appendix-b.html

Smart Card Developer s Kit, a smart card manual for development, English

<!-- Edit EirGrabber 3.01 -->
<HTML>
<HEAD>


<TITLE>Smart Card Developer's Kit:Appendix B The Multiflex Command Set</TITLE>





<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="ewtoc.html">Table of Contents</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<H2><A NAME="Heading1"></A><FONT COLOR="#000077">APPENDIX B<BR>THE MULTIFLEX COMMAND SET
</FONT></H2>
<P><BIG><BIG>T</BIG></BIG>his appendix contains a detailed description of each of the 21 commands implemented in the Multiflex 3K operating system and to which the Multiflex 3K smart card responds. The tables here are no more a substitute for a complete documentation set for the Multiflex card than is Chapter 5, &#147;The Schlumberger Multiflex Smart Card.&#148; They do, however, provide enough information for you to begin to experiment with each command and with the card.</P>
<P>Unused and RFU (reserved for future use) fields should always be filled with the default byte FF<SUB>16</SUB> rather than the more customary default value 00<SUB>16</SUB>. Because writing a 00<SUB>16</SUB> to a location that contains FF<SUB>16</SUB> requires an EEPROM erase operation, it is slower than writing an FF<SUB>16</SUB> to a location that contains 00<SUB>16</SUB> which only requires a write operation. Throughout the appendix, the ASCII character set is assumed.</P>
<H3><A NAME="Heading2"></A><FONT COLOR="#000077">Change PIN</FONT></H3>
<P><FONT SIZE="+1"><B>Description</B></FONT></P>
<P>Replaces the 8-byte PIN in the currently selected PIN file with a new 8-byte value.
</P>
<P><FONT SIZE="+1"><B>Command Application Protocol Data Unit</B></FONT></P>
<TABLE WIDTH="100%">
<TR>
<TH WIDTH="10%" ALIGN="LEFT">CLA
<TH WIDTH="10%" ALIGN="LEFT">INS
<TH WIDTH="20%" ALIGN="LEFT">Parameter 1
<TH WIDTH="20%" ALIGN="LEFT">Parameter 2
<TH WIDTH="40%" ALIGN="LEFT">Parameter 3
<TR>
<TD COLSPAN="5"><HR>
<TR>
<TD>F0<SUB>16</SUB>
<TD>24<SUB>16</SUB>
<TD>00<SUB>16</SUB>
<TD>01<SUB>16</SUB>
<TD>10<SUB>16</SUB>
<TR>
<TD COLSPAN="5"><HR>
</TABLE>
<P>
</P>
<TABLE WIDTH="100%"><TR>
<TH ALIGN="LEFT">Data Field 1
<TH ALIGN="LEFT">Data Field 2
<TR>
<TD COLSPAN="2"><HR>
<TR>
<TD>The 8 bytes of the current value of the PIN
<TD VALIGN="TOP">The 8 bytes of the new value of the PIN
<TR>
<TD COLSPAN="2"><HR>
</TABLE>
<P><FONT SIZE="+1"><B>Response Application Protocol Data Unit</B></FONT></P>
<TABLE WIDTH="100%">
<TR>
<TH ALIGN="LEFT">Response
<TR>
<TD><HR>
<TR>
<TD>2-byte status
<TR>
<TD><HR>
</TABLE>
<P><FONT SIZE="+1"><B>Example of Use</B></FONT></P>
<TABLE WIDTH="100%">
<TR>
<TH WIDTH="35%" ALIGN="LEFT">APDU
<TH WIDTH="35%" ALIGN="LEFT">Interpretation
<TR>
<TD COLSPAN="2"><HR>
<TR>
<TD>F0<SUB>16</SUB> 24<SUB>16</SUB> 00<SUB>16</SUB> 01<SUB>16</SUB> 10<SUB>16</SUB> 62<SUB>16</SUB> 65<SUB>16</SUB> 66<SUB>16</SUB> 6F<SUB>16</SUB> 72<SUB>16</SUB> 65<SUB>16</SUB> FF<SUB>16</SUB> FF<SUB>16</SUB> 61<SUB>16</SUB> 66<SUB>16</SUB> 74<SUB>16</SUB> 65<SUB>16</SUB> 72<SUB>16</SUB> FF<SUB>16</SUB> FF<SUB>16</SUB> FF<SUB>16</SUB>
<TD VALIGN="TOP">Changes the PIN in the currently selected PIN file from <TT>before</TT> to <TT>after</TT>
<TR>
<TD COLSPAN="2"><HR>
</TABLE>
<P><FONT SIZE="+1"><B>Status Word Return</B></FONT></P>
<TABLE WIDTH="100%">
<TR>
<TH WIDTH="20%" ALIGN="LEFT">Value
<TH WIDTH="80%" ALIGN="LEFT">Description
<TR>
<TD COLSPAN="2"><HR>
<TR>
<TD>6300<SUB>16</SUB>
<TD>PIN rejected; failed attempts counter decremented
<TR>
<TD>6581<SUB>16</SUB>
<TD>Update impossible
<TR>
<TD>67XX<SUB>16</SUB>
<TD>Incorrect Parameter 3 value; expected value was XX<SUB>16</SUB>
<TR>
<TD>6981<SUB>16</SUB>
<TD>No PIN defined
<TR>
<TD>6983<SUB>16</SUB>
<TD>PIN currently blocked
<TR>
<TD>6E00<SUB>16</SUB>
<TD>Unknown CLA
<TR>
<TD>6F00<SUB>16</SUB>
<TD>Internal problem with no additional information given
<TR>
<TD VALIGN="TOP">9000<SUB>16</SUB>
<TD>Command executed successfully; failed attempts counter set to maximum value
<TR>
<TD COLSPAN="2"><HR>
</TABLE>
<H3><A NAME="Heading3"></A><FONT COLOR="#000077">Create File</FONT></H3>
<P><FONT SIZE="+1"><B>Description</B></FONT></P>
<P>Creates a new file in the current directory. The new file becomes the current file.
</P>
<P><FONT SIZE="+1"><B>Command Application Protocol Data Unit</B></FONT></P>
<TABLE WIDTH="100%">
<TR>
<TH WIDTH="10%" ALIGN="LEFT">CLA
<TH WIDTH="10%" ALIGN="LEFT">INS
<TH WIDTH="20%" ALIGN="LEFT">Parameter 1
<TH WIDTH="20%" ALIGN="LEFT">Parameter 2
<TH ALIGN="LEFT">Parameter 3
<TR>
<TD COLSPAN="5"><HR>
<TR>
<TD VALIGN="TOP">F0<SUB>16</SUB>
<TD VALIGN="TOP">E0<SUB>16</SUB>
<TD>Initialization flag 00<SUB>16</SUB>&#151;Initialize FF<SUB>16</SUB>&#151;Do not initialize
<TD VALIGN="TOP">Number of records for record files; ignored otherwise
<TD VALIGN="TOP">Sum of the lengths of the following two fields
<TR>
<TD COLSPAN="5"><HR>
</TABLE>
<P>
</P>
<TABLE WIDTH="100%"><TR>
<TH WIDTH="30%" ALIGN="LEFT">Data Field 1
<TH ALIGN="LEFT">Data Field 2
<TR>
<TD COLSPAN="2"><HR>
<TR>
<TD VALIGN="TOP">Description of the file to be created (See Chapter 5)
<TD>The first 6 bytes of the encryption of the response to the immediately preceding <TT>Get Challenge</TT> command if the directory in which the file is being created specifies protected-mode access for this command
<TR>
<TD COLSPAN="2"><HR>
</TABLE>
<P><FONT SIZE="+1"><B>Response Application Protocol Data Unit</B></FONT></P>
<TABLE WIDTH="100%">
<TR>
<TH ALIGN="LEFT">Response
<TR>
<TD><HR>
<TR>
<TD>2-byte status
<TR>
<TD><HR>
</TABLE>
<P><FONT SIZE="+1"><B>Example of Use</B></FONT></P>
<TABLE WIDTH="100%">
<TR>
<TH ALIGN="LEFT">APDU
<TH ALIGN="LEFT">Interpretation
<TR>
<TD COLSPAN="2"><HR>
<TR>
<TD>F0<SUB>16</SUB> E0<SUB>16</SUB> FF<SUB>16</SUB> 00<SUB>16</SUB> 10<SUB>16</SUB> 0000<SUB>16</SUB> 0017<SUB>16</SUB> 0000<SUB>16</SUB> F4<SUB>16</SUB> FF<SUB>16</SUB> 44<SUB>16</SUB> 01<SUB>16</SUB> 03<SUB>16</SUB> F0<SUB>16</SUB> FF<SUB>16</SUB> 00<SUB>16</SUB>
<TD VALIGN="TOP">Create a PIN file that can be updated, invalidated, and rehabilitated only by external authorization key 0 and can never be read
<TR>
<TD COLSPAN="2"><HR>
</TABLE>
<P><FONT SIZE="+1"><B>Status Word Return</B></FONT></P>
<TABLE WIDTH="100%">
<TR>
<TH WIDTH="20%" ALIGN="LEFT">Value
<TH WIDTH="80%" ALIGN="LEFT">Description
<TR>
<TD COLSPAN="2"><HR>
<TR>
<TD>6283<SUB>16</SUB>
<TD>Current directory is invalidated
<TR>
<TD>6300<SUB>16</SUB>
<TD>Invalid protected-mode cryptogram
<TR>
<TD>6500<SUB>16</SUB>
<TD>Too much data for protected-mode
<TR>
<TD>6581<SUB>16</SUB>
<TD>Memory problem
<TR>
<TD>67XX<SUB>16</SUB>
<TD>Incorrect Parameter 3 value; expected value was XX<SUB>16</SUB>
<TR>
<TD>6981<SUB>16</SUB>
<TD>No PIN or key defined
<TR>
<TD>6982<SUB>16</SUB>
<TD>Access condition not fulfilled
<TR>
<TD>6985<SUB>16</SUB>
<TD>No <TT>Get Challenge</TT> immediately preceding command
<TR>
<TD>6A80<SUB>16</SUB>
<TD>File ID already in use in this directory
<TR>
<TD>6A80<SUB>16</SUB>
<TD>Type of current file is inconsistent with the command
<TR>
<TD>6A80<SUB>16</SUB>
<TD>Record length value is too large
<TR>
<TD>6A84<SUB>16</SUB>
<TD>Insufficient memory space available
<TR>
<TD>6B00<SUB>16</SUB>
<TD>Incorrect Parameter 1 or Parameter 2
<TR>
<TD>6D00<SUB>16</SUB>
<TD>Unknown INS
<TR>
<TD>6E00<SUB>16</SUB>
<TD>Unknown CLA
<TR>
<TD>6F00<SUB>16</SUB>
<TD>Internal problem with no additional information given
<TR>
<TD VALIGN="TOP">9000<SUB>16</SUB>
<TD>Command executed successfully
<TR>
<TD COLSPAN="2"><HR>
</TABLE>
<H3><A NAME="Heading4"></A><FONT COLOR="#000077">Create Record</FONT></H3>
<P><FONT SIZE="+1"><B>Description</B></FONT></P>
<P>Creates a new record at the end of the current record file and optionally writes data into it.
</P>
<P><FONT SIZE="+1"><B>Command Application Protocol Data Unit</B></FONT></P>
<TABLE WIDTH="100%">
<TR>
<TH WIDTH="10%" ALIGN="LEFT">CLA
<TH WIDTH="10%" ALIGN="LEFT">INS
<TH WIDTH="20%" ALIGN="LEFT">Parameter 1
<TH WIDTH="20%" ALIGN="LEFT">Parameter 2
<TH WIDTH="40%" ALIGN="LEFT">Parameter 3
<TR>
<TD COLSPAN="5"><HR>
<TR>
<TD VALIGN="TOP">C0<SUB>16</SUB>
<TD VALIGN="TOP">E2<SUB>16</SUB>
<TD VALIGN="TOP">00<SUB>16</SUB>
<TD VALIGN="TOP">00<SUB>16</SUB>
<TD>Sum of the lengths of the following two fields
<TR>
<TD COLSPAN="5"><HR>
</TABLE>
<P>
</P>
<TABLE WIDTH="100%"><TR>
<TH ALIGN="LEFT">Data Field 1
<TH ALIGN="LEFT">Data Field 2
<TR>
<TD COLSPAN="2"><HR>
<TR>
<TD VALIGN="TOP">Data to be written to new record followed by cryptogram if the directory in which the file is being created specifies protected-mode access for this command
<TD>The first 6 bytes of the encryption of the response to the immediately preceding <TT>Get Challenge</TT> command if the directory in which the file is being created specifies protected-mode authentication for the <TT>Create File</TT> command
<TR>
<TD COLSPAN="2"><HR>
</TABLE>
<P><FONT SIZE="+1"><B>Response Application Protocol Data Unit</B></FONT></P>
<TABLE WIDTH="100%">
<TR>
<TH ALIGN="LEFT">Response
<TR>
<TD><HR>
<TR>
<TD>2-byte status
<TR>
<TD><HR>
</TABLE>
<P><FONT SIZE="+1"><B>Example of Use</B></FONT></P>
<TABLE WIDTH="100%">
<TR>
<TH WIDTH="35%" ALIGN="LEFT">APDU
<TH WIDTH="35%" ALIGN="LEFT">Interpretation
<TR>
<TD COLSPAN="2"><HR>
<TR>
<TD>C0<SUB>16</SUB> E2<SUB>16</SUB> 00<SUB>16</SUB> 00<SUB>16</SUB> 09<SUB>16</SUB> 63<SUB>16</SUB> 61<SUB>16</SUB> 6D<SUB>16</SUB> 62<SUB>16</SUB> 72<SUB>16</SUB> 69<SUB>16</SUB> 64<SUB>16</SUB> 67<SUB>16</SUB> 65<SUB>16</SUB>
<TD VALIGN="TOP">Create a new record in the current record file and write <TT>Cambridge</TT> into it
<TR>
<TD COLSPAN="2"><HR>
</TABLE>
<P><FONT SIZE="+1"><B>Status Word Return</B></FONT></P>
<TABLE WIDTH="100%">
<TR>
<TH WIDTH="20%" ALIGN="LEFT">Value
<TH WIDTH="80%" ALIGN="LEFT">Description
<TR>
<TD COLSPAN="2"><HR>
<TR>
<TD>6283<SUB>16</SUB>
<TD>Current file is invalidated
<TR>
<TD>6300<SUB>16</SUB>
<TD>Invalid protected-mode cryptogram
<TR>
<TD>6500<SUB>16</SUB>
<TD>Too much data for protected-mode
<TR>
<TD>6581<SUB>16</SUB>
<TD>Memory problem
<TR>
<TD>67XX<SUB>16</SUB>
<TD>Incorrect Parameter 3 value; expected value was XX<SUB>16</SUB>
<TR>
<TD>6981<SUB>16</SUB>
<TD>No PIN or key defined
<TR>
<TD>6982<SUB>16</SUB>
<TD>Access condition not fulfilled
<TR>
<TD>6985<SUB>16</SUB>
<TD>No <TT>Get Challenge</TT> immediately preceding command
<TR>
<TD>6A80<SUB>16</SUB>
<TD>Type of current file is inconsistent with the command
<TR>
<TD>6A83<SUB>16</SUB>
<TD>Record index out of range
<TR>
<TD>6A84<SUB>16</SUB>
<TD>Insufficient memory space available
<TR>
<TD>6D00<SUB>16</SUB>
<TD>Unknown INS
<TR>
<TD>6E00<SUB>16</SUB>
<TD>Unknown CLA
<TR>
<TD>6F00<SUB>16</SUB>
<TD>Internal problem with no additional information given
<TR>
<TD>9000<SUB>16</SUB>
<TD>Command executed successfully
<TR>
<TD COLSPAN="2"><HR>
</TABLE>
<H3><A NAME="Heading5"></A><FONT COLOR="#000077">Decrease</FONT></H3>
<P><FONT SIZE="+1"><B>Description</B></FONT></P>
<P>The oldest (that is, previous) record in a cyclic file is overwritten with the newest (that is, current) record, minus the amount given in the command. This new record then becomes the current record.
</P>
<P><FONT SIZE="+1"><B>Command Application Protocol Data Unit</B></FONT></P>
<TABLE WIDTH="100%">
<TR>
<TH WIDTH="10%" ALIGN="LEFT">CLA
<TH WIDTH="10%" ALIGN="LEFT">INS
<TH WIDTH="20%" ALIGN="LEFT">Parameter 1
<TH WIDTH="20%" ALIGN="LEFT">Parameter 2
<TH WIDTH="40%" ALIGN="LEFT">Parameter 3
<TR>
<TD COLSPAN="5"><HR>
<TR>
<TD VALIGN="TOP">F0<SUB>16</SUB>
<TD VALIGN="TOP">30<SUB>16</SUB>
<TD VALIGN="TOP">00<SUB>16</SUB>
<TD VALIGN="TOP">00<SUB>16</SUB>
<TD>03<SUB>16</SUB>, the length of the following value to be subtracted, if protected-mode authentication is not required OR 09<SUB>16</SUB>, the length of the 3-byte value plus the length of the 6-byte cryptogram, if protected-mode authentication is required
<TR>
<TD COLSPAN="5"><HR>
</TABLE>
<P>
</P>
<TABLE WIDTH="100%"><TR>
<TH ALIGN="LEFT">Data Field 1
<TH ALIGN="LEFT">Data Field 2
<TR>
<TD COLSPAN="2"><HR>
<TR>
<TD VALIGN="TOP">3-byte value to be subtracted from the current record
<TD>The first 6 bytes of the encryption of the response to the immediately preceding <TT>Get Challenge</TT> command if the directory in which the file is being created specifies protected-mode authentication for the <TT>Create File</TT> command
<TR>
<TD COLSPAN="2"><HR>
</TABLE>
<P><FONT SIZE="+1"><B>Response Application Protocol Data Unit</B></FONT></P>
<TABLE WIDTH="100%">
<TR>
<TH ALIGN="LEFT">Response
<TR>
<TD><HR>
<TR>
<TD>2-byte status
<TR>
<TD><HR>
</TABLE>
<P><FONT SIZE="+1"><B>Example of Use</B></FONT></P>
<TABLE WIDTH="100%">
<TR>
<TH WIDTH="40%" ALIGN="LEFT">APDU
<TH WIDTH="60%" ALIGN="LEFT">Interpretation
<TR>
<TD COLSPAN="2"><HR>
<TR>
<TD>F0<SUB>16</SUB> 30<SUB>16</SUB> 00<SUB>16</SUB> 00<SUB>16</SUB> 03<SUB>16</SUB> 00<SUB>16</SUB> 00<SUB>16</SUB> 01<SUB>16</SUB>
<TD VALIGN="TOP">Subtract 1 from the current record in a cyclic file and overwrite the oldest record in the file with this new value
<TR>
<TD COLSPAN="2"><HR>
</TABLE>
<P><FONT SIZE="+1"><B>Status Word Return</B></FONT></P>
<TABLE WIDTH="100%">
<TR>
<TH WIDTH="20%" ALIGN="LEFT">Value
<TH WIDTH="80%" ALIGN="LEFT">Description
<TR>
<TD COLSPAN="2"><HR>
<TR>
<TD VALIGN="TOP">61XX<SUB>16</SUB>
<TD>Command executed successfully; XX<SUB>16</SUB> bytes of response data are available
<TR>
<TD>6283<SUB>16</SUB>
<TD>Currently selected file is invalidated
<TR>
<TD>6300<SUB>16</SUB>
<TD>Invalid protected-mode cryptogram
<TR>
<TD>6500<SUB>16</SUB>
<TD>Too much data for protected-mode
<TR>
<TD>6581<SUB>16</SUB>
<TD>Update impossible
<TR>