ISO/IEC 7816-4:2020
(Main)Identification cards — Integrated circuit cards — Part 4: Organization, security and commands for interchange
Identification cards — Integrated circuit cards — Part 4: Organization, security and commands for interchange
This document is intended to be used in any sector of activity. It specifies: — contents of command-response pairs exchanged at the interface, — means of retrieval of data elements and data objects in the card, — structures and contents of historical bytes to describe operating characteristics of the card, — structures for applications and data in the card, as seen at the interface when processing commands, — access methods to files and data in the card, — a security architecture defining access rights to files and data in the card, — means and mechanisms for identifying and addressing applications in the card, — methods for secure messaging, — access methods to the algorithms processed by the card. It does not describe these algorithms. It does not cover the internal implementation within the card or the outside world. This document is independent from the physical interface technology. It applies to cards accessed by one or more of the following methods: contacts, close coupling and radio frequency. If the card supports simultaneous use of more than one physical interface, the relationship between what happens on different physical interfaces is out of the scope of this document.
Cartes d'identification — Cartes à circuit intégré — Partie 4: Organisation, sécurité et commandes pour les échanges
General Information
Relations
Standards Content (Sample)
INTERNATIONAL ISO/IEC
STANDARD 7816-4
Fourth edition
2020-05
Identification cards — Integrated
circuit cards —
Part 4:
Organization, security and commands
for interchange
Cartes d'identification — Cartes à circuit intégré —
Partie 4: Organisation, sécurité et commandes pour les échanges
Reference number
ISO/IEC 7816-4:2020(E)
©
ISO/IEC 2020
---------------------- Page: 1 ----------------------
ISO/IEC 7816-4:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 7816-4:2020(E)
Contents Page
Foreword .vii
Introduction .viii
1 Scope .1
2 Normative references .1
3 Terms and definitions .1
4 Symbols and abbreviated terms .7
5 Command-response pairs .8
5.1 Conditions of operation . 8
5.2 Syntax . 9
5.3 Chaining procedures .10
5.3.1 General.10
5.3.2 Payload fragmentation . .10
5.3.3 Command chaining .10
5.3.4 Response chaining .11
5.4 Class byte .12
5.4.1 Coding .12
5.4.2 Logical channels .13
5.5 Instruction byte .14
5.6 Status bytes .17
6 Data objects .19
6.1 General .19
6.2 SIMPLE-TLV data objects.19
6.3 BER-TLV data objects .20
6.4 Constructed DOs versus primitive DOs .20
7 Structures for applications and data .20
7.1 Available structures .20
7.2 Validity area .22
7.2.1 Definitions and attributes .22
7.2.2 Basic rules for VA handling and use .22
7.3 Structure selection .23
7.3.1 Structure selection methods .23
7.3.2 File reference data element and DO .24
7.3.3 General reference data element and DO .25
7.3.4 Data referencing methods in elementary files .25
7.4 File and data control information .26
7.4.1 File control information retrieval.26
7.4.2 Data control information retrieval .26
7.4.3 Control parameters . .27
7.4.4 Short EF identifier .28
7.4.5 File descriptor byte .28
7.4.6 Profile indicator .29
7.4.7 Data descriptor byte .30
7.4.8 DF and EF list data elements .30
7.4.9 Instance number data element .30
7.4.10 Life cycle status .30
7.4.11 Indirect referencing by short EF identifier using DO'A2' .31
7.4.12 Interface and life cycle status dependent security attribute template . .31
8 Specific use of DOs and related concepts .33
8.1 ber-tlv payloads and padding.33
8.1.1 General.33
8.1.2 Padding conditions .33
© ISO/IEC 2020 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC 7816-4:2020(E)
8.1.3 Padding procedure .33
8.2 Template referenced by curConstructedDO and data object generations .34
8.2.1 Template referenced by curConstructedDO and DO referenced by curDO .34
8.2.2 Template extension . .34
8.2.3 Data object pruned-tree .35
8.2.4 Data object life cycle .35
8.3 Identification of data elements and data objects .35
8.3.1 Principles .35
8.3.2 Tag interpretation in command and response data fields or payloads .35
8.3.3 Tag allocation .36
8.3.4 Standard tag allocation scheme .36
8.3.5 Compatible tag allocation scheme .36
8.3.6 Coexistent tag allocation scheme .37
8.3.7 Avoidance of independent tag allocation schemes .37
8.4 Referencing and retrieval of DOs and data elements .37
8.4.1 General.37
8.4.2 Element list .38
8.4.3 Tag list .38
8.4.4 Header list .38
8.4.5 Extended header and extended header list .38
8.4.6 Resolving an extended header .39
8.4.7 Resolving an extended header list .40
8.4.8 Wrapper . .40
8.4.9 Tagged wrapper .41
9 Security architecture.41
9.1 General .41
9.2 Cryptographic mechanism identifier template .43
9.3 Security attributes .43
9.3.1 General.43
9.3.2 Security attributes targets .43
9.3.3 Compact format .44
9.3.4 Expanded format .48
9.3.5 Access rule references .52
9.3.6 Security attributes for data objects .53
9.3.7 Security parameters template .54
9.3.8 Security attributes for logical channels.59
9.4 Security support data elements .60
10 Secure messaging .61
10.1 General .61
10.2 SM fields and SM DOs .61
10.2.1 SM protection of command payloads .61
10.2.2 SM protection of chained commands and responses .61
10.2.3 SM DOs .62
10.3 Basic SM DOs .63
10.3.1 SM DOs for encapsulating plain values .63
10.3.2 SM DOs for confidentiality .63
10.3.3 SM DOs for authentication .64
10.4 Auxiliary SM DOs .66
10.4.1 General.66
10.4.2 Control reference templates .67
10.4.3 Control reference DOs in control reference templates .67
10.4.4 Security environments.69
10.4.5 Response descriptor template .71
10.5 SM impact on command-response pairs .71
11 Commands for interchange .73
11.1 General .73
11.2 Selection.73
iv © ISO/IEC 2020 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC 7816-4:2020(E)
11.2.1 General.73
11.2.2 select command .73
11.2.3 manage channel command .76
11.3 Data unit handling .77
11.3.1 Data units .77
11.3.2 General.77
11.3.3 read binary command .78
11.3.4 write binary command .78
11.3.5 update binary command .79
11.3.6 search binary command .79
11.3.7 erase binary command .80
11.3.8 compare binary function .80
11.4 Record handling .80
11.4.1 Records .80
11.4.2 General.81
11.4.3 read record (s) command .82
11.4.4 write record command .84
11.4.5 update record command .85
11.4.6 append record command .87
11.4.7 search record command .88
11.4.8 erase record (s) command .92
11.4.9 activate record (s) command .93
11.4.10 deactivate record (s) command .94
11.4.11 compare record function .95
11.5 Data object handling .95
11.5.1 General.95
11.5.2 select data command .96
11.5.3 get data/get next data commands — even INS codes .100
11.5.4 get data/get next data commands — odd INS codes .102
11.5.5 General properties of put data/put next data/update data commands .103
11.5.6 put data command .104
11.5.7 put next data command .104
11.5.8 update data command .105
11.5.9 compare data function .106
11.6 Basic security handling .106
11.6.1 General.106
11.6.2 internal authenticate command .107
11.6.3 get challenge command .108
11.6.4 external authenticate command .108
11.6.5 general authenticate command .109
11.6.6 verify command .111
11.6.7 change reference data command .112
11.6.8 enable verification requirement command .112
11.6.9 disable verification requirement command .112
11.6.10 reset retry counter command .113
11.6.11 manage security environment command .114
11.7 Miscellaneous .115
11.7.1 compare command .115
11.7.2 get attribute command .117
11.8 Transmission handling .118
11.8.1 get response command .118
11.8.2 envelope command .118
12 Application-independent card services .119
12.1 General .119
12.2 Card identification .119
12.2.1 General.
...
FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
7816-4
ISO/IEC JTC 1/SC 17
Identification cards — Integrated
Secretariat: BSI
circuit cards —
Voting begins on:
2020-03-04
Part 4:
Voting terminates on:
Organization, security and commands
2020-04-29
for interchange
Cartes d'identification — Cartes à circuit intégré —
Partie 4: Organisation, sécurité et commandes pour les échanges
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
ISO/IEC FDIS 7816-4:2020(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
©
NATIONAL REGULATIONS. ISO/IEC 2020
---------------------- Page: 1 ----------------------
ISO/IEC FDIS 7816-4:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC FDIS 7816-4:2020(E)
Contents Page
Foreword .vii
Introduction .viii
1 Scope .1
2 Normative references .1
3 Terms and definitions .1
4 Symbols and abbreviated terms .7
5 Command-response pairs .8
5.1 Conditions of operation . 8
5.2 Syntax . 9
5.3 Chaining procedures .10
5.3.1 General.10
5.3.2 Payload fragmentation . .10
5.3.3 Command chaining .10
5.3.4 Response chaining .11
5.4 Class byte .12
5.4.1 Coding .12
5.4.2 Logical channels .13
5.5 Instruction byte .14
5.6 Status bytes .17
6 Data objects .19
6.1 General .19
6.2 SIMPLE-TLV data objects.19
6.3 BER-TLV data objects .20
6.4 Constructed DOs versus primitive DOs .20
7 Structures for applications and data .20
7.1 Available structures .20
7.2 Validity area .22
7.2.1 Definitions and attributes .22
7.2.2 Basic rules for VA handling and use .22
7.3 Structure selection .23
7.3.1 Structure selection methods .23
7.3.2 File reference data element and DO .24
7.3.3 General reference data element and DO .25
7.3.4 Data referencing methods in elementary files .25
7.4 File and data control information .26
7.4.1 File control information retrieval.26
7.4.2 Data control information retrieval .26
7.4.3 Control parameters . .27
7.4.4 Short EF identifier .28
7.4.5 File descriptor byte .28
7.4.6 Profile indicator .29
7.4.7 Data descriptor byte .30
7.4.8 DF and EF list data elements .30
7.4.9 Instance number data element .30
7.4.10 Life cycle status .30
7.4.11 Indirect referencing by short EF identifier using DO'A2' .31
7.4.12 Interface and life cycle status dependent security attribute template . .31
8 Specific use of DOs and related concepts .33
8.1 ber-tlv payloads and padding.33
8.1.1 General.33
8.1.2 Padding conditions .33
© ISO/IEC 2020 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC FDIS 7816-4:2020(E)
8.1.3 Padding procedure .33
8.2 Template referenced by curConstructedDO and data object generations .34
8.2.1 Template referenced by curConstructedDO and DO referenced by curDO .34
8.2.2 Template extension . .34
8.2.3 Data object pruned-tree .35
8.2.4 Data object life cycle .35
8.3 Identification of data elements and data objects .35
8.3.1 Principles .35
8.3.2 Tag interpretation in command and response data fields or payloads .35
8.3.3 Tag allocation .36
8.3.4 Standard tag allocation scheme .36
8.3.5 Compatible tag allocation scheme .36
8.3.6 Coexistent tag allocation scheme .37
8.3.7 Avoidance of independent tag allocation schemes .37
8.4 Referencing and retrieval of DOs and data elements .37
8.4.1 General.37
8.4.2 Element list .38
8.4.3 Tag list .38
8.4.4 Header list .38
8.4.5 Extended header and extended header list .38
8.4.6 Resolving an extended header .39
8.4.7 Resolving an extended header list .40
8.4.8 Wrapper . .40
8.4.9 Tagged wrapper .41
9 Security architecture.41
9.1 General .41
9.2 Cryptographic mechanism identifier template .43
9.3 Security attributes .43
9.3.1 General.43
9.3.2 Security attributes targets .43
9.3.3 Compact format .44
9.3.4 Expanded format .48
9.3.5 Access rule references .52
9.3.6 Security attributes for data objects .53
9.3.7 Security parameters template .54
9.3.8 Security attributes for logical channels.59
9.4 Security support data elements .60
10 Secure messaging .61
10.1 General .61
10.2 SM fields and SM DOs .61
10.2.1 SM protection of command payloads .61
10.2.2 SM protection of chained commands and responses .61
10.2.3 SM DOs .62
10.3 Basic SM DOs .63
10.3.1 SM DOs for encapsulating plain values .63
10.3.2 SM DOs for confidentiality .63
10.3.3 SM DOs for authentication .64
10.4 Auxiliary SM DOs .66
10.4.1 General.66
10.4.2 Control reference templates .67
10.4.3 Control reference DOs in control reference templates .67
10.4.4 Security environments.69
10.4.5 Response descriptor template .71
10.5 SM impact on command-response pairs .71
11 Commands for interchange .73
11.1 General .73
11.2 Selection.73
iv © ISO/IEC 2020 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC FDIS 7816-4:2020(E)
11.2.1 General.73
11.2.2 select command .73
11.2.3 manage channel command .76
11.3 Data unit handling .77
11.3.1 Data units .77
11.3.2 General.77
11.3.3 read binary command .78
11.3.4 write binary command .78
11.3.5 update binary command .79
11.3.6 search binary command .79
11.3.7 erase binary command .80
11.3.8 compare binary function .80
11.4 Record handling .80
11.4.1 Records .80
11.4.2 General.81
11.4.3 read record (s) command .82
11.4.4 write record command .84
11.4.5 update record command .85
11.4.6 append record command .87
11.4.7 search record command .88
11.4.8 erase record (s) command .92
11.4.9 activate record (s) command .93
11.4.10 deactivate record (s) command .94
11.4.11 compare record function .95
11.5 Data object handling .95
11.5.1 General.95
11.5.2 select data command .96
11.5.3 get data/get next data commands — even INS codes .100
11.5.4 get data/get next data commands — odd INS codes .102
11.5.5 General properties of put data/put next data/update data commands .103
11.5.6 put data command .104
11.5.7 put next data command .104
11.5.8 update data command .105
11.5.9 compare data function .106
11.6 Basic security handling .106
11.6.1 General.106
11.6.2 internal authenticate command .107
11.6.3 get challenge command .108
11.6.4 external authenticate command .108
11.6.5 general authenticate command .109
11.6.6 verify command .111
11.6.7 change reference data command .112
11.6.8 enable verification requirement command .112
11.6.9 disable verification requirement command .112
11.6.10 reset retry counter command .113
11.6.11 manage security environment command .114
11.7 Miscellaneous .115
11.7.1 compare command .115
11.7.2 get attribute command .117
11.8 Transmission handling .118
11.8.1 get response command .118
11.8.2 envelope command .118
12 Application-independent car
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.