Adopted from http://www.sat.su/satxpress/SmartCard/ISO7816.htm
Links
======
Something about protocol parameters can be read here .
Exchange of data with a smart card
--------------------------------
Alexander Borzov (c) 1998
-mail address an e: aborzov@hotmail.com
This description is based on the basis of the ISO 7816-3 standard
Equipment
============
To work with the cards I used Smart Mouse, a well-known interface
Phoenix also under the names or Dumb Mouse.
Scheme interveysa this can be found in many places .
This interface is via COM-port of the computer.
In addition, a number of interface circuits using a printer
port, but I would not recommend it. While such an interface and has
a number of advantages, burn printer port much easier,
than RS232.
A little bit about Smart Mouse interface.
Currently, this interface vypusaetsya many companies, for
mostly Chinese. Its price - about 40 USD, it
Typically, it does not soprovozhdaetsmya any drivers.
PC card
Appointment Contact Direction
DB9
Transmit 3 TxD ---->
data
Accepted 2 RxD <----
data
Reset 7 RTS ----->
Power * 4 DTR ----->
Availability 8 CTS <----
cards
* The device may be supplied external power of 5-9 volts
"-" In the center of sockets.
The device has its own clock frequency
3.579545 MHz.
If external power is not filed - the power supplied by the card
DTR line installation therein "1". Immediately after the
supply starts the clock generator.
Reset map formed RTS line. To ensure the operation of the card
on contact ISO: C2 to be "1", that the supply is performed "1"
on the RTS. Card Reset occurs when the on ISO: C2 - "0".
CTS line is associated with the presence of the sensor card. When otstutstvii card
on CTS "0".
Please note - the interface has an internal echo - that is,
data output you arrive simultaneously in the input buffer
RS232. This should be considered when analyzing the response card.
Aktitvatsiya and deactivation Maps
==============================
Unit of time
-------------------------
All time characteristic when working with maps expressed in ETU -
Elementary Time Unit.
For cards with an internal clock generator ETU = 1/9600 sec, card
with an external clock ETU = 372 / chastota_generatora_v_gts,
however, these parameters can be changed by a special procedure
harmonization of interface parameters - see below.
The ISO standard recommends the use of the clock more
common quartz crystals 3.579545 MHz and 4.9152 MHz.
The Smart Mouse interface external generator, the frequency of 3.579545 MHz,
ie ETU = 0.1039 milliseconds.
Reset map
------------
To start with the card exchange is necessary to form to activate it,
forming a Reset signal
According to ISO, he foriruetsya a signal sequence:
-> RST (ISO: C2) Low
-> Power (ISO: C1) Install
-> I / O (ISO: C7) Gotovnost_k_priemu
-> VPP (ISO: C6) Low
-> Takt_chastota (ISO: C3) Post
-> RST (ISO: C2) High.
In SmartMouse these signals are formed using an RS232 line:
-Enable ISO power: C1 = + 5v - DTR = 1
Reset is the signal RST (ISO: C2) = 1 - RTS = 1
-Taktovaya Frequency is supplied to the ISO: C3 with power + 5v
-Voltage VPP programming ISO: C6 is always equal to the supply voltage.
Immediately stipulate the procedure and deactivate cards:
-> RST (ISO: C2) low.
-> Takt_chastota (ISO: C3) Remove
-> VPP (ISO: C6) Low.
-> I / O (ISO: C7) Low.
-> Power (ISO: C1) Low.
Serial I / O
===========================
For a start look at the byte transmission scheme in the RS232 :
Byte, the designation of which bit is given below:
, ----, ----, ----, ----, ----, ----, ----, ----,
| b8 | b7 | b6 | b5 | b4 | b3 | b2 | b1 |
'----' ---- "----" ---- "----" ---- "----'----'
in RS232 interface is transmitted as follows:
Start Bit Next
Bit <--- 8 data bits ----> Parity StartBit
'1' -12V ________ __________________________________ ... Mark
| | | | | | | | | | | | | |
| C | b1 | b2 | b3 | b4 | b5 | b6 | b7 | b8 | W | 1 | 2 | C |
'0' + 12V | __ | __ | __ | __ | __ | __ | __ | __ | __ | __ | | __ | _ Space
<Stop>
Bits (1 or 2)
Parity bits added to the data bits for error detection.
There are actually five types of units: Odd (Odd),
parity (Even) and further: None (None), '1' (Mark),
'0' (Space).
When set Parity (Even) then the parity bit is
so important that together with him (not counting the start and stop)
number '1' (Mark) in the byte was even.
When set to Odd parity (Odd) then the parity bit is
so important that together with him (not counting the start and stop)
number '1' (Mark) in the byte was odd.
Additional settings - No - not a bit, the Mark - bit is always '1'
Space - bit is always '0'.
The transmission scheme byte ISO7816
------------------------------
ISO 7816 standard provides a very similar byte transmission scheme:
, ----, ----, ----, ----, ----, ----, ----, ---- .
| ba | bb | bc | bd | be | bf | bg | bh |
'----' ---- "----" ---- "----" ---- "----'----'
Start Bit Next
Bit <--- 8 data bits ----> Parity StartBit
Z ____ ____________________________.....__ _
| | | | | | | | | | | | |
| C | ba | bb | bc | bd | be | bf | bg | bh | W | Interval | C |
A | __ | __ | __ | __ | __ | __ | __ | __ | __ | __ | | __ | _
The first difference from the RS232 - reverse the order of the bits - that is,
if RS232 is transmitted least significant bit first, the first transmitted ISO
msb Unlike RS232, where the levels are designated as M (ark) = high
and S (pace) = low levels in ISO designated as Z and A.
Their correspondence will be discussed below.
Transmission speed
-----------------
The standard duration of a bit = ETU +/- 0.2ETU.
In the case where ETU = 0.1039 milliseconds it is quite meets speed
interface 9600 bits / sec (duration bit ms 0.1041).
Interval
--------
The standard defines the interval between consecutive bytes in length
two bits. This corresponds to setting RS232 2 stop bits.
parity
------------------
The standard provides for parity (Even) - that is,
The parity bit is set so that the number "1" in the byte with
parity bit is even.
In asynchronous transmission symbol unit has a small problem with the
error diagnostics.
ISO 7816-3 specifies the error detection and recovery operation
(Mandatory for T = 0), so that it can not be detected by normal
UART.
When a card detects a parity error during reception, it is standard
resets the I / O line to a state S (pace) = low in the middle of the first bit
interval. However, RS232 at this time continues and forms
two stop bits.
Transfer data without errors:
Start Next Start bit bit
_____ __________________________________ ___________
| C | | | Byte i | | | P | | | C | Byte i + 1
| __ | __ | __ | __ | __ | __ | __ | __ | __ | __ | | __ | ___________
Bit <----->
parity interval
Data transfer with a parity error:
Start Next Start bit bit
_____ ____________________________ ___________
| C | | | Byte i | | | P | | | C | Byte i + 1
| __ | __ | __ | __ | __ | __ | __ | __ | __ | __ | | _____ | __ | ___________
Bit <--->
parity signal
errors
When such a condition occurs, the interface should retransmit
wrong character.
However, a transmitter that generates at this moment the stop bits, which level
M (ark) = high, can not detect an error signal and, consequently,
in case of error - repeat the erroneous byte.
ATR-Answer To Reset
=====================
After resetting the card it forms ATR - Answer To Reset in this form:
Reset
|
| _________________________________________ _________
| | | | | | | | | | | | | | |
'-> | TS | T0 | TA1 | TB1 | TC1 | TD1 | TA2 | TB2 | TC2 | TD2 | .... | TK | TCK |
| ___ | ___ | ___ | ___ | ___ | ___ | ___ | ___ | ___ | ___ | _ _ | __ | ___ |
EG:
cards used in D2MAC / Eurocrypt satellite system
form a ATR:
3F 2F 67 00 11 14 00 03 68 90 00
card used in GSM cellular telephones
(Company North-West GSM, St. Petersburg)
3F 2F 00 80 69 AF 2 January 01 35 00 01 0A 0E 83 1E
TS - most significant byte "initiation symbol."
------------------------------------------------
There are two versions of the byte:
Option 1 - "inverse TRANSFER"
-----------
In this embodiment, all bits are inverted, so that A = '1', Z = '0'
Transmitting TS diagram in this case is as follows:
Z ____ _____ __ _.....__ _ RS232-Mark -12V
| | | | | | | |
| C | 1 | 2 | 3 4 5 6 7 8 | W | Interval | C |
A | __ | | __ | __ | __ | __ | __ | __ | | __ | _ RS232-Space + 12V
When reading bytes via the RS232 is 03 Hex (00000011) - think about the reverse
bit sequence (sequence inversion - 11000000).
In fact is the Hex 3F (inverse of 00,111,111 bits).
In Hex 3F (00111111), the number '1' = 6, that is, the parity bit should be set
'0' to the total number of '1' was even, i.e. Bit_chetnosti = Z.
However, from the standpoint of a RS232 sequence Bit_chetnosti = 00000011 + 1
an odd number of bits, and controls Even when installing adopted in ISO,
an error will occur.
In this embodiment, parity should be set back -
ie Odd.
2. Option - "LIVE"
------------
In this embodiment, A = '0', Z = '1'
Transmitting TS diagram in this case is as follows:
Z ____ _____ ________ __ _.....__ _ RS232-Mark -12V
| | | | | | | | | | | |
| C | 1 | 2 | 3 | 4 5 6 | August 7 | W | Interval | C |
A | __ | | __ | | __ | __ | | __ | _ RS232-Space + 12V
When reading bytes it is via RS232 Hex 3B (00,111,011) - think about
reverse bit sequence (sequence inversion - 11,011,100).
The Hex 3B (00111011) the number of '1' = 5, that is, the parity bit should be set
'1', ie Bit_chetnosti = Z. C point of view, RS232 control of the same
- Parity - Even.
After reading through the RS232 first bytes ATR (TS) can be concluded about
interpreting subsequent bytes.
In the case of TS = 03 - "inverse TRANSFER", and in fact, TS = 3F
In the case of TS = 3B - "LIVE".
T0 - Byte format
------------------
Bit-map in the upper 4 bits define the transfer of the next byte TA1-TD1:
, ----, ----, ----, ----, ----, ----, ----, ----,
| ba | bb | bc | bd | be | bf | bg | bh |
'----' ---- "----" ---- "----" ---- "----'----'
^ ^ ^ ^ <- K value ->
| | | | _________ 1 if - TA1 is transmitted (see above)
| | | _____________ If 1 - TB1 is transmitted
| | __________________ If 1 - TS1 is transmitted
| _______________________ If 1 - TD1 is transmitted
The higher four bits - the number of the Y1 - define the transfer of bytes TA1-TD1.
The lower 4 bits - the number of K - the number of so-called "Historical bytes"
that describe a particular card - the time of her life, the release date.
Returning to the system Eurocrypt map where T0 = 67, we note:
- Follow interface byte TB1 and TC1 (only two)
- Is only 7 "Historical bytes".
Set the following bytes TAi TBi TCi TDi describes the detailed parameters
card protocol, the bytes TA1 TB2 TC3 TD4 called
global interface.
Byte TA1
--------
The older half of byte TC1 sodezhit parameter FI, which is used to
ETU calculation when using an external oscillator:
ETU = F / chastota_generatora_v_gts
Default - FI = 1, F = 372 (table FI-> F correspondence can be found in ISO).
The younger half of byte TC1 sodezhit parameter DI, which is used to
ETU calculation using INTERNAL generator:
ETU = D / 9600 sec.
Default - DI = 1, D = 1 (Table DI-> D found in compliance ISO).
Byte TB1
--------
The MSB is always 0. byte TB1
, ----, ----, ----, ----, ----, ----, ----, ----,
| Ba = 0 | bb | bc | bd | be | bf | bg | bh |
'----' ---- "----" ---- "----" ---- "----'----'
<- II1 -> <-------- PI1 -------->
The rest, include an:
- Parameter PI1, which determines the value of P - voltage value
VPP programming.
PI1 = 0 means that the card uses its own power supply for
programming voltage.
PI1 values between 5 and 25 determines the value of the programming voltage
so P = PI1 volt.
- Setting II1, which defines the maximum value of I consumption
current at programmirovnii.
It can take three values: II1 = 00 - I = 25 ma, II1 = 01 - I = 50 ma, II1 = 10 - I = 100 ma.
Default P = 5, I = 50.
Byte TC1
--------
Byte TC1 sodezhit parameter N - an additional increase in the interval Magee
bytes, the required card. Default N = 0.
Byte TD1
--------
Bit-map in the upper 4 bits define the transfer of additional bytes
TA2-TD2 as well as in the T0.
The four least significant bits in the TD1 describe the type of protocol.
Can have the following values:
0 = of T0 - character-oriented asynchronous half-duplex protocol
1 = the T1 - asynchronous half duplex block protocol
the remaining value is zarezervivirovany.
If TD1 is not transmitted at all - taken TD1 = 0
- That is, T0 protocol.
Byte TA2
--------
Byte TA2 indicates the ability to customize the card protocol parameters
in progress.
, ----, ----, ----, ----, ----, ----, ----, ----,
| ba | bb | bc | bd | be | bf | bg | bh |
'----' ---- "----" ---- "----" ---- "----'----'
| <-Rezerv->
|
---- 0 - possible to change the protocol settings
1 - Change of parameters is not possible
If the TA2 is not in the ATR - adopted TA2 = 0
"The historical bytes"
--------------------
Historical bytes describe a particular card - the time of her life,
release date, etc. Their value is determined by the card manufacturer.
Operating timeout - WI
---------------------------
This parameter is determined by TC2. If TC2 in ATR was not sent -
WI = 10 is considered.
Operating timeout is used to limit the response time
cards and interface.
The interval between the start of the current byte-bit start-bit and previous
byte can not exceed 960 * WI Etu, and the current byte may come
from the card, and the previous - from the interface, and vice versa.
(In our example MaxTime = 997.44 ms)
Byte control TCK
-----------------
Control byte. Calculated as follows: Isklyuchayuschee_Ili all bytes ATR,
including bytes of zero (or transmitted) must be equal to 0;
The protocol T0 can not be transmitted.
The minutes of the T1 it completes the sequence of the ATR.
So now we know the meaning of the bytes in our example, the ATR:
3F 2F 67 00 11 14 00 03 68 90 00
TS = 3F;
T0 = 67;
TA1 = 0 (not passed) +> ETU = 372 / chastota_generatora_v_gts or ETU = 1/9600 sec;
TB1 = 2F => II1 = 2, PI1 = 15 => I = 100 ma, P = 15 v. ;
TC1 = 0 => N = 0, an additional increase in the interval Magee bytes is not required .;
TD1 = 0 (transferred) => Protocol T0 - asynchronous half duplex character-oriented;
TC2 = 0 (transferred) => Can change the protocol parameters;
TA2 = 0 (transferred) => Tools and waiting time the WI = 10 Etu;
"The historical bytes" = 11 14 00 03 68 90 00
Annex 1:
Possible values divider clock
external clock
--------- Table compliance FI - F --------------------------
FI | 0000 0001 0010 0011 0100 0101 0110 0111
------- + ------------------------------------------ -------------
F | Vstr.generator 372 558 744 1116 1488 1860 RFU
------- + ------------------------------------------ -------------
FI | 1000 1001 1010 1011 1100 1101 1110 1111
------- + ------------------------------------------ -------------
F | RFU 512 768 1024 1536 2048 RFU RFU
------- + ------------------------------------------ -------------
RFU - Reserved
Possible values divider clock
internal oscillator
--------- Table compliance DI-D --------------------
DI | 0000 0001 0010 0011 0100 0101 0110 0111
------ + ------------------------------------------- -----
D | RFU 1 2 4 16 August RFU RFU
-------------------------------------------------- -----
-------------------------------------------------- -----
DI | 1000 1001 1010 1011 1100 1101 1110 1111
------ + ------------------------------------------- -----
D | RFU RFU 1/2 1/4 1/8 1/16 1/32 1/64
-------------------------------------------------- -----
Configuring the protocol settings (PTS)
=====================================
If the card can be configured protocol settings, this should be
It made immediately after the ATR.
In the process of setting the protocol parameters can reinstall options
D and F for the rate matching operation, and interface cards.
Request PTS - protocol settings performed six bytes:
_______________________________________________
| | | | | | |
| PTSS | PTS0 | PTS1 | PTS2 | PTS3 | PCK |
| _______ | _______ | _______ | _______ | _______ | _______ |
The purpose of these bytes:
PTSS - initiating bytes. Always FF Hex;
PTSO - byte format. Bit-map 5-6-7 bit value '1' identifies
Do follow PTS1 bytes, PTS2, PTS3. The four least significant bits -
protocol type value 0 or 1-T0-T1;
PTS1 - contains the requested values FI (in the upper half byte) and
DI (in the younger half-byte);
PTS2 - reserved for future use;
PTS3 - reserved for future use;
PCK - control byte. Calculated as follows: Isklyuchayuschee_Ili all bytes from
PTSS to PCK, including the bytes of zero (or transmitted)
must be equal to 0;
In support of the request card responds exactly the same sequence.
However, if bit 5 of byte PTS1 is '1' - still uses map
FI DI values and default.
Very rare cards allow changing protocol.
The structure and processing of commands in subprotocol T0
=============================================
After receiving ATR and possible harmonization of interface options
(If TC2 is not transmitted or is zero) can transmit commands and data.
The team is always initialized interface. interface reports
about what to do in the header of 5 bytes:
_______________________________________
| | | | | |
| CLA | INS | P1 | P2 | P3 |
| _______ | _______ | _______ | _______ | _______ |
It is assumed that the interface card and know a priori direction
data to understand the commands for incoming transfer
data and instructions for outgoing data.
* Team Title.
====================
- CLA - class team. The value FF is reserved for PTS.
- INS - a team in the classroom instruction. Value Team has the following
Limitations: the least significant bit is always 0, and the upper half of the byte is not
or 6 or 9.
- P1, P2 - dopolonitelnye parameters (eg address) completing the team.
- P3 - the number of bytes of data (D1, ..., Dn) to be transmitted
in this command. The direction of movement of the data is determined by the team.
Moreover, if the data transmission from the card, P3 = 0 represents the transmission 256
byte from the board. When transmitting the map data, P3 = 0 means no
data.
After transmitting the header is 5 bytes, the interface device awaits
procedure bytes.
* Byte Procedures
================
Send cards and determines the action requested in the interface.
There are three types of byte procedure:
- NULL: (= $ 60) This byte is sent to the card when you restart,
to warn of a subsequent procedure byte.
Do not ask for any action or with VPP, no data.
- SW1 (= $ 6x or $ 9x, excluding $ 60): interface device removes VPP
and waits for the final command byte SW2.
- ACK: Defines the VPP control (programming voltage)
and further data transfer.
Each byte card procedures can answer ACK-byte, NULL-byte
nothing to answer or end a command sequence SW1-SW2.
Interpretation bytes procedures
=============================
Total six possible situations:
situation | Byte | value | What reportedly interface
--------- + ----- + -------- + ------------------------- --------------
0 | NULL | $ 60 | No action to VPP. interface device
| | | waiting for a new procedure bytes
--------- + ------- + ----- + -------------------------- -------------
1 | SW1 | SW1 | VPP is not required. The interface is waiting for byte SW2
--------- + ------- + ----- + -------------------------- -------------
2 | | INS | VPP is not required. You can transfer all
| | | the remaining bytes of data (Di, ..., Dn).
| | |
3 | | INS + 1 | VPP is required. You can transfer all the remaining
| | | bytes of data (Di, ..., Dn).
| ACK | ___ |
4 | | INS | VPP is not required. You can send one
| | | the next byte of data.
| | _______ |
5 | | INS + 1 | VPP is required. You can send one
| | | the next byte of data.
(Note - the overline means an inversion)
Note: Any change of the state of VPP must occur during the passage
byte procedure or during a special standby.
The requested action interface is waiting for a new procedure bytes.
Interpretation of the status byte
============================
SW1 = $ 6x or $ 9x, excluding $ 60
SW2 = any value)
The final sequence SW1-SW2 determines the state of the card
at the end of the command.
Average end - SW1 = $ 90, SW2 = $ 00.
If the upper half byte SW1 - $ 6, the SW1 value is not dependent on the
application. Opredelnie following five values SW1 in such
case:
- $ 6E motherboard does not support the class.
- $ 6D command is not programmed or is not valid.
- $ 6B wrong link (P1 / P2).
- $ 67 an incorrect length.
- $ 6F Accurate diagnosis is not given.
Other values are reserved for future use by ISO7816.
If SW1 is not equal to $ 6E nor $ 6D is, the card supports
transmitted command.
ISO7816 standard does not specify any byte values SW1 = $ 9x,
no byte values SW2, it concerns the application card programs.
Known sledyuschie combinations:
SW1 SW2 Meaning
--------------------------------
62 81 Returned data may be corrupted.
62 82 The end of the file has been reached before the end of reading.
62 84 Selected file is not valid.
65 01 Memory failure. There have been problems in writing or reading
the EEPROM. Other hardware problems may also bring this error.
68 00 The request function is not supported by the card.
6A 00 Bytes P1 and / or P2 are incorrect.
6A 80 The parameters in the data field are incorrect.
6A 82 File not found.
6A 83 Record not found.
6A 84 There is insufficient memory space in record or file.
6A 87 The P3 value is not consistent with the P1 and P2 values.
6A 88 Referenced data not found.
6C XX Incorrect P3 length.
The structure and processing of commands in subprotocol T1
=============================================
At the time of this writing, only one of the famous card supports
subprotocol T1 - Map Dishnetwork satellite system.
======
Something about protocol parameters can be read here .
0 Comments