Die
Smart Card Tables sind eine Sammlung von interessanten Daten in
Tabellenform rund um Chipkarten. Die Smart Card Tables waren
ursprünglich Teil des Handbuchs der Chipkarten.
In der 5. deutschen Auflage entschloß ich mich jedoch diese Tabellen
auf meiner Homepage unterzubringen, da man auf einer Webseite viel
einfacher suchen kann und auch leicht aktualisiert werden können.
The
Smart Card Tables are a collection of interesting data in tabular form
around smart cards. The Smart Card Tables were originally part of the Smart Card Handbook.
In the 5th German edition, I decided, however, these tables to
accommodate at my homepage, because such information on a website is
much easier to find and easier to update.
Inhalt der Smart Card Tables / Content of the Smart Card Tables:
- Registered Application Identifier (RID) and Application Identifier (AID)
- Table of the most important Smart Card Commands
- Input/Output Parameters of important Smart Card Commands
- Table of the most important Smart Card Return Codes
Registered Application Identifier (RID) and Application Identifier (AID)
Der
5 bis 16 Byte lange AID (application identifier) ist ein eindeutiges
Kennzeichen für eine Anwendung auf einer Chipkarte und in der ISO/IEC
7816-5 definiert. Ein Teil des AID (der RID) kann national oder
international registriert werden und ist dann für die registrierte
Anwendung reserviert und weltweit eindeutig. Der AID setzt sich selber
wiederum aus zwei Datenelementen zusammen. Das erste Datenelement ist
der Registered Application Identifier (RID) mit einer festen Länge von
5 Byte. Er wird entweder von einer nationalen oder internationalen
Registrierungsstelle vergeben und beinhaltet einen Ländercode, eine
Anwendungskategorie und eine Nummer für den Anwendungsanbieter. Dieser
Zahlencode führt zu einer nur ein einziges Mal vergebenen RID, die
weltweit zur Identifizierung einer bestimmten Anwendung benutzt werden
kann. Falls es notwendig ist, kann der Anwendungsanbieter der RID eine
Proprietary Application Identifier Extension (PIX) nachstellen, die der
optionale zweite Teil des AID ist. Die bis zu 11 Byte lange PIX kann
zum Beispiel eine Serien- und Versionsnummer sein und damit zur
Verwaltung der Anwendung benutzt werden.
Manche Chipkarten haben unter dem MF ein EF.DIR mit der FID '2F00'. Dieses EF besitzt die Struktur linear fixed und besteht aus mindestens einem Record. Jeder Record ist wiederum ein constructed Datenobjekt, das Informationen über eine bestimmte Anwendung auf der Chipkarte enthält. Typischerweise sind dies die AID und eine textuelle Bezeichnung der jeweiligen Anwendung. Das EFDIR kann auch noch weitere Daten wie beispielsweise den Pfad zur Anwendung enthalten. Der Zweck des EFDIR ist es, einem Terminal die auf der Chipkarte befindlichen Anwendungen in einem standardisierten Format anzuzeigen.
The
5 to 16 bytes long AID (application identifier) is a unique number for
an application on a smart card. It is defined in the ISO/IEC 7816-5. A
portion of the AID (the RID) can be nationally or internationally
registered. The AID is in turn itself from two data elements. The first
data element is the Registered Application Identifier (RID) with a
fixed length of 5 bytes. It is either a national or international
registration body awarded and includes a country code, an application
category and a number for the application provider. This numerical code
leads to only one RID allocated time in the world to identify a
particular application. If it is necessary, the application provider
can add to the RID the optional Proprietary Application Identifier
Extension (PIX). The up to 11 bytes long PIX can be, for example, a
serial and version number in order to manage the application used.
Some smart cards have direct under the MF EF.DIR (directory) with the FID '2F00'. This EF hava a linear fixed file structure and consists of at least one record. Each record is a constructed data object, with information about a specific application on the smart card. Typically, these information consist of the AID and a textual description of the application. The record in the EF.DIR can have also include further data such as the path to the application. The purpose of the EF.DIR to give the terminal information a standardized format about applications on the card.
| Registered Application Identifier (RID) | Proprietary Application Identifier Extension (PIX) | Description |
|---|---|---|
| 'A' || ... | international registration | --- |
| 'D' || XXX | national registration, 3 digit county code in line with ISO 3166 | coding in line with ISO 3166 ‘276’: Germany |
| 'A0 00 00 00 63' | '50 4B 43 53 2D 31 35' | ID-card in Finland |
| 'A0 00 00 00 63' | '50 4B 43 53 2D 31 35' = "PKCS-15" | PKCS #15 |
| 'A0 00 00 00 63' | '57 41 50 2D 57 49 4D' = "WAP-WIM" | WIM |
| 'A0 00 00 00 87' | specific to card issuer | RID of 3GPP (UICC, USIM, USAT) |
| ‘A0 00 00 02 47’ | ‘1001’: issuer stored data application ‘2001’: application for hashes, digital signature, and certificate The last three digits of the PIX shall be used to denote future version levels. |
machine readable travel documents (MRTD) |
| 'D2 76 00 00 05' | specific | Giesecke & Devrient |
| 'D2 76 00 01 18' | specific | Giesecke & Devrient Java Card Telecommunikation |
| 'D2 76 00 00 25' | '45 50 01 00' | Girocard (Geldkarte) in Germany |
| 'D2 76 00 00 60 | specific | Wolfgang Rankl |
Table of the most important Smart Card Commands
The following table list the most important smart card commands with a short explanation of the function. The following standards were considered: ISO/IEC 7816, EMV, TS 51.011, TS 51.014, TS 31.111, TS 102.221, TS 102.222, TS 102.223, GP (global platform) and EN 1546.
| Command | Function | Instruction (INS) | Standard |
|---|---|---|---|
| ACTIVATE FILE | Reversibly unblock a file. | ‘44’ | ISO/IEC 7816-9 |
| APPEND RECORD | Insert a new record in a file with a linear fixed structure. | ‘E2’ | ISO/IEC 7816-4 |
| APPLICATION BLOCK | Reversibly block an application. | ‘1E’ | EMV |
| APPLICATION UNBLOCK | Unblock an application. | ‘18’ | EMV |
| ASK RANDOM | Request a random number from the smart card. | ‘84’ | EN 726-3 |
| CHANGE CHV | Change the PIN. | ‘24’ | TS 51.011 |
| CHANGE REFERENCE DATA | Change the data used for user identification (e.g., a PIN). | ‘24’ | ISO/IEC 7816-8 |
| CLOSE APPLICATION | Reset all attained access condition levels. | ‘AC’ | EN 726-3 |
| CONVERT IEP CURRENCY | Convert currency. | ‘56’ | EN 1546-3 |
| CREATE FILE | Create a new file. | ‘E0’ | ISO/IEC 7816-9 |
| CREATE RECORD | Create a new record in a record-oriented file. | ‘E2’ | EN 726-3 |
| CREDIT IEP | Load the purse (IEP). | ‘52’ | EN 1546-3 |
| CREDIT PSAM | Pay from IEP to the PSAM. | ‘72’ | EN 1546-3 |
| DEACTIVATE FILE | Reversibly block a file. | ‘04’ | ISO/IEC 7816-9 |
| DEBIT IEP | Pay from the purse | ‘54’ | EN 1546- |
| DECREASE | Reduce the value of a counter in a file. | ‘30’ | EN 726-3 |
| DECREASE STAMPED | Reduce the value of a counter in a file that is protected using a cryptographic checksum. | ‘34’ | EN 726-3 |
| DELETE | Delete a uniquely identifiable object (such as a load file, application or key). | ‘E4’ | OP |
| DELETE FILE | Delete a file. | ‘E4’ | ISO/IEC 7816-9 |
| DISABLE CHV | Disable PIN queries. | ‘26’ | TS 51.011 |
| DISABLE VERIFICATION REQUIREMENT | Disable user identification (e.g., PIN queries). | ‘26’ | ISO/IEC 7816-8 |
| ENABLE CHV | Enable PIN queries. | ‘28’ | TS 51.011, EN 726-3 |
| ENABLE VERIFICATION REQUIREMENT | Enable user identification (e.g., PIN queries). | ‘28’ | ISO/IEC 7816-8 |
| ENVELOPE | Embed a command in a smart card command. | ‘C2’ | EN 726-3, ISO/IEC 7816-4 |
| ERASE BINARY | Set the content of a file with a transparent structure to the erased state. | ‘0E’ | ISO/IEC 7816-4 |
| EXECUTE | Execute a file. | ‘AE’ | EN 726-3 |
| EXTEND | Extend a file. | ‘D4’ | EN 726-3 |
| EXTERNAL AUTHENTICATE | Authenticate the outside world with respect to the smart card. | ‘82’ | ISO/IEC 7816-4 |
| GENERATE AUTHORISATION CRYPTOGRAM | Generate a signature for a payment transaction. | ‘AE’ | EMV |
| GENERATE PUBLIC KEY PAIR | Generate a key pair for an asymmetric cryptographic algorithm. | ‘46’ | ISO/IEC 7816-8 |
| GET CHALLENGE | Request a random number from the smart card. | ‘84’ | ISO/IEC 7816-4 |
| GET DATA | Read TLV-coded data objects. | ‘CA’ | ISO/IEC 7816-4 |
| GET PREVIOUS IEP SIGNATURE | Repeat the computation and output of the last signature received IEP. | ‘5A’ | EN 1546-3 |
| GET PREVIOUS PSAM SIGNATURE | Repeat the computation and output of the last signature received from the PSAM. | ‘86’ | EN 1546-3 |
| GET RESPONSE | Request data from the smart card (used with the T = 0 transmission protocol). | ‘C0’ | TS 51.011 |
| GET STATUS | Read the life-cycle state information of the card manager, application and load file. | ‘F2’ | ISO/IEC 7816-4, OP |
| GIVE RANDOM | Send a random number to the smart card. | ‘86’ | EN 726-3 |
| INCREASE | Increase the value of a counter in a file. | ‘32’ | TS 51.011 |
| INCREASE STAMPED | Increase the value of a counter in a file that is protected using a cryptographic checksum. | ‘36’ | EN 726-3 |
| INITIALIZE IEP | Initialize IEP for a subsequent purse command. | ‘50’ | EN 1546-3 |
| INITIALIZE PSAM | Initialize PSAM for a subsequent purse command. | ‘70’ | EN 1546-3 |
| INITIALIZE PSAM for Offline Collection | Initialize PSAM for offline booking of the amount. | ‘7C’ | EN 1546-3 |
| INITIALIZE PSAM for Online Collection | Initialize PSAM for online booking of the amount. | ‘76’ | EN 1546-3 |
| INITIALIZE PSAM for Update INSTALL INTERNAL AUTHENTICATE | Initialize PSAM for changing the parameters. Install an application by invoking various oncard functions of the card manager and/or security domain. Authenticate the smart card with respect to the outside world. | ‘80’ ‘E6’ ‘88’ | EN 1546-3, OP, ISO/IEC 7816-4 |
| INVALIDATE | Reversibly block a file. | ‘04’ | TS 51.011, EN 726-3 |
| ISSUER AUTHENTICATE | Verify a signature of the card issuer. | ‘82’ | EMV-2 |
| LOAD | Load an application by transferring the load file. | ‘E8’ | OP |
| ??? LOAD KEY FILE LOCK MANAGE CHANNEL | Load keys in files using cryptographic protection. Irreversibly block a file. Control the logical channels of a smart card. | ‘D8’ ‘76’ ‘70’ | EN 726-3, EN 726-3 ISO/IEC 7816-4 |
| ??? LOAD KEY FILE LOCK MANAGE CHANNEL | Load keys in files using cryptographic protection. Irreversibly block a file. Control the logical channels of a smart card. | ‘D8’ ‘76’ ‘70’ | EN 726-3, EN 726-3 ISO/IEC 7816-4 |
| MANAGE SECURITY ENVIRONMENT | Change the parameters for using cryptographic algorithms in the smart card. | ‘22’ | ISO/IEC 7816-8 |
| MUTUAL AUTHENTICATE | Mutually authenticate the smart card and the terminal. | ‘82’ | ISO/IEC 7816-8 |
| PERFORM SCQL OPERATION | Execute an SCQL instruction. | ‘10’ | ISO/IEC 7816-7 |
| PERFORM SECURITY OPERATION | Execute a cryptographic algorithm in the smart card. | ‘2A’ | ISO/IEC 7816-8 |
| PERFORM TRANSACTION OPERATION | Execute an SCQL transaction instruction. | ‘12’ | ISO/IEC 7816-7 |
| PERFORM USER OPERATION | Manage users in the context of SCQL. | ‘14’ | ISO/IEC 7816-7 |
| PSAM COLLECT | Execute PSAM online booking of an amount. | ‘78’ | EN 1546-3 |
| PSAM COLLECT | End PSAM online booking of an amount. | ‘7A’ | EN 1546-3 |
| PSAM COMPLETE | End paying the IEP against the PSAM. | ‘74’ | EN 1546-3 |
| PSAM VERIFY COLLECTION | End PSAM offline booking of an amount. | ‘7E’ | EN 1546-3 |
| PUT DATA | Write TLV-coded data objects. | ‘DA’ | ISO/IEC 7816-4 |
| PUT KEY | Write one or more new keys or replace existing keys. | ‘D8’ | OP |
| REACTIVATE FILE | Unblock a file. | ‘44’ | ISO/IEC 7816-9 |
| READ BINARY | Read from a file with a transparent structure. | ‘B0’ | TS 51.011 |
| READ BINARY STAMPED | Read data from a file with a transparent structure that is secured with a cryptographic checksum. | ‘B4’ | ISO/IEC 7816-4 |
| READ RECORD | Read data from a file with a record-oriented structure. | ‘B2’ | TS 51.011 |
| READ RECORD(S) | Read data from a file with a record-oriented structure. | ‘B2’ | ISO/IEC 7816-4 |
| READ RECORD STAMPED | Read data from a file with a record-oriented structure that is secured with a cryptographic checksum. | ‘B6’ | EN 726-3 |
| REHABILITATE | Unblock a file. | ‘44’ | TS 51.011 EN ??? |
| RESET RETRY COUNTER | Reset an error counter. | ‘2C’ | ISO/IEC 7816-8 |
| RUN GSM ALGORITHM | Execute a GSM-specific cryptographic algorithm. | ‘88’ | TS 51.011 |
| SEARCH BINARY | Search for a text string in a file with a transparent structure. | ‘A0’ | ISO/IEC 7816-9 |
| SEARCH RECORD | Search for a text string in a file with a record-oriented structure. | ‘A2’ | ISO/IEC 7816-9 |
| SEEK | Search for a text string in a file with a record-oriented structure. | ‘A2’ | TS 51.011, EN 726-3 |
| SELECT | Select a file. | ‘A4’ | TS 51.011 |
| SELECT (FILE) | Select a file. | ‘A4’ | ISO/IEC 7816-4 |
| SET STATUS | Write life-cycle state data for the card manager, application and load file. | ‘F0’ | OP |
| SLEEP | Obsolete command for setting the smart card in a power-saving state. | ‘FA’ | TS 51.011 |
| STATUS | Read various data from the currently selected file. | ‘F2’ | TS 51.011 |
| TERMINATE CARD USAGE | Irreversibly block a smart card. | ‘FE’ | ISO/IEC 7816-9 |
| TERMINATE DF | Irreversibly block a DF. | ‘E6’ | ISO/IEC 7816-9 |
| TERMINATE EF | Irreversibly block an EF. | ‘E8’ | ISO/IEC 7816-9 |
| UNBLOCK CHV | Reset a PIN retry counter that has reached its maximum value. | ‘2C’ | TS 51.011 EN |
| UPDATE BINARY | Write to a file with a transparent structure. | ‘D6’ | TS 51.011, ISO/IEC7816-4 |
| UPDATE IEP PARAMETER | Change the general parameters of a purse. | ‘58’ | EN 1546-3 |
| UPDATE PSAM Parameter (offline) | Modify the parameters in the PSAM (offline). | ‘84’ | EN 1546-3 |
| UPDATE PSAM Parameter (online) | Modify the parameters in the PSAM (online). | ‘82’ | EN 1546-3 |
| UPDATE RECORD | Write to a file with a linear fixed, linear variable or cyclic structure. | ‘DC’ | TS 51.011, ISO/IEC 7816-4 |
| VERIFY | Verify the transferred data (such as a PIN). | ‘20’ | ISO/IEC 7816-4, EMV |
| VERIFY CHV | Verify the PIN. | ‘20’ | TS 51.011 |
| WRITE BINARY | Write to a file with a transparent structure using a logical AND/OR process. | ‘D0’ | ISO/IEC 7816-4 |
| WRITE RECORD | Write to a file with a record-oriented structure using a logical AND/OR process. | ‘D2’ | ISO/IEC 7816-4 |
Input/Output Parameters of important Smart Card Commands
The following table contain a list of the most important smart card commands with a short explanation of the function. The following standards were considered: ISO/IEC 7816-4, -7, -8, -9, EMV, TS 51.011, TS 51.014, TS 31,111, TS 102,221, TS 102,222, TS 102,223, GP (global platform) and EN 1546.
Smart Card Command SELECT (ISO/IEC 7816-4)
bla bla
| Data Element | Coding | Meaning |
|---|---|---|
| CLA | '00' | Command successfully executed; ‘xx’ bytes of data are available and can be requested using GET RESPONSE. |
| INS | 'B2' | The returned data may be erroneous. |
| P1 | ... | The returned data may be erroneous. |
| P2 | ... | The returned data may be erroneous. |
| Le | ... | Le = 0 Lese alle Bytes bis zum Ende des Records/der Records. Le > 0 Le ist die Länge des Records/der Records. |
????????????????????????????????? xxxxxxxxxx
Smart Card Command READ BINARY (ISO/IEC 7816-4)
bla bla
| Data Element | Coding | Meaning |
|---|---|---|
| CLA | '00' | Command successfully executed; ‘xx’ bytes of data are available and can be requested using GET RESPONSE. |
| INS | 'B2' | The returned data may be erroneous. |
| P1 | ... | The returned data may be erroneous. |
| P2 | ... | The returned data may be erroneous. |
| Le | ... | Le = 0 Lese alle Bytes bis zum Ende des Records/der Records. Le > 0 Le ist die Länge des Records/der Records. |
??????????
???????????
???????????
???????????
???????????
???????????
Table of the most important Smart Card Returncodes
The following table contain a list of the most important smart card commands with a short explanation of the function. The following standards were considered: ISO/IEC 7816, EMV, TS 51.011, TS 51.014, TS 31.111, TS 102.221, TS 102.222, TS 102.223, GP (global platform) and EN 1546. The return codes described in this table are classified according to the scheme used in the ISO/IEC 7816-4 standard with the following status codes:
NP: process completed, normal processing
EE: process aborted, execution error
WP: process completed, warning processing
CE: process aborted, checking error
| Returncode | Status | Meaning | Standard |
|---|---|---|---|
| ‘61xx’ | NP | Command successfully executed; ‘xx’ bytes of data are available and can be requested using GET RESPONSE. | ISO/IEC 7816-4 |
| ‘6281’ | WP | The returned data may be erroneous. | ISO/IEC 7816-4 |
| ‘6282’ | WP | Fewer bytes than specified by the Le parameter could be read, since the end of the file was encountered first. | ISO/IEC 7816-4 |
| ‘6283’ | WP | The selected file is reversibly blocked (invalidated). | ISO/IEC 7816-4 |
| ‘6284’ | WP | The file control information (FCI) is not structured in accordance with ISO/IEC7816-4. | ISO/IEC 7816-4 |
| ‘62xx’ | WP | Warning; state of non-volatile memory not changed. | ISO/IEC 7816-4 |
| ‘63Cx’ | WP | The counter has reached the value ‘x’ (0 = x = 15) (the exact significance depends on the command). | ISO/IEC 7816-4 |
| ‘63xx’ | WP | Warning; state of non-volatile memory changed. | ISO/IEC 7816-4 |
| ‘64xx’ | EE | Execution error; state of non-volatile memory not changed. | ISO/IEC 7816-4 |
| ‘6581’ | EE | Memory error (e.g. during a write operation). | ISO/IEC 7816-4 |
| ‘65xx’ | EE | Execution error; state of non-volatile memory changed. | ISO/IEC 7816-4 |
| ‘6700’ | CE | Length incorrect. | ISO/IEC 7816-4 |
| ‘67xx’ . . . ‘6Fxx’ | CE | Check errors. | ISO/IEC 7816-4 |
| ‘6800’ | CE | Functions in the class byte not supported (general). | ISO/IEC 7816-4 |
| ‘6881’ | CE | Logical channels not supported. | ISO/IEC 7816-4 |
| ‘6882’ | CE | Secure messaging not supported. | ISO/IEC 7816-4 |
| ‘6900’ | CE | Command not allowed (general) | ISO/IEC 7816-4 |
| ‘6981’ | CE | Command incompatible with file structure. | ISO/IEC 7816-4 |
| ‘6982’ | CE | Security state not satisfied. | ISO/IEC 7816-4 |
| ‘6983’ | CE | Authentication method blocked. | ISO/IEC 7816-4 |
| ‘6984’ | CE | Referenced data reversibly blocked (invalidated). | ISO/IEC 7816-4 |
| ‘6985’ | CE | Usage conditions not satisfied. | ISO/IEC 7816-4 |
| ‘6986’ | CE | Command not allowed (no EF selected). | ISO/IEC 7816-4 |
| ‘6987’ | CE | Expected secure messaging data objects missing. | ISO/IEC 7816-4 |
| ‘6988’ | CE | Secure messaging data objects incorrect. | ISO/IEC 7816-4 |
| ‘6A00’ | CE | Incorrect P1 or P2 parameters (general). | ISO/IEC 7816-4 |
| ‘6A80’ | CE | Parameters in the data portion are incorrect. | ISO/IEC 7816-4 |
| ‘6A81’ | CE | Function not supported. | ISO/IEC 7816-4 |
| ‘6A82’ | CE | File not found. | ISO/IEC 7816-4 |
| ‘6A83’ | CE | Record not found. | ISO/IEC 7816-4 |
| ‘6A84’ | CE | Insufficient memory. | ISO/IEC 7816-4 |
| ‘6A85’ | CE | Lc inconsistent with TLV structure | ISO/IEC 7816-4 |
| ‘6A86’ | CE | Incorrect P1or P2 parameter. | ISO/IEC 7816-4 |
| ‘6A87’ | CE | Lc inconsistent with P1 or P2. | ISO/IEC 7816-4 |
| ‘6A88’ | CE | Referenced data not found. | ISO/IEC 7816-4 |
| ‘6B00’ | CE | Parameter 1 or 2 incorrect. | ISO/IEC 7816-4 |
| ‘6Cxx’ | CE | Bad length value in Le; ‘xx’ is the correct length. | ISO/IEC 7816-4 |
| ‘6D00’ | CE | Command (instruction) not supported. | ISO/IEC 7816-4 |
| ‘6E00’ | CE | Class not supported. | ISO/IEC 7816-4 |
| ‘6F00’ | CE | Command aborted – more exact diagnosis not possible (e.g., operating system error). | ISO/IEC 7816-4 |
| ‘9000’ | NP | Command successfully executed. | ISO/IEC 7816-4 |
| ‘920x’ | NP | Writing to EEPROM successful after ‘x’ attempts. | TS 51.011 |
| ‘9210’ | CE | Insufficient memory. | TS 51.011 |
| ‘9240’ | EE | Writing to EEPROM not successful. | TS 51.011 |
| ‘9400’ | CE | No EF selected. | TS 51.011 |
| ‘9402’ | CE | Address range exceeded. | TS 51.011 |
| ‘9404’ | CE | FID not found, record not found or comparison pattern not found. | TS 51.011 |
| ‘9408’ | CE | Selected file type does not match command. | TS 51.011 |
| ‘9802’ | CE | No PIN defined. | TS 51.011 |
| ‘9804’ | CE | Access conditions not satisfied, authentication failed. | TS 51.011 |
| ‘9835’ | CE | ASK RANDOM or GIVE RANDOM not executed. | TS 51.011 |
| ‘9840’ | CE | PIN verification not successful. | TS 51.011 |
| ‘9850’ | CE | INCREASE or DECREASE could not be executed because a limit has been reached. | TS 51.011 |
| ‘9Fxx’ | NP | Command successfully executed; ‘xx’ bytes of data are available and can be requested using GET RESPONSE. | TS 51.011 |
Das Handbuch der Chipkarten gibt einen umfassenden Überblick über den aktuellen Stand der Chipkartentechnik. Die vierte Auflage wurde stark überarbeitet und erweiteret und berücksichtigt auch den letzten Stand der nationalen und internationalen Normung.