ANSI INCITS ISO IEC 7816-7-1999 Identification cards Integrated circuit(s) cards with contacts Part 7 Interindustry commands for Structured Card Query Language (SCQL).pdf

1、B CReference numberISO/IEC 7816-7:1999(E)INTERNATIONALSTANDARDISO/IEC7816-7First edition1999-03-01Identification cards Integrated circuit(s)cards with contacts Part 7:Interindustry commands for Structured CardQuery Language (SCQL)Cartes didentification Cartes circuit(s) intgr(s) contacts Partie 7: C

2、ommandes intersectorielles pour langage dinterrogation de cartestructure (SCQL)Adopted by INCITS (InterNational Committee for Information Technology Standards) as an American National Standard.Date of ANSI Approval: 12/21/00Published by American National Standards Institute,25 West 43rd Street, New

3、York, New York 10036Copyright 2002 by Information Technology Industry Council (ITI).All rights reserved.These materials are subject to copyright claims of International Standardization Organization (ISO), InternationalElectrotechnical Commission (IEC), American National Standards Institute (ANSI), a

4、nd Information Technology Industry Council(ITI). Not for resale. No part of this publication may be reproduced in any form, including an electronic retrieval system, withoutthe prior written permission of ITI. All requests pertaining to this standard should be submitted to ITI, 1250 Eye Street NW,Wa

5、shington, DC 20005.Printed in the United States of AmericaISO/IEC 7816-7:1999(E) ISO/IEC 1999All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronicor mechanical, including photocopying and microfilm, without

6、permission in writing from the publisher.ISO/IEC Copyright Office Case postale 56 CH-1211 Genve 20 SwitzerlandPrinted in SwitzerlandiiContents1 Scope 12 Normative references 13 Terms and definitions .14 Symbols (and abbreviated terms) 25 SCQL database concept .25.1 SCQL database .25.2 SCQL tables.35

7、.3 SCQL views .45.4 SCQL system tables and dictionaries 55.5 SCQL user profiles .76 SCQL related commands 76.1 General aspects 76.2 Grouping and encoding of commands.86.3 Notation and special codings96.4 Status bytes.106.5 Coding of identifiers.116.6 Security attributes of tables, views and users.12

8、6.7 Linking user ids to INSERT and UPDATE operations.127 Database operations127.1 CREATE TABLE 127.2 CREATE VIEW .137.3 CREATE DICTIONARY157.4 DROP TABLE.167.5 DROP VIEW .17 ISO/IECISO/IEC 7816-7:1999(E)iii7.6 GRANT . 187.7 REVOKE. 197.8 DECLARE CURSOR 207.9 OPEN 227.10 NEXT 237.11 FETCH 237.12 FETC

9、H NEXT . 247.13 INSERT. 257.14 UPDATE . 267.15 DELETE 278 Transaction management . 288.1 General concept 288.2 Transaction operations 299 User management 319.1 General concept 319.2 User operations 32Annex A (informative) Usage of SCQL operations 36ISO/IEC 7816-7:1999(E) ISO/IECivForewordISO (the In

10、ternational Organization for Standardization) and IEC (the International Electrotechnical Commission)form the specialized system for worldwide standardization. National bodies that are members of ISO or IECparticipate in the development of International Standards through technical committees establi

11、shed by therespective organization to deal with particular fields of technical activity. ISO and IEC technical committeescollaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, inliaison with ISO and IEC, also take part in the work.In the field

12、 of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting.Publication as an International Standard requires approval by at least 75 % of the n

13、ational bodies casting a vote.International Standard ISO/IEC 7816-7 was prepared by Joint Technical Committee ISO/IEC JTC 1, Informationtechnology, Subcommitte SC 17, Identification cards and related devices.ISO/IEC 7816 consists of the following parts, under the general title Identification cards I

14、ntegrated circuit(s) cardswith contacts : Part 1: Physical characteristics Part 2: Dimensions and location of the contacts Part 3: Electronic signals and transmission protocols Part 4: Interindustry commands for interchange Part 5: Numbering system and registration procedure for application identifi

15、ers Part 6: Interindustry data elements Part 7: Interindustry commands for Structured Card Query Language (SCQL) Part 8: Security related interindustry commandsAnnex A of this part of ISO/IEC 7816 is for information only. ISO/IECISO/IEC 7816-7:1999(E)vIntroductionThis part of ISO/IEC 7816 is one of

16、a series of standards describing the parameters for integrated circuit(s) cardswith contacts and the use of such cards for international interchange.These cards are identification cards intended for information exchange negotiated between the outside and theintegrated circuit in the card. As a resul

17、t of an information exchange, the card delivers information (computationresults, stored data), and/or modifies its content (data storage, event memorization).During the preparation of this part of ISO/IEC 7816, information was gathered concerning relevant patents uponwhich application of this part o

18、f ISO/IEC 7816 might depend. Relevant patents were identified in France, the patentholder is Gemplus. However, ISO cannot give authoritative or comprehensive information about evidence, validity orscope of patents or like rights.The patent holder has stated that licenses will be granted in appropria

19、te terms to enable application of this part ofISO/IEC 7816, provided that those who seek licenses agree to reciprocate.Further information is available fromGEMPLUSB.P. 10013881 GEMENOS CEDEXFRANCEINTERNATIONAL STANDARD ISO/IEC ISO/IEC 7816-7:1999(E)1Identification cards Integrated circuit(s) cards w

20、ith contacts Part 7:Interindustry commands for Structured Card Query Language (SCQL)1 ScopeThis part of ISO/IEC 7816 specifies the concept of a SCQL database (SCQL = Structured Card Query Language based on SQL, see ISO 9075)and the related interindustry enhanced commands.2 Normative referencesThe fo

21、llowing normative documents contain provisions which, through reference in this text, constitute provisions ofthis part of ISO/IEC 7816. For dated references, subsequent amendments to, or revisions of, any of thesepublications do not apply. However, parties to agreements based on this part of ISO/IE

22、C 7816 are encouraged toinvestigate the possibility of applying the most recent editions of the normative documents indicated below. Forundated references, the latest edition of the normative document referred to applies. Members of ISO and IECmaintain registers of currently valid International Stan

23、dards.ISO/IEC 9075:1992, Information technology Database languages SQL2.ISO/IEC 7816-4:1995, Information technology Identification cards Integrated circuit(s) cards with contacts Part 4: Interindustry commands for interchange.ISO/IEC 7816-6:1996, Identification cards Integrated circuit(s) cards with

24、 contacts Part 6: Interindustry dataelements.3 Terms and definitionsFor the purposes of this part of ISO/IEC 7816, the following definitions apply.3.1database basic userSCQL user with no inherent rights3.2database filestructured set of database objects (tables, views, dictionaries) representing the

25、content of a database3.3database object ownerSCQL user with the special right to create and drop objects and to manage privileges on these objects3.4database ownerinitial SCQL user which manages objects and users of the databaseISO/IEC 7816-7:1999(E) ISO/IEC23.5dictionaryview on a system table3.6sys

26、tem tabletable maintained by the card for managing the database structure and database access3.7tabledatabase object with a unique name and structured in columns and rows3.8viewlogical subset of a table4 Symbols (and abbreviated terms)For the purposes of this part of ISO/IEC 7816, the following abbr

27、eviations apply:APDU Application protocol data unitAPI Application programming interfaceDB DatabaseDB_O Database ownerDBBU Database basic userDBF Database fileDBOO Database object ownerDF Dedicated fileDO Data objectICC Integrated circuit(s) cardIFD Interface deviceMF Master fileSCQL Structured card

28、 query languageSQL Structured query languageTLV Tag, length, value5 SCQL database concept5.1 SCQL databaseA database in a card according to this part of ISO/IEC 7816 is called a SCQL database (SCQL = Structured CardQuery Language), since the commands for accessing are based on SQL-functionality (see

29、 ISO 9075) and codedaccording to the principles of interindustry commands as defined in ISO/IEC 7816-4. The database itself is astructured set of database objects called a database file DBF. Under a DF there shall be not more than one DBFwhich is accessible after selection of the respective DF. A da

30、tabase may be also directly attached to the MF.Fig.1 shows an example for the embedding of a database in the card. ISO/IECISO/IEC 7816-7:1999(E)3MFDF1DBFDF2Any applicationApplication with a databaseDatabase file. . .Internal elementary files and/or working elementary filesFigure 1 Application with a

31、 database in a multi-application card (example)An application system may interwork with a SQL database as well as with a SCQL database using the same SQL-API (API = Application Programming Interface). Thus, a card carrying a SCQL database may appear as a part of adistributed SQL database environment

32、. Fig. 2 shows a typical SQL configuration with a card integrated in thesystem design.ICCSQL- data- baseSCQL- data- baseSQL-APIApplication SystemSQL- commandsSCQL- commandsSQL- commandsIFD/ICC interfaceFigure 2 SCQL database as part of a distributed SQL database environment (example)5.2 SCQL tablesA

33、 SCQL database contains objects called tables, views and dictionaries. Each object can be referenced by a uniqueidentifier.A table is a structured data object with a unique name within a database. It consists of named columns and asequence of rows. The number of rows may be conceptually unlimited (i

34、.e., only restricted by the available memoryspace in the card), or limited. The table and the main characteristics are shown in fig. 3.ISO/IEC 7816-7:1999(E) ISO/IEC4Table nameColumn name 1Column name 2Column name 3Row 1 Row 2 Row 3Characteristics: - Table name: unique, max. 8 characters - No. of ta

35、bles: not regulated by this standard - Column name in table: unique, max. 8 char. - No. of columns within a table: 1 - 15 - Max. no. of rows: not determined or fixed - Column size: 0 - 254 bytes, if not specified - Column data type: stringFigure 3 SCQL table (example) and its main characteristicsAft

36、er creation the table structure is persistent, i.e. neither an existing column can be withdrawn nor a new columncan be inserted. On a table the following actions can be performed: read (select) insert update delete.5.3 SCQL viewsA view is a logical subset of a table, which defines the part of the ta

37、ble accessible. Two types of views are to bedistinguished: a view (see fig. 4), which by definition fixes the accessible columns, is called in this context a static view and a view (see fig. 5), which restricts the access to those rows whose contents matches defined conditions (e.g. torows the value

38、 of which is greater 20), is called in this context a dynamic view.Ta b le na m eColumn name 1Column name 2Column name 3View nameColumn name 3Column name 2Static view with access restricted to the 2nd and 3rd columnFigure 4 SCQL static view (example) ISO/IECISO/IEC 7816-7:1999(E)5Table nameColumn na

39、me 1Column name 2Column name 3Dynamic view with access restricted to rows where the content of the row matches one or more defined conditionsView nameColumn name 1Column name 2Column name 3Figure 5 SCQL dynamic view (example)A combination of static view and dynamic view in the same view definition i

40、s also possible.A view has like a table a unique name in a SCQL database. Several views may be defined on the same table.On a view the following actions can be performed: read (select) update.5.4 SCQL system tables and dictionariesA system table is maintained by the card and contains information nec

41、essary to manage the database structure andaccess. There are three system tables: the object description table (name *O) the user description table (name *U) the privilege description table (name *P)The object description table contains information about the tables and views stored in the database.T

42、he user description table contains information about the users which have access to the database.The privilege description table contains information about the privileges onto the database tables and views.Privileges describe which tables and views can be accessed by which users, and which actions c

43、an be performedby those users on the respective table or view.The figures 6 - 8 show the system tables with their mandatory columns.ISO/IEC 7816-7:1999(E) ISO/IEC6*O (Object description table)OBJNAMOBJOWN OBJTYPOBJDESObject name (table name or view name, unique)Object owner (user id)Object type (T =

44、 table, V = view)Object descriptor (column names in case of table, view de- finition in case of view)Note: This system table may contain additional implementation specific columns.OBJOPTObject options (secu- rity re- lated data objects, e.g. for authenti- cation)Figure 6 Object description tableUSER

45、ID USRPROUser profile: DB_O = DB owner DBOO = DB object owner DBBU = DB basic user*U (User description table)User iden- tifier (unique)USROWNUser id of user owner (person who assigns the user id)Note: This system table may contain additional implementation specific columns.USROPTUser options (securi

46、ty related data objects)Figure 7 User description tableOBJNAM OBJUSR*P (Privilege description table)OBJOWNUser id of the object owner (grantor)USRPRITable name, view name or dictionary nameUser id of the object user (grantee)PrivilegesNote: This system table may contain additional implementation spe

47、cific columns.Figure 8 Privilege description table ISO/IECISO/IEC 7816-7:1999(E)7For access to the information contained in the system tables, views on these system tables can be created. A viewon a system table is called a SCQL dictionary. The only action which a user can perform on a dictionary is

48、 reading(select).5.5 SCQL user profilesSCQL user profiles are characterized by special permissions. A user profile is attached to a user identifier stored inthe user description table. Table 1 shows the profiles and the attached permissions.Table 1 SCQL user profiles and attached permissionsProfile

49、User PermissionDB_O Database owner - Adding/dropping of users with profileDBOO or DBBU- Creation/deletion of objects(tables/views)- Granting/revoking of privleges for objectsowned- Creation/deletion of dictionaries withaccess to all rows in the system tables- Access to objects not owned accordingto the privileges grantedDBOO Database objectowner- Adding/dropping of users with profileDBBU- Creation/deletion of objects(tables/views)- Granting/revoking of privileges forobjects owned- Creation/deletion