ANSI INCITS 504-2-2013 Information Technology C Generic Identity Command Set C Part 2 Card Administrative Command Set.pdf

1、American National StandardDeveloped byfor Information Technology Generic Identity Command Set Part 2: Card Administrative Command SetINCITS 504-2-2013INCITS 504-2-2013INCITS 504-2-2013American National Standardfor Information Technology Generic Identity Command Set Part 2: Card Administrative Comman

2、d SetSecretariatInformation Technology Industry CouncilApproved April 29. 2013American National Standards Institute, Inc.Approval of an American National Standard requires review by ANSI that therequirements for due process, consensus, and other criteria for approval havebeen met by the standards de

3、veloper.Consensus is established when, in the judgement of the ANSI Board ofStandards Review, substantial agreement has been reached by directly andmaterially affected interests. Substantial agreement means much more thana simple majority, but not necessarily unanimity. Consensus requires that allvi

4、ews and objections be considered, and that a concerted effort be madetowards their resolution.The use of American National Standards is completely voluntary; theirexistence does not in any respect preclude anyone, whether he has approvedthe standards or not, from manufacturing, marketing, purchasing

5、, or usingproducts, processes, or procedures not conforming to the standards.The American National Standards Institute does not develop standards andwill in no circumstances give an interpretation of any American NationalStandard. Moreover, no person shall have the right or authority to issue aninte

6、rpretation of an American National Standard in the name of the AmericanNational Standards Institute. Requests for interpretations should beaddressed to the secretariat or sponsor whose name appears on the titlepage of this standard.CAUTION NOTICE: This American National Standard may be revised orwit

7、hdrawn at any time. The procedures of the American National StandardsInstitute require that action be taken periodically to reaffirm, revise, orwithdraw this standard. Purchasers of American National Standards mayreceive current information on all standards by calling or writing the AmericanNational

8、 Standards Institute.American National StandardPublished byAmerican National Standards Institute, Inc.25 West 43rd Street, New York, NY 10036Copyright 2013 by Information Technology Industry Council (ITI)All rights reserved.No part of this publication may be reproduced in anyform, in an electronic r

9、etrieval system or otherwise,without prior written permission of ITI, 1101 K Street NW, Suite 610, Washington, DC 20005. Printed in the United States of AmericaCAUTION: The developers of this standard have requested that holders of patents that may berequired for the implementation of the standard d

10、isclose such patents to the publisher. However,neither the developers nor the publisher have undertaken a patent search in order to identifywhich, if any, patents may apply to this standard. As of the date of publication of this standardand following calls for the identification of patents that may

11、be required for the implementation ofthe standard, no such claims have been made. No further patent search is conducted by the de-veloper or publisher in respect to any standard it processes. No representation is made or impliedthat licenses are not required to avoid infringement in the use of this

12、standard.i Table of Contents Foreword. v 1 Overview 1 1.1 Scope 1 1.2 Purpose . 2 1.3 Organization 2 1.4 Normative References 2 2 Definitions, abbreviations and conventions . 4 2.1 Terms and Definitions . 4 2.2 Acronyms, Abbreviations and Symbols 4 2.3 Conventions 4 3 Card Manager Application . 6 3.

13、1 Overview . 6 3.2 Initial-GICS State. 6 3.3 Updates . 7 3.3.1 Security Objects 7 3.3.2 Card-Applications 7 3.4 Commands 8 3.5 Data Structures . 9 3.5.1 Overview . 9 3.5.2 Application Template (Tag 61) . 10 3.5.3 Security Environment Template (Tag 7B) . 10 3.5.4 Control Parameters (Tag 62) . 11 3.5.

14、5 Security Object DOs 12 3.5.6 Card Capability Descriptor (Tag 7F62) 14 3.5.7 Application Capability Descriptor (Tag 7F63) 15 3.5.8 Card Management Service Template (Tag 7F64) . 15 3.5.9 Card Data Template (Tag 66) 16 3.6 Card Identification Scheme . 16 3.7 Card Management Scheme 17 4 Application Ma

15、nagement . 18 4.1 Application Life Cycle 18 4.1.1 Application states and dependencies . 18 4.1.2 Transitions . 19 4.2 Security Attributes . 20 4.2.1 Access Mode Field encoding for ADF . 20 5 File Management . 21 5.1 File Life Cycle 21 5.1.1 File states and dependencies . 21 5.1.2 Transitions . 22 5.

16、2 Data Structures for File Management . 22 5.2.1 File Control Parameters 23 5.2.2 Access Mode Byte for File Management 23 5.2.3 Security Condition Byte . 23 6 Key Management . 24 6.1 Key Life Cycle . 24 6.1.1 Key states and dependencies . 24 6.1.2 Transitions . 25 7 Authentication Objects Management

17、 . 26 7.1 Authentication Objects Life Cycle . 26 7.1.1 Authentication Objects states and dependencies . 26 7.1.2 Life Cycle Transitions 26 8 Administrative Command Set 28 8.1 APPLICATION MANAGEMENT REQUEST . 28 ii 8.1.1 Description 28 8.1.2 Conditional usage . 28 8.1.3 Command APDU . 28 8.1.4 Contro

18、l parameters . 28 8.1.5 Command Data Field 28 8.1.6 Response Data Field . 29 8.1.7 Status Word . 29 8.2 REMOVE APPLICATION 29 8.2.1 Description 29 8.2.2 Conditional usage . 30 8.2.3 Command APDU . 30 8.2.4 Control parameters . 30 8.2.5 Command Data Field 30 8.2.6 Response Data Field . 30 8.2.7 Statu

19、s Word . 30 8.3 CREATE DO . 31 8.3.1 Description 31 8.3.2 Conditional usage . 31 8.3.3 Command APDU . 31 8.3.4 Command Data Field 31 8.3.5 Status Word . 31 8.4 DELETE DO 32 8.4.1 Description 32 8.4.2 Conditional usage . 32 8.4.3 Command APDU . 32 8.4.4 Status Word . 32 8.5 CREATE FILE . 32 8.5.1 Des

20、cription 32 8.5.2 Conditional usage . 32 8.5.3 Command APDU . 33 8.5.4 Command Data Field 33 8.5.5 Status Word . 33 8.6 DELETE FILE 33 8.6.1 Description 33 8.6.2 Conditional usage . 34 8.6.3 Command APDU . 34 8.6.4 Status Word . 34 8.7 ACTIVATE FILE 34 8.7.1 Description 34 8.7.2 Conditional usage .

21、34 8.7.3 Command APDU . 35 8.7.4 Command Data Field 35 8.7.5 Response Data Field . 35 8.7.6 Status Word . 35 8.8 DEACTIVATE FILE . 35 8.8.1 Description 35 8.8.2 Conditional usage . 35 8.8.3 Command APDU . 36 8.8.4 Command Data Field 36 8.8.5 Response Data Field . 36 8.8.6 Status Word . 36 8.9 GENERA

22、TE ASYMMETRIC KEY PAIR 36 8.9.1 Description 36 8.9.2 Conditional usage . 36 8.9.3 Command APDU . 37 8.9.4 Command Data Field 37 iii 8.9.5 Response Data Field . 37 8.9.6 Status Word . 38 8.10 PUT DATA (Key) . 38 8.10.1 Description 38 8.10.2 Conditional usage 38 8.10.3 Command APDU . 38 8.10.4 Command

23、 Data Field 39 8.10.5 Response Data Field . 39 8.10.6 Status Word . 40 Annex A Bibliography 41 Tables Table 1 Card-manager-application commands 9 Table 2 Card-manager-application DOs 9 Table 3 Card-manager-application Security Objects . 10 Table 4 Card-manager-application Application Template 10 Tab

24、le 5 Card-manager-application Security Environment . 10 Table 6 - Card-manager-application CP . 11 Table 7 Contact security attributes 12 Table 8 Contactless security attributes 12 Table 9 Opacity FS private Key . 12 Table 10 Opacity FS CVC EF 13 Table 11 Opacity FS CVC Verification EF . 13 Table 12

25、 KESK-SCP03 MAC Key 14 Table 13 KESK-SCP03 ENC Key 14 Table 14 KESK-SCP03 KEK Key 14 Table 15 Card Capability Descriptor 15 Table 16 Application Capability Descriptor for card-manager-application . 15 Table 17 Card Manager Service Template 16 Table 18 Card Data 16 Table 19 Application life cycle sta

26、tes . 18 Table 20 Application-life-cycle state transitions First byte 19 Table 21 Application-life-cycle state transitions Second byte . 20 Table 22 Access Mode Field for ADF 2ndByte 20 Table 23 Access Mode Field for ADF 3rdByte . 20 Table 24 File life cycle states . 21 Table 25 File life cycle stat

27、e transitions . 22 Table 26 - Access Mode Byte for File Management . 23 Table 27 - Key life cycle states . 24 Table 28 Key life cycle state transitions . 25 Table 29 Authentication Objects 26 Table 30 Authentication Objects life cycle states 26 Table 31 Life cycle state transitions for Authenticatio

28、n Objects 27 Table 32 APPLICATION MANAGEMENT REQUEST Command . 28 Table 33 Application life cycle target state control in P1 . 28 Table 34 Application Management Request Information . 29 Table 35 APPLICATION MANAGEMENT REQUEST Status Words 29 Table 36 REMOVE APPLICATION Command 30 Table 37 Removing

29、state control in P1 30 Table 38 Application removing information 30 Table 39 REMOVE APPLICATION Status Words . 30 Table 40 CREATE DO Command . 31 Table 41 CREATE DO Status Words 31 Table 42 DELETE DO Command 32 iv Table 43 DELETE DO Status Words . 32 Table 44 CREATE FILE Command . 33 Table 45 File C

30、reation Information for EF type 31 . 33 Table 46 File Creation Information for EF type 39 . 33 Table 47 CREATE FILE Status Words 33 Table 48 DELETE FILE Command 34 Table 49 DELETE FILE Status Words . 34 Table 50 ACTIVATE FILE Command 35 Table 51 Command data Field . 35 Table 52 ACTIVATE FILE Status

31、Words . 35 Table 53 DEACTIVATE FILE Command . 36 Table 54 Command Data Field 36 Table 55 DEACTIVATE FILE Status Words 36 Table 56 GENERATE ASYMMETRIC KEY PAIR Command 37 Table 57 Data Object in the Control Reference Template (Tag AC) . 37 Table 58 Data Object in the Public Key Template (Tag 7F49) .

32、37 Table 59 Public Key Data Object (Tag 86) . 37 Table 60 GENERATE ASYMMETRIC KEY PAIR Status Words . 38 Table 61 PUT DATA (Key) Command APDU 38 Table 62 Key Component Type . 39 Table 63 PUT DATA (Key) Status Words 40 Figures Figure 1 Application life cycle state transitions 19 Figure 2 File life cy

33、cle state transitions 22 Figure 3 Key life cycle state transitions 25 Figure 4 - PIN Life Cycle State Transitions . 27 Foreword (This foreword is not part of American National Standard INCITS 504-2-2013.)This American National Standard describes the administration (as opposed to appli-cation) comman

34、ds of the Generic Identity Command Set.Requests for interpretation, suggestions for improvement or addenda, or defect re-ports are welcome. They should be sent to the InterNational Committee for Informa-tion Technology Standards, 1101 K Street, NW, Suite 610, Washington, DC 20005.This standard was p

35、rocessed and approved for submittal to ANSI by INCITS. Com-mittee approval of this standard does not necessarily imply that all committee mem-bers voted for its approval. At the time it approved this standard, INCITS had thefollowing members:Philip Wennblom, ChairJennifer Garner, SecretaryOrganizati

36、on Represented Name of RepresentativeAdobe Systems, IncScott Foshee Steve Zilles (Alt.)AIM Global, Inc. .Steve HallidayChuck Evanhoe (Alt.)Dan Kimball (Alt.)Apple .Helene WorkmanMarc Braner (Alt.)David Singer (Alt.)Distributed Management Task Force John Crandall Jeff Hilland (Alt.)Lawrence Lamers (A

37、lt.)EMC Corporation .Gary RobinsonStephen Diamond (Alt.)Farance, IncFrank FaranceTimothy Schoechle (Alt.)Futurewei Technologies, Inc.Yi ZhaoTimothy Jeffries (Alt.)Wilbert Adams (Alt.)GS1GO.Frank SharkeyCharles Biss (Alt.)Hewlett-Packard Company Karen Higginbottom Paul Jeran (Alt.)IBM Corporation Ale

38、xander TarpinianRobert Weir (Alt.)Arnaud Le Hors (Alt.)Steve Holbrook (Alt.)Gerald Lane (Alt.)IEEE.Jodie HaaszTerry deCourcelle (Alt.)Bob Labelle (Alt.)Tina Alston (Alt)Intel Philip Wennblom Grace Wei (Alt.)Stephen Balogh (Alt.)Microsoft Corporation.Jim Hughes Dick Brackney (Alt.)John Calhoon (Alt.)

39、National Institute of Standards & TechnologyMichael Hogan Sal Francomacaro (Alt.)Dan Benigni (Alt.)Fernando Podio (Alt.)Teresa Schwarzhoff (Alt.)Wo Chang (Alt.)Elaine Newton (Alt.)vviOrganization Represented Name of RepresentativeOracle Corporation.Donald R. Deutsch Jim Melton (Alt.)Michael Kavanaug

40、h (Alt.)Toshihiro Suzuki (Alt.)Jeff Mischkinsky (Alt.)Tony DiCenzo (Alt.)Patrick Curran (Alt.)Purdue University Stephen Elliott Kevin OConnor (Alt.)Telecommunications Industry Association (TIA)Herb Congdon, IICheryl Blum (Alt.)Florence Otieno (Alt.)US Department of DefenseJerry Smith Dennis Devera (

41、Alt.)Dave Brown (Alt.)Leonard Levine (Alt.)Matthew Young (Alt.)Thomas DAgostino (Alt.)US Department of Homeland Security.Peter Shebell Gregg Piermarini (Alt.)Juan Gonzalez (Alt.)Technical Committee B10 on Identification Cards and Related Devices, which re-viewed this standard, had the following memb

42、ers:Brian Beech, ChairGene Meier, International RepresentativeOrganization Represented Name of Representative3M CompanyJose EscabiDan Czuprynski (Alt.)Michael Fussy (Alt.)AAMVA.Geoff SlagleMichael Calvin (Alt.)ABnote North AmericaJoe MandileAmerican ExpressRichard OrthMark Grzesiek (Alt.)CFC Interna

43、tional.Shannon Crawford-TaylorRoger Strasemeier (Alt.)Dan Szumski (Alt.)CPI Card GroupBarry MostellerJulie Hermanson (Alt.)Jeff Licht (Alt.)Cubic Transportation Systems, Inc.Walt Bonneau, Jr.Jon Macklin (Alt.)DataCard Group.Brian BeechGene Meier (Alt.)Brad Paulson (Alt.)Dennis Warwick (Alt.)Discover

44、 Card.Catherine MadisonMichelle Zhang (Alt.)Exponent, IncBrad McGoranRyan Feeley(Alt.)John Fessler (Alt.)San Gunawardana (Alt.)Fall Hill Associates LLCBarry KefauverGemaltoMichel Escalant Drew Anders (Alt.)viiOrganization Represented Name of RepresentativeGiesecke & Devrient.Steven SpenceMyeong Choi

45、 (Alt.)Jatin Deshpande (Alt.)Ji Lee (Alt.)Carla Limerick (Alt.)Matthew Neuman (Alt.)Thomas Palsherm (Alt.)Eric Virostek (Alt.)HID Global.Eric LeSaintStephane Ardiley (Alt.)Christopher Dyball (Alt.)Traci Johnson (Alt.)Victoria Wiggins (Alt.)ID Technology Partners, IncGilles LisimaqueDavid Auman (Alt.

46、)Gerald Smith (Alt.)Infineon Technologies.Mark StaffordLinda Brown (Alt.)Jurijus Cizas (Alt.)Shrinath Eswaramally (Alt.)International Card Manufacturers AssociationDavid TushieL-1 Identify Solutions.Vic AndelinMag-Tek, Inc.John StearnsMimi Hart (Alt.)NISTSal FrancomacaroHildegard Ferraiolo (Alt.)Tim

47、othy Jurgensen (Alt.)Ketan Mehta (Alt.)Mike Neumann (Alt.)Teresa Schwarzhoff (Alt.)Annie Sokol (Alt.)NXP SemiconductorsMike ZercherOberthur TechnologiesChristophe GoyetJoe Blossic (Alt.)Q-CARDTerry SchindlerSony Electronics, Inc.Jean BaronasKaren Broome (Alt.)William Carney (Alt.)Paul Hearty (Alt.)U

48、ATP.Patrick MacyUnited States Dept. of Defense.Dung PhamDennis Devera (Alt.)United States Dept. of Defense - Defense Manpower Data CenterBob GilsonWilliam Castle (Alt.)Marlon Guarino (Alt.)Jonathan Shu (Alt.)URS ApptisSimon GodwinAndra Beasley (Alt.)VeriFoneKevin SinghJean-Marc Delbecq (Alt.)VISASon

49、ia ReedKristina Breen (Alt.)Ken Sippola (Alt.)Mustafa Top (Alt.)viiiTask Group B10.12 on Integrated Circuit Cards with Contacts, which developed andreviewed this standard, had the following members:Sal Francomacaro, ChairKetan Mehta, Vice-ChairOrganization Represented Name of RepresentativeAmerican Express.Richard OrthAthena Smartcard, IncIan SimmonsExponent, IncBrad McGoranRocky Arnold (Alt.)Ryan Feely (Alt.)GemaltoMichel EscalantYa