《BS-ISO-IEC-24727-2-2008.pdf》由会员分享,可在线阅读,更多相关《BS-ISO-IEC-24727-2-2008.pdf(46页珍藏版)》请在三一文库上搜索。
1、BS ISO/IEC 24727-2:2008 ICS 35.240.15 NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW BRITISH STANDARD Identification cards Integrated circuit card programming interfaces Part 2: Generic card interface Licensed Copy: London South Bank University, South Bank University, 31/01/2
2、009 03:09, Uncontrolled Copy, (c) BSI This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 er 2008 BSI 2008 ISBN 978 0 580 56354 6 Amendments/corrigenda issued since publication DateComments BS ISO/IEC 24727-2:2008 National foreword This Britis
3、h Standard is the UK implementation of ISO/IEC 24727-2. The UK participation in its preparation was entrusted to Technical Committee IST/17, Cards and personal identification. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not
4、 purport to include all the necessary provisions of a contract. Users are responsible for its correct application. Compliance with a British Standard cannot confer immunity from legal obligations. Decemb Licensed Copy: London South Bank University, South Bank University, 31/01/2009 03:09, Uncontroll
5、ed Copy, (c) BSI BS ISO/IEC 24727-2:2008BS ISO/IEC 24727-2:2008 Reference number ISO/IEC 24727-2:2008(E) ISO/IEC 2008 INTERNATIONAL STANDARD ISO/IEC 24727-2 First edition 2008-10-01 Identification cards Integrated circuit card programming interfaces Part 2: Generic card interface Cartes didentificat
6、ion Interfaces programmables de cartes puce Partie 2: Interface de carte gnrique Licensed Copy: London South Bank University, South Bank University, 31/01/2009 03:09, Uncontrolled Copy, (c) BSI BS ISO/IEC 24727-2:2008BS ISO/IEC 24727-2:2008 ISO/IEC 24727-2:2008(E) PDF disclaimer This PDF file may co
7、ntain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsi
8、bility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation p
9、arameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2008
10、 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the count
11、ry of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2008 All rights reserved Licensed Copy: London South Bank University, South Bank University, 31/01/2009
12、 03:09, Uncontrolled Copy, (c) BSI BS ISO/IEC 24727-2:2008BS ISO/IEC 24727-2:2008 ISO/IEC 24727-2:2008(E) ISO/IEC 2008 All rights reserved iii Contents Page 1 Scope . 1 2 Normative references. 1 3 Terms and definitions. 1 4 Abbreviated terms 2 5 Organization for interoperability. 2 5.1 Command-respo
13、nse pairs for interoperability 2 5.1.1 Command and response encoding. 2 5.1.2 Class byte 3 5.1.3 Instruction byte. 3 5.1.4 File descriptor byte. 5 5.2 Card states for interoperability . 6 5.3 Status words for interoperability 7 5.4 Data structures for interoperability. 8 5.5 Card-applications for in
14、teroperability. 9 5.5.1 Alpha card-application. 9 5.5.2 Cryptographic information application 9 6 Capability descriptions 10 6.1 Card capability description (CCD) 10 6.2 Application capability description (ACD). 11 6.3 Procedural elements. 11 6.3.1 Model of computation for procedural elements 12 6.3
15、.2 Use of procedural elements. 12 6.4 Determining the value of capability descriptions 13 6.4.1 General principle. 13 6.4.2 Determining the value of the CCD. 13 6.4.3 Determining the value of an ACD 13 Annex A (informative) Profiles for the cryptographic information application on the generic card i
16、nterface. 14 A.1 Profile A. 14 A.1.1 EF.CIAInfo 14 A.1.2 EF.OD. 14 A.1.3 EF.PrKD . 14 A.1.4 EF.PuKD. 14 A.1.5 EF.SKD. 15 A.1.6 EF.CD . 15 A.1.7 EF.AOD 15 A.1.8 EF.DCOD 15 Annex B (informative) Instances of profile A 16 B.1 eSign K Specification. 16 Annex C (normative) Cryptographic information appli
17、cation for card-application service description. 23 Annex D (informative) Example of cryptographic information application for card-application service description. 28 Annex E (informative) DID Discovery. 33 Bibliography. 35 Licensed Copy: London South Bank University, South Bank University, 31/01/2
18、009 03:09, Uncontrolled Copy, (c) BSI BS ISO/IEC 24727-2:2008BS ISO/IEC 24727-2:2008 ISO/IEC 24727-2:2008(E) iv ISO/IEC 2008 All rights reserved Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for w
19、orldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborat
20、e in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are
21、drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an I
22、nternational Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent right
23、s. ISO/IEC 24727-2 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 17, Cards and personal identification. ISO/IEC 24727 consists of the following parts, under the general title Identification cards Integrated circuit card programming interfaces: Part
24、1: Architecture Part 2: Generic card interface Part 3: Application interface Part 4: API administration The following parts are under preparation: Part 5: Testing Part 6: Registration authority procedures for the authentication protocols for interoperability Licensed Copy: London South Bank Universi
25、ty, South Bank University, 31/01/2009 03:09, Uncontrolled Copy, (c) BSI BS ISO/IEC 24727-2:2008BS ISO/IEC 24727-2:2008 ISO/IEC 24727-2:2008(E) ISO/IEC 2008 All rights reserved v Introduction ISO/IEC 24727 defines interoperable programming interfaces to integrated circuit cards. Programming interface
26、s are defined for all card lifecycle stages and for use with integrated circuit cards. ISO/IEC 24727 is written with sufficient detail and completeness that independent implementations of each part are interchangeable and can interoperate with independent implementations of the other parts. This par
27、t of ISO/IEC 24727 specifies a command-level programming interface to contactless integrated circuit cards and cards with contacts that is a concretization of the concepts, data structures and commands found in the following documents: ISO/IEC 7816-4, Identification cards Integrated circuit cards Pa
28、rt 4: Organization, security and commands for interchange ISO/IEC 7816-8, Identification cards Integrated circuit cards Part 8: Commands for security operations ISO/IEC 7816-9, Identification cards Integrated circuit cards Part 9: Commands for card management ISO/IEC 7816-15, Identification cards In
29、tegrated circuit cards Part 15: Cryptographic information application ISO/IEC 20060, Information technology Open Terminal Architecture (OTA) specification Virtual machine specification The commands and data objects described in this part of ISO/IEC 24727 are consistent with the commands and data obj
30、ects found in these documents which will be referred to as the base documents. This part of ISO/IEC 24727 maximizes the fungibility of independent realizations of its prescriptions. This property of this part of ISO/IEC 24727 is realized by positing a minimally sufficient subset of the base standard
31、s which realizes their core functionality through the minimization of the number of options provided. Licensed Copy: London South Bank University, South Bank University, 31/01/2009 03:09, Uncontrolled Copy, (c) BSI BS ISO/IEC 24727-2:2008BS ISO/IEC 24727-2:2008 Licensed Copy: London South Bank Unive
32、rsity, South Bank University, 31/01/2009 03:09, Uncontrolled Copy, (c) BSI BS ISO/IEC 24727-2:2008BS ISO/IEC 24727-2:2008 INTERNATIONAL STANDARD ISO/IEC 24727-2:2008(E) ISO/IEC 2008 All rights reserved 1 Identification cards Integrated circuit card programming interfaces Part 2: Generic card interfa
33、ce 1 Scope This part of ISO/IEC 24727 defines a generic card interface for integrated circuit cards. This interface is presented as: command-response pairs for interoperability, card and application capability description and determination. This part of ISO/IEC 24727 is based on ISO/IEC 7816-4, ISO/
34、IEC 7816-8, ISO/IEC 7816-9, and ISO/IEC 7816-15. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including an
35、y amendments) applies. ISO/IEC 24727-1, Identification cards Integrated circuit card programming interfaces Part 1: Architecture ISO/IEC 7816-4, Identification cards Integrated circuit cards Part 4: Organization, security and commands for interchange ISO/IEC 7816-8, Identification cards Integrated c
36、ircuit cards Part 8: Commands for security operations ISO/IEC 7816-9, Identification cards Integrated circuit cards Part 9: Commands for card management ISO/IEC 7816-15, Identification cards Integrated circuit cards Part 15: Cryptographic information application 3 Terms and definitions For the purpo
37、ses of this document, the terms and definitions given in ISO/IEC 24727-1 and the following apply. 3.1 data object information seen at the interface consisting of the concatenation of a mandatory ISO/IEC 8825 DER-encoded tag field, a mandatory ISO/IEC 8825 DER-encoded length field and a conditional v
38、alue field Licensed Copy: London South Bank University, South Bank University, 31/01/2009 03:09, Uncontrolled Copy, (c) BSI BS ISO/IEC 24727-2:2008BS ISO/IEC 24727-2:2008 ISO/IEC 24727-2:2008(E) 2 ISO/IEC 2008 All rights reserved 3.2 file structure for application and/or data in the card, as seen at
39、 the generic card interface when processing commands 3.3 translation code procedural software that transforms commands on the generic card interface to commands implemented on an integrated circuit card 4 Abbreviated terms For the purposes of this document, the abbreviated terms given in ISO/IEC 247
40、27-1 and the following apply. ATS answer to select, as defined in ISO/IEC 14443-3 DF dedicated file DO data object FCP file control parameters FID file identifier RFU reserved for further use 5 Organization for interoperability This clause specifies a subset of the structure, commands and data struc
41、ture defined in ISO/IEC 7816-4, ISO/IEC 7816-8 and ISO/IEC 7816-9. The following can not be specified at the generic card interface: short file identifiers; logical channels; files with record structure. The physical card mapped to the generic card interface by the translation code may use a short E
42、F identifier, logical channels, and record structure files. 5.1 Command-response pairs for interoperability 5.1.1 Command and response encoding Requests at the GCI are logically equivalent to command APDUs as specified in ISO/IEC 7816-4, ISO/IEC 7816-8 and ISO/IEC 7816-9. Confirmations at the GCI ar
43、e logically equivalent to response APDUs as specified in ISO/IEC 7816-4, ISO/IEC 7816-8 and ISO/IEC 7816-9. The following interface may be used to send a generic card interface command directly to an implementation of this part of ISO/IEC 24727: sequence-of-bytes ExecuteCommand(sequence-of-bytes com
44、mand) This interface sends a command to the ISO/IEC 24727-2 implementation and returns as its value the response of the ISO/IEC 24727-2 implementation. Further interfaces may be defined in other parts of ISO/IEC 24727. Licensed Copy: London South Bank University, South Bank University, 31/01/2009 03
45、:09, Uncontrolled Copy, (c) BSI BS ISO/IEC 24727-2:2008BS ISO/IEC 24727-2:2008 ISO/IEC 24727-2:2008(E) ISO/IEC 2008 All rights reserved 3 5.1.2 Class byte Table 1 lists the class byte values that shall be used in commands on the generic card interface. Table 1 CLA Values on the GCI b8 b7 b6 b5b4 b3
46、b2 b1Description 0 - - 0 - - - - The command is the last or only command of a chain 0 - - 1 - - - - The command is not the last command of a chain 1 1 1 1 1 1 1 1 The command is for the Part 2 implementation This part of ISO/IEC 24727 shall support command chaining only for the transmission of data
47、strings too long for a single command; i.e. constant INS, P1 and P2 across all commands in the chain. For transmission of requests acted upon by the ISO/IEC 24727-2 implementation, generally without transmission of APDUs to the card, CLA = FF shall be used. 5.1.3 Instruction byte Tables 2 and 3 list
48、 the instruction byte values that should be used in commands at the GCI as these commands guarantee the standardized independence of the ISO/IEC 24727-2 and ISO/IEC 24727-3 implementations. A GCI request with an INS not found in Table 2 shall be sent directly to the card and the card-interface respo
49、nse shall be returned to the entity having made the GCI request. Commands with instruction bytes listed in Table 3 shall be acted on by the ISO/IEC 24727-2 implementation and shall not be provided to the translation script. Table 2 Requests on the GCI Handled by the Translation Script Command Name INS PackageLimitations SELECT A4 A SELECT by file identifier (P1-P2 = 00-04 or 00-0C) and SELECT by DF name (P1-P2 = 04-04 or 04-0C) with return o