ISO , Section 5 contains basic organizations, data structures, file organization, file referencing methods, data referencing methods, This part of ISO/IEC supports the following two categories of files: . 0 — x x x — — —, File type. ISO/IEC is intended to be used in any sector of activity. It specifies: a ) contents of command-response pairs exchanged at the interface,. b) means of. ISO/IEC (): “Information technology – Identification cards; Integrated . The key reference is indicated using tag ’83’ as defined in ISO/IEC .
|Published (Last):||18 March 2004|
|PDF File Size:||14.38 Mb|
|ePub File Size:||3.80 Mb|
|Price:||Free* [*Free Regsitration Required]|
Data objects for confidentiality are intended for carrying a cryptogram which plain value consists of one of the following 3 cases:. If the concept of logical channels is applied, the file specify security status may depend on the logical channel see 1.
This mechanism may be used to provide a confidentiality service, e.
If no initial data reference is present and no initial check block is implicitly selected, then the null block shall be used. The response descriptor template, if present in the data field of the command APDU, shall fix the structure of the corresponding response.
The following rules shall apply The card shall fill each empty primitive data object Each control reference template present in the response descriptor shall be present in the response at the same place with the same control references for algorithm, file and key.
The previous occurrence shall be the closest record with the specified identifier but in a smaller logical position than the current record. Created inupdated inupdated kso An annex is provided that shows how to control the loading of data secure download into the card, by means of verifying the access rights of the loading entity and protection of the transmitted data with secure messaging. When the card provides indications in several places, the indication valid for a given EF is the closest one to that EF within the path from the MF to that EF.
NET library for chip cards. The first output results from the first input. Annexes are provided filettpe give examples of operations related to digital signatures, certificates and the import and export of asymmetric keys.
F I G U R E 2
The file control information may be present for any file. The trailer codes the filethpe of the receiving entity after processing the command-response pair. Personal verification through biometric methods”. The final check block is the last output.
Such a body carries 1 or 2 length fields; B1 is [part of] the fkletype length field. ISO standards by standard number. Dedicated file DF Elementary file EF The logical organization of data in a card consists of following structural hierachy of dedicated files: Referencing by file identifier — Any file may be referenced by a file identifier coded on 2 bytes.
A step in an application protocol consists of sending a command, processing it in the receiving entity and sending back the response. It is an unsigned integer, limited to either 8 or 15 bits according to an option in the respective command. However, logical channels may share application-dependent security status and therefore may have security-related command interdependencies across logical channels e. Organization, security and commands for interchange”. The initial data reference, when applied to cryptographic checksums, fixes the initial check block.
According to its abstract, it specifies a card application.
ISO/IEC – Wikipedia
Consequently, the body is empty. Each security mechanism involves an algorithm, a key, an argument and often, initial data.
The security status may also result from the completion of a security procedure related to the identification of the involved entities, if any, e. The length of Le is not null; therefore the Le field is present. Referencing by path — Any file may be referenced by a path concatentation of file identifiers. The present specifications of the padding rules do not preclude such a feature.
Record structure — The EF is seen at the interface as a sequence of individually identifiable records. There are two types of digital signatures: In the data field, the present SM format may be selected implicitly, i. Consequently, the body consists of the Lc field followed by the data field and the Le field. It codes no class and no construction-type. The current input is the exclusive-or of the previous output with the current data block.
Therefore the first record record number one, 1 is the first created record. This application contains information on cryptographic functionality. Data encipherment — Using secret internal data, the card deciphers a cryptogram received in a data field.
It encodes a class, a type and a number. Global security status — It may be modified by the completion of an MF-related authentication procedure e. Within each EF of cyclic structure, the record numbers shall be sequentially assigned in the opposite order, i. Padding for authentication has no influence on transmission as the padding bytes shall not be transmitted. In the card capabilities see 8.
According to its abstract, filetpye specifies interindustry commands for integrated circuit cards either with contacts or without contacts that may be used for cryptographic operations. Each non TLV-coded data field shall consist of one or more data elements, according to the specifications of the respective command. The first occurrence shall be the record with the specified identifier and in the first logical position; the last occurrence shall be the record with the specified identifier and in the last logical position.
By the relevant security mechanisms, with the selected security items, the card shall produce all the requested security mechanism data objects. Within an Is of record structure, records may have the same record identifier, in which case data contained in the records may be used for discriminating between them.