|
ISO 7816 is an international standard related to electronic identification cards, especially smart cards, managed jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It is an extension of ISO 7810. It is edited by the Joint technical committee (JTC) 1 / Sub-Committee (SC) 17, Cards and personal identification. The following describes the different parts of this standard. Note: abstracts and dates, when present, are mere quotations from the ISO website, and are neither guaranteed at the time of edition nor in the future. 7816-1: Physical characteristics Created in 1987, updated in 1998, amended in 2003 (source). 7816-2: Cards with contacts — Dimensions and location of the contacts Created in 1988, updated in 1999, amended in 2004 (source). 7816-3: Electrical characteristics and class indication for integrated circuit(s) cards operating at 5V, 3V and 1.8V Created in 1989, updated in 1997, amended in 2002 (source). 7816-4: Organization, security and commands for interchange Created in 1995, updated in 2005. From its abstract, it specifies: It does not cover the internal implementation within the card or the outside world. ISO/IEC 7816-4:2005 is independent from the physical interface technology. It applies to cards accessed by one or more of the following methods: contacts, close coupling, and radio frequency. 7816-5: Registration of application providers Created in 1995, updated in 2004. From its abstract, ISO/IEC 7816-4 defines how to use an application identifier to ascertain the presence of and/or perform the retrieval of an application in a card. ISO/IEC 7816-5:2004 shows how to grant the uniqueness of application identifiers through the international registration of a part of this identifier, and defines 7816-6: Interindustry data elements for interchange Created in 1996, updated in 2004. From its abstract, it specifies the Data Elements (DEs) used for interindustry interchange based on integrated circuit cards (ICCs) both with contacts and without contacts. It gives the identifier, name, description, format, coding and layout of each DE and defines the means of retrieval of DEs from the card. 7816-7: Interindustry commands for Structured Card Query Language (SCQL) Created (or updated) in 1999 (source). 7816-8: Commands for security operations Created in 1995, updated in 2004. From its abstract, it specifies interindustry commands for integrated circuit cards (either with contacts or without contacts) that may be used for cryptographic operations. These commands are complementary to and based on the commands listed in ISO/IEC 7816-4. Annexes are provided that give examples of operations related to digital signatures, certificates and the import and export of asymmetric keys. The choice and conditions of use of cryptographic mechanisms may affect card exportability. The evaluation of the suitability of algorithms and protocols is outside the scope of ISO/IEC 7816-8. 7816-9: Commands for card management Created in 1995, updated in 2004. From its abstract, it specifies interindustry commands for integrated circuit cards (both with contacts and without contacts) for card and file management, e.g. file creation and deletion. These commands cover the entire life cycle of the card and therefore some commands may be used before the card has been issued to the cardholder or after the card has expired. An annex is provided that shows how to control the loading of data (secure download) into the card, by means of verifying the access rights of the loading entity and protection of the transmitted data with secure messaging. The loaded data may contain, for example, code, keys and applets. 7816-10: Electronic signals and answer to reset for synchronous cards Created (or updated) in 1999 (source). 7816-11 Personal verification through biometric methods Created (or updated) in 2004. From its abstract, it specifies the usage of interindustry commands and data objects related to personal verification through biometric methods in integrated circuit cards. The interindustry commands used are defined in ISO/IEC 7816-4. The data objects are partially defined in this International Standard, partially imported from ISO/IEC 19785-1. ISO/IEC 7816-11 also presents examples for enrollment and verification and addresses security issues. 7816-12 Cards with contacts -- USB electrical interface and operating procedures Created in 2005. From its abstract, it specifies the operating conditions of an integrated circuit card that provides a USB interface. An integrated circuit card with a USB interface is named USB-ICC. ISO/IEC 7816-12:2005 specifies: ISO/IEC 7816-12:2005 provides two protocols for control transfers. This is to support the protocol T=0 (version A) or to use the transfer on APDU level (version B). ISO/IEC 7816-12:2005 provides the state diagrams for the USB-ICC for each of the transfers (bulk transfers, control transfers version A and version B). Examples of possible sequences which the USB-ICC must be able to handle are given in an informative annex. 7816-13: Commands for application management in multi-application environment As of 2006, this document is in development (source) and is supposed to integrate methods from the Global Platform * standard, like its Secure Channel Protocols (see this NIST report (in PDF format) for more information). 7816-15: Cryptographic information application Created in 2004. From its abstract, it specifies a card application. This application contains information on cryptographic functionality. Further, ISO/IEC 7816-15:2004 defines a common syntax (in ASN.1) and format for the cryptographic information and mechanisms to share this information whenever appropriate. ISO/IEC 7816-15:2004 supports the following capabilities: See also | |||||||
|
| ||||||||
 |
|
| |