ISO/IEC 7816 Data object and Structure Selection and EF Structures

2
votes

I am just was reading ISO/IEC 7816 part 4 standard. Unfortunately there are some vague points in it for me and I hope I can receive the answer here.

The first vague point is about Data Objects. It is defined that data objects make Simple-TLV or Ber-TLV categories and have a little description about these categories. But what is a Data Object itself? Is it the data that we store on the card? If so, As far as I know, we store our data in different fields of our applets and we don't consider any BER-TLV or Simple-TLV category for them! They are just a series of hex numbers.

The second vague point is about Structure Selection part. It is defined that we can five different ways as below:

  1. Implicitly after a reset.
  2. Explicitly by Selection by DF Name
  3. Explicitly by Selection by File Identifier
  4. Explicitly by Selection by Path
  5. Explicitly by Selection by Short EF Identifier

The vague point is that, as far as I know, the only thing that I can select on the card, are applets and nothing else. For the applets I can make the default selected (That can be 1st way of above options, the Implicit selection) or Select it by sending a SELECT APDU command to card with the Applet AID (Which is not mentioned as any of above ways).

So what are these Structure Selection methods?

The third vague point is EF Structures. It is defined that EF-s can have five following structures:

  1. Transparent structure
  2. Linear structure with records of fixed size
  3. Linear structure with records of variable size
  4. Cyclic structure with records of fixed size (the arrow references the most recently written record)
  5. TLV structure

The question is again, what is these structures for? Is these the way that data stores in memory? If so, why they are defined in the standard, while they are about the inner behavior of the card? Does the programmer need to know anything about them? Can he/she detect/change used EF structure of his/her card?

And finally, does all ISO 7816-4 compliant cards support all the above items(Because I can't find anything in the ISO 7816-4 mentioning that they are optional or something)?

Does all ISO 7816-4 compliant cards need to support the APDU Commands that are defined in this part of standard?

1
smartcardjavacard

1 Answers

5
votes

First of all, ISO/IEC 7816-4 describes file based cards. File based cards can have different applications (selected using SELECT by NAME). Those applications are however best thought of as different data structures and objects within a file based OS. These applications don't provide different functions as does a Java Card applet.

7816-3 and especially 4 also describe the general half duplex command/response APDU format, which is kind of a minimum requirement for a card to be 7816-4 compliant. Java Card uses the APDU format, but it doesn't include functionality to otherwise emulate a file based card. You'll have to implement that yourself (or copy it from somewhere, of course).

A data object is an object with a type (described by the tag), a size (or length) and value: TLV. In 7816-4 both objects can be present in the card and objects in transit. In the end you are only interested in the input output though; it doesn't really matter how you interpret, store or generate them.

Which file selection and structures are supported is up to the manufacturer of the card. In general file based cards need to support all selection methods, but that's not so clear for Java Card implementations. Many Java Card applets do not support SELECT by PATH. SELECT by PATH in general is troublesome on Java Card, as it is not handled by the operating system and it cannot be handled by an Applet (since an Applet instance cannot just select another Applet instance).

Yes, file structures are visible to the outside user. What is implemented depends. Again, file based cards may support all. E.g. the cyclic structure is great when you need to store records on the card. The limited memory might prompt you to delete the oldest records though. You could for instance imagine this used for a Digital Tachograph card. Records enable searched using 7816 compliant SQL like commands.

ISO/IEC 7816 is one of the worst standards out there. It indeed doesn't say anything about optional, which may lead you to believe that cards should indeed implement everthing. Some cards that claim compliance however only keep to the APDU structure defined right at the start. Many cards do not implement everything, and the ones that do often get it wrong.

  • The standard isn't modularized so there is no way to check which features are supported or not;
  • Status words have been defined but they only contain memory and syntactic reasons for errors;
  • It isn't clear which errors can be returned by a command, nor in which order the errors need to be handled;
  • The standard doesn't comply to ISO/OSI layer structure, application and (secure) transport layer are mixed;
  • There are two definitions of Ne, one general where it is the maximum response size and another one for READ BINARY;
  • End of file detection isn't well specified;
  • Extended length APDU's are still misunderstood even by the people creating the standard;
  • Many commands have not been fully specified, including e.g. CREATE FILE;
  • There are many deprecated commands such as WRITE FILE.

And that's just out the top of my head.

Basically the standard is more a set of common practices. You can use it as a starting point to create your own protocol or standard, but that's about it.