CARDWERK Smart Card Consulting, integration, software development, smart card solutions including loyalty, retail, logical access control, physical access control, biometrics, fingerprint scanners and more CardWerk Smart Card consultants and smart card software developers assist you with systems analysis, customization and integration in areas of IT security, logical access control, loyalty, retail and biometric applications. CardWerk Smart Card consultants and smart card software developers assist you with systems analysis, customization and integration in areas of IT security, logical access control, loyalty, retail and biometric applications. smart card printers and encoders for badges, ID cards, loyalty and membership cards Smart Card Reader: ISO7816 and EMV smart card readers, chipcard readers, smartcard programmers, smart card encoders, biometric common access cards, CAC, fingerprint scanners More about smart card, biometric and cryptographic industry standards including ISO7816, ISO14443, PKCS11, CAPI, BioAPI. Consulting Services: smart card consultant, customization, smartcard system selection Smart card solutions for logical access control, physical access control, smart card Windows logon and biometric smart card readers with BioAPI. smart card, ISO7816 standards, smartcard overview, access control, two factor authentication Smart Card Consultancy Contact, contact a smart card software developer smart card search and site map: find smart card and biometric information on CardWerk site using sitemap or interactive smart search tool
ISO 7816-4: Interindustry Commands for Interchange
Annex F: Use of Secure Messaging

ISO 7816 [part 1] [part 2] [part 3] [part4] [section..1 2 3 4 5 6 7 8 9 annex.. A B C D E F]

Annex F: Use of Secure Messaging

Annex F.1 Abbreviations

For the purpose of this annex, the following abbreviations apply

CC Cryptographic checksum
CG Cryptogram
CH Command header (CLA INS P1 P2)
CR Control reference
FR File reference
KR Key reference
L Length
PB Padding bytes ('80' followed by 0 to k-1 times '00' where k is the block length)
PI Padding indicator byte
PV Plain value
RD Response descriptor
T Tag
|| Concatenation

For all the examples, CLA indicates the use of secure messaging by an appropriate value ('0X', '8X', '9X' or 'AX') where bit b4 of CLA is set to 1 (see table 9 ).

Annex F.2 Use of cryptographic checksums

The use of cryptographic checksums (see 5.6.3.1) is shown for the four cases defined in table 4 and figure 4 .

  • Case 1 - No data, no data

    Command data field = Tcc||Lcc||CC

    Data covered by CC (b3=1 in CLA) = First and only data block = CH||PB

    The command of case 1 is transformed into a command of case 3.

  • Case 2 - No data, data

    Command data field = Tcc||Lcc||CC

    Data covered by CC (b3=1 in CLA) = First and only data block = CH||PB

    Response data field = Tpv (b1=1)||Lpv||PV||Tcc||Lcc||CC

    Data covered by CC = Data blocks = Tpv (b1=1)||Lpv||PV||PB

  • Case 3.a - Data, no data

    Command data field = Tpv (b1=1)||Lpv||PV||Tcc||Lcc||CC

    Data covered by CC (b3=0 in CLA) = Data blocks = Tpv (b1=1)||Lpv||PV||PB

  • Case 3.b - Data, no data

    Command data field = Tpv1 (b1=0)||Lpv1||PV1||Tpv2 (b1=1)||Lpv2||PV2||Tcc||Lcc||CC

    Data covered by CC (b3=1 in CLA) = Data blocks = CH||PB||Tpv (b1=1)||Lpv2||PV2||PB

  • Case 4 - Data, data

    Command data field = Tpv (b1=1)||Lpv||PV||Tcc||Lcc||CC

    Data covered by CC (b3=0 in CLA) = Data blocks = Tpv (b1=1)||Lpv||PV||PB

    Response data field = Tpv (b1=1)||Lpv||PV||Tcc||Lcc||CC

    Data covered by CC = Data blocks = Tpv (b1=1)||Lpv||PV||PB

Annex F.3 Use of cryptograms

The use of cryptograms (see 5.6.4) is shown with and without padding.

  • Case a - Plain data not coded in BER-TLV

    Command data field = Tcg||Lcg||PI||CG

    Data carried by CG = Data blocks = Non BER-TLV coded data band padding bytes, if indicated in PI.

Annex F.4 Use of control references

The use of control references (see 5.6.5.1 ) is shown.

Command data field = Tcr||Lcr||CR
Where CR = Tfr||Lfr||Tkr||Lkr||KR

Annex F.5 Use of response descriptor

The use of response descriptor (see 5.6.5.1 ) is shown.

Command data field = Trd||Lrd||RD
Where RD = Tpv||'0C'||Tcc||'00'

Response data field = Tpv||Lpv||PV||Tcc||Lcc||CC

Annex F.6 Use of the ENVELOPE command

The use of the ENVELOPE command is shown.

Commad data field = Tcg||Lcg||PI||CG

Data carried by CG = Command APDU starting by CH and padding bytes according to PI

Response data field = Tcg||Lcg||PI||CG

Data carried by CG = Response APDU and padding bytes according to PI

 


Smart Card Software Engineering Services
HOME | CONTACT | RESOURCES | SITE MAP
SMART CARDS | SMART CARD READERS | SMART CARD PRINTERS | TOOLS
Solutions: Loyalty Cards | Logical Access Control | Physical Access Control | Smart Card Personalization

© Copyright 1999-2008 Jacquinot Consulting, Inc.
All rights reserved. Legal disclaimer Last modified March 1, 2008