CARDWERK Smart Card Consulting, integration, software development, smart card solutions including loyalty, retail, logical access control, physical access control, biometrics, fingerprint scanners and more CardWerk Smart Card consultants and smart card software developers assist you with systems analysis, customization and integration in areas of IT security, logical access control, loyalty, retail and biometric applications. CardWerk Smart Card consultants and smart card software developers assist you with systems analysis, customization and integration in areas of IT security, logical access control, loyalty, retail and biometric applications. smart card printers and encoders for badges, ID cards, loyalty and membership cards Smart Card Reader: ISO7816 and EMV smart card readers, chipcard readers, smartcard programmers, smart card encoders, biometric common access cards, CAC, fingerprint scanners More about smart card, biometric and cryptographic industry standards including ISO7816, ISO14443, PKCS11, CAPI, BioAPI. Consulting Services: smart card consultant, customization, smartcard system selection Smart card solutions for logical access control, physical access control, smart card Windows logon and biometric smart card readers with BioAPI. smart card, ISO7816 standards, smartcard overview, access control, two factor authentication Smart Card Consultancy Contact, contact a smart card software developer smart card search and site map: find smart card and biometric information on CardWerk site using sitemap or interactive smart search tool
ISO 7816-4: Interindustry Commands for Interchange
Section 6: Basic Interindustry Commands

ISO 7816 [part 1] [part 2] [part 3] [part4] [section..1 2 3 4 5 6 7 8 9 annex.. A B C D E F]

6. Basic Interindustry Commands

6.1 READ BINARY command
6.2 WRITE BINARY command
6.3 UPDATE BINARY command
6.4 ERASE BINARY command
6.5 READ RECORD(S) command
6.6 WRITE RECORD command
6.7 APPEND RECORD command
6.8 UPDATE RECORD command
6.9 GET DATA command
6.10 PUT DATA command
6.11 SELECT FILE command
6.12 VERIFY command
6.13 INTERNAL AUTHENTICATE command
6.14 EXTERNAL AUTHENTICATE command
6.15 GET CHALLENGE command
6.16 MANAGE CHANNEL command

It shall not be mandatory for all cards complying to this part of ISO/IEC 7816 to support all the described commands or all the options of a supported command.

When international interchange is required, a set of card system services and related commands is defined in clause 9.

Table 11 provides a summary of the commands defined in this part of ISO/IEC 7816.

The impact of secure messaging (see 5.6) on the message structure is not described in this clause.

The list of error and warning conditions give in each clause 6.X.5 is not exhaustive (see 5.4.5).

6.1 READ BINARY

6.1.1 Definition and scope
6.1.2 Conditional usage and security
6.1.3 Command message
6.1.4 Response message (nominal case)
6.1.5 Status conditions

6.1.1 Definition and scope

The Read Binary response message gives (part of) the content of an EF with transparent structure.

6.1.2 Conditional usage and security

When the command contains a valid short EF identifier, it sets the file as current EF. The command is processed on the currently selected EF.

The command can be performed only if the security status satisfies the security attributes defined for this EF for the read function.

The command shall be aborted if it is applied to an EF without transparent structure.

6.1.3 Command message

Table 27 - READ BINARY command APDU
CLA As defined in 5.4.1
INS 'B0'
P1-P2 See text below
Lc field Empty
Data field Empty
Le field Number of bytes to be read

If bit8=1 in P1, then bit7-6 are set to 0. bit3-1 of P1 are a short EF (Elementary File) identifier and P2 is the offset of the first byte to be read in date units from the beginning of the file.

If bit8=0 in P1, then P1||P2 is the offset of the first byte to be read in data units from the beginning of the file.

6.1.4 Response message (nominal size)

If the Le field contains only zeroes, then within the limit of 256 for short length or 65536 for extended length, all the bytes until the end of the file should be read.

Table 28 - READ BINARY response APDU
Data field Data read (Le bytes)
SW1-SW2 Status bytes

6.1.5 Status conditions

The following specific warning conditions may occur.

    SW1='62' with SW2=
  • '81': Part of returned data may be corrupted
  • '82': End of file reached befeore reading Le bytes
The following specific error conditions may occur.
    SW1='67' with SW2=
  • '00': Wrong length (wrong Le field)
    SW1='69' with SW2=
  • '81': Command incompatible with file structure
  • '82': Security status not satisfied
  • '86': Command not allowed (no current EF)
    SW1='6A' with SW2=
  • '81': Function not supported
  • '82': File not found
    SW1='6B' with SW2=
  • '00': Wrong parameters (offset outside the EF)
    SW1='6C' with SW2=
  • 'XX': Wrong length (wrong Le field: 'XX' indicates the exact length).

6.2 WRITE BINARY command

6.2.1 Definition and scope
6.2.2 Conditional usage and security
6.2.3 Command message
6.2.4 Response message (nominal case)
6.2.5 Status conditions

6.2.1 Definition and scope

The WRITE BINARY command message initiates the writing of binary values into an EF.

Depending upon the file attributes, the command shall perform one of the following operations :

  • the logical OR of the bits already present in the card with the bits given in the Command APDU (logical erased state of the bits of the file is 0),
  • the logical AND of the bits already present in the card with the bits given in the command APDU (logical erased state of the bits of the file is 1),
  • the one-time write in the card of the bits given in the Command APDU.

When no indication is given in the data coding byte, the logical OR behavior shall apply.

6.2.2 Conditional usage and security

When the command contains a valid short EF identifier, it sets the file as current EF.

The command is processed on the currently selected EF. The command can be performed only if the security status satisfies the security attributes for the write functions.

Once a WRITE BINARY has been applied to a data unit of a one-time write EF, any further write operation referring to this data unit will be aborted if the content of the data unit or the logical erased state indicator (if any) attached to this data unit is different from the logical erased state.

The command shall be aborted if is is applied to an EF without transparent structure.

6.2.3 Command message

Table 29 - WRITE BINARY command APDU
CLA As defined in 5.4.1
INS 'D0'
P1-P2 See text below
Lc field Length of the subsequent data field
Data field String of data units to be written
Le field Empty

If b8=1 in P1, then bit7-6 are set to 0 (RFU bits). bit5-1 of P1 are a short EF identifier and P2 is the offset of the first byte to be written in data units from the beginning of the file.

If b8=0 in P1, then P1||P2 is the offset of the first byte to be written in data units from the beginning of the file.

6.2.4 Response message (nominal case)

Table 30 - WRITE BINARY response APDU
Data field Empty
SW1-SW2 Status bytes

6.2.5 Status conditions

The following specific warning conditions may occur.

    SW1='62' with SW2=
  • 'CX': Counter (successful writing, but after using an internal retry routine. 'X'!='0' indicates the number of retries: 'X'='0' means that no counter is provided).
The following specific error conditions may occur.
    SW1='65' with SW2=
  • '81': Memory failure (unsuccessful writing).
    SW1='67' with SW2=
  • '00': Wrong length (wrong Le field)
    SW1='69' with SW2=
  • '81': Command incompatible with file structure
  • '82': Security status not satisfied
  • '86': Command not allowed (no current EF)
    SW1='6A' with SW2=
  • '81': Function not supported
  • '82': File not found
    SW1='6B' with SW2=
  • '00': Wrong parameters (offset outside the EF)

6.3 UPDATE BINARY command

6.3.1 Definition and scope
6.3.2 Conditional usage and security
6.3.3 Command message
6.3.4 Response message (nominal case)
6.3.5 Status conditions

6.3.1 Definition and scope

The UPDATE BINARY command message initiates the update of the bits already present in an EF with the bits given in the command APDU.

6.3.2 Conditional usage and security

When the command contains a valid short EF identifier, it sets the file as current EF.

The command is processed on the currently selected EF. The command can be performed only if the security status satisfies the security attributes for the update function.

The command shall be aborted if it is applied to an EF without transparent structure.

6.3.3 Command message

Table 31 - UPDATE BINARY command APDU
CLA As defined in 5.4.1
INS 'D6'
P1-P2 See text below
Lc field Length of the subsequent data field
Data field String of data units to be updated
Le field Empty

If b8=1 in P1, then b6-5 are set to 0 (RFU bits). bit5-1 of P1 are a short EF identifier and P2 is the offset of the first byte to be updated in data units from the beginning of the file.

If b7=1 in P1, then P1||P2 is the offset of the first byte to be written in data units from the beginning of the file.

6.3.4 Response message (nominal case)

Table 32 - UPDATE BINARY response APDU
Data field Empty
SW1-SW2 Status bytes

6.3.5 Status conditions

The following specific warning conditions may occur.

    SW1='62' with SW2=
  • 'CX': Counter (successful writing, but after using an internal retry routine. 'X'!='0' indicates the number of retries: 'X'='0' means that no counter is provided).
The following specific error conditions may occur.
    SW1='65' with SW2=
  • '81': Memory failure (unsuccessful writing).
    SW1='67' with SW2=
  • '00': Wrong length (wrong Le field)
    SW1='69' with SW2=
  • '81': Command incompatible with file structure
  • '82': Security status not satisfied
  • '86': Command not allowed (no current EF)
    SW1='6A' with SW2=
  • '81': Function not supported
  • '82': File not found
    SW1='6B' with SW2=
  • '00': Wrong parameters (offset outside the EF)

6.4 ERASE BINARY command

6.4.1 Definition and scope
6.4.2 Conditional usage and security
6.4.3 Command message
6.4.4 Response message (nominal case)
6.4.5 Status conditions

6.4.1 Definition and scope

The ERASE BINARY command message sets (part of) the content of an EF to its logical erased state, sequentially starting from a given offset.

6.4.2 Conditional usage and security

When the command contains a valid short EF identifier, it sets the file as current EF.

The command is processed on the currently selected EF. The command can be performed only if the security status satisfies the security attributes for the erase function.

The command shall be aborted if it is applied to an EF without transparent structure.

6.4.3 Command message

Table 33 - ERASE BINARY command APDU
CLA As defined in 5.4.1
INS '0E'
P1-P2 See text below
Lc field Empty or '02'
Data field See text below
Le field Empty

If b8=1 in P1, then b7-6 are set to 0 (RFU bits). bit5-1 are a short EF identifier and P2 is the offset of the first byte to be updated in data units from the beginning of the file.

If b8=0 in P1, then P1||P2 is the offset of the first byte to be written in data units from the beginning of the file.

6.4.4 Response message (nominal case)

Table 34 - ERASE BINARY response APDU
Data field Empty
SW1-SW2 Status bytes

6.4.5 Status conditions

The following specific warning conditions may occur.

    SW1='62' with SW2=
  • 'CX': Counter (successful writing, but after using an internal retry routine. 'X'!='0' indicates the number of retries: 'X'='0' means that no counter is provided).
The following specific error conditions may occur.
    SW1='65' with SW2=
  • '81': Memory failure (unsuccessful writing).
    SW1='67' with SW2=
  • '00': Wrong length (wrong Le field)
    SW1='69' with SW2=
  • '81': Command incompatible with file structure
  • '82': Security status not satisfied
  • '86': Command not allowed (no current EF)
    SW1='6A' with SW2=
  • '81': Function not supported
  • '82': File not found
    SW1='6B' with SW2=
  • '00': Wrong parameters (offset outside the EF)

6.5 READ RECORD(S) command

6.5.1 Definition and scope
6.5.2 Conditional usage and security
6.5.3 Command message
6.5.4 Response message (nominal case)
6.5.5 Status conditions

6.5.1 Definition and scope

The READ RECORD(S) response message gives the contents of the specified record(s) (or the beginning part of one record) of an EF.

6.5.2 Conditional usage and security

The command can be performed only if the security status satisfies the security attributes for this EF for the read function.

If an EF is currently selected at the time of issuing the command, then this command may be processed without identification of this file.

When the command contains a valid short EF identifier, it sets the file as current EF and resets the current record pointer.

The command shall be aborted if applied to an EF without record structure.

6.5.3 Command message

Table 35 - READ RECORD(S) command APDU
CLA As defined in 5.4.1
INS 'B2'
P1 Record number or record identifier of the first record to be read ('00' indicates the current record)
P2 Reference control, according to table 36
Lc field Empty
Data field Empty
Le field Number of bytes to be read

Table 36 - Coding of the reference control P2
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 0 0 0 0 -- -- -- Currently selected EF
x x x x x -- -- -- Short EF identifier
1 1 1 1 1 -- -- -- RFU
-- -- -- -- -- 1 x x Usage of record number in P1
-- -- -- -- -- 1 0 0 - Read record P1
-- -- -- -- -- 1 0 1 - Read all records from P1 up to the last
-- -- -- -- -- 1 1 0 - Read all records from the last up to P1
-- -- -- -- -- 1 1 1 RFU
-- -- -- -- -- 0 x x Usage of record identifier in P1
-- -- -- -- -- 0 0 0 - Read first occurence
-- -- -- -- -- 0 0 1 - Read last occurrence
-- -- -- -- -- 0 1 0 - Read next occurrence
-- -- -- -- -- 0 1 1 - Read previous occurrence

6.5.4 Response message (nominal case)

If the Le field contains only zeros, then depending on bit3-1 of P2 and within the limit of 256 for short length or 65536 for extended length, the command should read completely

  • either the single requested record,
  • or the requested sequence of records.

Table 37 - READ RECORD(S) response APDU
Data field Lr (may be equal to Le) bytes, see table 38
SW1-SW2 Status bytes

When the record are SIMPLE-TLV data objects (see 5.4.4), tables 38-1 and 38-2 illustrate the format of the data field of the response message.

Table 38-1 - Data field of the response when reading for one record
Case A - Partial read of one record
Tn (1 byte) Ln (1 or 3 byte) First data bytes of the record
This case applies when the Le field does not contain only zeroes.

Case B - Complete read of one record
Tn (1 byte) Ln (1 or 3 bytes) Whole data bytes of the record Ln bytes
This case applies when the Le field contains only zeroes.

Table 38-2 - Data field of the response when reading for several records
Case C - Partial read of a record sequence
Record #n Tn||Ln||Vn ... First bytes of record #n+m Tn+m||Ln+m||Vn+m
This case applies when the Le field does not contain only zeroes.

Case D - Read multiple records up to the file end
Record #n Tn||Ln||Vn ... Record #n+m Tn+m||Ln+m||Vn+m
This case applies when the Le field contains only zeroes.

The comparision of the length of the data field with its TLV structure gives the nature of the data: the unique record (read one record) or the last record (read all records) is incomplete, complete or padded.

NOTE - If TLV coding is not used, then the read-all-records function results in receiving serverl records without standard delimitation of the records.

6.5.5 Status conditions

The following specific warning conditions may occur.

    SW1='62' with SW2=
  • '81': Part of the returned data may be corrupted.
  • '82': End of record reached before Le bytes.
The following specific error conditions may occur.
    SW1='67' with SW2=
  • '00': Wrong length (wrong Le field)
    SW1='69' with SW2=
  • '81': Command incompatible with file structure
  • '82': Security status not satisfied
    SW1='6A' with SW2=
  • '81': Function not supported
  • '82': File not found
  • '83': Record not found
    SW1='6C' with SW2=
  • 'XX': Wrong length (wrong Le field: 'XX' indicates the exact length)

6.6 WRITE RECORD command

6.6.1 Definition and scope
6.6.2 Conditional usage and security
6.6.3 Command message
6.6.4 Response message (nominal case)
6.6.5 Status conditions

6.5.1 Definition and scope

The WRITE RECORD command message initiates one of the following operations :

  • the write once of a record,
  • the logical OR of the data bytes of a record already present in the card with the data bytes of the record given in the command APDU.
  • the logical AND of the data bytes of a record already present in the card with the data bytes of the record given in the APDU.

When no indication is given in the data coding byte, the logical OR operation shall apply.

When using current record addressing the command shall set the record pointer on the successfully written record.

6.6.2 Conditional usage and security

The command can be performed only if the security status satisfies the security attributes for this EF for the write functions.

If an EF is currently selected at the time of issuing the command, then this command may be processed without identification of this file.

When the command contains a valid short EF identifier, it sets the file as current EF and resets the current record pointer.

The command shall be aborted if applied to an EF without record structure.

The previous option of the command (P2=xxxxx011) applied to a cyclic file, has the same behavior as APPEND RECORD.

6.6.3 Command message

Table 39 - WRITE RECORD command APDU
CLA As defined in 5.4.1
INS 'D2'
P1 P1='00' designates the current record
P1!='00' is the number of the specified record
P2 According to table 40
Lc field Length of the subsequent data field
Data field Record to be written
Le field Empty

Table 40 - Coding of the reference control P2
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 0 0 0 0 -- -- -- Currently selected EF
x x x x x -- -- -- Short EF identifier
1 1 1 1 1 -- -- -- RFU
-- -- -- -- -- 0 0 0 First record
-- -- -- -- -- 0 0 1 Last record
-- -- -- -- -- 0 1 0 Next record
-- -- -- -- -- 0 1 1 Previous record
-- -- -- -- -- 1 0 0 Record number given in P1
Any other value RFU
When the records are SIMPLE-TLV data objects (see 5.4.4), table 41 illustrates the format of the data field of the command message.

Table 41 - Data field of the command
Complete write of one record
Tn (1 byte) Ln (1 or 3 bytes) Whole data bytes of the record (Ln bytes)

6.6.4 Response message (nominal case)

Table 42 - WRITE RECORD response APDU
Data field Empty
SW1-SW2 Status bytes

6.6.5 Status conditions

The following specific warning conditions may occur.

    SW1='62' with SW2=
  • 'CX': Counter (successful writing, but after using an internal retry routine. 'X'!='0' indicates the number of retries: 'X'='0' means that no counter is provided).
The following specific error conditions may occur.
    SW1='65' with SW2=
  • '81': Memory failure (unsuccessful writing).
    SW1='67' with SW2=
  • '00': Wrong length (wrong Le field)
    SW1='69' with SW2=
  • '81': Command incompatible with file structure
  • '82': Security status not satisfied
  • '86': Command not allowed (no current EF)
    SW1='6A' with SW2=
  • '81': Function not supported
  • '82': File not found
  • '83': Record not found
  • '84': Not enough memory space in the file
  • '85': Lc inconsistent with TLV structure.

6.7 APPEND RECORD

6.7.1 Definition and scope
6.7.2 Conditional usage and security
6.7.3 Command message
6.7.4 Response message (nominal case)
6.7.5 Status conditions

6.7.1 Definition and scope

The APPEND RECORD command message initiates either the appending of a record at the end of an EF of linear structure or the writing of record number 1 in an EF of cyclic structure.

The command shall set the record pointer on the successfully appended record.

6.7.2 Conditional usage and security

The command can be performed only if the security status satisfies the security attributes for this EF for the append function.

If an EF is currently selected at the time of issuing the command, then this command may be processed without identification of this file.

When the command contains a valid short EF identifier, it sets the file as current EF and resets the current record pointer.

The command shall be aborted if applied to an EF without record structure.

NOTE - If this command is applied to an EF of cyclic structure full of records, then the record with the highest record number is replaced. This record becomes record number 1.

6.7.3 Command message

Table 43 - APPEND RECORD command APDU
CLA As defined in 5.4.1
INS 'E2'
P1 Only P1='00' is valid
P2 According to table 44
Lc field Length of the subsequent data field
Data field Record to be appended
Le field Empty

Table 44 - Coding of the reference control P2
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 0 0 0 0 0 0 0 Currently selected EF
x x x x x 0 0 0 Short EF identifier
1 1 1 1 1 0 0 0 RFU
Any other value RFU
When the records are SIMPLE-TLV data objects (see 5.4.4), table 45 illustrates the format of the data field of the command message.

Table 45 - Data field of the command
Complete append of one record
Tn (1 byte) Ln (1 or 3 bytes) Whole data bytes of the record (Ln bytes)

6.7.4 Response message (nominal case)

Table 46 - APPEND RECORD response APDU
Data field Empty
SW1-SW2 Status bytes

6.7.5 Status conditions

The following specific warning conditions may occur.

    SW1='62' with SW2=
  • 'CX': Counter (successful writing, but after using an internal retry routine. 'X'!='0' indicates the number of retries: 'X'='0' means that no counter is provided).
The following specific error conditions may occur.
    SW1='65' with SW2=
  • '81': Memory failure (unsuccessful writing).
    SW1='67' with SW2=
  • '00': Wrong length (wrong Le field)
    SW1='69' with SW2=
  • '81': Command incompatible with file structure
  • '82': Security status not satisfied
  • '86': Command not allowed (no current EF)
    SW1='6A' with SW2=
  • '81': Function not supported
  • '82': File not found
  • '84': Not enough memory space in the file
  • '85': Lc inconsistent with TLV structure.

6.8 UPDATE RECORD command

6.8.1 Definition and scope
6.8.2 Conditional usage and security
6.8.3 Command message
6.8.4 Response message (nominal case)
6.8.5 Status conditions

6.8.1 Definition and scope

The UPDATE RECORD command message initiates the updating of a specific record with the bits given in the command APDU.

When using current record addressing, the command shall set the record pointer on the successfully updated record.

6.8.2 Conditional usage and security

The command can be performed only if the security status satisfies the security attributes for this EF for the update function.

If an EF is currently selected at the time of issuing the command, then this command may be processed without identification of this file.

When the command contains a valid short EF identifier, it sets the file as current EF and resets the current record pointer.

The command shall be aborted if applied to an EF without record structure.

When the command applies to an EF with linear fixed or cyclic structure, the it shall be aborted if the record length is different form the length of the existing record.

When the command applies to an EF with linear variable structure, then it may be carried out when the record length is different from the length of the existing record.

The previous option of the command (P2=0x03), applied to a cyclic file, has the same behaviour as APPEND RECORD.

6.8.3 Command message

Table 47 - UPDATE RECORD command APDU
CLA As defined in 5.4.1
INS 'DC'
P1 P1='00' designates the current record
P1!='00' is the number of the specified record
P2 According to table 48
Lc field Length of the subsequent data field
Data field Record to be updated
Le field Empty

Table 48 - Coding of the reference control P2
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 0 0 0 0 -- -- -- Currently selected EF
x x x x x -- -- -- Short EF identifier
1 1 1 1 1 -- -- -- RFU
-- -- -- -- -- 0 0 0 First record
-- -- -- -- -- 0 0 1 Last record
-- -- -- -- -- 0 1 0 Next record
-- -- -- -- -- 0 1 1 Previous record
-- -- -- -- -- 1 0 0 Record number given in P1
Any other value RFU
When the records are SIMPLE-TLV data objects (see 5.4.4), table 49 illustrates the format of the data field of the command message.

Table 49 - Data field of the command
Complete update of one record
Tn (1 byte) Ln (1 or 3 bytes) Whole data bytes of the record (Ln bytes)

6.8.4 Response message (nominal case)

Table 50 - UPDATE RECORD response APDU
Data field Empty
SW1-SW2 Status bytes

6.8.5 Status conditions

The following specific warning conditions may occur.

    SW1='62' with SW2=
  • 'CX': Counter (successful writing, but after using an internal retry routine. 'X'!='0' indicates the number of retries: 'X'='0' means that no counter is provided).
The following specific error conditions may occur.
    SW1='65' with SW2=
  • '81': Memory failure (unsuccessful writing).
    SW1='67' with SW2=
  • '00': Wrong length (wrong Le field)
    SW1='69' with SW2=
  • '81': Command incompatible with file structure
  • '82': Security status not satisfied
  • '86': Command not allowed (no current EF)
    SW1='6A' with SW2=
  • '81': Function not supported
  • '82': File not found
  • '83': Fecord not found
  • '84': Not enough memory space in the file
  • '85': Lc inconsistent with TLV structure.

6.9 GET DATA command

The GET DATA command is used for the retrieval of one primitive data object, or the retrieval of one or more data objects contained in a constructed data object, within the current context (e.g. application-specific environment or current DF).

6.9.1 Definition and scope
6.9.2 Conditional usage and security
6.9.3 Command message
6.9.4 Response message (nominal case)
6.9.5 Status conditions

6.9.1 Definition and scope

The GET DATA command is used to retrieve one or more data objects within the current context (e.g. application specific environment)

6.9.2 Conditional usage and security

The GET DATA command can be performed only if the security status satisfies the security conditions defined by the application within the context for the function.

6.9.3 Command message

The command can be performed only if the security status satisfies the security conditions defined by the application within the context for the function.

Table 51 - GET DATA command APDU
CLA As defined in 5.4.1
INS 'CA'
P1-P2 See table 52
Lc field Empty
Data field Empty
Le field Number of bytes expected in response

Table 52 - Coding of the reference control P1-P2
Value Meaning
'0000'-'003F' RFU
'0040'-'00FF' BER-TLV tag (1 byte) in P2
'0100'-'01FF' Application data (proprietary coding)
'0200'-'02FF' SIMPLE-TLV tag in P2
'0300'-'3FFF' RFU
'4000'-'FFFF' BER-TLV tag (2 bytes) in P1-P2

Get application data

  • When the value of P1-P2 lies in the range from '0100' to '01FF', the value of P1-P2 shall be an identifier reserved for card internal tests and for proprietary services meaningful within a given application context.
Get data objects

  • When the value of P1-P2 lies in the range from '0040' to '00FF', the value of P2 shall be a BER-TLV tag on a single byte. The value '00FF' is reserved for obtaining all the common BER-TLV data objects readable in the context.
  • When the value of P1-P2 lies in the range from '0200' to '02FF', the value of P2 shall be a SIMPLE-TLV tag. The value '0200' is RFU. The value '02FF' is reserved for obtaining all the common SIMPLE-TLV data objects readable in the context.
  • When the value of P1-P2 lies in the range from '4000' to 'FFFF', the value of P1-P2 shall be a BER-TLV tag on two bytes. The values '4000' and 'FFFF' are RFU.

When a primitive data object is requested, the data field of the response message shall contain the value of the corresponding primitive data object.

When a constructed data object is requested, the data field of the response message shall contain the value of the constructed data object, i.e. data objects including their tag, length and value.

6.9.4 Response message (nominal case)

Table 53 - GET DATA response APDU
Data field Lr (may be equal to Le) bytes
SW1-SW2 Status bytes

6.9.5 Status conditions

The following specific warning conditions may occur.

    SW1='62' with SW2=
  • '81': Part of returned data may be corrupted
The following specific error conditions may occur.
    SW1='67' with SW2=
  • '00': Wrong length (wrong Le field)
    SW1='69' with SW2=
  • '82': Security status not satisfied
  • '85': Conditions of use not satisfied
    SW1='6A' with SW2=
  • '81': Function not supported
  • '88': Referenced data (data objects) not found
    SW1='6C' with SW2=
  • 'XX': Wrong length (wrong Le field: 'XX' indicates the exact length)

6.10 PUT DATA command

6.10.1 Definition and scope
6.10.2 Conditional usage and security
6.10.3 Command message
6.10.4 Response message (nominal case)
6.10.5 Status conditions

6.10.1 Definition and scope

The PUT DATA command is used for storing one primitive data object or one or more data objects contained in a constructed data object within the current context (e.g. application-specific environment or current DF). The exact storing functions (writing once and/or updating and/or appending) are to be induced by the definition or the nature of the data objects.

NOTE - The command could be used for example to update data objects.

6.10.2 Conditional usage and security

The command can be performed only if the security status satisfies the security conditions defined by the application within the context for the function(s).

6.10.3 Command message

Table 54 - PUT DATA command APDU
CLA As defined in 5.4.1
INS 'DA'
P1-P2 See table 55
Lc field Length of the subsequent data field
Data field Parameters and data to be written
Le field Empty

Table 55 - Coding of the reference control P1-P2
Value Meaning
'0000'-'003F' RFU
'0040'-'00FF' BER-TLV tab (1 byte) in P2
'0100'-'01FF' Application data (proprietary coding)
'0200'-'02FF' SIMPLE-TLV tag in P2
'0300'-'3FFF' RFU
'4000'-'FFFF' BER-TLV tag (2 bytes) in P1-P2

Store application data

  • When the value of P1-P2 lies in the range from '0100' to '01FF', the value of P1-P2 shall be an identifier reserved for card internal tests and for proprietary services meaningful within a given application context.
Store data objects

  • When the value of P1-P2 lies in the range from '0040' to '00FF', the value of P2 shall be a BER-TLV tag on a single byte. The value '00FF' is reserved for obtaining all the common BER-TLV data objects.
  • When the value of P1-P2 lies in the range from '0200' to '02FF', the value of P2 shall be a SIMPLE-TLV tag. The value '0200' is RFU. The value '02FF' is reserved for indicating that the data field carries SIMPLE-TLV data objects.
  • When the value of P1-P2 lies in the range from '4000' to 'FFFF', the value of P1-P2 shall be a BER-TLV tag on two bytes. The values '4000' and 'FFFF' are RFU.

When a primitive data object is requested, the data field of the command message shall contain the value of the corresponding primitive data object.

When a constructed data object is provided, the data field of the command message shall contain the value of the constructed data object, i.e. data objects including their tag, length and value.

6.10.4 Response message (nominal case)

Table 56 - PUT DATA response APDU
Data field Empty
SW1-SW2 Status bytes

6.10.5 Status conditions

The following specific warning conditions may occur.

    SW1='63' with SW2=
  • 'CX': Counter (successful storing, but after using an internal retry routine, 'X'!='0' indicates the number of retries. 'X'='0' means that no counter is provided.
The following specific error conditions may occur.
    SW1='65' with SW2=
  • '81': Memory failure (unsuccessful string)
    SW1='67' with SW2=
  • '00': Wrong length (wrong Le field)
    SW1='69' with SW2=
  • '82': Security status not satisfied
  • '85': Conditions of use not satisfied
    SW1='6A' with SW2=
  • '80': Incorrect parameters in the data field
  • '81': Function not supported
  • '84': Not enough memory space in the file
  • '85': Lc inconsistent with TLV structure

6.11 SELECT FILE command

6.11.1 Definition and scope
6.11.2 Conditional usage and security
6.11.3 Command message
6.11.4 Response message (nominal case)
6.11.5 Status conditions

6.11.1 Definition and scope

A successful Select File sets a current file within a logical channel. Subsequent command may implicitly refer to the current file through that logical channel.

Selecting a DF (which may be the MF) sets it as current DF. After such a selection, an implicit current EF may be referred to through that logical channel.

Selecting an EF sets a pair of current files: the EF and its parent file.

After the answer to reset, the MF is implicitly selected through the basic logical channel, unless specified differently in the historical bytes or in the initial date string.

NOTE - A direct selection by DF name can be used for selecting applications registered according to part 5 of ISO 7816.

6.11.2 Conditional usage and security

The following conditions shall apply to each open logical channel.

Unless otherwise specified, the correct execution of the command modifies the security status according to the following rules :

  • When the current EF is changed, or when there is no current EF the security status if any specific to a former current EF is lost.
  • When the current DF is a descendant of or identical to the former current DF, the security status specific to the former current DF is maintained.
  • When the current DF is neither a descendant of nor identical to the former current DF the security status specific to the former current DF is lost. The security status common to all common ancestors of the previous and new current DF is maintained.

6.11.3 Command message

Table 57 - SELECT FILE command APDU
CLA As defined in 5.4.1
INS 'A4'
P1 Selection control, see table 58
P2 Selection control, see table 59
Lc field Empty or length of the subsequent data field
Data field If present according to P1-P2
  • file identifier
  • path from the MF
  • path from the current DF
  • DF name
Le field Empty or maximum length of data expected in response

Table 58 - Coding of the reference control P1
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 0 0 0 0 0 x x Selection by file identifier
0 0 0 0 0 0 0 0 - Select MF, DF or EF (data field=identifier or empty)
0 0 0 0 0 0 0 1 - Select child DF (data field=DF identifier)
0 0 0 0 0 0 1 0 - Select EF under current DF (data field=EF identifier)
0 0 0 0 0 0 1 1 - Select parent DF of the current DF (empty data field)
0 0 0 0 0 1 x x Selection by DF name
0 0 0 0 0 1 0 0 - Direct selection by DF name (data field=DF name)
0 0 0 0 1 x x x Selection by path (see 5.1.2)
0 0 0 0 1 0 0 0 - Select from MF (data field=path without the identifier of the MF)
0 0 0 0 1 0 0 1 - Select from current DF (data field=path without the identifier of the current DF)
Any other value RFU

When P1='00', the card knows either because of a specific coding of the file identifier or because of the context of execution of the command if the file to select is the MF, a DF or an EF.

When P1-P2='0000', if a file identifier is provided, then it shall be unique in the following environments :

  • the immediate children of the current DF
  • the parent DF
  • the immediate children of the parent DF

If P1-P2='0000' and if the data field is empty or equal to '3F00', then select the MF.

When P1='04', the data field is a DF name, possibly right trunctated. When supported, successive such commands with the same data field shall select DFs whose names match with the data field, i.e. start with the command data field. If the card accepts the SELECT FILE command with an empty data field, then all or a subset of the DFs can be successively selected.

NOTE - See 8.3.6 for the selection methods supported by the card.

Table 59 - Coding of the selection options P2
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 0 0 0 -- -- 0 0 First record
0 0 0 0 -- -- 0 1 Last record
0 0 0 0 -- -- 1 0 Next record
0 0 0 0 -- -- 1 1 Previous record
0 0 0 0 x x -- -- File control information option (see 5.1.5)
0 0 0 0 0 0 -- -- - Return FCI, optional template
0 0 0 0 0 1 -- -- - Return FCP template
0 0 0 0 1 0 -- -- - Return FMD template
Any other value RFU

6.11.4 Response message (nominal case)

If the Le field contains only zeroes, then within the limit of 256 for short length or 65536 for extended length, all the bytes corresponding to the selection option should be returned.

Table 60 - SELECT FILE response APDU
Data field Information according to P2 (at most Le bytes)
SW1-SW2 Status bytes

6.11.5 Status conditions

The following specific warning conditions may occur.

    SW1='62' with SW2=
  • '83': Selected file invalidated
  • '84': FCI not formatted according to 5.1.5
The following specific error conditions may occur.
    SW1='6A' with SW2=
  • '81': Function not supported
  • '82': File not found
  • '86': Incorrect parameters P1-P2
  • '87': Lc inconsistent with P1-P2

6.12 VERIFY command

6.12.1 Definition and scope
6.12.2 Conditional usage and security
6.12.3 Command message
6.12.4 Response message (nominal case)
6.12.5 Status conditions

6.12.1 Definition and scope

The VERIFY command initiates the comparison in the card of the verification data sent from the interface device with the reference data stored in the card (e.g. password).

6.12.2 Conditional usage and security

The security status may be modified as a result of a comparison. Unsuccessful comparisons may be recorded in the card (e.g. to limit the number of further attempts of the use of the reference data).

6.12.3 Command message

Table 61 - VERIFY command APDU
CLA As defined in 5.4.1
INS '20'
P1 Only P1='00' is valid (other values are RFU)
P2 Qualifier of the reference data, see table 62
Lc field Empty or length of the subsequent data field
Data field Empty or verification data
Le field Empty

Table 62 - Coding of the reference control P2
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 0 0 0 0 0 0 0 No information is given
0 -- -- -- -- -- -- -- Global reference data (e.g. card password)
1 -- -- -- -- -- -- -- Specific reference data (e.g. DF specific password)
-- -- -- x x x x x Reference data number
Any other value RFU

NOTES

  1. P2='00' is reserved to indicate that no particular qualifier is used, in those cards where the VERIFY command references the secret data unambiguously.
  2. The reference data number may be for example a password number or a short EF identifier
  3. When the body is empty, the command may be used either to retrieve the number 'X' of further allowed retries (SW1-SW2='63CX') or to check whether the verification is not required (SW1-SW2='9000').

6.12.4 Response message (nominal case)

Table 63 - VERIFY response APDU
Data field Empty
SW1-SW2 Status bytes

6.12.5 Status conditions

The following specific warning conditions may occur.

    SW1='63' with SW2=
  • '00': No information given (verification failed)
  • 'CX': Counter (verification failed: 'X' indicates the number of further allowed retries
The following specific error conditions may occur.
    SW1='69' with SW2=
  • '83': Authentication method blocked
  • '84': Referenced data invalidated
    SW1='6A' with SW2=
  • '86': Incorrect parameters P1-P2
  • '88': Referenced data not found

6.13 INTERNAL AUTHENTICATE command

6.13.1 Definition and scope
6.13.2 Conditional usage and security
6.13.3 Command message
6.13.4 Response message (nominal case)
6.13.5 Status conditions

6.13.1 Definition and scope

The INTERNAL AUTHENTICATE command initiates the computation of the authentication data by the card using the challenge data sent from the interface device and a relevant secret (e.g. a key) stored in the card.

When the relevant secret is attached to the MF, the command may be used to authenticate the card as a whole.

When the relevant secret is attached to another DF, the comand may be used to authenticate that DF.

6.13.2 Conditional usage and security

The successful execution of the command may be subject to successful completion of prior commands (e.g. Verify, Select File) or selections (e.g. the relevant secret).

If a key and an algorithm are currently selected when issuing the command then the command may implicitly use the key and the algorithm.

The number of times the command is issued may be recorded in the card to limit the number of further attempts of using the relevant secret or the algorithm.

6.13.3 Command message

Table 64 - INTERNAL AUTHENTICATE command APDU
CLA As defined in 5.4.1
INS '88'
P1 Reference of the algorithm in the card
P2 Reference of the secret, see table 65
Lc field Length of the subsequent data field
Data field Authentication related data (e.g. challenge)
Le field Maximum number of bytes expected in response

P1='00' indicates that no information is given. The reference of the algorithm is known either before issuing the command or is provided in the data field.

P2='00' indicates that no information is given. The reference of the secret is known either before issuing the command or is provided in the data field.

Table 65 - Coding of the reference control P2
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 0 0 0 0 0 0 0 No information is given
0 -- -- -- -- -- -- -- Global reference data (e.g. an MF secific key)
1 -- -- -- -- -- -- -- Specific reference data (e.g. DF specific key)
-- -- -- x x x x x Number of the secret
Any other value RFU

NOTE - The number of the secret may be for example a key number or a short EF identifier.

6.13.4 Response message (nominal case)

Table 66 - INTERNAL AUTHENTICATE response APDU
Data field Authentication related data (e.g. response to the callenge)
SW1-SW2 Status bytes

6.13.5 Status conditions

The following specific error conditions may occur.

    SW1='69' with SW2=
  • '84': Referenced data invalidated
  • '85': Conditions of use not setisfied
    SW1='6A' with SW2=
  • '86': Incorrect parameters P1-P2
  • '88': Referenced data not found

6.14 EXTERNAL AUTHENTICATE command

6.14.1 Definition and scope
6.14.2 Conditional usage and security
6.14.3 Command message
6.14.4 Response message (nominal case)
6.14.5 Status conditions

6.14.1 Definition and scope

The EXTERNAL AUTHENTICATE command conditionally updates the security status using the result (yes or no) of the computation by the card based on a challenge previously issued by the card (e.g. by a GET CHALLENGE command ) a key possibly secret stored in the card and authentication data transmitted by the interface device.

6.14.2 Conditional usage and security

The successful execution of the command requires that the last challenge obtained from the card is valid.

Unsuccessful comparisons may be recorded in the card (e.g. to limit the number of further attempts of the use of the reference data).

6.14.3 Command message

Table 67 - EXTERNAL AUTHENTICATE command APDU
CLA As defined in 5.4.1
INS 'B2'
P1 Reference of the algorithm in the card
P2 Reference of the secret, see table 68
Lc field Empty or length of the subsequent data field
Data field Empty or authentication related data (e.g. response to the challenge)
Le field Empty

P1='00' indicates that no information is given. The reference of the algorithm is known either before issuing the command or is provided in the data field.

P2='00' indicates that no information is given. The reference of the secret is known either before issuing the command or is provided in the data field.

Table 68 - Coding of the reference control P2
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 0 0 0 0 0 0 0 No information is given
0 -- -- -- -- -- -- -- Global reference data (e.g. an MF secific key)
1 -- -- -- -- -- -- -- Specific reference data (e.g. DF specific key)
-- -- -- x x x x x Number of the secret
Any other value RFU

NOTES

  1. The number of the secret may be for example a key number or a short EF identifier.
  2. When the body is empty, the command may be used either to retrieve the number 'X' of further allowed retries (SW1-SW2='63CX') or to check whether the verification is not required (SW1-SW2='9000').

6.14.4 Response message (nominal case)

Table 69 - EXTERNAL AUTHENTICATE response APDU
Data field Empty
SW1-SW2 Status bytes

6.14.5 Status conditions

The following specific warning conditions may occur.

    SW1='63' with SW2=
  • '00': No information given (authentication failed)
  • 'CX': Counter (authentication failed; 'X' indicates the number of further allowed retries)
The following specific error conditions may occur.
    SW1='67' with SW2=
  • '00': Wrong length (the Lc field is incorrect)
    SW1='69' with SW2=
  • '83': Authentication method blocked
  • '84': Referenced data invalidated
  • '85': Conditions of use not satisfied
    SW1='6A' with SW2=
  • '86': Incorrect parameters P1-P2
  • '88': Referenced data not found

6.15 GET CHALLENGE command

6.15.1 Definition and scope
6.15.2 Conditional usage and security
6.15.3 Command message
6.15.4 Response message (nominal case)
6.15.5 Status conditions

6.15.1 Definition and scope

The GET CHALLENGE command requires the issuing of a challenge (e.g. random number) for use in a security related procedure (e.g. EXTERNAL AUTHENTICATE command).

6.15.2 Conditional usage and security

The challenge is valid at least for the next command. No further condition is specified in this part of ISO/IEC 7816.

6.15.3 Command message

Table 70 - GET CHALLENGE command APDU
CLA As defined in 5.4.1
INS 'B4'
P1-P2 '0000' (other values are RFU)
Lc field Empty
Data field Empty
Le field Maximum length of the expected response

6.15.4 Response message (nominal case)

Table 71 - EXTERNAL AUTHENTICATE response APDU
Data field Challenge
SW1-SW2 Status bytes

6.15.5 Status conditions

The following specific error conditions may occur :

    SW1='6A' with SW2=
  • '81': Function not supported
  • '86': Incorrect parameters P1-P2

6.16 MANAGE CHANNEL command

6.16.1 Definition and scope
6.16.2 Conditional usage and security
6.16.3 Command message
6.16.4 Response message (nominal case)
6.16.5 Status conditions

6.16.1 Definition and scope

The MANAGE CHANNEL command opens and closes logical channels.

The open function opens a new logical channel other than the basic one. Options are provided for the card to assign a logical channel number or for the logical channel number to be supplied to the card.

The close function explicitly closes a logical channel other than the basic one. After the successful closing the logical channel shall be available for re-use.

6.16.2 Conditional usage and security

When the open function is performed from the basic logical channel then after a successful open the MF shall be implicitly selected as the current DF and the security status for the new logical channel should be the same as for the basic logical channel after ATR. The security status of the new logical channel should be separate from that of any other logical channel.

When the open function is performed from a logical channel which is not the basic one then after a successful open the current DF of the logical channel from which the command was issued shall be selected as the current DF and the security status for the new logical channel should be the same as for the logical channel from which the open function was performed.

After a successful close function the security status related to this logical channel is lost.

6.16.3 Command message

Table 72 - MANAGE CHANNEL command APDU
CLA As defined in 5.4.1
INS '70'
P1 P1='00' to open a logical channel
P1='80' to close a logical channel (other values are RFU)
P2 '00'-'03' (other values are RFU)
Lc field Empty
Data field Empty
Le field '01' if P1-P2='0000'
Empty if P1-P2!='0000'

b8 of P1 is used to indicate the open function or the close function. If b8 is 0 then MANAGE CHANNEL shall open a logical channel and if b8 is 1 then MANAGE CHANNEL shall close a logical channel.

For the open function (P1='00'), the b1 and b2 of P2 are used to code the logical channel number in the same manner as in the class byte (see 5.4.1), the other bits of P2 are RFU.

  • When b1 and b2 of P2 are null, then the card will assign a logical channel number that will be returned in bits b1 and b2 of the data field.
  • When b1 and/or b2 of P2 are not null, they code a logical channel number other than the basic one: then the card will open the externally assigned logical channel number

6.16.4 Response message (nominal case)

Table 73 - MANAGE CHANNEL response APDU
Data field Logical channel number if P1-P2='0000'
Empty if P1-P2!='0000'
SW1-SW2 Status bytes

6.16.5 Status conditions

The following specific warning conditions may occur.

    SW1='62' with SW2=
  • '00': No information is given


Smart Card Software Engineering Services
HOME | CONTACT | RESOURCES | SITE MAP
SMART CARDS | SMART CARD READERS | SMART CARD PRINTERS | TOOLS
Solutions: Loyalty Cards | Logical Access Control | Physical Access Control | Smart Card Personalization

© Copyright 1999-2008 Jacquinot Consulting, Inc.
All rights reserved. Legal disclaimer Last modified March 1, 2008