1、 KS X ISO/IEC 7816 8KSKSKSKSSKSKSKS KSKSKS SKSKS KSKS SKS KS ID IC 8: KS X ISO/IEC 7816 8 : 2007 2007 11 30 http:/www.kats.go.krKS X ISO/IEC 7816 8: 2007 : e- () ( ) () ( ) : (http:/www.standard.go.kr) : :2001 9 26 :2007 11 30 2007-1129 : e- : e- ( 02-509-7262) (http:/www.kats.go.kr ). 7 5 , . KS X
2、ISO/IEC 7816 8: 2007 i e . KS X ISO/IEC 7816 8 . A( ) B( ) KS X ISO/IEC 7816 “ID IC ” . 1: (KS X 6507 1) 2: (KS X 6507 2) 3: (KS X 6507 3) 4: (KS X ISO/IEC 7816 4) 5: (KS X ISO/IEC 7816 5) 6: (KS X ISO/IEC 7816 6) 7: (SCQL)(KS X ISO/IEC 7816 7) 8: (KS X ISO/IEC 7816 8) 9: (KS X ISO/IEC 7816 9) 10: (
3、KS X ISO/IEC 7816 10) KS X ISO/IEC 7816 8 : 2007 ID IC 8: Identification cardsIntegrated circuit(s) cards with contacts Part 8:Security related interindustry commands 1999 1 ISO/IEC 7816 8, Information technology Identification cardsIntegrated circuit(s) cards with contacts Part 8: Security related
4、interindustry commands , . 5. . 1 . ( .) . . . , . 2 . ( ) KS X ISO/IEC 7816 8: 2007 2 . ( ) ( .) . KS X 1207, (ISO/IEC 9796: 1991, Information technology Security techniques Digital signature scheme giving message recovery) KS X 1209, (ISO/IEC 9979: 1991, Data cryptographic techniques Procedures fo
5、r the registration of cryptographic algorithms) KS X 6507 3, ID IC 3: (ISO/IEC 7816 3: 1997, Information technology Identification cards Integrated circuit(s) cards with contacts Part 3: Electronic signals and transmission protocols) KS X ISO/IEC 7816 4: 2002, ID IC 4: (ISO/IEC 7816 4: 1995, Informa
6、tion technology Identification cards Integrated circuit(s) cards with contacts Part 4: Interindustry commands for interchange) (ISO/IEC 7816 4 : 1995/Amd1 : 1997, Information technology identification cards Integrated circuit(s) cards with contacts Part 4: Interindustry commands for interchange Amen
7、dment 1: Secure messaging on the structures of APDU messages) KS X ISO/IEC 7816 6: 2004, ID IC 6: (ISO/IEC 7816 6: 1996, Identification cards Integrated circuit(s) cards with contacts Part 6:Interindustry data elements) KS X ISO/IEC 11694 4_2001: 2007, ID 4: (ISO/IEC 11694 4: 1996, Identification ca
8、rds Optical memory cards Linear recording method Part 4:Logical data structures) ISO/IEC 9798 2: 1994, Information technology Security techniques Entity authentication mechanismsPart 2: Mechanism using symmetric encipherment algorithms ISO/IEC 9798 3: 1993, Information technology Security techniques
9、 Entity authentication mechanismsPart 3: Entity authentication using a public key algorithm 3 . 3.1 (certification authority)(CA) 3 . 3.2 (cryptographic mechanism) KS X ISO/IEC 7816 8: 2007 3 . 3.3 (secure messaging) (KS X ISO/IEC 7816 4 ) . 3.4 (security environment) . 4 . APDU application protocol
10、 data unit AT authentication template BER TLV basic encoding rules tag length value CA certification authority CC cryptographic checksum CCT cryptographic checksum template CK common key CRDO control reference data object CRT control reference template CT confidentiality template DE data element DF
11、dedicated file DO data object DS digital signature DSI digital signature input DST digital signature template EF elementary file HT hash template IFD interface device PK public key PSO PERFORM SECURITY OPERATION command RFU reserved for future use SE security environment SK secret key SM secure mess
12、aging SST security support template 5 KS X ISO/IEC 7816 4 . KS X ISO/IEC 7816 8: 2007 4 , . . . . . ISO . 6 (headerlist) (DE) / DOs . (string built) . 7 DEs . DEs . DEs . DEs KS X ISO/IEC 7816 4 . 8 , . 9 , INS . 10 (MANAGE SECURITY ENVIRONMENT command) . KS X ISO/IEC 7816 8: 2007 5 SE SE (RESTORE)
13、SE SE SE (STORE) 11 . P1 P2 DOs . (9. ). 12 . KS X ISO 11694 4 VERIFY CHANGE REFERENCE DATE ENABLE VERIFICATION REQUIREMENT DISABLE VERIFICATION REQUIREMENT RESET RETRY COUNTER , . . . 13 . 14 INS . GET CHALLENGE possibly secret . KS X ISO/IEC 7816 8: 2007 6 IFD , IFD . A( ) CV , CV , CV . B( ) . KS
14、 X ISO/IEC 7816 8: 2007 7 KS X ISO/IEC 7816 8 : 2007 , . 1 KS X ISO/IEC 7816 IC . 2 . 3 . ( .) . (exportability) . . , . 4 . B C Reference numberISO/IEC 7816-8:1999(E)INTERNATIONALSTANDARDISO/IEC7816-8First edition1999-10-01Identification cards Integrated circuit(s)cards with contacts Part 8:Securit
15、y related interindustry commandsCartes didentification Cartes circuit(s) intgr(s) contacts Partie 8: Commandes intersectorielles de scuritISO/IEC 7816-8:1999(E) ISO/IEC 1999All rights reserved. Unless otherwise specified, no part of this publication may be reproducedor utilized in any form or by any
16、 means, electronic or mechanical, including photocopying andmicrofilm, without permission in writing from the publisher.ISO/IEC Copyright Office Case postale 56 CH-1211 Genve 20 SwitzerlandPrinted in SwitzerlandiiContents1 Scope 12 Normative references 13 Terms and definitions .24 Symbols (and abbre
17、viated terms) 25 Security environments 26 Extended headerlist DE.47 Security support 58 Secure messaging extensions .79 Command chaining .910 MANAGE SECURITY ENVIRONMENT command 911 PERFORM SECURITY OPERATION command .1112 Manage verification process.1513 GENERATE PUBLIC KEY PAIR command 1814 MUTUAL
18、 AUTHENTICATE function .1815 Tags defined in ISO/IEC 7816-8 19Annex A (informative) Structure and usage of certificates interpreted by the card.20Annex B (informative) Usage of digital signature relevant operations.22 ISO/IEC ISO/IEC 7816-8:1999(E)iiiForewordISO (the International Organization for S
19、tandardization) and IEC (the International Electrotechnical Commission)form the specialized system for worldwide standardization. National bodies that are members of ISO or IECparticipate in the development of International Standards through technical committees established by therespective organiza
20、tion to deal with particular fields of technical activity. ISO and IEC technical committeescollaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, inliaison with ISO and IEC, also take part in the work.In the field of information technology, IS
21、O and IEC have established a joint technical committee, ISO/IEC JTC 1.Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting.Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote.
22、International Standard ISO/IEC 7816-8 was prepared by Joint Technical Committee ISO/IEC JTC 1, Informationtechnology, Subcommittee SC 17, Identification cards and related devices.ISO/IEC 7816 consists of the following parts, under the general title Identification cards Integrated circuit(s) cardswit
23、h contacts:Part 1: Physical characteristicsPart 2: Dimensions and location of the contactsPart 3: Electronic signals and transmission protocolsPart 4: Interindustry commands for interchangePart 5: Numbering system and registration procedure for application identifiersPart 6: Interindustry data eleme
24、ntsPart 7: Interindustry commands for Structured Card Query Language (SCQL)Part 8: Security related interindustry commandsPart 9: Additional interindustry commands and security attributesPart 10: Electronic signals and answer to reset for synchronous cardsAnnexes A and B of this part of ISO/IEC 7816
25、 are for information only.ISO/IEC 7816-8:1999(E) ISO/IECivIntroductionThe International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) drawattention to the fact that it is claimed that compliance with this part of ISO/IEC 7816 may involve the use of a pate
26、ntconcerning smart cards and terminals given in the body of the text.The ISO and IEC take no position concerning the evidence, validity and scope of this patent right.The holder of this patent right has assured ISO and IEC that he is willing to negotiate licences under reasonableand non-discriminato
27、ry terms and conditions with applicants throughout the world. In this respect, the statement ofthe holder of this patent right is registered with ISO and IEC. Information may be obtained from:Director of Intellectual PropertyBULL CP8, S.A.68, route de VersaillesB.P. 4578431 Louveciennes CdexFranceAt
28、tention is drawn to the possibility that some of the elements of this part of ISO/IEC 7816 may be subject of patentrights other than those identified above. ISO and IEC shall not be held responsible for identifying any or all suchpatent rights.INTERNATIONAL STANDARD ISO/IEC ISO/IEC 7816-8:1999(E)1Id
29、entification cards -Integrated circuit(s) cards withcontacts - Part 8: Securityrelated interindustry1 ScopeThis part of ISO/IEC 7816 specifies:security protocols for use in cards;secure messaging extensions;the mapping of the security mechanisms on tothe cards security functions/services, includinga
30、 description of the in-card securitymechanisms;data elements for security support;the use of algorithms implemented on the card(though the algorithms themselves are notdescribed in detail);the use of certificates;security related commands.This part of ISO/IEC 7816 does not cover the internalimplemen
31、tation within the card and/or the outsideworld.The choice and conditions of use of cryptographicmechanisms may affect card exportability. Theevaluation of the suitability of algorithms andprotocols is outside the scope of this part of ISO/IEC7816.It shall not be mandatory for cards complying to this
32、part of ISO/IEC 7816 to support all the describedcommands or all the options of supportedcommands.2 Normative referencesThe following normative documents containprovisions which, through reference in this text,constitute provisions of this part of ISO/IEC 7816. Fordated references, subsequent amendments to, orrevisions of, any of these publications do not apply.However parties to agreements based on this part ofISO/IEC 7816 are encouraged to investigate thepossibility of applying the most recent edit