ANSI INCITS ISO IEC 7816-9-2004 Identification cards - Integrated circuit cards - Part 9 Commands for card management《识别卡.集成电路卡.第9部分 卡管理指令》.pdf

1、INCITS/ISO/IEC 7816-9-2004 (ISO/IEC 7816-9:2004, IDT) Identification Cards - Integrated circuit cards - Part 9: Commands for card managementINCITS/ISO/IEC 7816-9-2004(ISO/IEC 7816-9:2004, IDT)Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo rep

2、roduction or networking permitted without license from IHS-,-,-INCITS/ISO/IEC 7816-9-2004ii ITIC 2005 All rights reserved PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typ

3、efaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe

4、Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlik

5、ely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. Adopted by INCITS (InterNational Committee for Information Technology Standards) as an American National Standard. Date of ANSI Approval: 12/29/2005 Published by American National Stan

6、dards Institute, 25 West 43rd Street, New York, New York 10036 Copyright 2005 by Information Technology Industry Council (ITI). All rights reserved. These materials are subject to copyright claims of International Standardization Organization (ISO), International Electrotechnical Commission (IEC), A

7、merican National Standards Institute (ANSI), and Information Technology Industry Council (ITI). Not for resale. No part of this publication may be reproduced in any form, including an electronic retrieval system, without the prior written permission of ITI. All requests pertaining to this standard s

8、hould be submitted to ITI, 1250 Eye Street NW, Washington, DC 20005. Printed in the United States of America Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-INCITS/ISO/IEC 7816-

9、9-2004 ITIC 2005 - All rights reserved iiiContents Page Foreword iv Introduction.v 1 Scope1 2 Normative references1 3 Terms and definitions .1 4 Abbreviations and notation1 5 Life cycle 2 5.1 File life cycle 2 6 Commands for card management .3 6.1 CREATE FILE command3 6.2 DELETE FILE command 3 6.3 D

10、EACTIVATE FILE command .4 6.4 ACTIVATE FILE command .5 6.5 TERMINATE DF command .5 6.6 TERMINATE EF command .6 6.7 TERMINATE CARD USAGE command .7 Annex A (informative) Examples of security attributes used for download.8 Bibliography12 Copyright American National Standards Institute Provided by IHS

11、under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-INCITS/ISO/IEC 7816-9-2004 iv ITIC 2005 - All rights reservedForeword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the s

12、pecialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technica

13、l committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. Inter

14、national Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voti

15、ng. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any o

16、r all such patent rights. ISO/IEC 7816-9 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 17, Cards and personal identification. This second edition, together with the second editions of ISO/IEC 7816-4, ISO/IEC 7816-5, ISO/IEC 7816-6 and ISO/IEC 7816-8

17、, after an in-depth reorganization of these five parts, cancels and replaces ISO/IEC 7816-4:1995, ISO/IEC 7816-5:1994, ISO/IEC 7816-6:1996, ISO/IEC 7816-8:1999 and ISO/IEC 7816-9:2000. It also incorporates the Amendments ISO/IEC 7816-4:1995/Amd.1:1997, ISO/IEC 7816-5:1994/Amd.1:1996 and ISO/IEC 7816

18、-6:1996/Amd.1:2000 and the Technical Corrigendum ISO/IEC 7816-6:1996/Cor.1:1998. ISO/IEC 7816 consists of the following parts, under the general title Identification cards Integrated circuit cards: Part 1: Cards with contacts Physical characteristics Part 2: Cards with contacts Dimensions and locati

19、on of the contacts Part 3: Cards with contacts Electrical interface and transmission protocols Part 4: Organization, security and commands for interchange Part 5: Registration of application providers Part 6: Interindustry data elements for interchange Part 7: Interindustry commands for Structured C

20、ard Query Language (SCQL) Part 8: Commands for security operations Part 9: Commands for card management Part 10: Cards with contacts Electronic signals and answer to reset for synchronous cards Part 11: Personal verification through biometric methods Part 15: Cryptographic information application Co

21、pyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-INCITS/ISO/IEC 7816-9-2004 ITIC 2005 - All rights reserved vIntroduction ISO/IEC 7816 is a series of International Standards specif

22、ying integrated circuit cards and the use of such cards for interchange. These cards are identification cards intended for information exchange negotiated between the outside world and the integrated circuit in the card. As a result of an information exchange, the card delivers information (computat

23、ion result, stored data), and/or modifies its content (data storage, event memorization). Five parts are specific to cards with galvanic contac ts and three of them specify electrical interfaces. ISO/IEC 7816-1 specifies physical characteristics for cards with contacts. ISO/IEC 7816-2 specifies dime

24、nsions and location of the contacts. ISO/IEC 7816-3 specifies electrical interface and transmission protocols for asynchronous cards. ISO/IEC 7816-10 specifies electrical interface and answer to reset for synchronous cards. ISO/IEC 7816-12 specifies electrical interface and operating procedures for

25、USB cards. All the other parts are independent from the physical interface technology. They apply to cards accessed by contacts and/or by radio frequency. ISO/IEC 7816-4 specifies organization, security and commands for interchange. ISO/IEC 7816-5 specifies registration of application providers. ISO

26、/IEC 7816-6 specifies interindustry data elements for interchange. ISO/IEC 7816-7 specifies commands for structured card query language. ISO/IEC 7816-8 specifies commands for security operations. ISO/IEC 7816-9 specifies commands for card management. ISO/IEC 7816-11 specifies personal verification t

27、hrough biometric methods. ISO/IEC 7816-15 specifies cryptographic information application. ISO/IEC 10536 specifies access by close coupling. ISO/IEC 14443 and 15693 specify access by radio frequency. Such cards are also known as contactless cards. Copyright American National Standards Institute Prov

28、ided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-AMERICAN N

29、ATIONAL STANDARD INCITS/ISO/IEC 7816-9-2004 ITIC 2005 - All rights reserved 1Identification cards Integrated circuit cards Part 9: Commands for card management 1 Scope This document specifies interindustry commands for card and file management. These commands cover the entire life cycle of the card

30、and therefore some commands may be used before the card has been issued to the cardholder or after the card has expired. It does not cover the internal implementation within the card and/or the outside world. 2 Normative references The following referenced documents are indispensable for the applica

31、tion of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 7816-4:1), Identification cards Integrated circuit cards Organization, security and commands for interchange

32、3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 secure messaging set of means for cryptographic protection of parts of command-response pairs ISO/IEC 7816-4 4 Abbreviations and notation For the purposes of this document, the following abbrevi

33、ations apply. APDU application protocol data unit FCP file control parameters LCS life cycle status 1) To be published. Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-INCITS/IS

34、O/IEC 7816-9-2004 2 ITIC 2005 - All rights reserved5 Life cycle A life cycle status may be associated with any object in the card and with the card itself. The card shall use the life cycle status in combination with additional security attributes, to determine whether an operation on an object is i

35、n accordance with a security policy. The life cycle status reflects the use of objects according to the following rules. If an object is in creation state, then no security attribute for that object shall apply. If an object is in initialisation state, then any secu rity attribute specific to this s

36、tate may apply. If an object is in operational state, then ever y associated security attribute shall apply. If an object is in termination state, then the value of the object shall not be modified but the object may be used as specified by its associated security attributes, e.g., it may be deleted

37、. Transitions between primary life cycle states are irreversible and occur only from creation to termination. In addition, the application may define secondary life cycle states: each primary state may have reversible secondary states. Changes are controlled by the card and may be performed in a pre

38、-defined order, reflecting reversible or irreversible changes in states. The following commands for card and file management may be used for initiating a life cycle state transition. CREATE FILE ACTIVATE FILE TERMINATE EF DELETE FILE DEACTIVATE FILE TERMINATE DF TERMINATE CARD USAGE Commands may set

39、 the value of the life cycle status when they execute. However the card shall maintain the integrity of this value in accordance with this document. 5.1 File life cycle Figure 1 is a conceptual representation of the file life cycle states and the commands that invoke a transition upon successful com

40、pletion. It does not show the conditions of execution of those commands (see ISO/IEC 7816-4). File notexisting CreatefileLCS=01Operationalstate (active)TerminationstateOperationalstate(deactivated)CardterminationstateTerminate EFTerminate DFTerminate DFTerminatecard usageFile nexistiotngDelete file(

41、DF, EF)Delete file (DF/EF)DeactivatefileActivatefileCreationstateActivatefileCreate file LCS=04 or 05Terminate EFInitialisationstateProprietaryCreate fileLCS=03ActivatefileDelete file (DF/EF)Figure 1 Diagram for file life cycle Copyright American National Standards Institute Provided by IHS under li

42、cense with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-INCITS/ISO/IEC 7816-9-2004 ITIC 2005 - All rights reserved 36 Commands for card management It shall not be mandatory for all cards complying with this document to support all those commands or all the

43、options of a supported command. The commands can be performed only if the security status satisfies the security attributes for the command. For these commands, bits 4 and 3 have no meaning and shall be ignored. For each command, a non-exhaustive list of status conditions is provided, (see also ISO/

44、IEC 7816-4). 6.1 CREATE FILE command The CREATE FILE command initiates the creation of a file (DF or EF) placed immediately under the current DF. The command may allocate memory to the file it creates. The created file shall be set as the current file, unless otherwise specified. When more than one

45、EF with a given short EF identifier exists in the same DF, the behaviour of the card is not defined in this document. The command can be performed only if the security status satisfies the security attributes for the current DF. The file descriptor byte is mandatory. It indicates whether a DF or an

46、EF is to be created. If a DF is created, then a DF name and / or a file identifier shall be specified. If an EF is created, then a file identifier and / or a short EF identifier shall be specified. Table 1 CREATE FILE command-response pair CLA As defined in ISO/IEC 7816-4 INS E0 P1-P2 0000 File iden

47、tifier and file parameters encoded in the command data field P1 not equal to 00: File descriptor byte P2 Short EF identifier on bits 8 to 4; bits 3 to 1 proprietary Lc field Absent for encoding Nc = 0, present for encoding Nc 0 Data field FCP template (tag 62) and possible further templates or absen

48、t Le field Absent for encoding Ne = 0 Data field Absent SW1-SW2 See ISO/IEC 7816-4, Tables 5 and 6 where relevant, e.g. 6982, 6A84, 6A89, 6A8A NOTE If number Ncis zero, then the created file has default file control parameters. 6.2 DELETE FILE command The DELETE FILE command initiates the deletion of a referenced EF immediately under the current DF, or of a DF with its complete sub-tree. After successful completion of this command, the deleted file can no longer be selected. The current file after deletion of an EF is the current DF.