ISO/IEC 7816-9:2017

INTERNATIONAL ISO/IEC
STANDARD 7816-9
Third edition
2017-12
Identification cards — Integrated
circuit cards —
Part 9:
Commands for card management
Cartes d'identification — Cartes à circuit intégré —
Partie 9: Commandes pour la gestion des cartes
Reference number
©
ISO/IEC 2017
© ISO/IEC 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2017 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope .1
2 Normative references .1
3 Terms and definitions .1
4 Symbols and abbreviated terms . 2
5 Life cycle .3
5.1 General properties . 3
5.2 Generic life cycle status . 4
5.3 Command-dependent life cycle status transition . 6
5.4 Life cycle status inheritance and evaluation . 7
5.4.1 General. 7
5.4.2 General rules for life cycle status evaluation . 7
5.4.3 Behaviour for effective LCS . 8
6 Commands for card management .8
6.1 General . 8
6.2 create file command . 9
6.3 delete command .10
6.4 deactivate command .10
6.5 activate command .11
6.6 terminate command .11
6.7 terminate ef command .12
6.8 manage data command .12
6.9 create command .13
6.10 terminate card usage command .14
6.11 import card secret command .14
Annex A (informative) Command-dependent LCS transition examples .16
Annex B (informative) Life cycle status handling examples.18
Bibliography .21
© ISO/IEC 2017 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www.iso.org/iso/foreword.html.
This document was prepared by ISO/IEC JTC 1, Information technology, Subcommittee SC 17, Cards and
security devices for personal identification.
This third edition cancels and replaces the second edition (ISO/IEC 7816-9:2004), which has been
technically revised.
The main changes compared to the previous edition are as follows:
— a template ‘AE’ has been proposed for the configuration of command-dependent LCS transitions
(see create command);
— Figure 1 (generic LCS transition diagram) has been modified;
— delete, activate, deactivate, terminate commands have been redesigned with a common
generic P1 parameter, and existing commands have remained unchanged for legacy reasons; 6.1
describes generic or legacy command options and Table 3 describes the bitmap of P1 and P2 for
legacy commands and extended command (generic ones);
— manage data and delete data commands have been reserved for DO only; enquiry on delete data
usefulness has been confirmed and the command maintained but declared as likely to be deprecated
in future revisions of this document;
— dedicated subclauses have been provided addressing LCS inheritance and LCS evaluation;
— new terminology and rules for evaluated LCS category have been provided: directly assigned or
effective, with addition of a recursive table for effective LCS allotment to the child object;
— the command create data has been renamed create and assigned a P1 parameter borrowed from
generic commands for the sake of harmonization.
A list of all parts in the ISO/IEC 7816 series can be found on the ISO website.
iv © ISO/IEC 2017 – All rights reserved

Introduction
ISO/IEC 7816 is a series of International Standards specifying integrated circuit cards and the use of
such cards for interchange. These cards are identification cards intended for information exchange
negotiated between the outside world and the integrated circuit in the card. As a result of an information
exchange, the card delivers information (computation result, stored data) and/or modifies its content
(data storage, event memorization).
— Five parts in the series are specific to cards with galvanic contacts and three of them specify
electrical interfaces.
— ISO/IEC 7816-1 specifies physical characteristics for cards with contacts.
— ISO/IEC 7816-2 specifies dimensions and location of the contacts.
— ISO/IEC 7816-3 specifies electrical interface and transmission protocols for asynchronous cards.
— ISO/IEC 7816-10 specifies electrical interface and answer to reset for synchronous cards.
— ISO/IEC 7816-12 specifies electrical interface and operating procedures for USB cards.
— All the other parts in the series are independent from the physical interface technology. They apply
to cards accessed by contacts and/or by radio frequency.
— ISO/IEC 7816-4 specifies organization, security and commands for interchange.
— ISO/IEC 7816-5 specifies registration of application providers.
— ISO/IEC 7816-6 specifies interindustry data elements for interchange.
— ISO/IEC 7816-7 specifies commands for structured card query language.
— ISO/IEC 7816-8 specifies commands for security operations.
— ISO/IEC 7816-9 specifies commands for card management.
— ISO/IEC 7816-11 specifies personal verification through biometric methods.
— ISO/IEC 7816-13 specifies commands for application management in a multi-application
environment.
— ISO/IEC 7816-15 specifies cryptographic information application.
ISO/IEC 10536 (all parts) specifies access by close coupling. ISO/IEC 14443 (all parts) and
ISO/IEC 15693 (all parts) specify access by radio frequency. Such cards are also known as
contactless cards.
© ISO/IEC 2017 – All rights reserved v

INTERNATIONAL STANDARD ISO/IEC 7816-9:2017(E)
Identification cards — Integrated circuit cards —
Part 9:
Commands for card management
1 Scope
This document specifies interindustry commands for card, file and other structure management, i.e.
data object and security object. These commands cover the entire life cycle of the card and therefore
some commands are used before the card has been issued to the cardholder or after the card has
expired. For details on record life cycle status, refer to ISO/IEC 7816-4.
It is not applicable to the internal implementation within the card and/or the outside world.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 7816-4:2013, Identification cards — Integrated circuit cards — Part 4: Organization, security and
commands for interchange
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at https://www.iso.org/obp
3.1
object
structure (according to ISO/IEC 7816-4) or security object (3.3)
3.2
secure messaging
set of means for cryptographic protection of (parts of) command-response pairs
[SOURCE: ISO/IEC 7816-4:2013, 3.50]
3.3
security object
standalone object (3.1) nested in an EF, a record, a data object, a DataString or a combination thereof
that endorses security handling according to ISO/IEC 7816-4
© ISO/IEC 2017 – All rights reserved 1

4 Symbols and abbreviated terms
AID application identifier
AMF access mode field
AT control reference template for authentication
CCT control reference template for cryptographic checksum
CLA class byte
CP control parameter
CP DO control parameter data object (bearing the tag ‘62’)
CRT control reference template
DF dedicated file
DO BER-TLV data object
DST control reference template for digital signatu
...