Smart card application protocol data unit

Last updated

In the context of smart cards, an application protocol data unit (APDU) is the communication unit between a smart card reader and a smart card. The structure of the APDU is defined by ISO/IEC 7816-4 Organization, security and commands for interchange. [1]

Contents

APDU message command-response pair

There are two categories of APDUs: command APDUs and response APDUs. A command APDU is sent by the reader to the card it contains a mandatory 4-byte header (CLA, INS, P1, P2) [2] and from 0 to 65 535 bytes of data. A response APDU is sent by the card to the reader it contains from 0 to 65 536 bytes of data, and 2 mandatory status bytes (SW1, SW2).

Command APDU
Field nameLength (bytes)Description
CLA1Instruction class - indicates the type of command, e.g., interindustry or proprietary
INS1Instruction code - indicates the specific command, e.g., "select", "write data"
P1-P22Instruction parameters for the command, e.g., offset into file at which to write the data
Lc0, 1 or 3Encodes the number (Nc) of bytes of command data to follow

0 bytes denotes Nc=0
1 byte with a value from 1 to 255 denotes Nc with the same length
3 bytes, the first of which must be 0, denotes Nc in the range 1 to 65 535 (all three bytes may not be zero)

Command dataNcNc bytes of data
Le0, 1, 2 or 3Encodes the maximum number (Ne) of response bytes expected

0 bytes denotes Ne=0
1 byte in the range 1 to 255 denotes that value of Ne, or 0 denotes Ne=256
2 bytes (if extended Lc was present in the command) in the range 1 to 65 535 denotes Ne of that value, or two zero bytes denotes 65 536
3 bytes (if Lc was not present in the command), the first of which must be 0, denote Ne in the same way as two-byte Le

Response APDU
Response dataNr (at most Ne)Response data
SW1-SW2
(Response trailer)
2Command processing status, e.g., 90 00 (hexadecimal) indicates success [2]

Related Research Articles

In telecommunication, a longitudinal redundancy check (LRC), or horizontal redundancy check, is a form of redundancy check that is applied independently to each of a parallel group of bit streams. The data must be divided into transmission blocks, to which the additional check data is added.

<span class="mw-page-title-main">Smart card</span> Pocket-sized card with authentication circuitry

A smart card (SC), chip card, or integrated circuit card, is a card used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) chip. Many smart cards include a pattern of metal contacts to electrically connect to the internal chip. Others are contactless, and some are both. Smart cards can provide personal identification, authentication, data storage, and application processing. Applications include identification, financial, public transit, computer security, schools, and healthcare. Smart cards may provide strong security authentication for single sign-on (SSO) within organizations. Numerous nations have deployed smart cards throughout their populations.

ISO/IEC 7816 is an international standard related to electronic identification cards with contacts, especially smart cards, and more recently, contactless mobile devices, managed jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

High-Level Data Link Control (HDLC) is a communication protocol used for transmitting data between devices in telecommunication and networking. Developed by the International Organization for Standardization (ISO), it is defined in the standard ISO/IEC 13239:2002.

<span class="mw-page-title-main">ISO/IEC 7810</span> Standard for ID cards

ISO/IEC 7810Identification cards — Physical characteristics is an international standard that defines the physical characteristics for identification cards.

ISO/IEC 14443Identification cards -- Contactless integrated circuit cards -- Proximity cards is an international standard that defines proximity cards used for identification, and the transmission protocols for communicating with it.

<span class="mw-page-title-main">Proximity card</span> Contactless smart card

A proximity card or prox card also known as a key card or keycard is a contactless smart card which can be read without inserting it into a reader device, as required by earlier magnetic stripe cards such as credit cards and contact type smart cards. The proximity cards are part of the contactless card technologies. Held near an electronic reader for a moment they enable the identification of an encoded number. The reader usually produces a beep or other sound to indicate the card has been read.

<span class="mw-page-title-main">EMV</span> Smart payment card standard

EMV is a payment method based on a technical standard for smart payment cards and for payment terminals and automated teller machines which can accept them. EMV stands for "Europay, Mastercard, and Visa", the three companies that created the standard.

<span class="mw-page-title-main">MIFARE</span> Brand of smart and proximity cards

MIFARE is a series of integrated circuit (IC) chips used in contactless smart cards and proximity cards.

ISO/IEC 15693, is an ISO/IEC standard for vicinity cards, i.e. cards which can be read from a greater distance as compared with proximity cards. Such cards can normally be read out by a reader without being powered themselves, as the reader will supply the necessary power to the card over the air (wireless).

Java Card OpenPlatform (JCOP) is a smart card operating system for the Java Card platform developed by IBM Zürich Research Laboratory. On 31 January 2006 the development and support responsibilities transferred to the IBM Smart Card Technology team in Böblingen, Germany. Since July 2007 support and development activities for the JCOP operating system on NXP / Philips silicon are serviced by NXP Semiconductors.

A card reader is a data input device that reads data from a card-shaped storage medium and provides the data to a computer. Card readers can acquire data from a card via a number of methods, including: optical scanning of printed text or barcodes or holes on punched cards, electrical signals from connections made or interrupted by a card's punched holes or embedded circuitry, or electronic devices that can read plastic cards embedded with either a magnetic strip, computer chip, RFID chip, or another storage medium.

A contactless smart card is a contactless credential whose dimensions are credit card size. Its embedded integrated circuits can store data and communicate with a terminal via NFC. Commonplace uses include transit tickets, bank cards and passports.

A datacard is an electronic card for data operations.

Calypso is an international electronic ticketing standard for microprocessor contactless smart cards, originally designed by a group of transit operators from 11 countries including Belgium, Canada, France, Germany, Italy, Latvia, México, Portugal and others. It ensures multi-sources of compatible products, and allows for interoperability between several transport operators in the same area.

<span class="mw-page-title-main">OpenPGP card</span> Type of cryptographic smart card

In cryptography, the OpenPGP card is an ISO/IEC 7816-4, -8 compatible smart card that is integrated with many OpenPGP functions. Using this smart card, various cryptographic tasks can be performed. It allows secure storage of secret key material; all versions of the protocol state, "Private keys and passwords cannot be read from the card with any command or function." However, new key pairs may be loaded onto the card at any time, overwriting the existing ones.

An Answer To Reset (ATR) is a message output by a contact Smart Card conforming to ISO/IEC 7816 standards, following electrical reset of the card's chip by a card reader. The ATR conveys information about the communication parameters proposed by the card, and the card's nature and state.

ISO/IEC 18000-3 is an international standard for passive RFID item level identification and describes the parameters for air interface communications at 13.56 MHz. The target markets for MODE 2 are in tagging systems for manufacturing, logistics, retail, transport and airline baggage. MODE 2 is especially suitable for high speed bulk conveyor fed applications.

CCID protocol is a USB protocol that allows a smartcard to be connected to a computer via a card reader using a standard USB interface, without the need for each manufacturer of smartcards to provide its own reader or protocol. This allows the smartcard to be used as a security token for authentication and data encryption, such as that used in BitLocker. Chip card interface devices come in a variety of forms. The smallest CCID form is a standard USB dongle and may contain a SIM card or Secure Digital card inside the USB dongle. Another popular interface is a USB smart card reader keyboard, which in addition to being a standard USB keyboard, has an built-in slot for accepting a smartcard. However, not all CCID compliant devices accept removable smartcards, for example, select Yubikey hardware authentication devices support CCID, where they play the role of both the card reader and the smartcard itself.

<span class="mw-page-title-main">Identity Document (Uruguay)</span>

The Identification Document, also known as Cédula de identidad, is the compulsory Uruguayan identity document, issued by the Ministry of the Interior through the National Directorate of Civil Identification (DNIC).

References

  1. ISO/IEC JTC 1/SC 17 (2005). "ISO/IEC 7816-4". International Organization for Standardization.{{cite web}}: CS1 maint: numeric names: authors list (link)
  2. 1 2 Celer, Victor (2021-12-25). "Using the SIMcard as a Security Module (HSM)". CelerSMS. 1 (2): 13–17. ISSN   2745-2336. OCLC   1295467772.

See also