ISO 7816-4 Section 6 - Basic Interindustry Commands
6.1 READ BINARY command
6.2 WRITE BINARY command
6.3 UPDATE BINARY command
6.4 ERASE BINARY command
6.5 READ RECORD(S) command
6.6 WRITE RECORD command
6.7 APPEND RECORD command
6.8 UPDATE RECORD command
6.9 GET DATA command
6.10 PUT DATA command
6.11 SELECT FILE command
6.12 VERIFY command
6.13 INTERNAL AUTHENTICATE command
6.14 EXTERNAL AUTHENTICATE command
6.15 GET CHALLENGE command
6.16 MANAGE CHANNEL command
It shall not be mandatory for all cards complying to this part of ISO/IEC 7816 to support all the described commands or all the options of a supported command.
When international interchange is required, a set of card system services and related commands is defined in clause 9.
Table 11 provides a summary of the commands defined in this part of ISO/IEC 7816.
The impact of secure messaging (see 5.6) on the message structure is not described in this clause.
The list of error and warning conditions give in each clause 6.X.5 is not exhaustive (see 5.4.5).
6.1 READ BINARY
6.1.1 Definition and scope
The Read Binary response message gives (part of) the content of an EF with transparent structure.
6.1.2 Conditional usage and security
When the command contains a valid short EF identifier, it sets the file as current EF. The command is processed on the currently selected EF.
The command can be performed only if the security status satisfies the security attributes defined for this EF for the read function.
The command shall be aborted if it is applied to an EF without transparent structure.
6.1.3 Command message
Table 27 – READ BINARY command APDU
| CLA | As defined in 5.4.1 |
| INS | ‘B0’ |
| P1-P2 | See text below |
| Lc field | Empty |
| Data field | Empty |
| Le field | Number of bytes to be read |
If bit8=1 in P1, then bit7-6 are set to 0. bit3-1 of P1 are a short EF (Elementary File) identifier and P2 is the offset of the first byte to be read in date units from the beginning of the file.
If bit8=0 in P1, then P1||P2 is the offset of the first byte to be read in data units from the beginning of the file.
6.1.4 Response message (nominal size)
If the Le field contains only zeroes, then within the limit of 256 for short length or 65536 for extended length, all the bytes until the end of the file should be read.
Table 28 – READ BINARY response APDU
| Data field | Data read (Le bytes) |
| SW1-SW2 | Status bytes |
6.1.5 Status conditions
The following specific warning conditions may occur.
SW1=’62’ with SW2=
- ’81’: Part of returned data may be corrupted
- ’82’: End of file reached befeore reading Le bytes
The following specific error conditions may occur.
SW1=’67’ with SW2=
- ’00’: Wrong length (wrong Le field)
SW1=’69’ with SW2=
- ’81’: Command incompatible with file structure
- ’82’: Security status not satisfied
- ’86’: Command not allowed (no current EF)
SW1=’6A’ with SW2=
- ’81’: Function not supported
- ’82’: File not found
SW1=’6B’ with SW2=
- ’00’: Wrong parameters (offset outside the EF)
SW1=’6C’ with SW2=
- ‘XX’: Wrong length (wrong Le field: ‘XX’ indicates the exact length).
6.2 WRITE BINARY command
6.2.1 Definition and scope
6.2.2 Conditional usage and security
6.2.3 Command message
6.2.4 Response message (nominal case)
6.2.5 Status conditions
6.2.1 Definition and scope
The WRITE BINARY command message initiates the writing of binary values into an EF.
Depending upon the file attributes, the command shall perform one of the following operations :
- the logical OR of the bits already present in the card with the bits given in the Command APDU (logical erased state of the bits of the file is 0),
- the logical AND of the bits already present in the card with the bits given in the command APDU (logical erased state of the bits of the file is 1),
- the one-time write in the card of the bits given in the Command APDU.
When no indication is given in the data coding byte, the logical OR behavior shall apply.
6.2.2 Conditional usage and security
When the command contains a valid short EF identifier, it sets the file as current EF.
The command is processed on the currently selected EF. The command can be performed only if the security status satisfies the security attributes for the write functions.
Once a WRITE BINARY has been applied to a data unit of a one-time write EF, any further write operation referring to this data unit will be aborted if the content of the data unit or the logical erased state indicator (if any) attached to this data unit is different from the logical erased state.
The command shall be aborted if is is applied to an EF without transparent structure.
6.2.3 Command message
Table 29 – WRITE BINARY command APDU
| CLA | As defined in 5.4.1 |
| INS | ‘D0’ |
| P1-P2 | See text below |
| Lc field | Length of the subsequent data field |
| Data field | String of data units to be written |
| Le field | Empty |
If b8=1 in P1, then bit7-6 are set to 0 (RFU bits). bit5-1 of P1 are a short EF identifier and P2 is the offset of the first byte to be written in data units from the beginning of the file.
If b8=0 in P1, then P1||P2 is the offset of the first byte to be written in data units from the beginning of the file.
6.2.4 Response message (nominal case)
Table 30 – WRITE BINARY response APDU
| Data field | Empty |
| SW1-SW2 | Status bytes |
6.2.5 Status conditions
The following specific warning conditions may occur.
SW1=’62’ with SW2=
- ‘CX’: Counter (successful writing, but after using an internal retry routine. ‘X’!=’0′ indicates the number of retries: ‘X’=’0’ means that no counter is provided).
The following specific error conditions may occur.
SW1=’65’ with SW2=
- ’81’: Memory failure (unsuccessful writing).
SW1=’67’ with SW2=
- ’00’: Wrong length (wrong Le field)
SW1=’69’ with SW2=
- ’81’: Command incompatible with file structure
- ’82’: Security status not satisfied
- ’86’: Command not allowed (no current EF)
SW1=’6A’ with SW2=
- ’81’: Function not supported
- ’82’: File not found
SW1=’6B’ with SW2=
- ’00’: Wrong parameters (offset outside the EF)
6.3 UPDATE BINARY command
6.3.1 Definition and scope
6.3.2 Conditional usage and security
6.3.3 Command message
6.3.4 Response message (nominal case)
6.3.5 Status conditions
6.3.1 Definition and scope
The UPDATE BINARY command message initiates the update of the bits already present in an EF with the bits given in the command APDU.
6.3.2 Conditional usage and security
When the command contains a valid short EF identifier, it sets the file as current EF.
The command is processed on the currently selected EF. The command can be performed only if the security status satisfies the security attributes for the update function.
The command shall be aborted if it is applied to an EF without transparent structure.
6.3.3 Command message
Table 31 – UPDATE BINARY command APDU
| CLA | As defined in 5.4.1 |
| INS | ‘D6’ |
| P1-P2 | See text below |
| Lc field | Length of the subsequent data field |
| Data field | String of data units to be updated |
| Le field | Empty |
If b8=1 in P1, then b6-5 are set to 0 (RFU bits). bit5-1 of P1 are a short EF identifier and P2 is the offset of the first byte to be updated in data units from the beginning of the file.
If b7=1 in P1, then P1||P2 is the offset of the first byte to be written in data units from the beginning of the file.
6.3.4 Response message (nominal case)
Table 32 – UPDATE BINARY response APDU
| Data field | Empty |
| SW1-SW2 | Status bytes |
6.3.5 Status conditions
The following specific warning conditions may occur.
SW1=’62’ with SW2=
- ‘CX’: Counter (successful writing, but after using an internal retry routine. ‘X’!=’0′ indicates the number of retries: ‘X’=’0’ means that no counter is provided).
The following specific error conditions may occur.
SW1=’65’ with SW2=
- ’81’: Memory failure (unsuccessful writing).
SW1=’67’ with SW2=
- ’00’: Wrong length (wrong Le field)
SW1=’69’ with SW2=
- ’81’: Command incompatible with file structure
- ’82’: Security status not satisfied
- ’86’: Command not allowed (no current EF)
SW1=’6A’ with SW2=
- ’81’: Function not supported
- ’82’: File not found
SW1=’6B’ with SW2=
- ’00’: Wrong parameters (offset outside the EF)
6.4 ERASE BINARY command
6.4.1 Definition and scope
6.4.2 Conditional usage and security
6.4.3 Command message
6.4.4 Response message (nominal case)
6.4.5 Status conditions
6.4.1 Definition and scope
The ERASE BINARY command message sets (part of) the content of an EF to its logical erased state, sequentially starting from a given offset.
6.4.2 Conditional usage and security
When the command contains a valid short EF identifier, it sets the file as current EF.
The command is processed on the currently selected EF. The command can be performed only if the security status satisfies the security attributes for the erase function.
The command shall be aborted if it is applied to an EF without transparent structure.
6.4.3 Command message
Table 33 – ERASE BINARY command APDU
| CLA | As defined in 5.4.1 |
| INS | ‘0E’ |
| P1-P2 | See text below |
| Lc field | Empty or ’02’ |
| Data field | See text below |
| Le field | Empty |
If b8=1 in P1, then b7-6 are set to 0 (RFU bits). bit5-1 are a short EF identifier and P2 is the offset of the first byte to be updated in data units from the beginning of the file.
If b8=0 in P1, then P1||P2 is the offset of the first byte to be written in data units from the beginning of the file.
6.4.4 Response message (nominal case)
Table 34 – ERASE BINARY response APDU
| Data field | Empty |
| SW1-SW2 | Status bytes |
6.4.5 Status conditions
The following specific warning conditions may occur.
SW1=’62’ with SW2=
- ‘CX’: Counter (successful writing, but after using an internal retry routine. ‘X’!=’0′ indicates the number of retries: ‘X’=’0’ means that no counter is provided).
The following specific error conditions may occur.
SW1=’65’ with SW2=
- ’81’: Memory failure (unsuccessful writing).
SW1=’67’ with SW2=
- ’00’: Wrong length (wrong Le field)
SW1=’69’ with SW2=
- ’81’: Command incompatible with file structure
- ’82’: Security status not satisfied
- ’86’: Command not allowed (no current EF)
SW1=’6A’ with SW2=
- ’81’: Function not supported
- ’82’: File not found
SW1=’6B’ with SW2=
- ’00’: Wrong parameters (offset outside the EF)
6.5 READ RECORD(S) command
6.5.1 Definition and scope
6.5.2 Conditional usage and security
6.5.3 Command message
6.5.4 Response message (nominal case)
6.5.5 Status conditions
6.5.1 Definition and scope
The READ RECORD(S) response message gives the contents of the specified record(s) (or the beginning part of one record) of an EF.
6.5.2 Conditional usage and security
The command can be performed only if the security status satisfies the security attributes for this EF for the read function.
If an EF is currently selected at the time of issuing the command, then this command may be processed without identification of this file.
When the command contains a valid short EF identifier, it sets the file as current EF and resets the current record pointer.
The command shall be aborted if applied to an EF without record structure.
6.5.3 Command message
Table 35 – READ RECORD(S) command APDU
| CLA | As defined in 5.4.1 |
| INS | ‘B2’ |
| P1 | Record number or record identifier of the first record to be read (’00’ indicates the current record) |
| P2 | Reference control, according to table 36 |
| Lc field | Empty |
| Data field | Empty |
| Le field | Number of bytes to be read |
Table 36 – Coding of the reference control P2
| b8 b7 b6 b5 b4 b3 b2 b1 | Meaning |
|---|---|
| 0 0 0 0 0 — — — | Currently selected EF |
| x x x x x — — — | Short EF identifier |
| 1 1 1 1 1 — — — | RFU |
| — — — — — 1 x x | Usage of record number in P1 |
| — — — — — 1 0 0 | – Read record P1 |
| — — — — — 1 0 1 | – Read all records from P1 up to the last |
| — — — — — 1 1 0 | – Read all records from the last up to P1 |
| — — — — — 1 1 1 | RFU |
| — — — — — 0 x x | Usage of record identifier in P1 |
| — — — — — 0 0 0 | – Read first occurrence |
| — — — — — 0 0 1 | – Read last occurrence |
| — — — — — 0 1 0 | – Read next occurrence |
| — — — — — 0 1 1 | – Read previous occurrence |
6.5.4 Response message (nominal case)
If the Le field contains only zeros, then depending on bit3-1 of P2 and within the limit of 256 for short length or 65536 for extended length, the command should read completely
- either the single requested record,
- or the requested sequence of records.
Table 37 – READ RECORD(S) response APDU
| Data field | Lr (may be equal to Le) bytes, see table 38 |
| SW1-SW2 | Status bytes |
When the record are SIMPLE-TLV data objects (see 5.4.4), tables 38-1 and 38-2 illustrate the format of the data field of the response message.
Table 38-1 – Data field of the response when reading for one record
Case A – Partial read of one record
| Tn (1 byte) | Ln (1 or 3 byte) | First data bytes of the record |
This case applies when the Le field does not contain only zeroes.
Case B – Complete read of one record
| Tn (1 byte) | Ln (1 or 3 bytes) | Whole data bytes of the record Ln bytes |
This case applies when the Le field contains only zeroes.
Table 38-2 – Data field of the response when reading for several records
Case C – Partial read of a record sequence
| Record #n Tn||Ln||Vn | … | First bytes of record #n+m Tn+m||Ln+m||Vn+m |
This case applies when the Le field does not contain only zeroes.
Case D – Read multiple records up to the file end
| Record #n Tn||Ln||Vn | … | Record #n+m Tn+m||Ln+m||Vn+m |
This case applies when the Le field contains only zeroes.
The comparison of the length of the data field with its TLV structure gives the nature of the data: the unique record (read one record) or the last record (read all records) is incomplete, complete or padded.
NOTE – If TLV coding is not used, then the read-all-records function results in receiving server records without standard delimitation of the records.
6.5.5 Status conditions
The following specific warning conditions may occur.
SW1=’62’ with SW2=
- ’81’: Part of the returned data may be corrupted.
- ’82’: End of record reached before Le bytes.
The following specific error conditions may occur.
SW1=’67’ with SW2=
- ’00’: Wrong length (wrong Le field)
SW1=’69’ with SW2=
- ’81’: Command incompatible with file structure
- ’82’: Security status not satisfied
SW1=’6A’ with SW2=
- ’81’: Function not supported
- ’82’: File not found
- ’83’: Record not found
SW1=’6C’ with SW2=
- ‘XX’: Wrong length (wrong Le field: ‘XX’ indicates the exact length)
6.6 WRITE RECORD command
6.6.1 Definition and scope
6.6.2 Conditional usage and security
6.6.3 Command message
6.6.4 Response message (nominal case)
6.6.5 Status conditions
6.6.1 Definition and scope
The WRITE RECORD command message initiates one of the following operations :
- the write once of a record,
- the logical OR of the data bytes of a record already present in the card with the data bytes of the record given in the command APDU.
- the logical AND of the data bytes of a record already present in the card with the data bytes of the record given in the APDU.
When no indication is given in the data coding byte, the logical OR operation shall apply.
When using current record addressing the command shall set the record pointer on the successfully written record.
6.6.2 Conditional usage and security
The command can be performed only if the security status satisfies the security attributes for this EF for the write functions.
If an EF is currently selected at the time of issuing the command, then this command may be processed without identification of this file.
When the command contains a valid short EF identifier, it sets the file as current EF and resets the current record pointer.
The command shall be aborted if applied to an EF without record structure.
The previous option of the command (P2=xxxxx011) applied to a cyclic file, has the same behavior as APPEND RECORD.
6.6.3 Command message
Table 39 – WRITE RECORD command APDU
| CLA | As defined in 5.4.1 |
| INS | ‘D2’ |
| P1 | P1=’00’ designates the current record P1!=’00’ is the number of the specified record |
| P2 | According to table 40 |
| Lc field | Length of the subsequent data field |
| Data field | Record to be written |
| Le field | Empty |
Table 40 – Coding of the reference control P2
| b8 b7 b6 b5 b4 b3 b2 b1 | Meaning |
|---|---|
| 0 0 0 0 0 — — — | Currently selected EF |
| x x x x x — — — | Short EF identifier |
| 1 1 1 1 1 — — — | RFU |
| — — — — — 0 0 0 | First record |
| — — — — — 0 0 1 | Last record |
| — — — — — 0 1 0 | Next record |
| — — — — — 0 1 1 | Previous record |
| — — — — — 1 0 0 | Record number given in P1 |
| Any other value | RFU |
When the records are SIMPLE-TLV data objects (see 5.4.4), table 41 illustrates the format of the data field of the command message.
Table 41 – Data field of the command
Complete write of one record
| Tn (1 byte) | Ln (1 or 3 bytes) | Whole data bytes of the record (Ln bytes) |
6.6.4 Response message (nominal case)
Table 42 – WRITE RECORD response APDU
| Data field | Empty |
| SW1-SW2 | Status bytes |
6.6.5 Status conditions
The following specific warning conditions may occur.
SW1=’62’ with SW2=
- ‘CX’: Counter (successful writing, but after using an internal retry routine. ‘X’!=’0′ indicates the number of retries: ‘X’=’0’ means that no counter is provided).
The following specific error conditions may occur.
SW1=’65’ with SW2=
- ’81’: Memory failure (unsuccessful writing).
SW1=’67’ with SW2=
- ’00’: Wrong length (wrong Le field)
SW1=’69’ with SW2=
- ’81’: Command incompatible with file structure
- ’82’: Security status not satisfied
- ’86’: Command not allowed (no current EF)
SW1=’6A’ with SW2=
- ’81’: Function not supported
- ’82’: File not found
- ’83’: Record not found
- ’84’: Not enough memory space in the file
- ’85’: Lc inconsistent with TLV structure.
6.7 APPEND RECORD
6.7.1 Definition and scope
The APPEND RECORD command message initiates either the appending of a record at the end of an EF of linear structure or the writing of record number 1 in an EF of cyclic structure.
The command shall set the record pointer on the successfully appended record.
6.7.2 Conditional usage and security
The command can be performed only if the security status satisfies the security attributes for this EF for the append function.
If an EF is currently selected at the time of issuing the command, then this command may be processed without identification of this file.
When the command contains a valid short EF identifier, it sets the file as current EF and resets the current record pointer.
The command shall be aborted if applied to an EF without record structure.
NOTE – If this command is applied to an EF of cyclic structure full of records, then the record with the highest record number is replaced. This record becomes record number 1.
6.7.3 Command message
Table 43 – APPEND RECORD command APDU
| CLA | As defined in 5.4.1 |
| INS | ‘E2’ |
| P1 | Only P1=’00’ is valid |
| P2 | According to table 44 |
| Lc field | Length of the subsequent data field |
| Data field | Record to be appended |
| Le field | Empty |
Table 44 – Coding of the reference control P2
| b8 b7 b6 b5 b4 b3 b2 b1 | Meaning |
|---|---|
| 0 0 0 0 0 0 0 0 | Currently selected EF |
| x x x x x 0 0 0 | Short EF identifier |
| 1 1 1 1 1 0 0 0 | RFU |
| Any other value | RFU |
When the records are SIMPLE-TLV data objects (see 5.4.4), table 45 illustrates the format of the data field of the command message.
Table 45 – Data field of the command
Complete append of one record
|
6.7.4 Response message (nominal case)
6.7.5 Status conditions
The following specific warning conditions may occur.
SW1=’62’ with SW2=
- ‘CX’: Counter (successful writing, but after using an internal retry routine. ‘X’!=’0′ indicates the number of retries: ‘X’=’0’ means that no counter is provided).
The following specific error conditions may occur.
SW1=’65’ with SW2=
- ’81’: Memory failure (unsuccessful writing).
SW1=’67’ with SW2=
- ’00’: Wrong length (wrong Le field)
SW1=’69’ with SW2=
- ’81’: Command incompatible with file structure
- ’82’: Security status not satisfied
- ’86’: Command not allowed (no current EF)
SW1=’6A’ with SW2=
- ’81’: Function not supported
- ’82’: File not found
- ’84’: Not enough memory space in the file
- ’85’: Lc inconsistent with TLV structure.
6.8 UPDATE RECORD command
6.8.1 Definition and scope
The UPDATE RECORD command message initiates the updating of a specific record with the bits given in the command APDU.
When using current record addressing, the command shall set the record pointer on the successfully updated record.
6.8.2 Conditional usage and security
The command can be performed only if the security status satisfies the security attributes for this EF for the update function.
If an EF is currently selected at the time of issuing the command, then this command may be processed without identification of this file.
When the command contains a valid short EF identifier, it sets the file as current EF and resets the current record pointer.
The command shall be aborted if applied to an EF without record structure.
When the command applies to an EF with linear fixed or cyclic structure, the it shall be aborted if the record length is different form the length of the existing record.
When the command applies to an EF with linear variable structure, then it may be carried out when the record length is different from the length of the existing record.
The previous option of the command (P2=0x03), applied to a cyclic file, has the same behaviour as APPEND RECORD.
6.8.3 Command message
Table 47 – UPDATE RECORD command APDU
| CLA | As defined in 5.4.1 |
| INS | ‘DC’ |
| P1 | P1=’00’ designates the current record P1!=’00’ is the number of the specified record |
| P2 | According to table 48 |
| Lc field | Length of the subsequent data field |
| Data field | Record to be updated |
| Le field | Empty |
Table 48 – Coding of the reference control P2
| b8 b7 b6 b5 b4 b3 b2 b1 | Meaning |
|---|---|
| 0 0 0 0 0 — — — | Currently selected EF |
| x x x x x — — — | Short EF identifier |
| 1 1 1 1 1 — — — | RFU |
| — — — — — 0 0 0 | First record |
| — — — — — 0 0 1 | Last record |
| — — — — — 0 1 0 | Next record |
| — — — — — 0 1 1 | Previous record |
| — — — — — 1 0 0 | Record number given in P1 |
| Any other value | RFU |
When the records are SIMPLE-TLV data objects (see 5.4.4), table 49 illustrates the format of the data field of the command message.
Table 49 – Data field of the command
Complete update of one record
| Tn (1 byte) | Ln (1 or 3 bytes) | Whole data bytes of the record (Ln bytes) |
6.8.4 Response message (nominal case)
Table 50 – UPDATE RECORD response APDU
| Data field | Empty |
| SW1-SW2 | Status bytes |
6.8.5 Status conditions
The following specific warning conditions may occur.
SW1=’62’ with SW2=
- ‘CX’: Counter (successful writing, but after using an internal retry routine. ‘X’!=’0′ indicates the number of retries: ‘X’=’0’ means that no counter is provided).
The following specific error conditions may occur.
SW1=’65’ with SW2=
- ’81’: Memory failure (unsuccessful writing).
SW1=’67’ with SW2=
- ’00’: Wrong length (wrong Le field)
SW1=’69’ with SW2=
- ’81’: Command incompatible with file structure
- ’82’: Security status not satisfied
- ’86’: Command not allowed (no current EF)
SW1=’6A’ with SW2=
- ’81’: Function not supported
- ’82’: File not found
- ’83’: Fecord not found
- ’84’: Not enough memory space in the file
- ’85’: Lc inconsistent with TLV structure.
6.9 GET DATA command
The GET DATA command is used for the retrieval of one primitive data object, or the retrieval of one or more data objects contained in a constructed data object, within the current context (e.g. application-specific environment or current DF).
6.9.1 Definition and scope
6.9.2 Conditional usage and security
6.9.3 Command message
6.9.4 Response message (nominal case)
6.9.5 Status conditions
6.9.1 Definition and scope
The GET DATA command is used to retrieve one or more data objects within the current context (e.g. application specific environment)
6.9.2 Conditional usage and security
The GET DATA command can be performed only if the security status satisfies the security conditions defined by the application within the context for the function.
6.9.3 Command message
The command can be performed only if the security status satisfies the security conditions defined by the application within the context for the function.
Table 51 – GET DATA command APDU
| CLA | As defined in 5.4.1 |
| INS | ‘CA’ |
| P1-P2 | See table 52 |
| Lc field | Empty |
| Data field | Empty |
| Le field | Number of bytes expected in response |
Table 52 – Coding of the reference control P1-P2
| Value | Meaning |
|---|---|
| ‘0000’-‘003F’ | RFU |
| ‘0040’-’00FF’ | BER-TLV tag (1 byte) in P2 |
| ‘0100’-’01FF’ | Application data (proprietary coding) |
| ‘0200’-’02FF’ | SIMPLE-TLV tag in P2 |
| ‘0300’-‘3FFF’ | RFU |
| ‘4000’-‘FFFF’ | BER-TLV tag (2 bytes) in P1-P2 |
Get application data
- When the value of P1-P2 lies in the range from ‘0100’ to ’01FF’, the value of P1-P2 shall be an identifier reserved for card internal tests and for proprietary services meaningful within a given application context.
Get data objects
- When the value of P1-P2 lies in the range from ‘0040’ to ’00FF’, the value of P2 shall be a BER-TLV tag on a single byte. The value ’00FF’ is reserved for obtaining all the common BER-TLV data objects readable in the context.
- When the value of P1-P2 lies in the range from ‘0200’ to ’02FF’, the value of P2 shall be a SIMPLE-TLV tag. The value ‘0200’ is RFU. The value ’02FF’ is reserved for obtaining all the common SIMPLE-TLV data objects readable in the context.
- When the value of P1-P2 lies in the range from ‘4000’ to ‘FFFF’, the value of P1-P2 shall be a BER-TLV tag on two bytes. The values ‘4000’ and ‘FFFF’ are RFU.
When a primitive data object is requested, the data field of the response message shall contain the value of the corresponding primitive data object.
When a constructed data object is requested, the data field of the response message shall contain the value of the constructed data object, i.e. data objects including their tag, length and value.
6.9.4 Response message (nominal case)
Table 53 – GET DATA response APDU
| Data field | Lr (may be equal to Le) bytes |
| SW1-SW2 | Status bytes |
6.9.5 Status conditions
The following specific warning conditions may occur.
SW1=’62’ with SW2=
- ’81’: Part of returned data may be corrupted
The following specific error conditions may occur.
SW1=’67’ with SW2=
- ’00’: Wrong length (wrong Le field)
SW1=’69’ with SW2=
- ’82’: Security status not satisfied
- ’85’: Conditions of use not satisfied
SW1=’6A’ with SW2=
- ’81’: Function not supported
- ’88’: Referenced data (data objects) not found
SW1=’6C’ with SW2=
- ‘XX’: Wrong length (wrong Le field: ‘XX’ indicates the exact length)
6.10 PUT DATA command
6.10.1 Definition and scope
The PUT DATA command is used for storing one primitive data object or one or more data objects contained in a constructed data object within the current context (e.g. application-specific environment or current DF). The exact storing functions (writing once and/or updating and/or appending) are to be induced by the definition or the nature of the data objects.
NOTE – The command could be used for example to update data objects.
6.10.2 Conditional usage and security
The command can be performed only if the security status satisfies the security conditions defined by the application within the context for the function(s).
6.10.3 Command message
Table 54 – PUT DATA command APDU
| CLA | As defined in 5.4.1 |
| INS | ‘DA’ |
| P1-P2 | See table 55 |
| Lc field | Length of the subsequent data field |
| Data field | Parameters and data to be written |
| Le field | Empty |
Table 55 – Coding of the reference control P1-P2
| Value | Meaning |
|---|---|
| ‘0000’-‘003F’ | RFU |
| ‘0040’-’00FF’ | BER-TLV tab (1 byte) in P2 |
| ‘0100’-’01FF’ | Application data (proprietary coding) |
| ‘0200’-’02FF’ | SIMPLE-TLV tag in P2 |
| ‘0300’-‘3FFF’ | RFU |
| ‘4000’-‘FFFF’ | BER-TLV tag (2 bytes) in P1-P2 |
Store application data
- When the value of P1-P2 lies in the range from ‘0100’ to ’01FF’, the value of P1-P2 shall be an identifier reserved for card internal tests and for proprietary services meaningful within a given application context.
Store data objects
- When the value of P1-P2 lies in the range from ‘0040’ to ’00FF’, the value of P2 shall be a BER-TLV tag on a single byte. The value ’00FF’ is reserved for obtaining all the common BER-TLV data objects.
- When the value of P1-P2 lies in the range from ‘0200’ to ’02FF’, the value of P2 shall be a SIMPLE-TLV tag. The value ‘0200’ is RFU. The value ’02FF’ is reserved for indicating that the data field carries SIMPLE-TLV data objects.
- When the value of P1-P2 lies in the range from ‘4000’ to ‘FFFF’, the value of P1-P2 shall be a BER-TLV tag on two bytes. The values ‘4000’ and ‘FFFF’ are RFU.
When a primitive data object is requested, the data field of the command message shall contain the value of the corresponding primitive data object.
When a constructed data object is provided, the data field of the command message shall contain the value of the constructed data object, i.e. data objects including their tag, length and value.
6.10.4 Response message (nominal case)
Table 56 – PUT DATA response APDU
| Data field | Empty |
| SW1-SW2 | Status bytes |
6.10.5 Status conditions
The following specific warning conditions may occur.
SW1=’63’ with SW2=
- ‘CX’: Counter (successful storing, but after using an internal retry routine, ‘X’!=’0′ indicates the number of retries. ‘X’=’0’ means that no counter is provided.
The following specific error conditions may occur.
SW1=’65’ with SW2=
- ’81’: Memory failure (unsuccessful string)
SW1=’67’ with SW2=
- ’00’: Wrong length (wrong Le field)
SW1=’69’ with SW2=
- ’82’: Security status not satisfied
- ’85’: Conditions of use not satisfied
SW1=’6A’ with SW2=
- ’80’: Incorrect parameters in the data field
- ’81’: Function not supported
- ’84’: Not enough memory space in the file
- ’85’: Lc inconsistent with TLV structure
6.11 SELECT FILE command
6.11.1 Definition and scope
A successful Select File sets a current file within a logical channel. Subsequent command may implicitly refer to the current file through that logical channel.
Selecting a DF (which may be the MF) sets it as current DF. After such a selection, an implicit current EF may be referred to through that logical channel.
Selecting an EF sets a pair of current files: the EF and its parent file.
After the answer to reset, the MF is implicitly selected through the basic logical channel, unless specified differently in the historical bytes or in the initial date string.
NOTE – A direct selection by DF name can be used for selecting applications registered according to part 5 of ISO 7816.
6.11.2 Conditional usage and security
The following conditions shall apply to each open logical channel.
Unless otherwise specified, the correct execution of the command modifies the security status according to the following rules :
- When the current EF is changed, or when there is no current EF the security status if any specific to a former current EF is lost.
- When the current DF is a descendant of or identical to the former current DF, the security status specific to the former current DF is maintained.
- When the current DF is neither a descendant of nor identical to the former current DF the security status specific to the former current DF is lost. The security status common to all common ancestors of the previous and new current DF is maintained.
6.11.3 Command message
Table 57 – SELECT FILE command APDU
| CLA | As defined in 5.4.1 |
| INS | ‘A4’ |
| P1 | Selection control, see table 58 |
| P2 | Selection control, see table 59 |
| Lc field | Empty or length of the subsequent data field |
| Data field | If present according to P1-P2
|
| Le field | Empty or maximum length of data expected in response |
Table 58 – Coding of the reference control P1
| b8 b7 b6 b5 b4 b3 b2 b1 | Meaning |
|---|---|
| 0 0 0 0 0 0 x x | Selection by file identifier |
| 0 0 0 0 0 0 0 0 | – Select MF, DF or EF (data field=identifier or empty) |
| 0 0 0 0 0 0 0 1 | – Select child DF (data field=DF identifier) |
| 0 0 0 0 0 0 1 0 | – Select EF under current DF (data field=EF identifier) |
| 0 0 0 0 0 0 1 1 | – Select parent DF of the current DF (empty data field) |
| 0 0 0 0 0 1 x x | Selection by DF name |
| 0 0 0 0 0 1 0 0 | – Direct selection by DF name (data field=DF name) |
| 0 0 0 0 1 x x x | Selection by path (see 5.1.2) |
| 0 0 0 0 1 0 0 0 | – Select from MF (data field=path without the identifier of the MF) |
| 0 0 0 0 1 0 0 1 | – Select from current DF (data field=path without the identifier of the current DF) |
| Any other value | RFU |
When P1=’00’, the card knows either because of a specific coding of the file identifier or because of the context of execution of the command if the file to select is the MF, a DF or an EF.
When P1-P2=’0000′, if a file identifier is provided, then it shall be unique in the following environments :
- the immediate children of the current DF
- the parent DF
- the immediate children of the parent DF
If P1-P2=’0000′ and if the data field is empty or equal to ‘3F00’, then select the MF.
When P1=’04’, the data field is a DF name, possibly right trunctated. When supported, successive such commands with the same data field shall select DFs whose names match with the data field, i.e. start with the command data field. If the card accepts the SELECT FILE command with an empty data field, then all or a subset of the DFs can be successively selected.
NOTE – See 8.3.6 for the selection methods supported by the card.
Table 59 – Coding of the selection options P2
| b8 b7 b6 b5 b4 b3 b2 b1 | Meaning |
|---|---|
| 0 0 0 0 — — 0 0 | First record |
| 0 0 0 0 — — 0 1 | Last record |
| 0 0 0 0 — — 1 0 | Next record |
| 0 0 0 0 — — 1 1 | Previous record |
| 0 0 0 0 x x — — | File control information option (see 5.1.5) |
| 0 0 0 0 0 0 — — | – Return FCI, optional template |
| 0 0 0 0 0 1 — — | – Return FCP template |
| 0 0 0 0 1 0 — — | – Return FMD template |
| Any other value | RFU |
6.11.4 Response message (nominal case)
If the Le field contains only zeroes, then within the limit of 256 for short length or 65536 for extended length, all the bytes corresponding to the selection option should be returned.
Table 60 – SELECT FILE response APDU
| Data field | Information according to P2 (at most Le bytes) |
| SW1-SW2 | Status bytes |
6.11.5 Status conditions
The following specific warning conditions may occur.
SW1=’62’ with SW2=
- ’83’: Selected file invalidated
- ’84’: FCI not formatted according to 5.1.5
The following specific error conditions may occur.
SW1=’6A’ with SW2=
- ’81’: Function not supported
- ’82’: File not found
- ’86’: Incorrect parameters P1-P2
- ’87’: Lc inconsistent with P1-P2
6.12 VERIFY command
6.12.1 Definition and scope
The VERIFY command initiates the comparison in the card of the verification data sent from the interface device with the reference data stored in the card (e.g. password).
6.12.2 Conditional usage and security
The security status may be modified as a result of a comparison. Unsuccessful comparisons may be recorded in the card (e.g. to limit the number of further attempts of the use of the reference data).
6.12.3 Command message
Table 61 – VERIFY command APDU
| CLA | As defined in 5.4.1 |
| INS | ’20’ |
| P1 | Only P1=’00’ is valid (other values are RFU) |
| P2 | Qualifier of the reference data, see table 62 |
| Lc field | Empty or length of the subsequent data field |
| Data field | Empty or verification data |
| Le field | Empty |
Table 62 – Coding of the reference control P2
| b8 b7 b6 b5 b4 b3 b2 b1 | Meaning |
|---|---|
| 0 0 0 0 0 0 0 0 | No information is given |
| 0 — — — — — — — | Global reference data (e.g. card password) |
| 1 — — — — — — — | Specific reference data (e.g. DF specific password) |
| — — — x x x x x | Reference data number |
| Any other value | RFU |
NOTES
- P2=’00’ is reserved to indicate that no particular qualifier is used, in those cards where the VERIFY command references the secret data unambiguously.
- The reference data number may be for example a password number or a short EF identifier
- When the body is empty, the command may be used either to retrieve the number ‘X’ of further allowed retries (SW1-SW2=’63CX’) or to check whether the verification is not required (SW1-SW2=’9000′).
6.12.4 Response message (nominal case)
Table 63 – VERIFY response APDU
| Data field | Empty |
| SW1-SW2 | Status bytes |
6.12.5 Status conditions
The following specific warning conditions may occur.
SW1=’63’ with SW2=
- ’00’: No information given (verification failed)
- ‘CX’: Counter (verification failed: ‘X’ indicates the number of further allowed retries
The following specific error conditions may occur.
SW1=’69’ with SW2=
- ’83’: Authentication method blocked
- ’84’: Referenced data invalidated
SW1=’6A’ with SW2=
- ’86’: Incorrect parameters P1-P2
- ’88’: Referenced data not found
6.13 INTERNAL AUTHENTICATE command
6.13.1 Definition and scope
The INTERNAL AUTHENTICATE command initiates the computation of the authentication data by the card using the challenge data sent from the interface device and a relevant secret (e.g. a key) stored in the card.
When the relevant secret is attached to the MF, the command may be used to authenticate the card as a whole.
When the relevant secret is attached to another DF, the comand may be used to authenticate that DF.
6.13.2 Conditional usage and security
The successful execution of the command may be subject to successful completion of prior commands (e.g. Verify, Select File) or selections (e.g. the relevant secret).
If a key and an algorithm are currently selected when issuing the command then the command may implicitly use the key and the algorithm.
The number of times the command is issued may be recorded in the card to limit the number of further attempts of using the relevant secret or the algorithm.
6.13.3 Command message
Table 64 – INTERNAL AUTHENTICATE command APDU
| CLA | As defined in 5.4.1 |
| INS | ’88’ |
| P1 | Reference of the algorithm in the card |
| P2 | Reference of the secret, see table 65 |
| Lc field | Length of the subsequent data field |
| Data field | Authentication related data (e.g. challenge) |
| Le field | Maximum number of bytes expected in response |
P1=’00’ indicates that no information is given. The reference of the algorithm is known either before issuing the command or is provided in the data field.
P2=’00’ indicates that no information is given. The reference of the secret is known either before issuing the command or is provided in the data field.
Table 65 – Coding of the reference control P2
| b8 b7 b6 b5 b4 b3 b2 b1 | Meaning |
|---|---|
| 0 0 0 0 0 0 0 0 | No information is given |
| 0 — — — — — — — | Global reference data (e.g. an MF secific key) |
| 1 — — — — — — — | Specific reference data (e.g. DF specific key) |
| — — — x x x x x | Number of the secret |
| Any other value | RFU |
NOTE – The number of the secret may be for example a key number or a short EF identifier.
6.13.4 Response message (nominal case)
Table 66 – INTERNAL AUTHENTICATE response APDU
| Data field | Authentication related data (e.g. response to the callenge) |
| SW1-SW2 | Status bytes |
6.13.5 Status conditions
The following specific error conditions may occur.
SW1=’69’ with SW2=
- ’84’: Referenced data invalidated
- ’85’: Conditions of use not setisfied
SW1=’6A’ with SW2=
- ’86’: Incorrect parameters P1-P2
- ’88’: Referenced data not found
6.14 EXTERNAL AUTHENTICATE command
6.14.1 Definition and scope
The EXTERNAL AUTHENTICATE command conditionally updates the security status using the result (yes or no) of the computation by the card based on a challenge previously issued by the card (e.g. by a GET CHALLENGE command ) a key possibly secret stored in the card and authentication data transmitted by the interface device.
6.14.2 Conditional usage and security
The successful execution of the command requires that the last challenge obtained from the card is valid.
Unsuccessful comparisons may be recorded in the card (e.g. to limit the number of further attempts of the use of the reference data).
6.14.3 Command message
Table 67 – EXTERNAL AUTHENTICATE command APDU
| CLA | As defined in 5.4.1 |
| INS | ‘B2’ |
| P1 | Reference of the algorithm in the card |
| P2 | Reference of the secret, see table 68 |
| Lc field | Empty or length of the subsequent data field |
| Data field | Empty or authentication related data (e.g. response to the challenge) |
| Le field | Empty |
P1=’00’ indicates that no information is given. The reference of the algorithm is known either before issuing the command or is provided in the data field.
P2=’00’ indicates that no information is given. The reference of the secret is known either before issuing the command or is provided in the data field.
Table 68 – Coding of the reference control P2
| b8 b7 b6 b5 b4 b3 b2 b1 | Meaning |
|---|---|
| 0 0 0 0 0 0 0 0 | No information is given |
| 0 — — — — — — — | Global reference data (e.g. an MF secific key) |
| 1 — — — — — — — | Specific reference data (e.g. DF specific key) |
| — — — x x x x x | Number of the secret |
| Any other value | RFU |
NOTES
- The number of the secret may be for example a key number or a short EF identifier.
- When the body is empty, the command may be used either to retrieve the number ‘X’ of further allowed retries (SW1-SW2=’63CX’) or to check whether the verification is not required (SW1-SW2=’9000′).
6.14.4 Response message (nominal case)
Table 69 – EXTERNAL AUTHENTICATE response APDU
| Data field | Empty |
| SW1-SW2 | Status bytes |
6.14.5 Status conditions
The following specific warning conditions may occur.
SW1=’63’ with SW2=
- ’00’: No information given (authentication failed)
- ‘CX’: Counter (authentication failed; ‘X’ indicates the number of further allowed retries)
The following specific error conditions may occur.
SW1=’67’ with SW2=
- ’00’: Wrong length (the Lc field is incorrect)
SW1=’69’ with SW2=
- ’83’: Authentication method blocked
- ’84’: Referenced data invalidated
- ’85’: Conditions of use not satisfied
SW1=’6A’ with SW2=
- ’86’: Incorrect parameters P1-P2
- ’88’: Referenced data not found
6.15 GET CHALLENGE command
6.15.1 Definition and scope
The GET CHALLENGE command requires the issuing of a challenge (e.g. random number) for use in a security related procedure (e.g. EXTERNAL AUTHENTICATE command).
6.15.2 Conditional usage and security
The challenge is valid at least for the next command. No further condition is specified in this part of ISO/IEC 7816.
6.15.3 Command message
Table 70 – GET CHALLENGE command APDU
| CLA | As defined in 5.4.1 |
| INS | ‘B4’ |
| P1-P2 | ‘0000’ (other values are RFU) |
| Lc field | Empty |
| Data field | Empty |
| Le field | Maximum length of the expected response |
6.15.4 Response message (nominal case)
Table 71 – EXTERNAL AUTHENTICATE response APDU
| Data field | Challenge |
| SW1-SW2 | Status bytes |
6.15.5 Status conditions
The following specific error conditions may occur :
SW1=’6A’ with SW2=
- ’81’: Function not supported
- ’86’: Incorrect parameters P1-P2
6.16 MANAGE CHANNEL command
6.16.1 Definition and scope
The MANAGE CHANNEL command opens and closes logical channels.
The open function opens a new logical channel other than the basic one. Options are provided for the card to assign a logical channel number or for the logical channel number to be supplied to the card.
The close function explicitly closes a logical channel other than the basic one. After the successful closing the logical channel shall be available for re-use.
6.16.2 Conditional usage and security
When the open function is performed from the basic logical channel then after a successful open the MF shall be implicitly selected as the current DF and the security status for the new logical channel should be the same as for the basic logical channel after ATR. The security status of the new logical channel should be separate from that of any other logical channel.
When the open function is performed from a logical channel which is not the basic one then after a successful open the current DF of the logical channel from which the command was issued shall be selected as the current DF and the security status for the new logical channel should be the same as for the logical channel from which the open function was performed.
After a successful close function the security status related to this logical channel is lost.
6.16.3 Command message
Table 72 – MANAGE CHANNEL command APDU
| CLA | As defined in 5.4.1 |
| INS | ’70’ |
| P1 | P1=’00’ to open a logical channel P1=’80’ to close a logical channel (other values are RFU) |
| P2 | ’00’-’03’ (other values are RFU) |
| Lc field | Empty |
| Data field | Empty |
| Le field | ’01’ if P1-P2=’0000′ Empty if P1-P2!=’0000′ |
b8 of P1 is used to indicate the open function or the close function. If b8 is 0 then MANAGE CHANNEL shall open a logical channel and if b8 is 1 then MANAGE CHANNEL shall close a logical channel.
For the open function (P1=’00’), the b1 and b2 of P2 are used to code the logical channel number in the same manner as in the class byte (see 5.4.1), the other bits of P2 are RFU.
- When b1 and b2 of P2 are null, then the card will assign a logical channel number that will be returned in bits b1 and b2 of the data field.
- When b1 and/or b2 of P2 are not null, they code a logical channel number other than the basic one: then the card will open the externally assigned logical channel number
6.16.4 Response message (nominal case)
Table 73 – MANAGE CHANNEL response APDU
| Data field | Logical channel number if P1-P2=’0000′ Empty if P1-P2!=’0000′ |
| SW1-SW2 | Status bytes |
6.16.5 Status conditions
The following specific warning conditions may occur.
SW1=’62’ with SW2=
- ’00’: No information is given.
- Easy-to-use chip card integration with .NET library
with C# and VB.NET sample code for Mifare, DESFire EV1, JavaCard, KVK, eGK, SIM, PIV, CAC, HID Prox, iCLASS, SEOS and many more