<!-- Edit EirGrabber 3.01 -->
<HTML>
<HEAD>
<TITLE>Smart Card Developer's Kit:Appendix B The ISO 7816-4 Command Set</TITLE>



<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="ewtoc.html">Table of Contents</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<H2 ALIGN="CENTER"><FONT COLOR="#000077"><I>PART IV<BR>APPENDIXES
</I></FONT></H2>
<DL>
<DT><B>Appendix A</B>
<DT>The ISO/IEC 7816-4 Command Set
<DT><B>Appendix B</B>
<DT>The Multiflex Command Set
</DL>
<H2><A NAME="Heading1"></A><FONT COLOR="#000077">APPENDIX A<BR>THE ISO 7816-4 COMMAND SET
</FONT></H2>
<P><BIG><BIG>T</BIG></BIG>he ISO 7816-4 standard defines a set of inter-industry commands that are meant to be included on smart cards. These commands are included in whole, or in part, on many smart cards available on the market today. This appendix gives an overview of the individual commands in this set, a summary of the status/error messages that may be returned, which command application protocol data unit (APDU) is sent to the APDU processor on a smart card, and, where feasible, an example APDU for this command.</P>
<H3><A NAME="Heading2"></A><FONT COLOR="#000077">APDU Structures</FONT></H3>
<P>The APDU structures in which these commands would be transported is reviewed in Chapter 4, &#147;Smart Card Commands.&#148; The constituent elements of the structures are
</P>
<DL>
<DD><B>&#149;</B>&nbsp;&nbsp;CLA&#151;The 1-byte designation of a family of commands.
<DD><B>&#149;</B>&nbsp;&nbsp;INS&#151;The 1-byte designation of a specific command in this family.
<DD><B>&#149;</B>&nbsp;&nbsp;P1&#151;A 1-byte parameter passed along as part of the <TT>[CLA,INS]</TT> command that elaborates on the exact meaning of the command; a command modifier.
<DD><B>&#149;</B>&nbsp;&nbsp;P2&#151;A 1-byte parameter passed along as part of the <TT>[CLA,INS]</TT> command that elaborates on the exact meaning of the command; a command modifier.
<DD><B>&#149;</B>&nbsp;&nbsp;Lc field&#151;a field that specifies the length of the data field (which follows). For essentially all existing cards, the size of this field is 1 byte, so it can define a data field length up to 256 bytes. However, it should be noted that a mechanism is defined within the ISO 7816-4 standard through which a card can define an extended address space which would allow longer fields to be specified. We will limit our discussion to the typical case where the Lc field is 1 byte in length.
<DD><B>&#149;</B>&nbsp;&nbsp;Data field&#151;a string of bytes whose length is specified by the Lc field. These bytes are conveyed via the APDU to the card&#146;s APDU processor.
<DD><B>&#149;</B>&nbsp;&nbsp;Le field&#151;a field that specifies the length of the body of the response APDU (to this command); this number of bytes is returned by the card&#146;s APDU processor on successful completion of the command. As with the Lc field, a card can define an extended addressing facility; however, we will limit our current review to 1 byte Le fields.
</DL>
<H3><A NAME="Heading3"></A><FONT COLOR="#000077">Security Status</FONT></H3>
<P>Access to files through the commands described in this appendix is limited by a requirement that the security status of the card satisfy the security attributes defined for the files being accessed. The security status of the card is typically established through the successful execution of commands defined in the section &#147;Security&#148; later in this appendix.
</P>
<P>Security attributes ascribed to a file can require the reader-side application component to present knowledge of a password (known by the card), providing knowledge of a key that&#146;s shared with the card, or through the use of secure messaging.</P>
<H3><A NAME="Heading4"></A><FONT COLOR="#000077">File System</FONT></H3>
<P>The file system commands comprise a set of commands through which a file system on the card can be accessed by a reader-side application. It is interesting to note that two file operations that you would typically find associated with a file system are not present within this family; that is, a file create command and a file delete command. Commands such as these are found on many smart cards (such as the Multiflex card); however, their semantics are not defined through the ISO 7816-4 Standard.
</P>
<H4 ALIGN="LEFT"><A NAME="Heading5"></A><FONT COLOR="#000077">Read Binary</FONT></H4>
<P><FONT SIZE="+1"><B>Description</B></FONT></P>
<P>This command causes a portion of the selected file to be read and passed back through the response message. The file segment to be read is specified through a byte offset from the beginning of the file and a byte count of the number of bytes to be read. This command uses a Case 2 APDU structure; that is, the APDU includes a complete header along with an Le field which specifies the number of bytes to be returned.
</P>
<P>When this command is executed, a <TT>Select File</TT> command will typically already have been issued to select the file to actually read. However, the <TT>Select File</TT> command may have pointed at a <TT>DF</TT>, which contains the <TT>EF</TT> to be read by this command. In that case, the <TT>P1</TT> parameter can be used to convey a short <TT>EF</TT> identifier (that is, a 5-bit value that uniquely specifies an <TT>EF</TT> within a <TT>DF</TT>).</P>
<TABLE WIDTH="100%"><CAPTION ALIGN=LEFT>Command Application Protocol Data Unit
<TR>
<TH ALIGN="LEFT">CLA
<TH ALIGN="LEFT">INS
<TH ALIGN="LEFT">Parameter 1
<TH ALIGN="LEFT">Parameter 2
<TH ALIGN="LEFT">Parameter 3
<TR>
<TD COLSPAN="5"><HR>
<TR>
<TD VALIGN="TOP">C0<SUB>16</SUB>
<TD VALIGN="TOP">B0<SUB>16</SUB>
<TD VALIGN="TOP">Short EF identifier
<TD>Offset of first byte read
<TD>Number of bytes to be read
<TR>
<TD COLSPAN="5"><HR>
</TABLE>
<P>
</P>
<TABLE WIDTH="100%"><TH WIDTH="23%" ALIGN="LEFT">Data Field 1
<TH WIDTH="77%" ALIGN="LEFT">Data Field 2
<TR>
<TD COLSPAN="2"><HR>
<TR>
<TD>N/A
<TD>N/A
<TR>
<TD COLSPAN="2"><HR>
</TABLE>
<P>
</P>
<TABLE WIDTH="100%"><CAPTION ALIGN=LEFT>Response Application Protocol Data Unit
<TR>
<TH WIDTH="100%" ALIGN="LEFT">Response
<TR>
<TD><HR>
<TR>
<TD>The number of bytes that were requested to be read, followed by the 2-byte status
<TR>
<TD><HR>
</TABLE>
<P>
</P>
<TABLE WIDTH="100%"><CAPTION ALIGN=LEFT>Example of Use
<TR>
<TH WIDTH="40%" ALIGN="LEFT">APDU
<TH WIDTH="60%" ALIGN="LEFT">Interpretation
<TR>
<TD COLSPAN="2"><HR>
<TR>
<TD VALIGN="TOP">C0<SUB>16</SUB> B0<SUB>16</SUB> 00<SUB>16</SUB> 00<SUB>16</SUB> 10<SUB>16</SUB>
<TD>Read 16 bytes from the currently selected transparent file starting with the first byte in the file
<TR>
<TD COLSPAN="2"><HR>
</TABLE>
<P>
</P>
<TABLE WIDTH="100%"><CAPTION ALIGN=LEFT>Error Codes (As Specified by ISO/IEC 7816-4: 1995(E))
<TR>
<TH WIDTH="20%" ALIGN="LEFT">Status
<TH WIDTH="30%" ALIGN="LEFT">Meaning
<TH WIDTH="20%" ALIGN="LEFT">Status
<TH WIDTH="30%" ALIGN="LEFT">Meaning
<TR>
<TD COLSPAN="4"><HR>
<TR>
<TD>6281<SUB>16</SUB>
<TD>Return data error
<TD>6282<SUB>16</SUB>
<TD>Premature EOF
<TR>
<TD>6700<SUB>16</SUB>
<TD>Incorrect field
<TD>6981<SUB>16</SUB>
<TD>Bad command
<TR>
<TD>6982<SUB>16</SUB>
<TD>Invalid security status
<TD>6986<SUB>16</SUB>
<TD>EF not selected
<TR>
<TD>6A81<SUB>16</SUB>
<TD>Invalid function
<TD>6A82<SUB>16</SUB>
<TD>File missing
<TR>
<TD>6B00<SUB>16</SUB>
<TD>Invalid parameters
<TD>6CXX<SUB>16</SUB>
<TD>Incorrect Le field
<TR>
<TD COLSPAN="4"><HR>
</TABLE>
<H4 ALIGN="LEFT"><A NAME="Heading6"></A><FONT COLOR="#000077">Write Binary</FONT></H4>
<P><FONT SIZE="+1"><B>Description</B></FONT></P>
<P>This command provides for setting the values of specified bytes of the selected file. Depending on the file&#146;s attributes, the write operation may result in ANDing or ORing the bytes specified in the command with the values already in the file.
</P>
<TABLE WIDTH="100%"><CAPTION ALIGN=LEFT>Command Application Protocol Data Unit
<TR>
<TH WIDTH="10%" ALIGN="LEFT">CLA
<TH WIDTH="10%" ALIGN="LEFT">INS
<TH WIDTH="26%" ALIGN="LEFT">Parameter 1
<TH WIDTH="25%" ALIGN="LEFT">Parameter 2
<TH WIDTH="29%" ALIGN="LEFT">Parameter 3
<TR>
<TD COLSPAN="5"><HR>
<TR>
<TD VALIGN="TOP">C0<SUB>16</SUB>
<TD VALIGN="TOP">D0<SUB>16</SUB>
<TD VALIGN="TOP">Short EF identifier
<TD>Offset of first byte written
<TD>Number of bytes to be written
<TR>
<TD COLSPAN="5"><HR>
</TABLE>
<P>
</P>
<TABLE WIDTH="100%"><TR>
<TH WIDTH="45%" ALIGN="LEFT">Data Field 1
<TH WIDTH="55%" ALIGN="LEFT">Data Field 2
<TR>
<TD COLSPAN="2"><HR>
<TR>
<TD>String of bytes to be written
<TD>Empty
<TR>
<TD COLSPAN="2"><HR>
</TABLE>
<P>
</P>
<TABLE WIDTH="100%"><CAPTION ALIGN=LEFT>Response Application Protocol Data Unit
<TR>
<TH WIDTH="100%" ALIGN="LEFT">Response
<TR>
<TD><HR>
<TR>
<TD>2-byte status
<TR>
<TD><HR>
</TABLE>
<P>
</P>
<TABLE WIDTH="100%"><CAPTION ALIGN=LEFT>Example of Use
<TR>
<TH WIDTH="45%" ALIGN="LEFT">APDU
<TH WIDTH="55%" ALIGN="LEFT">Interpretation
<TR>
<TD COLSPAN="2"><HR>
<TR>
<TD VALIGN="TOP">C0<SUB>16</SUB> D0<SUB>16</SUB> 01<SUB>16</SUB> 01<SUB>16</SUB> 01<SUB>16 </SUB>FF<SUB>16</SUB>
<TD>Select EF file 1 (by short identifier) within the currently selected DF, and then write all 1s in the second byte of the file, assuming that file attributes are correct
<TR>
<TD COLSPAN="2"><HR>
</TABLE>
<P>
</P>
<TABLE WIDTH="100%"><CAPTION ALIGN=LEFT>Error Codes (As Specified by ISO/IEC 7816-4: 1995(E))
<TR>
<TH WIDTH="20%" ALIGN="LEFT">Status
<TH WIDTH="30%" ALIGN="LEFT">Meaning
<TH WIDTH="20%" ALIGN="LEFT">Status
<TH WIDTH="30%" ALIGN="LEFT">Meaning
<TR>
<TD COLSPAN="4"><HR>
<TR>
<TD>63CX<SUB>16</SUB>
<TD>Success with retries
<TD>6581<SUB>16</SUB>
<TD>Invalid write
<TR>
<TD>6700<SUB>16</SUB>
<TD>Invalid Le field
<TD>6981<SUB>16</SUB>
<TD>Bad command
<TR>
<TD>6982<SUB>16</SUB>
<TD>Invalid security status
<TD>6986<SUB>16</SUB>
<TD>EF not selected
<TR>
<TD>6A81<SUB>16</SUB>
<TD>Invalid function
<TD>6A82<SUB>16</SUB>
<TD>File missing
<TR>
<TD>6B00<SUB>16</SUB>
<TD>Invalid parameters
<TD>&nbsp;
<TD>&nbsp;
<TR>
<TD COLSPAN="4"><HR>
</TABLE>
<H4 ALIGN="LEFT"><A NAME="Heading7"></A><FONT COLOR="#000077">Update Binary</FONT></H4>
<P><FONT SIZE="+1"><B>Description</B></FONT></P>
<P>This command provides for setting the values of specified bytes of the selected file. This command functions essentially like a file <TT>write</TT> command. The resulting values of the file are those indicated in the command.</P>
<TABLE WIDTH="100%"><CAPTION ALIGN=LEFT>Command Application Protocol Data Unit
<TR>
<TH WIDTH="10%" ALIGN="LEFT">CLA
<TH WIDTH="15%" ALIGN="LEFT">INS
<TH WIDTH="25%" ALIGN="LEFT">Parameter 1
<TH WIDTH="25%" ALIGN="LEFT">Parameter 2
<TH WIDTH="25%" ALIGN="LEFT">Parameter 3
<TR>
<TD COLSPAN="5"><HR>
<TR>
<TD>C0<SUB>16</SUB>
<TD>D6<SUB>16</SUB>
<TD>Short EF identifier
<TD>Offset of first byte written
<TD>Number of bytes to be written
<TR>
<TD COLSPAN="5"><HR>
</TABLE>
<P>
</P>
<TABLE WIDTH="100%"><TR>
<TH WIDTH="35%" ALIGN="LEFT">Data Field 1
<TH WIDTH="65%" ALIGN="LEFT">Data Field 2
<TR>
<TD COLSPAN="2"><HR>
<TR>
<TD>Byte string to be written
<TD>Empty
<TR>
<TD COLSPAN="2"><HR>
</TABLE>
<P>
</P>
<TABLE WIDTH="100%"><CAPTION ALIGN=LEFT>Response Application Protocol Data Unit
<TR>
<TH ALIGN="LEFT" WIDTH="100%">Response
<TR>
<TD><HR>
<TR>
<TD>2-byte status
<TR>
<TD><HR>
</TABLE>
<P>
</P>
<TABLE WIDTH="100%"><CAPTION ALIGN=LEFT>Example of Use
<TR>
<TH WIDTH="45%" ALIGN="LEFT">APDU
<TH WIDTH="55%" ALIGN="LEFT">Interpretation
<TR>
<TD COLSPAN="2"><HR>
<TR>
<TD VALIGN="TOP">C0<SUB>16</SUB> D6<SUB>16</SUB> 01<SUB>16</SUB> 01<SUB>16</SUB> 01<SUB>16 </SUB>FF<SUB>16</SUB>
<TD>Select EF file 1 (by short identifier) within the currently selected DF, and then write all 1s in the second byte of the file
<TR>
<TD COLSPAN="2"><HR>
</TABLE>
<P>
</P>
<TABLE WIDTH="100%"><CAPTION ALIGN=LEFT>Error Codes (As Specified by ISO/IEC 7816-4: 1995(E))
<TR>
<TH WIDTH="20%" ALIGN="LEFT">Status
<TH WIDTH="30%" ALIGN="LEFT">Meaning
<TH WIDTH="20%" ALIGN="LEFT">Status
<TH WIDTH="30%" ALIGN="LEFT">Meaning
<TR>
<TD COLSPAN="4"><HR>
<TR>
<TD>63CX<SUB>16</SUB>
<TD>Success with retries
<TD>6581<SUB>16</SUB>
<TD>Invalid write
<TR>
<TD>6700<SUB>16</SUB>
<TD>Incorrect Le field
<TD>6981<SUB>16</SUB>
<TD>Bad command
<TR>
<TD>6982<SUB>16</SUB>
<TD>Invalid security status
<TD>6986<SUB>16</SUB>
<TD>EF not selected
<TR>
<TD>6A81<SUB>16</SUB>
<TD>Invalid function
<TD>6A82<SUB>16</SUB>
<TD>File missing
<TR>
<TD>6B00<SUB>16</SUB>
<TD>Invalid parameters
<TD>&nbsp;
<TD>&nbsp;
<TR>
<TD COLSPAN="4"><HR>
</TABLE>
<H4 ALIGN="LEFT"><A NAME="Heading8"></A><FONT COLOR="#000077">Erase Binary</FONT></H4>
<P><FONT SIZE="+1"><B>Description</B></FONT></P>
<P>This command results in the setting of specified bytes of the selected file to a logical erased state. In general, this state is equivalent to a <TT>0</TT> value. The command works by spacing across the offset number of bytes and starting to erase. It then terminates on the byte specified by the parameters, or at the end of the file. So, it&#146;s possible to erase a segment of bytes within a file if that is desired.</P>
<TABLE WIDTH="100%"><CAPTION ALIGN=LEFT>Command Application Protocol Data Unit
<TR>
<TH WIDTH="10%" ALIGN="LEFT">CLA
<TH WIDTH="10%" ALIGN="LEFT">INS
<TH WIDTH="26%" ALIGN="LEFT">Parameter 1
<TH WIDTH="25%" ALIGN="LEFT">Parameter 2
<TH WIDTH="29%" ALIGN="LEFT">Parameter 3
<TR>
<TD COLSPAN="5"><HR>
<TR>
<TD VALIGN="TOP">C0<SUB>16</SUB>
<TD VALIGN="TOP">0E<SUB>16</SUB>
<TD VALIGN="TOP">Short EF identifier
<TD VALIGN="TOP">Offset of first byte erased
<TD>If not zero this is length of data field 1
<TR>
<TD COLSPAN="5"><HR>
</TABLE>
<P>
</P>
<TABLE WIDTH="100%"><TR>
<TH WIDTH="60%" ALIGN="LEFT">Data Field 1
<TH WIDTH="40%" ALIGN="LEFT">Data Field 2
<TR>
<TD COLSPAN="2"><HR>
<TR>
<TD>If present, this is the offset of the first byte not erased; this offset must be greater than the offset in parameter 2
<TD VALIGN="TOP">Empty
<TR>
<TD COLSPAN="2"><HR>
</TABLE>
<P>
</P>
<TABLE WIDTH="100%"><CAPTION ALIGN=LEFT>Response Application Protocol Data Unit
<TR>
<TH WIDTH="100%" ALIGN="LEFT">Response
<TR>
<TD><HR>
<TR>
<TD>2-byte status
<TR>
<TD><HR>
</TABLE>
<P>
</P>
<TABLE WIDTH="100%"><CAPTION ALIGN=LEFT>Example of Use
<TR>
<TH WIDTH="45%" ALIGN="LEFT">APDU
<TH WIDTH="55%" ALIGN="LEFT">Interpretation
<TR>
<TD COLSPAN="2"><HR>
<TR>
<TD VALIGN="TOP">C0<SUB>16</SUB> 0E<SUB>16</SUB> 01<SUB>16</SUB> 01<SUB>16</SUB> 01<SUB>16 </SUB>06<SUB>16</SUB>
<TD>Select EF file 1 (by short identifier) within the currently selected DF, and then erase the second byte of the file through the sixth byte of the file
<TR>
<TD COLSPAN="2"><HR>
</TABLE>
<P>
</P>
<TABLE WIDTH="100%"><CAPTION ALIGN=LEFT>Error Codes (As Specified by ISO/IEC 7816-4: 1995(E))
<TR>
<TH WIDTH="20%" ALIGN="LEFT">Status
<TH WIDTH="30%" ALIGN="LEFT">Meaning
<TH WIDTH="20%" ALIGN="LEFT">Status
<TH WIDTH="30%" ALIGN="LEFT">Meaning
<TR>
<TD COLSPAN="4"><HR>
<TR>
<TD>63CX<SUB>16</SUB>
<TD>Success with retries
<TD>6581<SUB>16</SUB>
<TD>Invalid write
<TR>
<TD>6700<SUB>16</SUB>
<TD>Incorrect Le field
<TD>6981<SUB>16</SUB>
<TD>Bad command
<TR>
<TD>6982<SUB>16</SUB>
<TD>Invalid security status
<TD>6986<SUB>16</SUB>
<TD>EF not selected
<TR>
<TD>6A81<SUB>16</SUB>
<TD>Invalid function
<TD>6A82<SUB>16</SUB>
<TD>File missing
<TR>
<TD>6B00<SUB>16</SUB>