ISO/IEC is intended to be used in any sector of activity. It specifies: a ) contents of command-response pairs exchanged at the interface,. b) means of. ISO , Section 5 contains basic organizations, data structures, file organization, file referencing methods, data referencing methods, This part of ISO/IEC supports the following two categories of files: . 0 — x x x — — —, File type. ISO/IEC (): “Information technology – Identification cards; Integrated circuit(s) cards . and one or more SC bytes as defined in ISO/IEC [4].

Author: Mole Akitilar
Country: Oman
Language: English (Spanish)
Genre: Business
Published (Last): 17 June 2008
Pages: 493
PDF File Size: 6.34 Mb
ePub File Size: 4.83 Mb
ISBN: 392-7-17476-997-3
Downloads: 81229
Price: Free* [*Free Regsitration Required]
Uploader: Tazahn

By the relevant security mechanisms, with the selected security items, the card shall produce all the requested security mechanism data objects.

Created inupdated in Created inupdated inamended in By using this site, you agree to the Terms of Use and Privacy Policy. An annex is provided that shows how to control the loading of data secure download into the card, by means of verifying the access rights of the loading entity and protection of the transmitted data with secure messaging. The DF at the root is called the master file MF. However, logical channels may share application-dependent security status and therefore may have security-related command interdependencies across logical channels e.

ISO/IEC – Wikipedia

It gives the identifier, name, description, format, coding and layout of each DE and defines the means of retrieval of DEs from the card. The FCI template is intended for conveying file control parameters and file management data. Cards with contacts — Dimensions and location of the contacts”. Transparent structure — The EF is seen at the interface as a sequence of data units. Consequently, the body consists of the Le field. The following structures of EFs are defined: According to its filetpye, it specifies interindustry commands for integrated circuit cards both with contacts and without contacts for card and file management, e.

This clause describes the following features: Size of 7861 records: According to its abstract, it specifies the Data Elements DEs used for interindustry interchange based iao integrated circuit cards ICCs both with contacts and without contacts. It codes no class and no construction-type. If the response descriptor provides auxiliary data, then the respective data object shall be empty in the response.


In order to select unambiguously by DF name e. In filetupe to the cryptogram mechanism, data confidentiality can be achieved by data concealment. If L in not null, then the value field V consists of consecutive bytes.

Consequently, the body is empty. NOTES An EF of record structure may support data unit referencing and in case it does, data units may contain structural information along with data, e. If L is not null, then the value field V consists of L consecutive bytes.

F I G U R E 2

ISO standards by standard number. Security attibutes may be associated with each file and fix the security conditions that shall be satisfied to allow operations on the file. Annexes are provided that give examples of operations related to digital signatures, certificates and the import and export of asymmetric keys.

Referencing by path — Any file may be referenced by a path concatentation of file identifiers. Therefore the first record record number one, 1 is ie first created record. When padding is applied but not indicated the rules defined in 1. Registration of application providers”.

The following attributes are defined ieec EFs structured in records: Created inupdated inamended inupdated in Within each EF of cyclic structure, the logical positions shall be sequentially assigned in the opposite order, i. Command-specific status — It only exists during the execution of a command involving authentication using secure messaging see 1.

The use of a block cipher may involve padding. When the Le field 781 only zeros, the maximum number of available data bytes is requested. The splitting into data blocks shall be performed in the following way. Figure 4 shows the 4 structures of command APDUs according to the 4 cases defined in table 4. The current output results from the current input.

In the absence of an algorithm reference and when no mechanism is implicitly selected for confidentiality a default mechanism shall apply. Each non TLV-coded data field shall consist of one or more data elements, according to the specifications of the respective command. If no file reference is present, then the key reference is valid in the current DF.


In the card capabilities see 8. That is, command interdependencies on one logical channel shall be independent of command interdependencies on another logical channel.

In each message involving security mechanisms based on cryptography, the data field shall comply with the basic encoding rules of ASN.

Each time a reference is made with a record identifier, an indication shall specify the logical position of the target record the first or last occurrence, the next or previous occurrence relative to the record pointer:. Cards with contacts — Physical characteristics”.

ISO part 4 section 5 APDU level data structures

Retrieved 19 April Alternately, using internal data, either secret or public, the card computes a cryptogram and inserts it in a data field, possibly together with other data.

Concealment thus requires no padding and the data objects concealed in the value field are recovered by the same operation. Within an EF of record structure, records may have the same record identifier, in which case data contained in the records may be used for discriminating between them. The result of an authentication may be logged in an internal EF according to the requirements of the application.

The following additional rule is defined for linear structures and for cyclic structures: When there is a current record, the next occurrence shall be the closest record with the specified identifier but in a filetypr logical position than the current record.

If an empty reference data object for auxiliary data is present in the response descriptor, then it shall be full in the response.