STANDARD. ISO/IEC. Second edition. Identification cards — Integrated circuit cards —. Part 5: Registration of application providers. ISO is one of most important standards in the smart card industry. Parts of ISO specify physical characteristics, dimensions and location of the. ISO , Section 5 contains basic organizations, data structures, file organization, file referencing methods, data referencing methods, record referencing.
|Published (Last):||16 June 2017|
|PDF File Size:||1.63 Mb|
|ePub File Size:||2.92 Mb|
|Price:||Free* [*Free Regsitration Required]|
Size of the records: However, logical channels may share application-dependent security status and therefore may have security-related command interdependencies across logical channels e. Figure 1 illustrates an example of the logical file organization io a card. This clause contains information on the logical structure of data as seen at the interface, when processing interindustry commands for interchange.
When numbered, its number is 0. If no file reference is present, then the key 78165- is valid in the current DF. If an empty reference data object for auxiliary data is present in the response descriptor, then it shall be full in the response.
If a card supports the logical channel mechanism, then the maximum number of available logical channels is indicated in the card capabilities see 8. The order of the file identifiers is always in the direction parent to child. The FCI template is intended for conveying file control parameters and ido management data.
If L in not null, then the value field V consists of consecutive bytes. Command-response pairs work as currently described. In this case, the card computes a string of concealing bytes and adds it by exclusive-or to data bytes received from or sent to the outside world. An algorithm, a key and, possibly initial data may be selected for each security mechanism implicitly, i.
Transparent structure — The EF is seen at the interface as a sequence of data units.
For each command, an appropriate clause provides more detailed meanings. For example, the last possible position of a template for cryptographic checksum is ieo before the first data object integrated in the computation.
When there is a current record, the next occurrence shall be the closest record with the specified identifier but in a greater logical position than the current record.
The other DFs are optional. It encodes an integer L. Entity authentication with key — The entity to be euthenticated has to prove the knowledge of the relevant key in an authentication procedure e.
This website is best viewed with browser version of up to Microsoft Internet Explorer 8 or Firefox 3. Io other projects Wikimedia Commons. Each control reference remains valid until kso new control reference is provided for the same mechanism.
If the response descriptor provides auxiliary data, then the respective data object shall be empty in the response.
The computation of a cryptographic checksum is performed in the following consecutive stages: If no initial data reference is present and no initial check block is implicitly selected, then the null block shall be used. Within each EF of linear structure, the logical positions shall be sequentially assigned when writing or appending i.
If L is null, then the data object 7186-5 empty: Linear EF with record of fixed size.
Data encipherment — Using secret internal data, the card deciphers a cryptogram received in a data field. Data authentication — Using internal data, either secret or public, the card checks redundant data recived from the outside world. Created inupdated inamended inupdated in An annex is provided that shows how to control the loading of data secure download into the card, by means of verifying the access rights of the loading entity and protection of the transmitted data with secure messaging.
It encodes a class, a type and a number. The security attributes, when they exist, define the allowed actions and the procedures to be performed to complete such actions. The choice and conditions of use of cryptographic mechanisms may affect card exportability. Concealment thus requires no padding and the data objects concealed in the value field are recovered by the same operation. Annexes are provided that give examples of operations related to digital signatures, certificates and the import and export of asymmetric keys.
Figure 2 shows those for EF structures. There are two types of digital signatures:. Valued to 0 for the first data unit of the EF, the offeset is incremented by 1 for every subsequent data unit. In order to select unambiguously by DF name e.
In case 3, the length Lc is not null; therefore 7186-5 Lc field is present and the data field consists of the Lc subsequent bytes. The tag field T consists of one or more consecutive bytes.
Data is considered to be stored in a single continuous sequence of records within an EF of record structure or of data units within an EF of transparent structure. Alternately, using secret internal data, the card computes a data element cryptographic checksum or digital signature and inserts it in the data sent to the outside world. The digital signature computation is typically based upon asymmetric cryptographic techniques. In the card capabilities see 8.