iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 7816-4:2020

(Main)

Identification cards — Integrated circuit cards — Part 4: Organization, security and commands for interchange

Identification cards — Integrated circuit cards — Part 4: Organization, security and commands for interchange

This document is intended to be used in any sector of activity. It specifies: — contents of command-response pairs exchanged at the interface, — means of retrieval of data elements and data objects in the card, — structures and contents of historical bytes to describe operating characteristics of the card, — structures for applications and data in the card, as seen at the interface when processing commands, — access methods to files and data in the card, — a security architecture defining access rights to files and data in the card, — means and mechanisms for identifying and addressing applications in the card, — methods for secure messaging, — access methods to the algorithms processed by the card. It does not describe these algorithms. It does not cover the internal implementation within the card or the outside world. This document is independent from the physical interface technology. It applies to cards accessed by one or more of the following methods: contacts, close coupling and radio frequency. If the card supports simultaneous use of more than one physical interface, the relationship between what happens on different physical interfaces is out of the scope of this document.

Cartes d'identification — Cartes à circuit intégré — Partie 4: Organisation, sécurité et commandes pour les échanges

General Information

Status
Published
Publication Date
26-May-2020
ICS
35.240.15 - Identification cards. Chip cards. Biometrics
Technical Committee
ISO/IEC JTC 1/SC 17 - Cards and security devices for personal identification
Drafting Committee
ISO/IEC JTC 1/SC 17/WG 4 - Generic interfaces and protocols for security devices
Current Stage
6060 - International Standard published
Start Date
01-Mar-2020
Due Date
08-Nov-2021
Completion Date
27-May-2020
Ref Project

Relations

Revises
ISO/IEC 7816-4:2013 - Identification cards — Integrated circuit cards — Part 4: Organization, security and commands for interchange
Effective Date
23-Apr-2020
Revises
ISO/IEC 7816-4:2013/Amd 1:2018 - Identification cards — Integrated circuit cards — Part 4: Organization, security and commands for interchange — Amendment 1: Multiple record handling
Effective Date
23-Apr-2020
Revises
ISO/IEC 7816-4:2013/Amd 2:2018 - Identification cards — Integrated circuit cards — Part 4: Organization, security and commands for interchange — Amendment 2: Waiting time management
Effective Date
23-Apr-2020

Buy Standard

ISO/IEC 7816-4:2020 - Identification cards -- Integrated circuit cardsISO/IEC 7816-4:2020 - Identification cards -- Integrated circuit cards
PreviousNext
Standard
ISO/IEC 7816-4:2020 - Identification cards -- Integrated circuit cards
English language
176 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC 7816-4:2020 - Identification cards -- Integrated circuit cardsISO/IEC 7816-4:2020 - Identification cards -- Integrated circuit cards
PreviousNext
Standard
ISO/IEC 7816-4:2020 - Identification cards -- Integrated circuit cards
English language
176 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 7816-4
Fourth edition
2020-05
Identification cards — Integrated
circuit cards —
Part 4:
Organization, security and commands
for interchange
Cartes d'identification — Cartes à circuit intégré —
Partie 4: Organisation, sécurité et commandes pour les échanges
Reference number
ISO/IEC 7816-4:2020(E)
©
ISO/IEC 2020

---------------------- Page: 1 ----------------------
ISO/IEC 7816-4:2020(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 7816-4:2020(E)

Contents Page
Foreword .vii
Introduction .viii
1 Scope .1
2 Normative references .1
3 Terms and definitions .1
4 Symbols and abbreviated terms .7
5 Command-response pairs .8
5.1 Conditions of operation . 8
5.2 Syntax . 9
5.3 Chaining procedures .10
5.3.1 General.10
5.3.2 Payload fragmentation . .10
5.3.3 Command chaining .10
5.3.4 Response chaining .11
5.4 Class byte .12
5.4.1 Coding .12
5.4.2 Logical channels .13
5.5 Instruction byte .14
5.6 Status bytes .17
6 Data objects .19
6.1 General .19
6.2 SIMPLE-TLV data objects.19
6.3 BER-TLV data objects .20
6.4 Constructed DOs versus primitive DOs .20
7 Structures for applications and data .20
7.1 Available structures .20
7.2 Validity area .22
7.2.1 Definitions and attributes .22
7.2.2 Basic rules for VA handling and use .22
7.3 Structure selection .23
7.3.1 Structure selection methods .23
7.3.2 File reference data element and DO .24
7.3.3 General reference data element and DO .25
7.3.4 Data referencing methods in elementary files .25
7.4 File and data control information .26
7.4.1 File control information retrieval.26
7.4.2 Data control information retrieval .26
7.4.3 Control parameters . .27
7.4.4 Short EF identifier .28
7.4.5 File descriptor byte .28
7.4.6 Profile indicator .29
7.4.7 Data descriptor byte .30
7.4.8 DF and EF list data elements .30
7.4.9 Instance number data element .30
7.4.10 Life cycle status .30
7.4.11 Indirect referencing by short EF identifier using DO'A2' .31
7.4.12 Interface and life cycle status dependent security attribute template . .31
8 Specific use of DOs and related concepts .33
8.1 ber-tlv payloads and padding.33
8.1.1 General.33
8.1.2 Padding conditions .33
© ISO/IEC 2020 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 7816-4:2020(E)

8.1.3 Padding procedure .33
8.2 Template referenced by curConstructedDO and data object generations .34
8.2.1 Template referenced by curConstructedDO and DO referenced by curDO .34
8.2.2 Template extension . .34
8.2.3 Data object pruned-tree .35
8.2.4 Data object life cycle .35
8.3 Identification of data elements and data objects .35
8.3.1 Principles .35
8.3.2 Tag interpretation in command and response data fields or payloads .35
8.3.3 Tag allocation .36
8.3.4 Standard tag allocation scheme .36
8.3.5 Compatible tag allocation scheme .36
8.3.6 Coexistent tag allocation scheme .37
8.3.7 Avoidance of independent tag allocation schemes .37
8.4 Referencing and retrieval of DOs and data elements .37
8.4.1 General.37
8.4.2 Element list .38
8.4.3 Tag list .38
8.4.4 Header list .38
8.4.5 Extended header and extended header list .38
8.4.6 Resolving an extended header .39
8.4.7 Resolving an extended header list .40
8.4.8 Wrapper . .40
8.4.9 Tagged wrapper .41
9 Security architecture.41
9.1 General .41
9.2 Cryptographic mechanism identifier template .43
9.3 Security attributes .43
9.3.1 General.43
9.3.2 Security attributes targets .43
9.3.3 Compact format .44
9.3.4 Expanded format .48
9.3.5 Access rule references .52
9.3.6 Security attributes for data objects .53
9.3.7 Security parameters template .54
9.3.8 Security attributes for logical channels.59
9.4 Security support data elements .60
10 Secure messaging .61
10.1 General .61
10.2 SM fields and SM DOs .61
10.2.1 SM protection of command payloads .61
10.2.2 SM protection of chained commands and responses .61
10.2.3 SM DOs .62
10.3 Basic SM DOs .63
10.3.1 SM DOs for encapsulating plain values .63
10.3.2 SM DOs for confidentiality .63
10.3.3 SM DOs for authentication .64
10.4 Auxiliary SM DOs .66
10.4.1 General.66
10.4.2 Control reference templates .67
10.4.3 Control reference DOs in control reference templates .67
10.4.4 Security environments.69
10.4.5 Response descriptor template .71
10.5 SM impact on command-response pairs .71
11 Commands for interchange .73
11.1 General .73
11.2 Selection.73
iv © ISO/IEC 2020 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 7816-4:2020(E)

11.2.1 General.73
11.2.2 select command .73
11.2.3 manage channel command .76
11.3 Data unit handling .77
11.3.1 Data units .77
11.3.2 General.77
11.3.3 read binary command .78
11.3.4 write binary command .78
11.3.5 update binary command .79
11.3.6 search binary command .79
11.3.7 erase binary command .80
11.3.8 compare binary function .80
11.4 Record handling .80
11.4.1 Records .80
11.4.2 General.81
11.4.3 read record (s) command .82
11.4.4 write record command .84
11.4.5 update record command .85
11.4.6 append record command .87
11.4.7 search record command .88
11.4.8 erase record (s) command .92
11.4.9 activate record (s) command .93
11.4.10 deactivate record (s) command .94
11.4.11 compare record function .95
11.5 Data object handling .95
11.5.1 General.95
11.5.2 select data command .96
11.5.3 get data/get next data commands — even INS codes .100
11.5.4 get data/get next data commands — odd INS codes .102
11.5.5 General properties of put data/put next data/update data commands .103
11.5.6 put data command .104
11.5.7 put next data command .104
11.5.8 update data command .105
11.5.9 compare data function .106
11.6 Basic security handling .106
11.6.1 General.106
11.6.2 internal authenticate command .107
11.6.3 get challenge command .108
11.6.4 external authenticate command .108
11.6.5 general authenticate command .109
11.6.6 verify command .111
11.6.7 change reference data command .112
11.6.8 enable verification requirement command .112
11.6.9 disable verification requirement command .112
11.6.10 reset retry counter command .113
11.6.11 manage security environment command .114
11.7 Miscellaneous .115
11.7.1 compare command .115
11.7.2 get attribute command .117
11.8 Transmission handling .118
11.8.1 get response command .118
11.8.2 envelope command .118
12 Application-independent card services .119
12.1 General .119
12.2 Card identification .119
12.2.1 General.
...

FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
7816-4
ISO/IEC JTC 1/SC 17
Identification cards — Integrated
Secretariat: BSI
circuit cards —
Voting begins on:
2020-03-04
Part 4:
Voting terminates on:
Organization, security and commands
2020-04-29
for interchange
Cartes d'identification — Cartes à circuit intégré —
Partie 4: Organisation, sécurité et commandes pour les échanges
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
ISO/IEC FDIS 7816-4:2020(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
©
NATIONAL REGULATIONS. ISO/IEC 2020

---------------------- Page: 1 ----------------------
ISO/IEC FDIS 7816-4:2020(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC FDIS 7816-4:2020(E)

Contents Page
Foreword .vii
Introduction .viii
1 Scope .1
2 Normative references .1
3 Terms and definitions .1
4 Symbols and abbreviated terms .7
5 Command-response pairs .8
5.1 Conditions of operation . 8
5.2 Syntax . 9
5.3 Chaining procedures .10
5.3.1 General.10
5.3.2 Payload fragmentation . .10
5.3.3 Command chaining .10
5.3.4 Response chaining .11
5.4 Class byte .12
5.4.1 Coding .12
5.4.2 Logical channels .13
5.5 Instruction byte .14
5.6 Status bytes .17
6 Data objects .19
6.1 General .19
6.2 SIMPLE-TLV data objects.19
6.3 BER-TLV data objects .20
6.4 Constructed DOs versus primitive DOs .20
7 Structures for applications and data .20
7.1 Available structures .20
7.2 Validity area .22
7.2.1 Definitions and attributes .22
7.2.2 Basic rules for VA handling and use .22
7.3 Structure selection .23
7.3.1 Structure selection methods .23
7.3.2 File reference data element and DO .24
7.3.3 General reference data element and DO .25
7.3.4 Data referencing methods in elementary files .25
7.4 File and data control information .26
7.4.1 File control information retrieval.26
7.4.2 Data control information retrieval .26
7.4.3 Control parameters . .27
7.4.4 Short EF identifier .28
7.4.5 File descriptor byte .28
7.4.6 Profile indicator .29
7.4.7 Data descriptor byte .30
7.4.8 DF and EF list data elements .30
7.4.9 Instance number data element .30
7.4.10 Life cycle status .30
7.4.11 Indirect referencing by short EF identifier using DO'A2' .31
7.4.12 Interface and life cycle status dependent security attribute template . .31
8 Specific use of DOs and related concepts .33
8.1 ber-tlv payloads and padding.33
8.1.1 General.33
8.1.2 Padding conditions .33
© ISO/IEC 2020 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC FDIS 7816-4:2020(E)

8.1.3 Padding procedure .33
8.2 Template referenced by curConstructedDO and data object generations .34
8.2.1 Template referenced by curConstructedDO and DO referenced by curDO .34
8.2.2 Template extension . .34
8.2.3 Data object pruned-tree .35
8.2.4 Data object life cycle .35
8.3 Identification of data elements and data objects .35
8.3.1 Principles .35
8.3.2 Tag interpretation in command and response data fields or payloads .35
8.3.3 Tag allocation .36
8.3.4 Standard tag allocation scheme .36
8.3.5 Compatible tag allocation scheme .36
8.3.6 Coexistent tag allocation scheme .37
8.3.7 Avoidance of independent tag allocation schemes .37
8.4 Referencing and retrieval of DOs and data elements .37
8.4.1 General.37
8.4.2 Element list .38
8.4.3 Tag list .38
8.4.4 Header list .38
8.4.5 Extended header and extended header list .38
8.4.6 Resolving an extended header .39
8.4.7 Resolving an extended header list .40
8.4.8 Wrapper . .40
8.4.9 Tagged wrapper .41
9 Security architecture.41
9.1 General .41
9.2 Cryptographic mechanism identifier template .43
9.3 Security attributes .43
9.3.1 General.43
9.3.2 Security attributes targets .43
9.3.3 Compact format .44
9.3.4 Expanded format .48
9.3.5 Access rule references .52
9.3.6 Security attributes for data objects .53
9.3.7 Security parameters template .54
9.3.8 Security attributes for logical channels.59
9.4 Security support data elements .60
10 Secure messaging .61
10.1 General .61
10.2 SM fields and SM DOs .61
10.2.1 SM protection of command payloads .61
10.2.2 SM protection of chained commands and responses .61
10.2.3 SM DOs .62
10.3 Basic SM DOs .63
10.3.1 SM DOs for encapsulating plain values .63
10.3.2 SM DOs for confidentiality .63
10.3.3 SM DOs for authentication .64
10.4 Auxiliary SM DOs .66
10.4.1 General.66
10.4.2 Control reference templates .67
10.4.3 Control reference DOs in control reference templates .67
10.4.4 Security environments.69
10.4.5 Response descriptor template .71
10.5 SM impact on command-response pairs .71
11 Commands for interchange .73
11.1 General .73
11.2 Selection.73
iv © ISO/IEC 2020 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC FDIS 7816-4:2020(E)

11.2.1 General.73
11.2.2 select command .73
11.2.3 manage channel command .76
11.3 Data unit handling .77
11.3.1 Data units .77
11.3.2 General.77
11.3.3 read binary command .78
11.3.4 write binary command .78
11.3.5 update binary command .79
11.3.6 search binary command .79
11.3.7 erase binary command .80
11.3.8 compare binary function .80
11.4 Record handling .80
11.4.1 Records .80
11.4.2 General.81
11.4.3 read record (s) command .82
11.4.4 write record command .84
11.4.5 update record command .85
11.4.6 append record command .87
11.4.7 search record command .88
11.4.8 erase record (s) command .92
11.4.9 activate record (s) command .93
11.4.10 deactivate record (s) command .94
11.4.11 compare record function .95
11.5 Data object handling .95
11.5.1 General.95
11.5.2 select data command .96
11.5.3 get data/get next data commands — even INS codes .100
11.5.4 get data/get next data commands — odd INS codes .102
11.5.5 General properties of put data/put next data/update data commands .103
11.5.6 put data command .104
11.5.7 put next data command .104
11.5.8 update data command .105
11.5.9 compare data function .106
11.6 Basic security handling .106
11.6.1 General.106
11.6.2 internal authenticate command .107
11.6.3 get challenge command .108
11.6.4 external authenticate command .108
11.6.5 general authenticate command .109
11.6.6 verify command .111
11.6.7 change reference data command .112
11.6.8 enable verification requirement command .112
11.6.9 disable verification requirement command .112
11.6.10 reset retry counter command .113
11.6.11 manage security environment command .114
11.7 Miscellaneous .115
11.7.1 compare command .115
11.7.2 get attribute command .117
11.8 Transmission handling .118
11.8.1 get response command .118
11.8.2 envelope command .118
12 Application-independent car
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC TS 23465-3:2023(Main)
Card and security devices for personal identification — Programming interface for security devices — Part 3: Proxy

This document describes the software (SW) layer called “proxy”. It supports the programming interface to security devices and the application using this API to access the application related security devices defined in ISO/IEC TS 23465-2. This document is applicable to: — proxy requirements, functionality and layers; — resolving mechanisms for API functions; — data structures related to security device handling; — translation for security device communication; — serialization/de-serialization syntax and methods.

  • Technical specification
    19 pages
    English language
    sale 15% off
  • Draft
    19 pages
    English language
    sale 15% off
  • Draft
    19 pages
    English language
    sale 15% off
ISO
ISO/IEC 18013-2:2020/Amd 1:2023(Amendment)
Personal identification — ISO-compliant driving licence — Part 2: Machine-readable technologies — Amendment 1: DG11 length for compact encoding
  • Standard
    9 pages
    English language
    sale 15% off
  • Draft
    10 pages
    English language
    sale 15% off
  • Draft
    10 pages
    English language
    sale 15% off
ISO
ISO/IEC 18013-3:2017/Amd 2:2023(Amendment)
Information technology — Personal identification — ISO-compliant driving licence — Part 3: Access control, authentication and integrity validation — Amendment 2: Updates for passive authentication
  • Standard
    8 pages
    English language
    sale 15% off
  • Draft
    9 pages
    English language
    sale 15% off
  • Draft
    9 pages
    English language
    sale 15% off
ISO
ISO/IEC 7816-6:2023(Main)
Identification cards — Integrated circuit cards — Part 6: Interindustry data elements for interchange

This document specifies directly or by reference, data elements, including composite data elements that are applicable to interindustry interchange. It identifies the following characteristics of each data element: — identifier; — name; — description and reference; — format and coding (if not available in other ISO standards or parts of the ISO/IEC 7816 series). The layout of each data element is described as seen at the interface between the interface device and the card. This document provides the definition of data elements without consideration of any restrictions on the usage of the data elements. It does not cover the internal implementation within the card and/or the outside world. With the exception of login data objects (6.5), only application class tags are eligible in this document. When using an interindustry template, an application is allowed to nest context-specific class tags (see ISO/IEC 7816-4) under such a template unless it is previously marked as reserved for future use by ISO/IEC JTC 1/SC 17.

  • Standard
    27 pages
    English language
    sale 15% off
  • Draft
    28 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 23465-2:2023(Main)
Card and security devices for personal identification — Programming interface for security devices — Part 2: API definition

This document describes the following aspects of the programming interface between the client application dealing with the security device and the proxy, based on the framework outlined in ISO/IEC 23465-1: — the generic API definition; — state and security models for use cases; — class and API definitions of functionality, defined in other standards, e.g. the ISO/IEC 7816 series.

  • Technical specification
    55 pages
    English language
    sale 15% off
ISO
ISO/IEC 23465-1:2023(Main)
Card and security devices for personal identification — Programming interface for security devices — Part 1: Introduction and architecture description

This document introduces and describes the concept of the application programming interface (API) to security devices with the intention to simplify the usage of commands and mechanisms defined by the ISO/IEC 7816 series. This document gives guidelines on: — the system overview and description of the system of the programming interface; — the architecture description; — the data model in general, used by the API; — the use cases and the usage model of the API.

  • Standard
    22 pages
    English language
    sale 15% off
ISO
ISO/IEC 23220-1:2023(Main)
Cards and security devices for personal identification — Building blocks for identity management via mobile devices — Part 1: Generic system architectures of mobile eID systems

This document specifies generic system architectures and generic life-cycle phases of mobile eID systems in terms of building blocks for mobile eID system infrastructures. It standardizes interfaces and services for mdoc apps and mobile verification applications. It is applicable to entities involved in specifying, architecting, designing, testing, maintaining, administering and operating a mobile eID system in parts or entirely.

  • Standard
    48 pages
    English language
    sale 15% off
  • Standard
    48 pages
    English language
    sale 15% off
ISO
ISO/IEC 7816-11:2022(Main)
Identification cards — Integrated circuit cards — Part 11: Personal verification through biometric methods

This document specifies security-related interindustry commands that are intended to be used for personal verification through biometric methods in integrated circuit cards. It also defines the data structure and data access methods for use of the card as a carrier of the biometric reference and/or as the device to perform the verification of the cardholder's biometric probe (on-card biometric comparison). Identification of persons using biometric methods is outside the scope of this document.

  • Standard
    25 pages
    English language
    sale 15% off
ISO
ISO/IEC 18013-3:2017/Amd 1:2022(Amendment)
Information technology — Personal identification — ISO-compliant driving licence — Part 3: Access control, authentication and integrity validation — Amendment 1: PACE protocol
  • Standard
    14 pages
    English language
    sale 15% off
  • Draft
    14 pages
    English language
    sale 15% off
ISO
ISO/IEC 18328-2:2021(Main)
Identification cards — ICC-managed devices — Part 2: Physical characteristics and test methods for cards with devices

This document defines physical characteristics and test methods for cards with devices, including but not limited to, power supplying devices, displays, sensors, microphones, loudspeakers, buttons or keypads. This document also covers aspects of coexistence of technologies of devices on the card and other machine-readable card technologies. Additional requirements related to biometric capture devices are defined in ISO/IEC 17839-2. Such requirements can be applied in addition to the ones defined in this document. ISO/IEC 17839-2 defines a type S2 card; the physical dimensions of the type S2 card are specified in Annex A.

  • Standard
    25 pages
    English language
    sale 15% off
  • Draft
    25 pages
    English language
    sale 15% off