SIST ISO/IEC 7816-4:2005

INTERNATIONAL ISO/IEC
STANDARD 7816-4
Second edition
2005-01-15
Identification cards — Integrated circuit
cards —
Part 4:
Organization, security and commands for
interchange
Cartes d'identification — Cartes à circuit intégré —
Partie 4: Organisation, sécurité et commandes pour les échanges

Reference number
©
ISO/IEC 2005
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

©  ISO/IEC 2005
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2005 – All rights reserved

Contents Page
Foreword. iv
Introduction . v
1 Scope. 1
2 Normative references . 1
3 Terms and definitions. 2
4 Symbols and abbreviated terms. 5
5 Organization for interchange. 7
5.1 Command-response pairs. 7
5.2 Data objects. 13
5.3 Structures for applications and data . 17
5.4 Security architecture . 22
6 Secure messaging . 28
6.1 SM fields and SM data objects . 28
6.2 Basic SM data objects . 29
6.3 Auxiliary SM data objects. 31
6.4 SM impact on command-response pairs. 35
7 Commands for interchange . 36
7.1 Selection . 36
7.2 Data unit handling. 39
7.3 Record handling. 41
7.4 Data object handling. 47
7.5 Basic security handling. 50
7.6 Transmission handling. 57
8 Application-independent card services. 57
8.1 Card identification. 58
8.2 Application identification and selection. 61
8.3 Selection by path . 64
8.4 Data retrieval . 65
8.5 Data element retrieval. 65
8.6 Card-originated byte strings. 67
Annex A (informative) Examples of object identifiers and tag allocation schemes. 69
Annex B (informative) Examples of secure messaging. 71
Annex C (informative) Examples of AUTHENTICATE functions by GENERAL AUTHENTICATE commands. 78
Annex D (informative) Application identifiers using issuer identification numbers . 82
Bibliography . 83

© ISO/IEC 2005 — All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
ISO/IEC 7816-4 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 17, Cards and personal identification.
This second edition cancels and replaces the first edition (ISO/IEC 7816-4:1995), and incorporates material
extracted from ISO/IEC 7816-5:1994, ISO/IEC 7816-6:1996, ISO/IEC 7816-8:1999 and ISO/IEC 7816-9:2000.
It also incorporates the Amendment ISO/IEC 7816-4:1995/Amd.1:1997.
In addition, material has been extracted from the first edition and moved to the third edition of ISO/IEC 7816-3,
so that the transmission protocols T=0 and T=1 are now present only in ISO/IEC 7816-3, no longer in
ISO/IEC 7816-4.
ISO/IEC 7816 consists of the following parts, under the general title Identification cards — Integrated circuit
cards:
 Part 1: Cards with contacts: Physical characteristics
 Part 2: Cards with contacts: Dimensions and location of the contacts
 Part 3: Cards with contacts: Electrical interface and transmission protocols
 Part 4: Organization, security and commands for interchange
 Part 5: Registration of application providers
 Part 6: Interindustry data elements for interchange
 Part 7: Interindustry commands for Structured Card Query Language (SCQL)
 Part 8: Commands for security operations
 Part 9: Commands for card management
 Part 10: Cards with contacts: Electronic signals and answer to reset for synchronous cards
 Part 11: Personal verification through biometric methods
 Part 12: Cards with contacts: USB electrical interface and operating procedures
 Part 15: Cryptographic information application

iv © ISO/IEC 2005 — All rights reserved

Introduction
ISO/IEC 7816 is a series of standards specifying integrated circuit cards and the use of such cards for
interchange. These cards are identification cards intended for information exchange negotiated between the
outside world and the integrated circuit in the card. As a result of an information exchange, the card delivers
information (computation result, stored data), and / or modifies its content (data storage, event memorization).
 Five parts are specific to cards with galvanic contacts and three of them specify electrical interfaces.
• ISO/IEC 7816-1 specifies physical characteristics for cards with contacts.
• ISO/IEC 7816-2 specifies dimensions and location of the contacts.
• ISO/IEC 7816-3 specifies electrical interface and transmission protocols for asynchronous cards.
• ISO/IEC 7816-10 specifies electrical interface and answer to reset for synchronous cards.
• ISO/IEC 7816-12 specifies electrical interface and operating procedures for USB cards.
 All the other parts are independent from the physical interface technology. They apply to cards accessed
by contacts and / or by radio frequency.
• ISO/IEC 7816-4 specifies organization, security and commands for interchange.
• ISO/IEC 7816-5 specifies registration of application providers.
• ISO/IEC 7816-6 specifies interindustry data elements for interchange.
• ISO/IEC 7816-7 specifies commands for structured card query language.
• ISO/IEC 7816-8 specifies commands for security operations.
• ISO/IEC 7816-9 specifies commands for card management.
• ISO/IEC 7816-11 specifies personal verification through biometric methods.
• ISO/IEC 7816-15 specifies cryptographic information application.
[13] [15] [17]
ISO/IEC 10536 specifies access by close coupling. ISO/IEC 14443 and ISO/IEC 15693 specify
access by radio frequency. Such cards are also known as contactless cards.
ISO and IEC draw attention to the fact that it is claimed that compliance with this document may involve the
use of the following patents and the foreign counterparts.
JPN 2033906, Portable electronic device
JPN 2557838, Integrated circuit card
JPN 2537199, Integrated circuit card
JPN 2856393, Portable electronic device
JPN 2137026, Portable electronic device
JPN 2831660, Portable electronic device
DE 198 55 596, Portable microprocessor-assisted data carrier that can be used with or without contacts
ISO and IEC take no position concerning the evidence, validity and scope of these patent rights.
The holders of these patent rights have assured ISO and IEC that they are willing to negotiate licences under
reasonable and non-discriminatory terms and conditions with applications throughout the world. In this respect,
© ISO/IEC 2005 — All rights reserved v

the statements of the holders of these patent rights are registered with ISO and IEC. Information may be
obtained from:
Contact Patent details
Toshiba Corporation JPN 2033906 (priority date: 1986-02-18; publication date: 1996-03-19),
Intellectual Property Division
FRA 8614996, KOR 44664
1-1, Shibaura 1-Chome
JPN 2557838 (priority date: 1986-02-18; publication date: 1996-09-05),
Minato-ku, Tokyo
FRA 8700343, GER 3700504, KOR 42243, USA 4841131
105-8001, Japan
JPN 2537199 (priority date: 1986-06-20; publication date: 1996-07-08),
FRA 8708646, FRA 8717770, USA 4833595, USA 4901276
JPN 2856393 (priority date: 1987-02-17; publication date: 1998-11-27),
FRA 8801887, KOR 43929, USA 4847803
JPN 2137026 (priority date: 1987-02-20; publication date: 1998-06-26),
JPN 3054119, FRA 8802046, KOR 44393, USA 4891506
JPN 2831660 (priority date: 1988-08-26; publication date: 1998-09-25),
FRA 8911249, KOR 106290, USA 4988855
Orga Kartensysteme Gmbh DE 198 55 596 (priority date: 1998-12-02; publication date: 2000-06-29)
Am Hoppenhof 33
Applications pending in Europe, Russia, Japan, China, USA, Brazil, Australia
D-33104 Paderborn
Germany
vi © ISO/IEC 2005 — All rights reserved

INTERNATIONAL STANDARD ISO/IEC 7816-4:2005(E)

Identification cards — Integrated circuit cards —
Part 4:
Organization, security and commands for interchange
1 Scope
This part of ISO/IEC 7816 specifies
 contents of command-response pairs exchanged at the interface,
 means of retrieval of data elements and data objects in the card,
 structures and contents of historical bytes to describe operating characteristics of the card,
 structures for applications and data in the card, as seen at the interface when processing commands,
 access methods to files and data in the card,
 a security architecture defining access rights to files and data in the card,
 means
...