4 Replies Latest reply: Jun 11, 2011 4:10 PM by smarty_card_pants RSS

    Proprietary vs. Interindustry CLA values

    smarty_card_pants
      I am writing applets and implementation code which builds APDUs to send to my applets. So far I have used 0x80 as my CLA value. Is this acceptable? ISO 7816-4 states that for this genre of CLA, the command/response coding and meaning is proprietary. Does that mean it is proprietary to my code? So far, I have not had any problems with it. I just want to determine that what I am doing is acceptable.

      Secondly, I am modifying some code written by others and the CLA bytes take on a range of values. For example, one CLA value is 0x30. ISO 7816-4 claims that first of all, that values in the range 0x10 - 0x7F are RFU (Reserved for Future Use). Secondly, a value of 0x30 indicates that the command chaining bit (b5) is on (0x10 bit since the bits are numbered as follows: b8 b7 b6 b5 b4 b3 b2 b1). However, the APDU that is constructed with this CLA in the code that I am modifying does not use command chaining - e.g., 30 0D 00 00 14 (which says that my instruction byte is 0x0D, P1 and P2 are both 0x00, and Le is 0x14, meaning I expect a maximum of 20 bytes in return). This APDU appears to work even with the chaining bit on. Does anyone know why?

      I am using the NXP line of smart cards - JCOP41 and JCOP31.
        • 1. Re: Proprietary vs. Interindustry CLA values
          safarmer
          smarty_card_pants wrote:
          I am writing applets and implementation code which builds APDUs to send to my applets. So far I have used 0x80 as my CLA value. Is this acceptable? ISO 7816-4 states that for this genre of CLA, the command/response coding and meaning is proprietary. Does that mean it is proprietary to my code? So far, I have not had any problems with it. I just want to determine that what I am doing is acceptable.
          This is fine. It just means you need to document each of your commands you support. If you used ISO7816-4 commands you could just say what commands you support.
          ISO 7816-4 claims that first of all, that values in the range 0x10 - 0x7F are RFU (Reserved for Future Use).
          ISO7816-4 says that 0x20 - 0x3f are reserved for future use (001x xxxx).
          Secondly, a value of 0x30 indicates that the command chaining bit (b5) is on (0x10 bit since the bits are numbered as follows: b8 b7 b6 b5 b4 b3 b2 b1). However, the APDU that is constructed with this CLA in the code that I am modifying does not use command chaining - e.g., 30 0D 00 00 14 (which says that my instruction byte is 0x0D, P1 and P2 are both 0x00, and Le is 0x14, meaning I expect a maximum of 20 bytes in return). This APDU appears to work even with the chaining bit on. Does anyone know why?
          The card may or may not enforce the CLA byte. If you want to ensure that this IS enforced, you should do it in your applet. Technically that command is invalid and should be rejected. You only expect a response after all of the command has been sent.

          Cheers,
          Shane
          • 2. Re: Proprietary vs. Interindustry CLA values
            smarty_card_pants
            Thanks for the quick reply. As far as the RFU CLA bytes, I was referring to a table taken from an older version of ISO 7816-4 which I have attempted to cut and paste here:

            Value Meaning
            '0X' Structure and coding of command and response according to this part of ISO/IEC 7816 (for coding of 'X' see table 9)
            10 to 7F RFU
            8X, 9X Structure of command and response according to this part of ISO/IEC 7816. Except for 'X' (for coding, see table 9), the coding and meaning of command and response are proprietary
            AX Unless otherwise specified by the application context, structure and coding of command and response according to this part of ISO/IEC 7816 (for coding of 'X', see table 9)
            B0 to CF Structure of command and response according to this part of ISO/IEC 7816
            D0 to FE Proprietary structure and coding of command and response
            FF Reserved for PTS

            However, when I went to a later version, I see that the RFU CLA bytes have changed.

            Edited by: smarty_card_pants on Jun 11, 2011 4:08 PM
            • 3. Re: Proprietary vs. Interindustry CLA values
              Sebastien_Lorquet
              If I were you I would avoid posting this link in too many public places because when the owners will notice it, it will certainly be removed, and that will be uncool for many people... you can edit your post and just refer to ISO7816-4.2005 :-)
              • 4. Re: Proprietary vs. Interindustry CLA values
                smarty_card_pants
                Suggestion well-taken.