《ISO-7816-9-2004.pdf》由会员分享,可在线阅读,更多相关《ISO-7816-9-2004.pdf(20页珍藏版)》请在三一文库上搜索。
1、 Reference number ISO/IEC 7816-9:2004(E) ISO/IEC 2004 INTERNATIONAL STANDARD ISO/IEC 7816-9 Second edition 2004-06-01 Identification cards Integrated circuit cards Part 9: Commands for card management Cartes didentification Cartes circuit intgr Partie 9: Commandes pour la gestion des cartes ISO/IEC
2、7816-9:2004(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In download
3、ing this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the Gen
4、eral Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address give
5、n below. ISO/IEC 2004 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs mem
6、ber body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2004 All rights reserved ISO/IEC 7816-9:2004(E) ISO/IEC 2004 All rights reserved i
7、ii Contents Page Forewordiv Introduction v 1 Scope1 2 Normative references .1 3 Terms and definitions.1 4 Abbreviations and notation1 5 Life cycle2 5.1 File life cycle2 6 Commands for card management.3 6.1 CREATE FILE command .3 6.2 DELETE FILE command3 6.3 DEACTIVATE FILE command.4 6.4 ACTIVATE FIL
8、E command.5 6.5 TERMINATE DF command.5 6.6 TERMINATE EF command.6 6.7 TERMINATE CARD USAGE command.7 Annex A (informative) Examples of security attributes used for download.8 Bibliography .12 ISO/IEC 7816-9:2004(E) iv ISO/IEC 2004 All rights reserved Foreword ISO (the International Organization for
9、Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective orga
10、nization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technol
11、ogy, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards
12、adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subjec
13、t of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 7816-9 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 17, Cards and personal identification. This second edition, together with the s
14、econd editions of ISO/IEC 7816-4, ISO/IEC 7816-5, ISO/IEC 7816-6 and ISO/IEC 7816-8, after an in-depth reorganization of these five parts, cancels and replaces ISO/IEC 7816- 4:1995, ISO/IEC 7816-5:1994, ISO/IEC 7816-6:1996, ISO/IEC 7816-8:1999 and ISO/IEC 7816-9:2000. It also incorporates the Amendm
15、ents ISO/IEC 7816-4:1995/Amd.1:1997, ISO/IEC 7816-5:1994/Amd.1:1996 and ISO/IEC 7816-6:1996/Amd.1:2000 and the Technical Corrigendum ISO/IEC 7816-6:1996/Cor.1:1998. ISO/IEC 7816 consists of the following parts, under the general title Identification cards Integrated circuit cards: Part 1: Cards with
16、 contacts Physical characteristics Part 2: Cards with contacts Dimensions and location of the contacts Part 3: Cards with contacts Electrical interface and transmission protocols Part 4: Organization, security and commands for interchange Part 5: Registration of application providers Part 6: Interin
17、dustry data elements for interchange Part 7: Interindustry commands for Structured Card Query Language (SCQL) Part 8: Commands for security operations Part 9: Commands for card management Part 10: Cards with contacts Electronic signals and answer to reset for synchronous cards Part 11: Personal veri
18、fication through biometric methods Part 15: Cryptographic information application -,-,- ISO/IEC 7816-9:2004(E) ISO/IEC 2004 All rights reserved v Introduction ISO/IEC 7816 is a series of International Standards specifying integrated circuit cards and the use of such cards for interchange. These card
19、s are identification cards intended for information exchange negotiated between the outside world and the integrated circuit in the card. As a result of an information exchange, the card delivers information (computation result, stored data), and/or modifies its content (data storage, event memoriza
20、tion). Five parts are specific to cards with galvanic contacts and three of them specify electrical interfaces. ISO/IEC 7816-1 specifies physical characteristics for cards with contacts. ISO/IEC 7816-2 specifies dimensions and location of the contacts. ISO/IEC 7816-3 specifies electrical interface a
21、nd transmission protocols for asynchronous cards. ISO/IEC 7816-10 specifies electrical interface and answer to reset for synchronous cards. ISO/IEC 7816-12 specifies electrical interface and operating procedures for USB cards. All the other parts are independent from the physical interface technolog
22、y. They apply to cards accessed by contacts and/or by radio frequency. ISO/IEC 7816-4 specifies organization, security and commands for interchange. ISO/IEC 7816-5 specifies registration of application providers. ISO/IEC 7816-6 specifies interindustry data elements for interchange. ISO/IEC 7816-7 sp
23、ecifies commands for structured card query language. ISO/IEC 7816-8 specifies commands for security operations. ISO/IEC 7816-9 specifies commands for card management. ISO/IEC 7816-11 specifies personal verification through biometric methods. ISO/IEC 7816-15 specifies cryptographic information applic
24、ation. ISO/IEC 10536 specifies access by close coupling. ISO/IEC 14443 and 15693 specify access by radio frequency. Such cards are also known as contactless cards. -,-,- INTERNATIONAL STANDARD ISO/IEC 7816-9:2004(E) ISO/IEC 2004 All rights reserved 1 Identification cards Integrated circuit cards Par
25、t 9: Commands for card management 1 Scope This document specifies interindustry commands for card and file management. These commands cover the entire life cycle of the card and therefore some commands may be used before the card has been issued to the cardholder or after the card has expired. It do
26、es not cover the internal implementation within the card and/or the outside world. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the
27、 referenced document (including any amendments) applies. ISO/IEC 7816-4:1), Identification cards Integrated circuit cards Organization, security and commands for interchange 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 secure messaging set
28、 of means for cryptographic protection of parts of command-response pairs ISO/IEC 7816-4 4 Abbreviations and notation For the purposes of this document, the following abbreviations apply. APDU application protocol data unit FCP file control parameters LCS life cycle status 1) To be published. -,-,-
29、ISO/IEC 7816-9:2004(E) 2 ISO/IEC 2004 All rights reserved 5 Life cycle A life cycle status may be associated with any object in the card and with the card itself. The card shall use the life cycle status in combination with additional security attributes, to determine whether an operation on an obje
30、ct is in accordance with a security policy. The life cycle status reflects the use of objects according to the following rules. If an object is in creation state, then no security attribute for that object shall apply. If an object is in initialisation state, then any security attribute specific to
31、this state may apply. If an object is in operational state, then every associated security attribute shall apply. If an object is in termination state, then the value of the object shall not be modified but the object may be used as specified by its associated security attributes, e.g., it may be de
32、leted. Transitions between primary life cycle states are irreversible and occur only from creation to termination. In addition, the application may define secondary life cycle states: each primary state may have reversible secondary states. Changes are controlled by the card and may be performed in
33、a pre-defined order, reflecting reversible or irreversible changes in states. The following commands for card and file management may be used for initiating a life cycle state transition. CREATE FILE ACTIVATE FILE TERMINATE EF DELETE FILE DEACTIVATE FILE TERMINATE DF TERMINATE CARD USAGE Commands ma
34、y set the value of the life cycle status when they execute. However the card shall maintain the integrity of this value in accordance with this document. 5.1 File life cycle Figure 1 is a conceptual representation of the file life cycle states and the commands that invoke a transition upon successfu
35、l completion. It does not show the conditions of execution of those commands (see ISO/IEC 7816-4). File not existing Create file LCS=01 Operational state (active) Termination state Operational state (deactivated) Card termination state Terminate EF Terminate DF Terminate DF Terminate card usage File
36、 not existing Delete file (DF, EF) Delete file (DF/EF) Deactivate file Activate file Creation state Activate file Create file LCS=04 or 05 Terminate EF Delete file (DF/EF) Initialisation state Proprietary Create file LCS=03 Activate file Figure 1 Diagram for file life cycle ISO/IEC 7816-9:2004(E) IS
37、O/IEC 2004 All rights reserved 3 6 Commands for card management It shall not be mandatory for all cards complying with this document to support all those commands or all the options of a supported command. The commands can be performed only if the security status satisfies the security attributes fo
38、r the command. For these commands, bits 4 and 3 have no meaning and shall be ignored. For each command, a non-exhaustive list of status conditions is provided, (see also ISO/IEC 7816-4). 6.1 CREATE FILE command The CREATE FILE command initiates the creation of a file (DF or EF) placed immediately un
39、der the current DF. The command may allocate memory to the file it creates. The created file shall be set as the current file, unless otherwise specified. When more than one EF with a given short EF identifier exists in the same DF, the behaviour of the card is not defined in this document. The comm
40、and can be performed only if the security status satisfies the security attributes for the current DF. The file descriptor byte is mandatory. It indicates whether a DF or an EF is to be created. If a DF is created, then a DF name and / or a file identifier shall be specified. If an EF is created, th
41、en a file identifier and / or a short EF identifier shall be specified. Table 1 CREATE FILE command-response pair CLA As defined in ISO/IEC 7816-4 INS E0 P1-P2 0000 File identifier and file parameters encoded in the command data field P1 not equal to 00: File descriptor byte P2 Short EF identifier o
42、n bits 8 to 4; bits 3 to 1 proprietary Lc field Absent for encoding Nc = 0, present for encoding Nc 0 Data field FCP template (tag 62) and possible further templates or absent Le field Absent for encoding Ne = 0 Data field Absent SW1-SW2 See ISO/IEC 7816-4, Tables 5 and 6 where relevant, e.g. 6982,
43、6A84, 6A89, 6A8A NOTE If number Nc is zero, then the created file has default file control parameters. 6.2 DELETE FILE command The DELETE FILE command initiates the deletion of a referenced EF immediately under the current DF, or of a DF with its complete sub-tree. After successful completion of thi
44、s command, the deleted file can no longer be selected. The current file after deletion of an EF is the current DF. The current DF after deletion of a DF is the parent DF, if not otherwise defined. The resources held by the file shall be released and the memory used by this file shall be set to the l
45、ogical erased state. The deletion of the file may additionally depend on the file life status. The MF shall not be deleted. -,-,- ISO/IEC 7816-9:2004(E) 4 ISO/IEC 2004 All rights reserved If P1-P2 = 0000 and the command data field is absent, then the command applies to a file that has been selected
46、by the command executed directly before. Furthermore, if the selected file is selected on another logical channel the execution of the command is aborted and an appropriate error is returned in the response. Other meanings of P1-P2, including the rules defining the uniqueness of file identifiers, ar
47、e defined in the SELECT command. Table 2 DELETE FILE command-response pair CLA As defined in ISO/IEC 7816-4 INS E4 P1-P2 0000 Deletes current file Other values: as defined for the SELECT command (see ISO/IEC 7816-4) Lc field Absent for encoding Nc = 0, present for encoding Nc 0 Data field As defined
48、 for the SELECT command (see ISO/IEC 7816-4) Le field Absent for encoding Ne = 0 Data field Absent SW1-SW2 See ISO/IEC 7816-4, Tables 5 and 6 where relevant, e.g. 6982, 6985 6.3 DEACTIVATE FILE command The DEACTIVATE FILE command initiates a reversible deactivation of a file. After a successful completion of the command, in addition to the SELECT command, only the ACTIVATE FILE, DELETE FILE, TERMINATE EF and, in the case of a DF, TERMINATE DF commands shall be allowed. When applied to a deactivated file, the SELECT command will select the