ImageVerifierCode 换一换
格式:PDF , 页数:42 ,大小:414.57KB ,
资源ID:436404      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-436404.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ANSI INCITS ISO IEC 24727-2-2008 Identification cards Integrated circuit card programming interfaces Part 2 Generic card interface.pdf)为本站会员(livefirmly316)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ANSI INCITS ISO IEC 24727-2-2008 Identification cards Integrated circuit card programming interfaces Part 2 Generic card interface.pdf

1、INCITS/ISO/IEC 24727-2-20082009 (ISO/IEC 24727-2:2008, IDT) Identification cards Integrated circuit card programming interfaces Part 2: Generic card interfaceINCITS/ISO/IEC 24727-2-20082009 (ISO/IEC 24727-2:2008, IDT)INCITS/ISO/IEC 24727-2-20082009 ii ITIC 2009 All rights reserved PDF disclaimer Thi

2、s PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept the

3、rein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; t

4、he PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. Adopted by INCITS (Inter

5、National Committee for Information Technology Standards) as an American National Standard. Date of ANSI Approval: 7/27/2009Published by American National Standards Institute, 25 West 43rd Street, New York, New York 10036 Copyright 2009 by Information Technology Industry Council (ITI). All rights res

6、erved. These materials are subject to copyright claims of International Standardization Organization (ISO), International Electrotechnical Commission (IEC), American National Standards Institute (ANSI), and Information Technology Industry Council (ITI). Not for resale. No part of this publication ma

7、y be reproduced in any form, including an electronic retrieval system, without the prior written permission of ITI. All requests pertaining to this standard should be submitted to ITI, 1250 Eye Street NW, Washington, DC 20005. Printed in the United States of America INCITS/ISO/IEC 24727-2-20082009 I

8、TIC 2009 All rights reserved iiiContents Page 1 Scope.1 2 Normative references .1 3 Terms and definitions.1 4 Abbreviated terms 2 5 Organization for interoperability2 5.1 Command-response pairs for interoperability2 5.1.1 Command and response encoding .2 5.1.2 Class byte3 5.1.3 Instruction byte .3 5

9、.1.4 File descriptor byte.5 5.2 Card states for interoperability6 5.3 Status words for interoperability .7 5.4 Data structures for interoperability .8 5.5 Card-applications for interoperability .9 5.5.1 Alpha card-application .9 5.5.2 Cryptographic information application .9 6 Capability description

10、s.10 6.1 Card capability description (CCD) .10 6.2 Application capability description (ACD)11 6.3 Procedural elements.11 6.3.1 Model of computation for procedural elements .12 6.3.2 Use of procedural elements .12 6.4 Determining the value of capability descriptions.13 6.4.1 General principle.13 6.4.

11、2 Determining the value of the CCD .13 6.4.3 Determining the value of an ACD 13 Annex A (informative) Profiles for the cryptographic information application on the generic card interface.14 A.1 Profile A .14 A.1.1 EF.CIAInfo .14 A.1.2 EF.OD.14 A.1.3 EF.PrKD .14 A.1.4 EF.PuKD 14 A.1.5 EF.SKD.15 A.1.6

12、 EF.CD.15 A.1.7 EF.AOD 15 A.1.8 EF.DCOD15 Annex B (informative) Instances of profile A 16 B.1 eSign K Specification .16 Annex C (normative) Cryptographic information application for card-application service description.23 Annex D (informative) Example of cryptographic information application for car

13、d-application service description .28 Annex E (informative) DID Discovery .33 Bibliography.35 INCITS/ISO/IEC 24727-2-20082009 iv ITIC 2009 All rights reservedForeword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized

14、 system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committe

15、es collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International S

16、tandards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Public

17、ation as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such

18、 patent rights. ISO/IEC 24727-2 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 17, Cards and personal identification. ISO/IEC 24727 consists of the following parts, under the general title Identification cards Integrated circuit card programming inte

19、rfaces: Part 1: Architecture Part 2: Generic card interface Part 3: Application interface Part 4: API administration The following parts are under preparation: Part 5: Testing Part 6: Registration authority procedures for the authentication protocols for interoperability INCITS/ISO/IEC 24727-2-20082

20、009 ITIC 2009 All rights reserved vIntroduction ISO/IEC 24727 defines interoperable programming interfaces to integrated circuit cards. Programming interfaces are defined for all card lifecycle stages and for use with integrated circuit cards. ISO/IEC 24727 is written with sufficient detail and comp

21、leteness that independent implementations of each part are interchangeable and can interoperate with independent implementations of the other parts. This part of ISO/IEC 24727 specifies a command-level programming interface to contactless integrated circuit cards and cards with contacts that is a co

22、ncretization of the concepts, data structures and commands found in the following documents: ISO/IEC 7816-4, Identification cards Integrated circuit cards Part 4: Organization, security and commands for interchange ISO/IEC 7816-8, Identification cards Integrated circuit cards Part 8: Commands for se

23、curity operations ISO/IEC 7816-9, Identification cards Integrated circuit cards Part 9: Commands for card management ISO/IEC 7816-15, Identification cards Integrated circuit cards Part 15: Cryptographic information application ISO/IEC 20060, Information technology Open Terminal Architecture (OTA) sp

24、ecification Virtual machine specification The commands and data objects described in this part of ISO/IEC 24727 are consistent with the commands and data objects found in these documents which will be referred to as the base documents. This part of ISO/IEC 24727 maximizes the fungibility of independ

25、ent realizations of its prescriptions. This property of this part of ISO/IEC 24727 is realized by positing a minimally sufficient subset of the base standards which realizes their core functionality through the minimization of the number of options provided. AMERICAN NATIONAL STANDARD INCITS/ISO/IEC

26、 24727-2-20082009 ITIC 2009 All rights reserved 1Identification cards Integrated circuit card programming interfaces Part 2: Generic card interface 1 Scope This part of ISO/IEC 24727 defines a generic card interface for integrated circuit cards. This interface is presented as: command-response pairs

27、 for interoperability, card and application capability description and determination. This part of ISO/IEC 24727 is based on ISO/IEC 7816-4, ISO/IEC 7816-8, ISO/IEC 7816-9, and ISO/IEC 7816-15. 2 Normative references The following referenced documents are indispensable for the application of this do

28、cument. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 24727-1, Identification cards Integrated circuit card programming interfaces Part 1: Architecture ISO/IEC 7816-4, Identifica

29、tion cards Integrated circuit cards Part 4: Organization, security and commands for interchange ISO/IEC 7816-8, Identification cards Integrated circuit cards Part 8: Commands for security operations ISO/IEC 7816-9, Identification cards Integrated circuit cards Part 9: Commands for card management IS

30、O/IEC 7816-15, Identification cards Integrated circuit cards Part 15: Cryptographic information application 3 Terms and definitions For the purposes of this document, the terms and definitions given in ISO/IEC 24727-1 and the following apply. 3.1 data object information seen at the interface consist

31、ing of the concatenation of a mandatory ISO/IEC 8825 DER-encoded tag field, a mandatory ISO/IEC 8825 DER-encoded length field and a conditional value field INCITS/ISO/IEC 24727-2-20082009 2 ITIC 2009 All rights reserved3.2 file structure for application and/or data in the card, as seen at the generi

32、c card interface when processing commands 3.3 translation code procedural software that transforms commands on the generic card interface to commands implemented on an integrated circuit card 4 Abbreviated terms For the purposes of this document, the abbreviated terms given in ISO/IEC 24727-1 and th

33、e following apply. ATS answer to select, as defined in ISO/IEC 14443-3 DF dedicated file DO data object FCP file control parameters FID file identifier RFU reserved for further use 5 Organization for interoperability This clause specifies a subset of the structure, commands and data structure define

34、d in ISO/IEC 7816-4, ISO/IEC 7816-8 and ISO/IEC 7816-9. The following can not be specified at the generic card interface: short file identifiers; logical channels; files with record structure. The physical card mapped to the generic card interface by the translation code may use a short EF identifie

35、r, logical channels, and record structure files. 5.1 Command-response pairs for interoperability 5.1.1 Command and response encoding Requests at the GCI are logically equivalent to command APDUs as specified in ISO/IEC 7816-4, ISO/IEC 7816-8 and ISO/IEC 7816-9. Confirmations at the GCI are logically

36、 equivalent to response APDUs as specified in ISO/IEC 7816-4, ISO/IEC 7816-8 and ISO/IEC 7816-9. The following interface may be used to send a generic card interface command directly to an implementation of this part of ISO/IEC 24727: sequence-of-bytes ExecuteCommand(sequence-of-bytes command) This

37、interface sends a command to the ISO/IEC 24727-2 implementation and returns as its value the response of the ISO/IEC 24727-2 implementation. Further interfaces may be defined in other parts of ISO/IEC 24727. INCITS/ISO/IEC 24727-2-20082009 ITIC 2009 All rights reserved 35.1.2 Class byte Table 1 list

38、s the class byte values that shall be used in commands on the generic card interface. Table 1 CLA Values on the GCI b8 b7 b6 b5 b4 b3 b2 b1 Description 0 - - 0 - - - - The command is the last or only command of a chain 0 - - 1 - - - - The command is not the last command of a chain 1 1 1 1 1 1 1 1 Th

39、e command is for the Part 2 implementation This part of ISO/IEC 24727 shall support command chaining only for the transmission of data strings too long for a single command; i.e. constant INS, P1 and P2 across all commands in the chain. For transmission of requests acted upon by the ISO/IEC 24727-2

40、implementation, generally without transmission of APDUs to the card, CLA = FF shall be used. 5.1.3 Instruction byte Tables 2 and 3 list the instruction byte values that should be used in commands at the GCI as these commands guarantee the standardized independence of the ISO/IEC 24727-2 and ISO/IEC

41、24727-3 implementations. A GCI request with an INS not found in Table 2 shall be sent directly to the card and the card-interface response shall be returned to the entity having made the GCI request. Commands with instruction bytes listed in Table 3 shall be acted on by the ISO/IEC 24727-2 implement

42、ation and shall not be provided to the translation script. Table 2 Requests on the GCI Handled by the Translation Script Command Name INS Package Limitations SELECT A4 A SELECT by file identifier (P1-P2 = 00-04 or 00-0C) and SELECT by DF name (P1-P2 = 04-04 or 04-0C) with return of FCP data object o

43、r no data shall be supported. (See Note) READ BINARY B0 A Bit 8 of P1 shall be set to 0. READ BINARY B1 A P1 and P2 shall be set to 00. UPDATE BINARY D6 A Bit 8 of P1 shall be set to 0. UPDATE BINARY D7 A P1 and P2 shall be set to 00. GET DATA CA CB A None. PUT DATA DA DB A When PUT DATA references

44、a data object that already exists it shall be overwritten. GENERATE ASYMMETRIC KEY PAIR 46 47 B Out of scope VERIFY 20 A P2 is not zero. VERIFY 21 A P2 is not zero. CHANGE REFERENCE DATA 24 A None. INCITS/ISO/IEC 24727-2-20082009 4 ITIC 2009 All rights reservedGET CHALLENGE 84 A None. INTERNAL AUTHE

45、NTICATE 88 A None. EXTERNAL AUTHENTICATE 82 A None. MUTUAL AUTHENTICATE 82 A None. GENERAL AUTHENTICATE 86 87 A None. PERFORM SECURITY OPERATION: COMPUTE DIGITAL SIGNATURE 2A A P1=9E P2=9A Command data field: - Absent (hash value provided via PERFORM SECURITY OPERATION:HASH PERFORM SECURITY OPERATIO

46、N: VERIFY DIGITAL SIGNATURE 2A A P1=00 P2=A8 Command data field: - DO 9E PERFORM SECURITY OPERATION: HASH 2A A P1=90 P2=80 or 9A Command data field: 1) - DO 90 (intermediate hash value | amount of bits already hashed ) | DO 80 (final text block) or 2)- DO 90 hash value PERFORM SECURITY OPERATION:VER

47、IFY CERTIFICATE 2A A P1-00 P2=AE or BE Command data field: - DO 7F21 (card verifiable certificate) PERFORM SECURITY OPERATION: ENCIPHER 2A A P1=86 P2=80 Command data field: data to be enciphered PERFORM SECURITY OPERATION: DECIPHER 2A A P1=80 P2=86 Command data field: data to be deciphered (Pl | cry

48、ptogram) MANAGE SECURITY ENVIRONMENT 22 A SET (P1=x1) and RESTORE (P1=F3) CREATE FILE E0 B Only FCP data objects in Table 9 are supported. The created file becomes the current file. DELETE FILE E4 B Only P1-P2 = 00-00 is supported. After deletion of the file the parent of the deleted file becomes th

49、e currently selected dedicated file. ACTIVATE FILE 44 B Only P1-P2 = 00-00 is supported DEACTIVATE FILE 04 B Only P1-P2 = 00-00 is supported RESET RETRY COUNTER 2C A None GET RESPONSE C0 A Only P1-P2 = 00-00 is supported The status word 6985 means there are no data to retrieveNote: In the case of SELECT by DF name with return o

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1