 is a series of International Standards specifying integrated circuit cards and the use of such
cards for interchange. These cards are identification cards intended for information exchange negotiated
between the outside world and the integrated circuit in the card. As a result of an information exchange, the
card delivers information (computation result, stored data), and/or modifies its content (data storage, event
memorization).
Five parts are specific to cards with galvanic contacts and three of them specify electrical interfaces.
• ISO/IEC 7816-1 specifies physical characteristics for cards with contacts.
• ISO/IEC 7816-2 specifies dimensions and location of the contacts.
• ISO/IEC 7816-3 specifies electrical interface and transmission protocols for asynchronous cards.
• ISO/IEC 7816-10 specifies electrical interface and answer to reset for synchronous cards.
• ISO/IEC 7816-12 specifies electrical interface and operating procedures for USB cards.
All the other parts are independent from the physical interface technology. They apply to cards accessed
by contacts and/or by radio frequency.
• ISO/IEC 7816-4 specifies organization, security and commands for interchange.
• ISO/IEC 7816-5 specifies registration of application providers.
• ISO/IEC 7816-6 specifies interindustry data elements for interchange.
• ISO/IEC 7816-7 specifies commands for structured card query language.
• ISO/IEC 7816-8 specifies commands for security operations.
• ISO/IEC 7816-9 specifies commands for card management.
• ISO/IEC 7816-11 specifies personal verification through biometric methods.
• ISO/IEC 7816-15 specifies cryptographic information application.
ISO/IEC 10536 specifies access by close coupling. ISO/IEC 14443 and 15693 specify access by radio
frequency. Such cards are also known as contactless cards.
© ISO/IEC 2004 – All rights reserved v
---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO/IEC 7816-9:2004(E)
Identification cards — Integrated circuit cards —
Part 9:
Commands for card management
1 Scope
This document specifies interindustry commands for card and file management. These commands cover the
entire life cycle of the card and therefore some commands may be used before the card has been issued to
the cardholder or after the card has expired.
It does not cover the internal implementation within the card and/or the outside world.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
1)
ISO/IEC 7816-4:— , Identification cards — Integrated circuit cards — Organization, security and commands
for interchange
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
secure messaging
set of means for cryptographic protection of [parts of] command-response pairs
[ISO/IEC 7816-4]
4 Abbreviations and notation
For the purposes of this document, the following abbreviations apply.
APDU application protocol data unit
FCP file control parameters
LCS life cycle status
1) To be published.
© ISO/IEC 2004 – All rights reserved 1
---------------------- Page: 6 ----------------------
ISO/IEC 7816-9:2004(E)
5 Life cycle
A life cycle status may be associated with any object in the card and with the card itself. The card shall use
the life cycle status in combination with additional security attributes, to determine whether an operation on an
object is in accordance with a security policy. The life cycle status reflects the use of objects according to the
following rules.
If an object is in creation state, then no security attribute for that object shall apply.
If an object is in initialisation state, then any security attribute specific to this state may apply.
If an object is in operational state, then every associated security attribute shall apply.
If an object is in termination state, then the value of the object shall not be modified but the object may be
used as specified by its associated security attributes, e.g., it may be deleted.
Transitions between primary life cycle states are irreversible and occur only from creation to termination. In
addition, the application may define secondary life cycle states: each primary state may have reversible
secondary states. Changes are controlled by the card and may be performed in a pre-defined order, reflecting
reversible or irreversible changes in states. The following commands for card and file management may be
used for initiating a life cycle state transition.
CREATE FILE ACTIVATE FILE TERMINATE EF
DELETE FILE DEACTIVATE FILE TERMINATE DF
TERMINATE CARD USAGE
Commands may set the value of the life cycle status when they execute. However the card shall maintain the
integrity of this value in accordance with this document.
5.1 File life cycle
Figure 1 is a conceptual representation of the file life cycle states and the commands that invoke a transition
upon successful completion. It does not show the conditions of execution of those commands (see ISO/IEC
7816-4).
Create file LCS='04' or '05'
Delete file (DF/EF)
Activate
Terminate EF
file
File not Creation Operational Termination Delete file File not
state (active)
existing Create state state (DF, EF) existing
Terminate DF
file
LCS='01'
Terminate
Proprietary
Create file card usage
Activate
LCS='03'
Card
file Activate
file termination
state
Deactivate
Initialisation
file
state
Operational
state
Terminate DF
(deactivated)
Terminate EF
Delete file (DF/EF)
Figure 1 — Diagram for file life cycle
2 © ISO/IEC 2004 – All rights reserved
---------------------- Page: 7 ----------------------
ISO/IEC 7816-9:2004(E)
6 Commands for card management
It shall not be mandatory for all cards complying with this document to support all those commands or all the
options of a supported command.
The commands can be performed only if the security status satisfies the security attributes for the command.
For these commands, bits 4 and 3 have no meaning and shall be ignored.
For each command, a non-exhaustive list of status conditions is provided, (see also ISO/IEC 7816-4).
6.1 CREATE FILE command
The CREATE FILE command initiates the creation of a file (DF or EF) placed immediately under the current DF.
The command may allocate memory to the file it creates. The created file shall be set as the current file,
unless otherwise specified.
When more than one EF with a given short EF identifier exists in the same DF, the behaviour of the card is not
defined in this document.
The command can be performed only if the security status satisfies the security attributes for the current DF.
The file descriptor byte is mandatory. It indicates whether a DF or an EF is to be created.
If a DF is created, then a DF name and / or a file identifier shall be specified.
If an EF is created, then a file identifier and / or a short EF identifier shall be specified.
Table 1 — CREATE FILE command-response pair
CLA As defined in ISO/IEC 7816-4
INS 'E0'
P1-P2 '0000' File identifier and file parameters encoded in the command data field
P1 not equal to '00': File descriptor byte
P2 Short EF identifier on bits 8 to 4; bits 3 to 1 proprietary
Lc field
Absent for encoding Nc = 0, present for encoding Nc > 0
Data field FCP template (tag '62') and possible further templates or absent
Le field Absent for encoding Ne = 0
Data field Absent
SW1-SW2 See ISO/IEC 7816-4, Tables 5 and 6 where relevant, e.g. 6982, 6A84, 6A89, 6A8A
NOTE ― If number N is zero, then the created file has default file control parameters.
c
6.2 DELETE FILE command
The DELETE FILE command initiates the deletion of a referenced EF immediately under the current DF, or of a
DF with its complete sub-tree. After successful completion of this command, the deleted file can no longer be
selected. The current file after deletion of an EF is the current DF. The current DF after deletion of a DF is the
parent DF, if not otherwise defined. The resources held by the file shall be released and the memory used by
this file shall be set to the logical erased state.
The deletion of the file may additionally depend on the file life status. The MF shall not be deleted.
© ISO/IEC 2004 – All rights reserved 3
---------------------- Page: 8 ----------------------
ISO/IEC 7816-9:2004(E)
If P1-P2 = '0000' and the command data field is absent, then the command applies to a file that has been
selected by the command executed directly before. Furthermore, if the selected file is selected on another
logical channel the execution of the command is aborted and an appropriate error is returned in the response.
Other meanings of P1-P2, including the rules defining the uniqueness of file identifiers, are defined in the
SELECT
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.