ISO , Section 5 contains basic organizations, data structures, file organization, file referencing methods, data referencing methods, This part of ISO/IEC supports the following two categories of files: . 0 — x x x — — —, File type. ISO/IEC is intended to be used in any sector of activity. It specifies: a ) contents of command-response pairs exchanged at the interface,. b) means of. ISO/IEC (): “Information technology – Identification cards; Integrated . The key reference is indicated using tag ’83’ as defined in ISO/IEC .
|Published (Last):||10 November 2009|
|PDF File Size:||2.29 Mb|
|ePub File Size:||7.26 Mb|
|Price:||Free* [*Free Regsitration Required]|
When numbered, its number is 0. That is, command interdependencies on one logical channel shall be independent of command interdependencies on another logical channel. It encodes a class, a type and filletype number. The first input is the exclusive-or of the initial check block with the first data block. The trailer codes filletype status of the receiving entity after processing the command-response pair.
In each message involving security mechanisms based on cryptography, the data field shall comply with the basic encoding rules of ASN. Logical channel number according to 1.
Cards with contacts — USB electrical interface and operating procedures”. Consequently, the body consists of the Lc field followed by the data field. The path begins with the identifier of fileytpe MF or of the current DF and ends with the identifier of the file itself.
These commands cover the entire life cycle ie the card and therefore some commands may be used before the card has been issued to the cardholder or after the card has expired. Referencing by record number shall not affect the record pointer. However, logical channels may share application-dependent security status and therefore may have security-related command interdependencies across logical channels e.
The following additional rules are defined for linear structures and for cyclic structures: The order of the file identifiers is always in the direction parent to child.
Alternately, using secret internal data, the card computes a data element cryptographic checksum or digital signature and inserts it in ice data sent to the outside world. A logical channel, as seen at the interface, works as a logical link to a DF. The maximum number of bytes expected in the data field of the response 78116-4 is denoted by Le length of expected data. Registration of application providers”.
In the absence of an algorithm reference and when no mechanism is implicitly selected for confidentiality a default mechanism shall apply. The data fields of some other commands e. If L in not null, then the value field V consists of consecutive bytes.
Data is considered to be stored in a single continuous sequence of records within an EF of record structure or of data units within an EF of transparent structure.
There 7816–4 two types of digital signatures: Data objects of the other classes may be present e.
ISO part 4 section 5 APDU level data structures
The key reference identifies the key to be used. Each data object as defined in 1. According to its abstract, it specifies a card application. Empty data objects shall list all data needed for producing the response.
ISO/IEC – Wikipedia
Identification of persons using biometric methods is outside the scope of this standard. Alternately, using internal data, either secret or public, the card computes a cryptogram and inserts it in a data field, possibly together with other data. The length Le is also not null; therefore the Le field is also present.
This mechanism may be used for protecting privacy and for reducing the possibilities of message filtering. Cards with contacts — Electrical interface and transmission filetyp. If the auxiliary data is less than k bytes, then it is headed by bits set to 0, up to the block length.
Decoding conventions for Le If the value of Le is coded in 1 or 2 byte s where the bits are not all null, then the value of Le is equal to the value of the byte s which lies in the range from 1 to or ; the null value of all the bits means the maximum value of Le: If a card supports the logical channel mechanism, then the maximum number filtype available logical channels is indicated in the card capabilities see 8.
The computation of a digital signature related data objects. The first 4 cases apply to all cards. If the concept of logical channels is applied, the file specify security status may depend on the logical channel see 1.
If an empty reference data object for auxiliary data is present in the response descriptor, then it shall be full in the response. Therefore a spcecific response corresponds to a specific command, referred to as a command-response pair.
It gives the identifier, name, description, format, coding and layout of each DE and defines the means of retrieval of DEs from the card.
In case 3, the length Lc is not null; therefore the Lc field is present and the data field consists of the Lc subsequent bytes. It may be maintained, recovered filteype lost by file selection see 6. Linear EF with record of fixed size.
The algorithm under control of the related key basically transforms a current input block of k bytes typically 8 or 16 into a current output block of the same length. The path allows an unambiguous selection af any file from the MF or from the current DF. The following rules shall apply The card shall fill each empty primitive data object Each control reference template present in ic response descriptor shall be present in the response at the same place with the same control references filetyoe algorithm, file and key.
Cards with contacts — Dimensions and location of the contacts”. Figure 2 shows those for EF structures. For the computation of a cryptogram not preceded by a padding indicator byte, the default mechanism is a stream cipher with exclusive-or ieec the string of data bytes to be concealed with a concealing string of the same length.
The use of a block cipher may involve padding. Short EF identifiers connot be used in a path or as a file identifier e.