Tech-invite3GPPspaceIETFspace
21222324252627282931323334353637384‑5x

Content for  ETSI TS 102 221   PDF version:  17.1.0

Top   Top   Up   Prev   Next
0…   4…   5…   6…   7…   7.3…   8…   9…   10…   10.2…   11…   11.1.2…   11.1.9…   11.1.14…   11.1.19…   11.1.20…   11.1.21…   11.2…   11.3…   12…   13…   14…   15   A   B   C…   D   E…   F…   G…   H…   I   J…   K…   L…   M…

 

10  Structure of commands and responsesp. 76

10.1  Command APDUp. 76

10.1.0  Structure and casep. 76

Clause 10.1 states a generic structure of an Application Protocol Data Unit (APDU) that is used by the application protocol on the top of the transmission protocol for sending a command to the card.
A command APDU consists of a header and a body part. The contents of the command APDU are depicted in Table 10.1 where the header consists of the CLA, INS, P1 and P2 bytes that are mandatory for a command APDU and an optional body part that can contain the Lc, Data and Le. Parameters are further explained in clauses 10.1.1 to 10.1.6.
Code Length Description Grouping
CLA1Class of instructionHeader
INS1Instruction code
P11Instruction parameter 1
P21Instruction parameter 2
Lc0 or 1Number of bytes in the command data fieldBody
DataLcCommand data string
Le0 or 1Maximum number of data bytes expected in response of the command
Four cases of C-APDU structure are possible as defined in Table 10.2.
Case Structure
1CLA INS P1 P2
2CLA INS P1 P2 Le
3CLA INS P1 P2 Lc Data
4CLA INS P1 P2 Lc Data Le
Up

10.1.1  Coding of Class Bytep. 77

The present document supports the CLA defined in Table 10.3 and Table 10.4a. In addition the command chaining, using b5 in class byte, as defined in ISO/IEC 7816-4 [12] is not supported (b5 = 0) in the present document. If the card supports the logical channel mechanism, the maximum number of available logical channels is indicated in the card capabilities data object of historical bytes of an ATR (refer to ISO/IEC 7816-4 [12]). If the card capabilities data object is missing, only the basic logical channel is supported.
An application on a UICC supporting logical channels utilizing secure messaging shall either exclude the class byte from the signature calculation for the message verification or set it to a default value. The terminal may change the logical channel on which the application is executed compared to the logical channel used for the secure messaging verification signature.
Table 10.3 specifies the coding of the class byte for the standard logical channels. Bit b5 is always set to 0. Bits b4 and b3 are used for indication of secure messaging format (see Table 10.4a). Bits b2 and b1 indicate the logical channel used. Logical channels are numbered from 0 to 3 (standard logical channels).
b8 b7 b6 b5 b4 b3 b2 b1 Value Meaning
0000----'0X' The coding is according to the first interindustry values of CLA byte defined in ISO/IEC 7816-4 [12]
1010----'AX'Coded as for '0X' unless stated otherwise
1000----'8X'Structured as for '0X', coding and meaning is defined in the present document
----XX--- Secure Messaging indication (see Table 10.4)
------XX-Logical channel number from 0 to 3 (see clause 10.3)
b4 b3 Meaning
00No SM used between terminal and card
01Proprietary SM format
1x Secure messaging according to ISO/IEC 7816-4 [12] used
10Command header not authenticated
11Command header authenticated
Table 10.4a specifies the coding of the class byte for the extended logical channels. Bit b6 indicates secure messaging (see Table 10.4b). Bit b5 is always set to 0. Bits b4 to b1 encode a number from zero to fifteen; this number plus four is the logical channel number from four to nineteen (extended logical channels).
b8 b7 b6 b5 b4 b3 b2 b1 Value Meaning
01-0----'01x0 xxxx' The coding is according to the further interindustry values of CLA byte defined in ISO/IEC 7816-4 [12]
11-0----'11x0 xxxx'Structured as for '01x0 xxxx', coding and meaning is defined in the present document
--X0 Secure Messaging indication (see Table 10.4b)
---0XXXXLogical channel number from 4 to 19 (see clause 10.3)
b6 Meaning
0No SM used between terminal and card
1Command header not authenticated
By default no secure messaging is supported by the card (i.e. b4 = b3 = 0 in Table 10.3, and b6 = 0 in Table 10.4a), unless it is stated otherwise by an application.
Up

10.1.2  Coding of Instruction Bytep. 78

Table 10.5 depicts coding of instruction byte of the commands.
Command APDUs COMMAND
CLA INS
SELECT FILE'0X' or '4X' or '6X''A4'
STATUS'8X' or 'CX' or 'EX''F2'
READ BINARY'0X' or '4X' or '6X''B0'
UPDATE BINARY'0X' or '4X' or '6X''D6'
READ RECORD'0X' or '4X' or '6X''B2'
UPDATE RECORD'0X' or '4X' or '6X''DC'
SEARCH RECORD'0X' or '4X' or '6X' A2'
INCREASE'8X' or 'CX' or 'EX''32'
RETRIEVE DATA'8X' or 'CX' or 'EX''CB'
SET DATA'8X' or 'CX' or 'EX''DB'
VERIFY PIN'0X' or '4X' or '6X''20'
CHANGE PIN'0X' or '4X' or '6X''24'
DISABLE PIN'0X' or '4X' or '6X''26'
ENABLE PIN'0X' or '4X' or '6X''28'
UNBLOCK PIN'0X' or '4X' or '6X''2C'
DEACTIVATE FILE'0X' or '4X' or '6X''04'
ACTIVATE FILE'0X' or '4X' or '6X''44'
AUTHENTICATE'0X' or '4X' or '6X''88', '89'
GET CHALLENGE'0X' or '4X' or '6X''84'
TERMINAL CAPABILITY'8X' or 'CX' or 'EX''AA'
TERMINAL PROFILE'80''10'
ENVELOPE'80''C2'
FETCH'80''12'
TERMINAL RESPONSE'80''14'
MANAGE CHANNEL'0X' or '4X' or '6X''70'
MANAGE SECURE CHANNEL'0X' or '4X' or '6X''73'
TRANSACT DATA'0X' or '4X' or '6X''75'
SUSPEND UICC'80''76'
GET IDENTITY'8X' or 'CX' or 'EX''78' (see note)
EXCHANGE CAPABILITIES'80''7A' (see note)
Transmission oriented APDUs applying to the above commands
GET RESPONSE'0X' or '4X' or '6X''C0'
NOTE:
These INS values are also used by GlobalPlatform (for the commands END R-MAC SESSION and BEGIN R-MAC SESSION, see [i.1] and [i.2]). See also note 2 below.
Up

10.1.3  Coding of parameter bytesp. 79

The value of the parameters P1 and P2 depends on the command. If the parameter is not used, the value is set to '00'. Coding of the parameter bytes is presented in the command definition clauses.

10.1.4  Coding of Lc bytep. 79

The number of data bytes present in the data field of the command APDU is presented in the parameter Lc. Lc is optional, in the command APDU, however if the Lc is present in the command APDU, data field consists of Lc subsequent bytes. The terminal may send from 1 byte to 255 bytes of command data.

10.1.5  Coding of data partp. 79

When present in a command or response APDU the structure of the data field is specific to each command.

10.1.6  Coding of Le bytep. 79

The maximum number of bytes expected in the data part of the response APDU is presented in the parameter Le, which is optional. This means that if the terminal does not expect any data in the response APDU Le is absent from the command APDU. However, if Le is present in the command APDU, the data field of the response APDU is expected to consist of Le bytes.
Le set to '00' indicates that the terminal expects to receive at most the maximum number of bytes, i.e. 256, in the response APDU. The UICC may return any number of bytes in the range 1 to 256.
Up

Up   Top   ToC