iso-iec 7816-4 (first edition 1995-09-01).htm

7816协议

<LI>a mandatory trailer of 2 bytes (SW1 SW2)
</UL>
<TABLE BORDER=1><TR><TH>Body</TH><TH>Trailer</TH></TR>
<TR><TD>[Data field]</TD><TD>SW1 SW2</TD></TR>
</TABLE>
<P>
The number of bytes present in the data field of the response APDU is denoted by Lr.
<P>
The trailer codes the status of the receiving entity after processing the command-response pair.
<P>
<B>NOTE</B> - If the command is aborted, then the response APDU is a trailer coding an error condition on 2 status bytes.
<P>
<H4><A NAME="ss5_4">5.4 Coding conventions for command headers, data fields and response trailers</A></H4>
<P>
<A HREF="iso7816_4.html#table6">Table 6</A> shows the contents of the command APDU.
<P>
<H6><A NAME="table6">Table 6 - command APDU contents</A></H6>
<TABLE BORDER=1><TR><TH>Code</TH><TH>Name</TH><TH>Length</TH><TH>Description</TH></TR>
<TR><TD>CLA</TD><TD>Class</TD><TD>1</TD><TD>Class of instruction</TD></TR>
<TR><TD>INS</TD><TD>Instruction</TD><TD>1</TD><TD>Instruction code</TD></TR>
<TR><TD>P1</TD><TD>Parameter 1</TD><TD>1</TD><TD>Instruction parameter 1</TD></TR>
<TR><TD>P2</TD><TD>Parameter 2</TD><TD>1</TD><TD>Instruction parameter 2</TD></TR>
<TR><TD>Lc field</TD><TD>Length</TD><TD>variable 1 or 3</TD><TD>Number of bytes present in the data field of the command</TD></TR>
<TR><TD>Data field</TD><TD>Data</TD><TD>variable=Lc</TD><TD>String of bytes sent in the data field of the command</TD></TR>
<TR><TD>Le field</TD><TD>Length</TD><TD>variable 1 or 3</TD><TD>Maximum number of bytes expected in the data field of the response to the command</TD></TR>
</TABLE>
<P>
<A HREF="iso7816_4.html#table7">Table 7</A> shows the contents of the response APDU.
<P>
<TABLE BORDER=1><TR><TH>Code</TH><TH>Name</TH><TH>Length</TH><TH>Description</TH></TR>
<TR><TD>Data field</TD><TD>Data</TD><TD>variable=Lr</TD><TD>String of bytes received in the data field of the response</TD></TR>
<TR><TD>SW1</TD><TD>Status byte 1</TD><TD>1</TD><TD>Command processing status</TD></TR>
<TR><TD>SW2</TD><TD>Status byte 2</TD><TD>1</TD><TD>Command processing qualifier</TD></TR>
</TABLE>
<P>
The subsequent clauses specify coding conventions for the class byte, the instruction byte, the parameter bytes, the data field bytes and the status byte.
Unless otherwise specified, in those bytes, RFU bits are coded zero and RFU bytes are coded '00'.
<P>
<H5><A NAME="ss5_4_1">5.4.1 Class byte</A></H5>
<P>
According to <A HREF="iso7816_4.html#table8">table 8</A> used in conjunction with <A HREF="iso7816_4.html#table9">table 9</A>,
the class byte CLA of a command is used to indicate
<UL>
<LI>to what extent the command and the response comply with this part of ISO/IEC 7816
<LI>and when applicable (see <A HREF="iso7816_4.html#table9">table 9</A>), the format of secure messaging and the logical channel number.
</UL>
<H6><A NAME="table8">Table 8 - Coding and meaning of CLA</A></H6>
<TABLE BORDER=1><TR><TH>Value</TH><TH>Meaning</TH></TR>
<TR><TD>'0X'</TD><TD>Structure and coding of command and response according to this part of ISO/IEC 7816 (for coding of 'X' see <A HREF="iso7816_4.html#table9">table 9</A>)</TD></TR>
<TR><TD>10 to 7F</TD><TD>RFU</TD></TR>
<TR><TD>8X, 9X</TD><TD>Structure of command and response according to this part of ISO/IEC 7816. Except for 'X' (for coding, see <A HREF="iso7816_4.html#table9">table 9</A>), the
coding and meaning of command and response are proprietary</TD></TR>
<TR><TD>AX</TD><TD>Unless otherwise specified by the application context, structure and coding of command and response according to this part of
ISO/IEC 7816 (for coding of 'X', see <A HREF="iso7816_4.html#table9">table 9</A>)</TD></TR>
<TR><TD>B0 to CF</TD><TD>Structure of command and response according to this part of ISO/IEC 7816</TD></TR>
<TR><TD>D0 to FE</TD><TD>Proprietary structure and coding of command and response</TD></TR>
<TR><TD>FF</TD><TD>Reserved for PTS</TD></TR>
</TABLE>
<H6><A NAME="table9">Table 9 - Coding and meaning of nibble 'X' when CLA='0X','8X','9X' or 'AX'</A></H6>
<TABLE BORDER=1><TR><TH>b4 b3 b2 b1</TH><TH>Meaning</TH></TR>
<TR><TD> x  x -- --</TD><TD>Secure messaging (SM) format</TD></TR>
<TR><TD> 0  x -- --</TD><TD>No SM or SM not according to 5.6</TD></TR>
<TR><TD> 0  0 -- --</TD><TD>No SM or no SM indication</TD></TR>
<TR><TD> 0  1 -- --</TD><TD>Proprietary SM format</TD></TR>
<TR><TD> 1  x -- --</TD><TD>Secure messaging according to 5.6</TD></TR>
<TR><TD> 1  0 -- --</TD><TD>Command header not authenticated</TD></TR>
<TR><TD> 1  1 -- --</TD><TD>Command header authenticated (see 5.6.3.1 for command header usage)</TD></TR>
<TR><TD>-- --  x  x</TD><TD>Logical channel number (according to 5.5) (b2 b1 = 00 when logical channels are not used or when logical
channel #0 is selected</TD></TR>
</TABLE>
<P>
<H5><A NAME="ss5_4_2">5.4.2 Instruction byte</A></H5>
<P>
The instruction byte INS of a command shall be coded to allow transmission with any of the protocols defined in part 3 of ISO/IEC 7816.
<A HREF="iso7816_4.html#table10">Table 10</A> shows the INS codes that are consequently invalid.
<p>
<H6><A NAME="table10">Table 10 - Invalid INS codes</A></H6>
<TABLE BORDER=1><TR><TH>b8 b7 b6 b5 b4 b3 b2 b1</TH><TH>Meaning</TH></TR>
<TR><TD> x  x  x  x  x  x  x  1</TD><TD>Odd values</TD></TR>
<TR><TD> 0  1  1  0  x  x  x  x</TD><TD>'6X'</TD></TR>
<TR><TD> 1  0  0  1  x  x  x  x</TD><TD>'9X'</TD></TR>
</TABLE>
<P>
<A HREF="iso7816_4.html#table11">Table 11</A> shows the INS codes defined in this part of ISO/IEC 7816. When the value of CLA lies within the range from '00' to '7F', the
other values of INS codes are to be assigned by ISO/IEC JTC 1 SC17.
<P>
<H6><A NAME="table11">Table 11 - INS codes defined in this part of ISO/IEC 7816</A></H6>
<TABLE BORDER=1><TR><TH>Value</TH><TH>Command name</TH><TH>Clause</TH></TR>
<TR><TD>'0E'</TD><TD>ERASE BINARY</TD><TD>6.4</TD></TR>
<TR><TD>'20'</TD><TD>VERIFY</TD><TD>6.12</TD></TR>
<TR><TD>'70'</TD><TD>MANAGE CHANNEL</TD><TD>6.16</TD></TR>
<TR><TD>'82'</TD><TD>EXTERNAL AUTHENTICATE</TD><TD>6.14</TD></TR>
<TR><TD>'84'</TD><TD>GET CHALLENGE</TD><TD>6.15</TD></TR>
<TR><TD>'88'</TD><TD>INTERNAL AUTHENTICATE</TD><TD>6.13</TD></TR>
<TR><TD>'A4'</TD><TD>SELECT FILE</TD><TD>6.11</TD></TR>
<TR><TD>'B0'</TD><TD>READ BINARY</TD><TD>6.1</TD></TR>
<TR><TD>'B2'</TD><TD>READ RECORD(S)</TD><TD>6.5</TD></TR>
<TR><TD>'C0'</TD><TD>GET RESPONSE</TD><TD>7.1</TD></TR>
<TR><TD>'C2'</TD><TD>ENVELOPE</TD><TD>7.2</TD></TR>
<TR><TD>'CA'</TD><TD>GET DATA</TD><TD>6.9</TD></TR>
<TR><TD>'D0'</TD><TD>WRITE BINARY</TD><TD>6.2</TD></TR>
<TR><TD>'D2'</TD><TD>WRITE RECORD</TD><TD>6.6</TD></TR>
<TR><TD>'D6'</TD><TD>UPDATE BINARY</TD><TD>6.3</TD></TR>
<TR><TD>'DA'</TD><TD>PUT DATA</TD><TD>6.10</TD></TR>
<TR><TD>'DC'</TD><TD>UPDATE DATA</TD><TD>6.8</TD></TR>
<TR><TD>'E2'</TD><TD>APPEND RECORD</TD><TD>6.7</TD></TR>
</TABLE>
<P>
<H5><A NAME="ss5_4_3">5.4.3 Parameter bytes</A></H5>
<P>
The parameter bytes P1-P2 of a command may have any value. If a parameter byte
provides no further qualification, then it shall be set to '00'.
<P>
<H5><A NAME="ss5_4_4">5.4.4 Data field bytes</A></H5>
<P>
Each data field shall have one of the following three structures.
<UL>
<LI>Each TLV-coded data field shall consist of one or more TLV-coded data objects.</LI>
<LI>Each non TLV-coded data field shall consist of one or more data elements, according to the specifications of the respective command.</LI>
<LI>The structure of the proprietary-coded data fields is not specified in ISO/IEC 7816.</LI>
</UL>
<P>
This part of ISO/IEC 7816 supports the following two types of TLV-coded data
objects in the data fields :
<UL>
<LI>BER-TLV data objects</LI>
<LI>SIMPLE-TLV data object</LI>
</UL>
<P>
ISO/IEC 7816 uses neither '00' nor 'FF' as tag value.
<P>
Each BER-TLV data object shall consists of 2 or 3 consecutive fields (see
ISO/IEC 8825 and annex D).
<UL>
<LI>The tag field T consists of one or more consecutive bytes. It encodes a
class, a type and a number.</LI>
<LI>The length field consists of one or more consecutive bytes. It encodes an
integer L.</LI>
<LI>If L is not null, then the value field V consists of L consecutive bytes.
If L is null, then the data object is empty: there is no value field.</LI>
</UL>
<P>
Each SIMPLE-TLV data object shall consist of 2 or 3 consecutive fields.
<UL>
<LI>The tag field T consists of a single byte encoding only a number from 1 to
254 (e.g. a record identifier). It codes no class and no
construction-type.</LI>
<LI>The length field consists of 1 or 3 consecutive bytes. If the leading byte
of the length field is in the range from '00' to 'FE', then the length field
consists of a single byte encoding an integer L valued from 0 to 254. If the
leading byte is equal to 'FF', then the length field continues on the two
subsequent bytes which encode an integer L with a value from 0 to 65535.</LI>
<LI>If L in not null, then the value field V consists of consecutive bytes. If
L is null, then the data object is empty: there is no value field.</LI>
</UL>
<P>
The data fields of some commands (e.g. <A HREF="iso7816_4.html#ss6_11">SELECT FILE</A>), the value fields of the
SIMPLE-TLV data object and the value field of the some primitive BER-TLV data
objects are intended for encoding one or more data elements.
<P>
The data fields of some other commands (e.g. record-oriented commands) and the
value fields of the other primitive BER-TLV data objects are intended for
encoding one or more SIMPLE-TLV data objects.
<P>
The data fields of some other commands (e.g. object-oriented commands) and the
value fields of the constructed BER-TLV data objects are intended for encoding
one or more BER-TLV data objects.
<P>
<B>NOTE</B> - Before between or after TLV-coded data objects, '00' or 'FF'
bytes without any meaning may occur (e.g. due to erase or modified TLV-coded data
objects).
<P>
<H5><A NAME="ss5_4_5">5.4.5 Status bytes</A></H5>
<P>
The status bytes SW1-SW2 of a response denote the processing state in the
card. Figure 7 shows the structural scheme of the values defined in this part
of ISO/IEC 7816.
<P>
<H1>F I G U R E 7</H1>
<H6>Figure 7 - Structural scheme of status bytes</H6>
<P>
<B>NOTE</B> - When SW1='63' or '65', the state of the non-volatile memory is
changed. When SW1='6X' except '63' and '65', the state of the non-volatile
memory is unchanged.
<P>
Due to specifications in part 3 of ISO/IEC 7816, this part does not define the
following values of SW1-SW2 :
<UL>
<LI>'60XX'</LI>
<LI>'67XX', '6BXX', '6DXX', '6EXX', '6FXX'; in each case if 'XX'!='00'</LI>
<LI>'9XXX', if 'XXX'!='000'</LI>
</UL>
<P>
The following values of SW1-SW2 are defined whichever protocol is used (see
examples in annex A).
<UL>
<LI>If a command is aborted with a response where SW1='6C', then SW2 indicates
the value to be given to the short Le field (exact length of requested data)
when re-issuing the same command before issuing any other command.</LI>
<LI>If a command (which may be of case 2 or 4, see <A HREF="iso7816_4.html#table4">table 4</A> and figure 4) is
processed with a response where SW1='61', then SW2 indicates the maximum value
to be given to the short Le field (length of extra data still available) in a
<A HREF="iso7816_4.html#ss7_1">GET RESPONSE command</A> issued before issuing any other command.</LI>
</UL>
<P>
<B>NOTE</B> - A functionality similar to that offered by '61XX' may be offered
at application level by '9FXX'. However, applications may use '9FXX' for other
purposes.
<P>
<A HREF="iso7816_4.html#table12">Table 12</A> completed by <A HREF="iso7816_4.html#table13">tables 13 to 18</A> shows the general meanings of the values
of SW1-SW2 defined in this part of ISO/IEC 7816. For each command, an
appropriate clause provides more detailed meanings.
<P>
<A HREF="iso7816_4.html#table13">Tables 13 to 18</A> specify values of SW2 when SW1 is valued to '62', '63', '65',
'68', '69' and '6A'. The values of SW2 not defined in <A HREF="iso7816_4.html#table13">tables 13 to 18</A> are RFU,
except the values from 'F0' to 'FF' which are not defined in this part of
ISO/IEC 7816.
<P>
<H6><A NAME="table12">Table 12 - Coding of SW1-SW2</A></H6>
<TABLE BORDER=1><TR><TH>SW1-SW2</TH><TH>Meaning</TH></TR>
<TR><TD></TD><TD>Normal processing</TD></TR>
<TR><TD>'9000'</TD><TD>No further qualification</TD></TR>
<TR><TD>'61XX'</TD><TD>SW2 indicates the number of response bytes still
available (see text below)</TD></TR>
<TR><TD></TD><TD>Warning processings</TD></TR>
<TR><TD>'62XX'</TD><TD>State of non-volatile memory unchanged (further
qualification in SW2, see <A HREF="iso7816_4.html#table13">table 13</A>)</TD></TR>
<TR><TD>'63XX'</TD><TD>State of non-volatile memory changed (further
qualification in SW2, see <A HREF="iso7816_4.html#table14">table 14</A>)</TD></TR>
<TR><TD></TD><TD>Execution errors</TD></TR>
<TR><TD>'64XX'</TD><TD>State of non-volatile memory unchanged (SW2='00', other
values are RFU)</TD