Smart card application protocol data unit
The Application Protocol Data Unit is a unit of communication between the chip card and a chip card application to the ISO 7816 standard. The APDU is a communication unit at the application level. In the OSI model layers corresponding to the layer 7
The APDU is distinguished in command APDUs that transmit commands to the smart card, and response APDUs, which transmits the response of the card to a command. This communication takes place by means of answer to reset and optional protocol type selection according to the establishment of the communication. The structures of command APDU and response APDU defined in ISO 7816-4.
- 6.1 Status words
Command APDU
The command APDU is composed of a header ( header) and an optional fuselage (body ).
The individual bytes have the following meaning:
If no response data is expected, Le byte of the body is omitted. Lc same byte, and the data can be omitted when there is no command data is necessary. Depends on the command and response data can be four cases with different structure of the commands are different. They are denoted by case 1 to case 4.
Case 1 command
Case 1 is a simple command without any command data and no response data. Therefore, to dispense with the entire body of the command:
Case 2 command
In Case 2, the command has no command data, but expected response data. Results in the following command structure:
Case 3 command
Case 3 describes a command with command data, which does not expect any response data and therefore looks like this:
Case 4 command
A Case 4 command has both command and response data and therefore the full command - Body:
Encoding of the length Lc and Le fields
There are two different encodings for the length Lc and Le fields. By default, supports the short length fields; Here the length information is only one byte long and thus supports values from 1 to 255 bytes ( hexadecimal 0x01 to 0xFF ). The special case of Le = 0x00 means here an expected length ( "expected length" ) of 256 bytes. Thus, a maximum of 255 bytes written (Lc) and 256 bytes are read ( Le).
Because of the ever increasing amounts of data that can be stored and read on smart cards (especially in the field of signatures ), it was necessary to read within an APDU larger amounts of data or write. For this purpose, the "extended APDUs " were introduced. Based on the historical bytes in the ATR can be determined whether a smart card support these larger APDUs. In the "extended APDU " can Lc or Le assume a value between 1 and 65536. The first leakage flux is thereby encoded with 3 bytes. In Case- 2 command APDUs this is the Le field in Case 3 and 4- command APDUs the Lc field. In case 4 command APDUs the Le field is coded with 2 bytes ( the leading zero byte is omitted).
Coded therefore is the first Lx field with 3 bytes (B1 ) = '00 ', (B2 | | B3) = any value ( if B2 and B3 to '0000' are set, this is equivalent to 65536 ) and the second ( if any) in the same way without the leading zero byte.
Response APDU
The response APDU consists of an optional trunk (body ) and a mandatory final (Trailer).
The trailer contains the two status bytes SW1 and SW2, which together form the status word (SW). The status word ( engl. "return code" ) provides information on the successful execution of the command or the type of error that prevented or interrupted execution.
The body contains the response data of the command whose length Le of the command APDU byte was specified. If Le is zero or the command execution was aborted due to an error, no response data will be sent. This results in two variants of a response APDU:
- Le is not null, and Command successful
- Le is zero, or command not successful
Status words
The status word has either the value of 9000, indicating the error-free execution of the command, or a value 6xxx, which indicates the type of deviation from normality. The status words are specified in the table systematics.
The following table shows the main status words and their meanings: