The present document does not impose any restrictions on the location of applications. All applications are uniquely identified by application identifiers that are obtained from EFDIR. These application identifiers are used to select the application.
EFDIR, EFPL, EFICCID and EFUMPC are all mandatory and reside directly under the Master File. See clause 13 for details.
DFTELECOM is optional. If present it resides under the MF and use the reserved FID '7F 10'. DFTELECOM contains application independent information.
A Dedicated File (DF) allows for a functional grouping of files. It can be the parent of DFs and/or EFs. DFs are referenced by file identifiers.
An Application DF (ADF) is a particular DF that contains all the DFs and EFs of an application.
An EF with a transparent structure consists of a sequence of bytes. When reading or updating, the sequence of bytes to be acted upon is referenced by a relative address (offset), which indicates the start position (in bytes), and the number of bytes to be read or updated. The first byte of a transparent EF has the relative address '00 00'. The data length is indicated in the SELECT response of the EF.
An EF with linear fixed structure consists of a sequence of records all having the same (fixed) length. The first record is record number 1. The length of a record as well as this value multiplied by the number of records are indicated in the SELECT response of the EF.
There are several methods to access records within an EF of this type:
absolutely using the record number;
when the record pointer is not set it shall be possible to perform an action on the first or the last record by using the NEXT or PREVIOUS mode;
when the record pointer is set it shall be possible to perform an action on this record, the next record (unless the record pointer is set to the last record) or the previous record (unless the record pointer is set to the first record);
by identifying a record using pattern search.
If an action following selection of a record is aborted (e.g. due to an unsuccessful execution of a command), then the record pointer shall remain set at the record at which it was set prior to the action.
It is not possible, at present, to have more than 254 records in a file of this type, and each record cannot be greater than 255 bytes.
Cyclic files are used for storing records in chronological order. When all records have been used for storage, then the next storage of data shall overwrite the oldest information.
An EF with a cyclic structure consists of a fixed number of records with the same (fixed) length. In this file structure there is a link between the last record (n) and the first record. When the record pointer is set to the last record n, then the next record is record 1. Similarly, when the record pointer is set to record 1, then the previous record is record n. The last updated record containing the newest data is record number 1, and the oldest data is held in record number n.
For update operations only PREVIOUS record shall be used. For reading operations, the methods of addressing are Next, Previous, Current and Record Number.
If an action following selection of a record is aborted (e.g. due to an unsuccessful execution of a command), then the record pointer shall remain set at the record at which it was set prior to the action.
It is not possible, at present, to have more than 254 records in a file of this type, and each record cannot be greater than 254 bytes.
A BER-TLV structure EF is seen at the interface as a set of data objects accessible by commands for handling data objects. The type of data objects in the EF is BER-TLV. A tag can only appear once in an EF.
A File Identifier (FID) is used to address or identify a specific file. The FID consists of two bytes and shall be coded in hexadecimal notation.
FIDs shall be subject to the following conditions:
the FID shall be assigned at the time of creation of the file concerned;
no two files under the same parent shall have the same ID;
the immediate children of the current DF, the parent DF or the immediate children of the parent DF shall not have the same FID.
A path is a concatenation of FIDs. The path starts from MF or the current DF, and ends with the identifier of the file itself. The order of the FIDs is always in the direction from father to child.
A Short File Identifier (SFI) is coded as 5 bits valued in the range from 1 to 30. No two files under the same parent shall have the same SFI.
A DF name is coded on 1 to 16 bytes. The DF name is the AID and shall be unique within a card.
The reserved FID '7FFF' can be used as a FID for the ADF of the current active application on a given logical channel.
After the UICC activation and the Answer To Reset (ATR), the Master File (MF) is implicitly selected and becomes the current directory. Each file may then be selected by using the SELECT function, using one of the 3 file referencing methods defined in clauses 8.4.1 to 8.4.3.
Selecting a DF, an ADF or the MF sets the current directory. After such a selection there is no current EF. Selecting an EF sets the current EF and the current directory remains the DF, ADF or MF, which is the parent of this EF. The current EF is always a child of the current directory. Only the ADF of the current application can be selected by FID.
Any application specific command shall only be operable if it is specific to the Current Directory.
The following files may be selected, by File Identifier (FID) referencing, from the last selected file:
any file which is an immediate child of the current directory;
any DF which is an immediate child of the parent of the current DF;
the parent of the current directory;
the current DF;
the ADF of the current active application;
Figure 8.4 is an example of the logical structure for an application conforming to the present document.
Table 8.1 gives all the valid selections for an application complying to the present document for the logical structure in Figure 8.4, if the FID is used. Reselection of the last selected file is also allowed but not shown. In this example, it is considered that the current application (ADF1) has been previously selected by DF name. Therefore ADF1 can be selected by using the FID '7FFF'.
A file, DF or EF, may be referenced by path, as defined in clause 8.3. Table 8.2 contains examples of selection by path from Figure 8.4. In this example, it is considered that the current application (ADF1) has been previously selected by DF name. The implicit FID of ADF1 '7FFF' is used in Table 8.2 (see clause 8.3).
In the case of "select by path from MF", the terminal may use the special file-id '7FFF' (see clause 8.3) at the beginning of the path. It indicates that the path begins at the ADF of the current active application on this logical channel.
The following restrictions apply:
In the case of "select by path from MF", the terminal shall not use the file identity of the MF (i.e. '3F00') at the beginning of the path.
In the case of "select by path from current DF", the terminal shall not use the special file-ID '7FFF' at the beginning of the path.
In the case of "select by path from MF" or "select by path from current DF", the terminal shall not use the file identity of the current DF.
In the case of "select by path from MF" or "select by path from current DF", the terminal shall not use an empty data field.
Any EF within a DF can be implicitly selected without giving a SELECT command by applying one of the following commands at the DF or ADF level and giving a Short File Identifier (SFI) as a part of the command:
RETRIEVE DATA; or
Support of SFI for a specific file is indicated if the FCP of the file contains a TLV DO with tag '88'. If the length is 0 it indicates that the file does not support referencing by SFI. If the TLV DO is not present in the FCP it indicates that the 5 least significant bits of the FID are used as SFI.
When the READ RECORD command contains a valid SFI, it sets the file as the current EF and resets the current record pointer. Subsequent records are read with the READ RECORD command without SFI.
When the UPDATE RECORD command contains a valid SFI, it sets the file as the current EF and resets the current record pointer. Subsequent records are updated with the UPDATE RECORD command without SFI.
When the INCREASE command contains a valid SFI, it sets the file as the current EF and resets the current record pointer. Subsequent records are increased with the INCREASE command without SFI.
When the SEARCH RECORD command contains a valid SFI, it sets the file as the current EF and resets the current record pointer. Subsequent records are searched with the SEARCH RECORD command without SFI.
When the RETRIEVE DATA command contains a valid SFI, it sets the file as the current EF and resets the current tag pointer. If segmentation over several APDUs is used to retrieve long structures, subsequent RETRIEVE DATA commands shall be used without SFI.
When the SET DATA command contains a valid SFI, it sets the file as the current EF and resets the current tag pointer. If segmentation over several APDUs is used to set long structures, subsequent SET DATA commands shall be used without SFI.
An application may be either explicitly or implicitly referenced.
An application is activated by explicit selecting it with the AID. This sets the application's ADF as the current ADF.
A current ADF can be referenced by FID with the implicit reference value '7FFF'.
A selectable application, represented in the UICC by the AID, shall be referenced by a DF name coded on 1 byte to 16 bytes. Each name shall be unique within a UICC. A DF name can be used in the SELECT command to select a selectable application.
A selectable application can also be selected using a partial DF name (when P1 = '04') using the P2 parameters first or only occurrence, next, previous or last as defined in ISO/IEC 7816-4 . In this case, the DF name is right truncated. If several applications starting with the same byte content in the AID are present on the card, the application selected is depending upon the value specified in P2. If the "last" option is indicated in P2, the selected application is the last active application matching the partial DF name, even if it was during a previous card session.
Selection of an application using a partial DF name is optional for mono application cards, but a multi-application card shall support it. The card shall indicate the support of this feature in the "card service data" and the "card capabilities" compact-TLV objects of the ATR historical bytes as specified in ISO/IEC 7816-4 .
The interpretation of next, previous and first is to be specified by the application. The application that is selected using these parameters shall match the partial DF name provided in the SELECT command. If the UICC does not support selection with partial DF name, the UICC shall respond with an appropriate response (e.g. command parameters not supported '6A86').
The application session is initiated when the terminal sends a SELECT command, with the application's AID, indicating in the command parameters that the application shall be activated.
An application may need an initialization procedure to be performed after its activation. This procedure is outside the scope of the present document but shall be described in the application specification. The procedure is used to bring the terminal and the application in the UICC to a well-defined state.
After having selected the application the UICC evaluates the security environment for this application. The SE is set according to the verification requirements for the application see Table 9.1.
The verification status of the application PIN is updated according to the application's session activation procedure, as specified by the application.
The terminal may send to the UICC a specific STATUS command indicating that the initialization procedure of the application has been successfully executed.
There can only be one active selectable application session on a given logical channel. Therefore, in order to activate a new selectable application session in parallel to another, a new logical channel shall be opened.
A selectable application session may take place on several channel sessions.
An application may have a session termination procedure to be performed before the application is terminated. This procedure shall be described in the application specification. Before this procedure is executed, the terminal may send to the UICC a specific STATUS command indicating that the termination procedure of the application will start. After this termination procedure has been executed the terminal and the application are in a well-defined state.
An application session is then terminated if any of the following events occur on each logical channel that the application session has been activated on:
Implicitly; if a SELECT by DF name command with an AID different from the currently active application is performed by the UICC, indicating in the command parameters that this new application shall be activated.
Explicitly; if the application is reselected using the SELECT by DF name command with the AID corresponding to the currently active application, and indicating in the command parameters that the application shall be closed; The current directory, current EF and current application are the same as after the ATR on logical channel zero.
If the logical channel is closed.
An application session is also terminated when the terminal performs a reset of the UICC.
The verification status of the application PIN is updated according to the application's session termination procedure, as specified by the application.
An application is reset if the application is reselected using the SELECT by DF name command with the AID corresponding to the currently active application, indicating in the command parameters that the application shall be activated.
Reset initializes the application session activation procedure. The security status of the application is updated according to the application's session activation procedure, as specified by the application.
The following FIDs are reserved by the present document:
Operational use (implicit FID for the current ADF):
'7F4X', '5F1X', '5F2X'.
'7F21' (DFDCS1800); and
'7F23' (DFFP-CTS) are reserved for 3GPP, 3rd Generation Partnership Project;
'7F11' (DFCD) is reserved for assignment in the present document;
'7F22' (DFIS-41) is reserved for ANSI, American National Standards Institute, USA;
'7F24' (DFTIA/EIA-136') is reserved for TIA, Telecommunications Industry Association, USA;
'7F25' (DFTIA/EIA-95') is reserved for 3GPP2, 3rd Generation Partnership Project 2;
'7F26' (DFGSMA) is reserved for GSMA, GSM Association;
'7F2X', where X ranges from '6' to 'F' are reserved for future assignments.
'7F31' (DFIDEN) is used in the iDEN specification by Motorola, Inc, USA;
'7F80' (DFPDC) is used in the PDC specification by ARIB, Association of Radio Industries and Businesses, Japan;
'7F90' (DFTETRA) is used by TETRA Association, Terrestrial Trunked Radio.
If a DF is reserved for an organization, it is responsible for all content inside this DF and requests for allocation of DF or EF identifiers under the DFs shall be made to the responsible organization. The same should be done for DFs used by an organization.
'6F XX' in the DFs '7F 4X'; '4F XX' in the DFs '5F 1X', '5F2X';
Logical channels are defined in ISO/IEC 7816-4 . The present document supports the first (i.e. CLA byte coded as in Table 10.3) and the further (i.e. CLA byte coded as in Table 10.4a) interindustry values for the CLA byte as defined in ISO/IEC 7816-4 , which support up to 19 logical channels in addition to the basic logical channel 0. Channel 0 is always available and open throughout the card session.
A UICC which supports logical channels indicates it in the ATR, together with the assignment methods and maximum number of logical channels it supports. The UICC supporting logical channels shall support:
at least one channel in addition to the basic channel; and
logical channel number assignment by the UICC.
Command interdependencies on one logical channel are independent of command interdependencies on another logical channel.
There is no interleaving of commands and their responses across logical channels; between the receipt of the command APDU and the sending of the response APDU to that command, only one logical channel is active.
In order to be accessed from several logical channels at the same time, a given file (EF, DF, ADF) shall be indicated as "shareable" in its file descriptor.
Applications are responsible for keeping data consistency (in the card and the terminal) when accessing the same file from different logical channels.
A logical channel is opened by using a MANAGE CHANNEL command, in which the card assigns a channel number and returns it in the response.
The logical channel remains open until it is explicitly closed by a MANAGE CHANNEL command, or if the UICC is deactivated.
When the open function is performed from the basic channel, then after a successful open, the MF shall be implicitly selected as the current DF. When the open function is performed from a logical channel which is not the basic one, then after a successful open, the current DF of the logical channel from which the command was issued shall be selected as the current DF. In both cases, no current EF is selected in the new logical channel.
ADF of current active application
(referred to by the special '7FFF' file-ID)
CLA = 00
(from the basic channel)
CLA ≠ 00
(from the non-basic channel)
The same current DF as the one
where the open channel is performed
ADF the application active in the logical channel
where the open channel was performed
Once a new channel is opened, the current DF and the current EF are independent per each logical channel.
If the MANAGE CHANNEL command is performed on a DF or ADF that is not shareable, the card shall respond with an appropriate error message. The response shall indicate that the command is not allowed. No new channel is opened.
A file (EF, DF or ADF) can be accessed (selected, read, updated, deleted, deactivated, activated, increased, searched, etc.) concurrently by different applications:
by terminal applications through different logical channels;
by UICC-based applications such as remote file management and toolkit applications.
The outcome of concurrent access is determined by the shareable/not-shareable bit in the file descriptor byte in the FCP of the accessed file as follows:
If a file is indicated as shareable, then applications may perform authorized operations on the file independently of whether or not the file is the current file of any other application.
If a file is indicated as not-shareable and is the current file of one application, then another application cannot perform any operation on the file regardless of authorization.
A consequence of the first rule is that if changes to a shareable file are permitted by the file's security conditions, then the file can be changed by one application while it is currently selected and being used by a second application. Descriptions of individual commands include the details of behaviour interaction in the shareable case.
A consequence of the second rule is that an application acquires exclusive access to a not-shareable file by successfully selecting it. Access by any other application, including an attempt to select the file, shall return the status word '6985' (conditions of use not satisfied).
For the purpose of this clause, concurrent access to a file by two executing instances of a single application is considered to be accessed by two different applications.
For shareable files, file access shall be managed independently for each accessing application. In particular, a record-based file and a BER-TLV structure file shall have different pointers for each accessing application.
Secure channels are defined in ETSI TS 102 484 . There are two types of APDU based secure channel: Application to Application APDU secure channels and Platform to Platform APDU secure channels.
Support of secure channels is optional for the Terminal and the UICC. The support by the UICC is indicated in the ATR.
A secure channel is a special secured version of a logical channel. A secure channel is created by first opening a logical channel, and then securing the channel using the MANAGE SECURE CHANNEL command. Logical channel 0 cannot be a secure channel for application to application secure channel.
A Platform to Platform APDU secure channel shall only be allowed on logical channel 0. Logical channel use shall be allowed within a Platform to Platform secure channel. All commands other than MANAGE SECURE CHANNEL, TRANSACT DATA and GET RESPONSE are secured by using a Platform to Platform secure channel, including proactive commands.
For the application-to-application secure channel, a UICC application shall be selected by one of the following mechanisms:
a UICC application becomes explicitly selected before the MANAGE SECURE CHANNEL - Establish SA - Master SA command; or
a UICC application becomes implicitly selected upon successful completion of a MANAGE SECURE CHANNEL - Establish SA - Master SA command.