ISO/IEC 7816-7:1999

INTERNATIONAL ISO/IEC
STANDARD 7816-7
First edition
1999-03-01
Identification cards — Integrated circuit(s)
cards with contacts —
Part 7:
Interindustry commands for Structured Card
Query Language (SCQL)
Cartes d’identification — Cartes à circuit(s) intégré(s) à contacts —
Partie 7: Commandes intersectorielles pour langage d'interrogation de carte
structurée (SCQL)
Reference number
B C
Contents
1 Scope .1
2 Normative references .1
3 Terms and definitions .1
4 Symbols (and abbreviated terms) .2
5 SCQL database concept .2
5.1 SCQL database .2
5.2 SCQL tables.3
5.3 SCQL views .4
5.4 SCQL system tables and dictionaries .5
5.5 SCQL user profiles .7
6 SCQL related commands .7
6.1 General aspects .7
6.2 Grouping and encoding of commands.8
6.3 Notation and special codings.9
6.4 Status bytes.10
6.5 Coding of identifiers.11
6.6 Security attributes of tables, views and users.12
6.7 Linking user ids to INSERT and UPDATE operations.12
7 Database operations.12
7.1 CREATE TABLE .12
7.2 CREATE VIEW .13
7.3 CREATE DICTIONARY.15
7.4 DROP TABLE.16
7.5 DROP VIEW .17
©  ISO/IEC 1999
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic
or mechanical, including photocopying and microfilm, without permission in writing from the publisher.
ISO/IEC Copyright Office • Case postale 56 • CH-1211 Genève 20 • Switzerland
Printed in Switzerland
ii
© ISO/IEC
7.6 GRANT . 18
7.7 REVOKE. 19
7.8 DECLARE CURSOR. 20
7.9 OPEN. 22
7.10 NEXT . 23
7.11 FETCH. 23
7.12 FETCH NEXT . 24
7.13 INSERT. 25
7.14 UPDATE . 26
7.15 DELETE. 27
8 Transaction management . 28
8.1 General concept. 28
8.2 Transaction operations. 29
9 User management. 31
9.1 General concept. 31
9.2 User operations . 32
Annex A (informative) Usage of SCQL operations . 36
iii
© ISO/IEC
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission)
form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC
participate in the development of International Standards through technical committees established by the
respective organization to deal with particular fields of technical activity. ISO and IEC technical committees
collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in
liaison with ISO and IEC, also take part in the work.
In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting.
Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote.
International Standard ISO/IEC 7816-7 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information
technology, Subcommitte SC 17, Identification cards and related devices.
ISO/IEC 7816 consists of the following parts, under the general title Identification cards — Integrated circuit(s) cards
with contacts :
— Part 1: Physical characteristics
— Part 2: Dimensions and location of the contacts
— Part 3: Electronic signals and transmission protocols
— Part 4: Interindustry commands for interchange
— Part 5: Numbering system and registration procedure for application identifiers
— Part 6: Interindustry data elements
— Part 7: Interindustry commands for Structured Card Query Language (SCQL)
— Part 8: Security related interindustry commands
Annex A of this part of ISO/IEC 7816 is for information only.
iv
© ISO/IEC
Introduction
This part of ISO/IEC 7816 is one of a series of standards describing the parameters for integrated circuit(s) cards
with contacts and the use of such cards for international interchange.
These cards are identification cards intended for information exchange negotiated between the outside and the
integrated circuit in the card. As a result of an information exchange, the card delivers information (computation
results, stored data), and/or modifies its content (data storage, event memorization).
During the preparation of this part of ISO/IEC 7816, information was gathered concerning relevant patents upon
which application of this part of ISO/IEC 7816 might depend. Relevant patents were identified in France, the patent
holder is Gemplus. However, ISO cannot give authoritative or comprehensive information about evidence, validity or
scope of patents or like rights.
The patent holder has stated that licenses will be granted in appropriate terms to enable application of this part of
ISO/IEC 7816, provided that those who seek licenses agree to reciprocate.
Further information is available from
GEMPLUS
B.P. 100
13881 GEMENOS CEDEX
FRANCE
v
INTERNATIONAL STANDARD  © ISO/IEC ISO/IEC 7816-7:1999(E)
Identification cards — Integrated circuit(s) cards with contacts —
Part 7:
Interindustry commands for Structured Card Query Language (SCQL)
1 Scope
This part of ISO/IEC 7816 specifies
 the concept of a SCQL database (SCQL = Structured Card Query Language based on SQL, see ISO 9075)
and
 the related interindustry enhanced commands.
2 Normative references
The following normative documents contain provisions which, through reference in this text, constitute provisions of
this part of ISO/IEC 7816. For dated references, subsequent amendments to, or revisions of, any of these
publications do not apply. However, parties to agreements based on this part of ISO/IEC 7816 are encouraged to
investigate the possibility of applying the most recent editions of the normative documents indicated below. For
undated references, the latest edition of the normative document referred to applies. Members of ISO and IEC
maintain registers of currently valid International Standards.
ISO/IEC 9075:1992, Information technology — Database languages — SQL2.
ISO/IEC 7816-4:1995, Information technology — Identification cards — Integrated circuit(s) cards with contacts —
Part 4: Interindustry commands for interchange.
ISO/IEC 7816-6:1996, Identification cards — Integrated circuit(s) cards with contacts — Part 6: Interindustry data
elements.
3 Terms and definitions
For the purposes of this part of ISO/IEC 7816, the following definitions apply.
3.1
database basic user
SCQL user with no inherent rights
3.2
database file
structured set of database objects (tables, views, dictionaries) representing the content of a database
3.3
database object owner
SCQL user with the special right to create and drop objects and to manage privileges on these objects
3.4
database owner
initial SCQL user which manages objects and users of the database
© ISO/IEC
3.5
dictionary
view on a system table
3.6
system table
table maintained by the card for managing the database structure and database access
3.7
table
database object with a unique name and structured in columns and rows
3.8
view
logical subset of a table
4 Symbols (and abbreviated terms)
For the purposes of this part of ISO/IEC 7816, the following abbreviations apply:
APDU Application protocol data unit
API Application programming interface
DB Database
DB_O Database owner
DBBU Database basic user
DBF Database file
DBOO Database object owner
DF Dedicated file
DO Data object
ICC Integrated circuit(s) card
IFD Interface device
MF Master file
SCQL Structured card query language
SQL Structured query language
TLV Tag, length, value
5 SCQL database concept
5.1 SCQL database
A database in a card according to this part of ISO/IEC 7816 is called a SCQL database (SCQL = Structured Card
Query Language), since the commands for accessing are based on SQL-functionality (see ISO 9075) and coded
according to the principles of interindustry commands as defined in ISO/IEC 7816-4. The database itself is a
structured set of database objects called a database file DBF. Under a DF there shall be not more than one DBF
which is accessible after selection of the respective DF. A database may be also directly attached to the MF.
Fig.1 shows an example for the embedding of a database in the card.
© ISO/IEC
MF
Application
DF DF
with a 1 2
database
Any
application
. . .
DBF
Database
Internal elementary files
file
and/or
working elementary files
Figure 1 — Application with a database in a multi-application card (example)
An application system may interwork with a SQL database as well as with a SCQL database using the same SQL-
API (API = Application Programming Interface). Thus, a card carrying a SCQL database may appear as a part of a
distributed SQL database environment. Fig. 2 shows a typical SQL configuration with a card integrated in the
system design.
Application
...