ISO 7816 Parts Guide
Detailed walkthrough of all 15 parts of ISO 7816 covering physical, electrical, T=0/T=1 transport, APDU commands, and security.
ISO 7816 Parts Guide
ISO/IEC 7816 is the foundational international standard for contact smart cards. It defines everything from the physical dimensions of the card to the cryptographic authentication protocol. The standard is published in 15 separate parts, each addressing a specific layer of the stack.
Overview of All 15 Parts
| Part | Title | Key Content |
|---|---|---|
| 7816-1 | Physical characteristics | ID-1 dimensions, bend/torsion/UV tests |
| 7816-2 | Dimensions and location of contacts | C1–C8 pad geometry, tolerances |
| 7816-3 | Cards with contacts — electrical interface and transmission protocols | ATR, T=0, T=1, PPS |
| 7816-4 | Organisation, security and commands | File system, APDU structure, SELECT, READ, VERIFY |
| 7816-5 | Registration of application providers | RID + PIX = AID namespace |
| 7816-6 | Interindustry data elements | BER-TLV tag registry |
| 7816-7 | Interindustry commands for Structured Card Query Language | SCQL queries on card databases |
| 7816-8 | Commands and mechanisms for security operations | INTERNAL AUTHENTICATE, EXTERNAL AUTHENTICATE, GET CHALLENGE |
| 7816-9 | Commands for card management | CREATE FILE, DELETE FILE, TERMINATE CARD |
| 7816-10 | Electronic signals and answer to reset for synchronous cards | Memory cards (I²C, SPI, synchronous protocols) |
| 7816-11 | Personal verification through biometric methods | Match-on-cardMatch-on-cardBiometricBiometric matching performed inside the smart card chip.Click to view →, template storage |
| 7816-12 | Cards with contacts — USB electrical interface and operating procedures | USB 2.0 full-speed on C4/C8 pins |
| 7816-13 | Commands for application management in a multi-application environment | Superseded by GlobalPlatformGlobalPlatformSoftwareCard application management standard.Click to view → in practice |
| 7816-14 | Conformance test plan | Test cases for 7816-3 and 7816-4 |
| 7816-15 | Cryptographic information application | PKCS#15 file structure, EF.CIAInfo |
Part 3: The Electrical Foundation
7816-3 is the most referenced part. It specifies the low-level communication:
- Cold reset sequence: VCC → CLK → RST — the card must respond with an ATR within 40,000 clock cycles.
- T=0T=0ProtocolCharacter-oriented smart card protocol.Click to view →: Byte-oriented half-duplex. The card drives I/O for response bytes; the host drives I/O for command bytes. Error detection via parity.
- T=1T=1ProtocolBlock-oriented smart card protocol.Click to view →: Block-oriented. Supports chaining (multi-block commands/responses), a CRC or LRC epilogue field, and independent retry on block errors. Required for larger APDUs.
- PPS: Protocol and Parameter Selection — allows host and card to negotiate higher baud rates and switch between T=0 and T=1.
Part 4: APDU Structure
Every command to a smart card follows the 7816-4 APDUAPDUProtocolCommunication unit between card and reader.Click to view → structure:
Command APDU:
CLA INS P1 P2 [Lc Data...] [Le]
1B 1B 1B 1B 1B nB 1B
Response APDU:
[Data...] SW1 SW2
nB 1B 1B
| Field | Meaning |
|---|---|
| CLA | Class byte — channel number, secure messagingsecure messagingProtocolCryptographic protection of APDU command/response pairs.Click to view → indicator |
| INS | Instruction — e.g., 0xA4 SELECT, 0xB0 READ BINARY |
| P1/P2 | Parameters — context-specific |
| Lc | Length of command data |
| Le | Expected length of response data |
| SW1 SW2 | Status word — 90 00 = success |
Use the APDU Builder to construct and decode APDU strings interactively.
Part 5: Application Identifiers
The AID (Application Identifier) namespace is managed under 7816-5:
- RID (5 bytes): Registered Application Provider Identifier — assigned by the ISO/IEC Registration Authority.
- PIX (0–11 bytes): Proprietary application Extension — defined by the AIDAIDProtocolUnique identifier for card applications.Click to view → owner to distinguish applications.
Well-known RIDs include A0 00 00 00 03 (Visa), A0 00 00 00 04 (Mastercard),
A0 00 00 03 97 (Interac).
Part 15: PKCS#15 Structure
7816-15 defines how cryptographic objects (keys, certificates, authentication data) are laid out in the file system — a standard that the PKI on Smart Cards guide builds on directly. Key files include:
| File | Contents |
|---|---|
| EF.DIR | AID directory — lists PKCS#15 application |
| EF.CIAInfo | Card Information Application metadata |
| EF.ODF | Object Directory File — points to key/cert/data object DFs |
| EF.PrKDF | Private Key Directory File |
| EF.CDF | Certificate Directory File |
| EF.AODF | Authentication Object Directory File (PINs) |
Understanding which ISO 7816ISO 7816StandardPrimary standard for contact smart cards.Click to view → part governs a behaviour is essential when reading vendor documentation or writing protocol-level code with the PC/SC Programming Guide.
Pertanyaan yang Sering Diajukan
Our guides cover a range of experience levels. Getting Started guides introduce smart card fundamentals. Security guides address Common Criteria certification and key management. Programming guides target developers working with APDU commands, JavaCard applets, and GlobalPlatform card management.