KOBIL Smart Card Terminal Manual
Copyright © 2000-2002 KOBIL Systems GmbH. All rights reserved. This manual may not be copied, or reproduced in any other way, without prior permission by KOBIL System GmbH. This applies equally to any part of the manual. Every effort has been made to guarantee the correctness of this manual. Nonetheless, KOBIL Systems GmbH assumes no warranty regarding its correctness or completeness. The serviceability and suitability for any specific purposes is not guaranteed. Information contained in this manual is subject to change without prior notification, with no legal claims arising out of this fact. Information that was unavailable until after this manual went into print may be found – where applicable – In the file README.TXT on the enclosed data medium. For further information on KOBIL smart card terminals, technical assistance, and other KOBIL security products, confer the internet under www.kobil.de. Edition: May 12, 2003 Version: 2.3 Editor: mt All brand and product name identified here are trademarks or registered trademarks the
rights to which are held by their respective legal rights owners.
Published by KOBIL Systems GmbH
Copyright © 2000-2002
KOBIL Smart Card Terminal Manual
1 Contents 1 Contents ............................................................................................................... 3 2 Abbreviations........................................................................................................ 5 3 General Information.............................................................................................. 6 4 Installation and Start-up........................................................................................ 6
4.1 Items Included in the Package ..................................................................... 6 4.2 System Requirements .................................................................................. 6 4.3 Connecting the Terminal ............................................................................ 10 4.4 Installing the Software ................................................................................ 10 4.5 Default Behavior of the LED....................................................................... 10
5 Security-relevant Functions ................................................................................ 11 5.1 Secure PIN Input ........................................................................................ 12 5.2 Secure PIN Change ................................................................................... 13 Internet Payment Using the GeldKarte Cash Card ................................................ 14
5.2.1 Normal Mode of Payment ....................................................................... 15 5.2.2 Incremental Mode of Payment ................................................................ 16 5.2.3 Fast Incremental Mode of Payment ........................................................ 18 5.2.4 Data Logging .......................................................................................... 21
5.3 Updates...................................................................................................... 21 5.3.1 Driver Updates........................................................................................ 21 5.3.2 Firmware Updates .................................................................................. 22 5.3.3 Key Updates ........................................................................................... 24
5.4 SecOVID .................................................................................................... 25 5.4.1 SecOVID Online Mode ........................................................................... 25 5.4.2 SecOVID Offline Mode ........................................................................... 26
6 System Overview................................................................................................ 27 7 The CT–API........................................................................................................ 29
7.1 Functions.................................................................................................... 29 7.2 CT_init........................................................................................................ 30 7.3 CT_data ..................................................................................................... 31 7.4 CT_close .................................................................................................... 32 7.5 General Return Values for CT-API Functions ............................................ 32 7.6 Using the CT-API: The Example of the Public Health Insurance Card ....... 33
8 Tag Length Value (TLV) Representation ............................................................ 35 8.1 Set-up of a TLV Field ................................................................................. 35 8.2 Coding Rules.............................................................................................. 35 8.3 Coding the Tags......................................................................................... 36
9 The Smart card terminal File System.................................................................. 39 9.1 File Control Information .............................................................................. 39 9.2 Directories .................................................................................................. 40 9.3 Hierarchical Set-up..................................................................................... 41 9.4 HOST Configuration File ............................................................................ 41 9.5 HOST Status File ....................................................................................... 42 9.6 CT Configuration File ................................................................................. 42 9.7 HOST / CT Configuration File .................................................................... 43 9.8 HOST / CT Status File................................................................................ 43 9.9 Freeze Configuration File ........................................................................... 43 9.10 Freeze Status File ...................................................................................... 44
Seite 3
KOBIL Smart Card Terminal Manual
9.11 ICC Configuration File ................................................................................ 44 9.12 ICC Status File ........................................................................................... 44
10 Application Commands....................................................................................... 45 10.1 CT Application Commands......................................................................... 45 10.2 Overview of Commands ............................................................................. 46 10.3 Status Bytes SW1 and SW2....................................................................... 47 10.4 Erase Binary............................................................................................... 48 10.5 Verify .......................................................................................................... 49 10.6 Select File .................................................................................................. 50 10.7 Read Binary ............................................................................................... 51 10.8 Write Binary................................................................................................ 52 10.9 Reset.......................................................................................................... 53 10.10 Reset CT ................................................................................................ 54 10.11 Request ICC ........................................................................................... 55 10.12 Deactivate............................................................................................... 56 10.13 Eject ICC ................................................................................................ 57 10.14 Get Status............................................................................................... 58 10.15 Input........................................................................................................ 59 10.16 Output..................................................................................................... 60 10.17 Perform Verification ................................................................................ 61 10.18 Modify Verification Data.......................................................................... 63 10.19 Display Texts .......................................................................................... 64 10.20 Reset 1 ................................................................................................... 66 10.21 Set Interface Parameter.......................................................................... 67 10.22 Set Mode ................................................................................................ 68 10.23 Freeze .................................................................................................... 69 10.24 Wait Freeze ............................................................................................ 70 10.25 ICC Application Commands.................................................................... 71 10.26 Selecting a Synchronous ICC................................................................. 72 10.27 Commands for Selecting a Synchronous ICC ........................................ 72 10.28 File Types ............................................................................................... 73 10.29 Handling the Public Health Insurance Card ............................................ 73
11 Transparent Mode .............................................................................................. 74
Seite 4
KOBIL Smart Card Terminal Manual
2 Abbreviations
API Application Programming Interface
ATR Answer To Reset
B1 Product name of smart card terminal type
CLA Class Byte
CT Smart card terminal
CTN Card Terminal Number
CWT Character Waiting Time
DAD Device Address; here: Destination Address
DO Data Object (also confer: TLV)
GKAPI GeldKarte Application Programming Interface (for German cash card type)
HTSI Host Transport Service Interface
IA5 International Alphabet No. 5
ICC Integrated Circuit Card
ID Identification
INS Instruction Byte
KVK Kranken-Versicherten-Karte (German public health insurance card)
LED Light Emitting Diode
P1 Parameter Byte 1
P2 Parameter Byte 2
PTS Protocol Type Select
SAD Device Address; here: Source Address
SW1 Status Byte 1
SW2 Status Byte 2
TLV Tag Length Value
Table 1: Abbreviations
Seite 5
KOBIL Smart Card Terminal Manual
3 General Information This manual describes the performance features, installation, operation, and programming of the KOBIL smart card terminals KAAN Professional and B1 Professional. Sections 6 though 11 serve exclusively the documentation of the programming interfaces.
Important information is highlighted in bold type.
4 Installation and Start-up
4.1 Items Included in the Package
Included in your KOBIL smart card terminal package are:
• KOBIL smart card terminal KAAN Standard Plus or B1 Professional, respectively • Data media including manual, drivers and test applications • Set of cables (either a serial cable or a USB cable) • Device base station
Image 1 shows the two security labels of the smart card terminal. Since the smart card terminal offers a variety of security-related functions, it is essential for the two decals displayed on the bottom and the right-hand side of the smart card terminal (“security labels”) to show that the housing has not been tampered with. Please make sure that neither of the two security labels has been removed or destroyed. This is the only way to guarantee that the smart card terminal functions properly. The security labels protect you as a consumer against unauthorized manipulation of the hardware and/or software of the smart card terminal. Please be sure to read up on the security features of the smart card terminal under Section 5. Image 1 also shows the function buttons of the smart card terminal (cancel-, correct-, function-, and confirm buttons).
4.2 System Requirements
You will need a free COM port and a (sliding contact) PS/2 socket, or a USB port. Software drivers for MS-DOS versions 5.0 and higher, as well as for MS Windows 3.1, are enclosed. You will find other drivers as well as updated versions in the internet under www.kobil.de.
Seite 6
KOBIL Smart Card Terminal Manual
Image 1: Arrangement of Buttons and Security Labels
Image 2: Ports Used for the Smart card terminal (Serial Version)
Seite 7
KOBIL Smart Card Terminal Manual
Image 3: Port Used for the smart card terminal (USB Version)
Image 4: Inserting the smart card
Seite 8
KOBIL Smart Card Terminal Manual
Image 5: Inserting a ID-000 smart card (only B1 Professional)
Seite 9
KOBIL Smart Card Terminal Manual
4.3 Connecting the Terminal
Please be sure to switch off your computer before connecting the smart card terminal lest the both computer and the smart card terminal sustain damages!
The smart card terminal must be connected to a free interface. Image 2 shows the pin-out diagram for the serial version. The smart card terminal draws its power from the PS/2 interface of keyboard or mouse. If your computer uses an older type keyboard port in AT format (5-pin) you can get a suitable adapter from your electronics dealer. The pin-out diagram for the USB version is shown in Image 3. After the start-up, the smart card terminal assumes a defined initial state with preset basic settings. Therefore, the smart card terminal is instantly operational – requiring no special knowledge of functions and setting options. Image 4 and Image 5 illustrate how to insert smart cards into the terminal.
4.4 Installing the Software
Start the file “setup-exe“ from the enclosed data medium (diskette or CD-ROM), and follow the instructions on the screen. Updated versions of the driver software can be downloaded under www.kobil.de . Optionally, you may install the files for software development on your computer. You will need these files only if you intend to program your smart card terminal yourself. To this end you will have to install the corresponding header files CT_API.H and the respective import library and DLL into a directory of your choice. For details on how to use the GeldKarte cash card for internet payment, confer Section 0.
4.5 Default Behavior of the LED
The colors of the two LED have the following significance:
Left LED yellow LED
Significance
off blinking The auto-test of the card reader has detected an error. The smart card terminal is not operational.
green on / off An application authorized by the ZKA is active
off The smart card terminal is operational. The interface to the ICC is not activated.
on The smart card terminal is operational. The interface to the ICC is activated.
Table 2: Significance of the LED
More information is provided on the LCD display.
Seite 10
KOBIL Smart Card Terminal Manual
5 Security-relevant Functions The KOBIL smart card terminals KAAN Professional and B1 Professional come with several security-relevant functions designed to protect you as a user. From this perspective it is important for you to verify that the smart card terminal has not been subject to manipulation. Please make sure that neither of the two security labels has been removed or destroyed. This is the only way to guarantee that the smart card terminal functions properly. The security labels protect you as a consumer against unauthorized manipulation of the hardware and/or software of the smart card terminal. Any application authorized by the Committee of the German Financial Sector (ZKA), such as e.g. internet payment with the GeldKarte cash card, will prompt the LEDs to light up (confer Table 2). Please make sure before taking any security-relevant functions into operation that your KOBIL smart card terminal is equipped with a certified firmware for the purpose. The respective firmware version is identified on the display whenever the power is switched on. Example:
KOBIL KAAN Pro V2.08 GK 1.04
Certified Firmware Versions of KOBIL smart card terminals: KOBIL smart card terminal Certification / Evaluation Version KAAN Professional ZKA internet customer
terminal for internet payment using the GeldKarte cash card
1.04 GK 1.04 2.07 GK 1.04 2.08 GK 1.04
KAAN Professional, B1 Professional
ITSEC “E2-high,” confirmed in compliance with the German Signature Act (SigG)
2.08 GK 1.04
Note: The version ID may possibly include the character ‘P’ (as in “2.08p GK 1.04“). It indicates only that the Plug & Play functionality is active, while the firmware version remains identical. The individual security-relevant features have been detailed in this chapter.
Seite 11
KOBIL Smart Card Terminal Manual
5.1 Secure PIN Input
The smart card terminal KAAN Standard Plus SecOVID / B1 Professional supports the secure input of your smart card PINs. This application allows you, for instance, to enter the PIN (personal identification number) of your smart card – such as for smart cards compliant with the German Signature Act – directly into the smart card terminal. The advantage of doing so is that no virus or malicious software can intercept the PIN on your PC. Make sure when buying security-relevant software that it supports secure PIN input according to the MKT standard.
Image 6: Sequence of Secure PIN Input Image 6 shows the sequence of a secure PIN input. The secure input of the PIN is characterized by the fact that a special character in the form of a padlock will show in the display (confer Image 6). Whenever you see the padlock symbol on display, you can safely enter your PIN
through the keyboard of the smart card terminal. Never enter your PIN into the keyboard of the smart card terminal if this symbol fails to appear!
The display default message is “Please enter PIN.” Depending on the software used, the text can be changed though. Nevertheless, the security symbol in the form of a padlock will always remain on display. The input can be aborted by using the cancel button, and may be corrected by using the correct button. You may have to confirm your PIN input with the confirm button. For the arrangement of buttons, please confer Image 1.
Seite 12
KOBIL Smart Card Terminal Manual
5.2 Secure PIN Change
The smart card terminal KAAN Standard Plus SecOVID / B1 Professional supports the secure input of your smart card PINs. This application allows you, for instance, to enter the PIN of your smart card – such as for smart cards compliant with the German Signature Act – directly at the smart card terminal. The advantage here is that no virus or malicious software can intercept the PIN on your PC. Make sure when buying security-relevant software that it supports secure PIN changes according to the MKT standard. Image 7 shows the procedure for secure PIN change. Like the previous procedure, the secure changing of your PIN is equally indicated by the special character in the form of a padlock in the display (confer Image 7). Whenever you see the padlock on display, you may safely enter your PIN into the keyboard of the smart card terminal. Never enter your PIN through the keyboard of the smart card terminal if the symbol fails to appear! First of all, you will have to enter your old PIN through the keyboard (displayed message: “Please enter PIN”). Next, enter your new PIN twice in succession (“Enter new PIN” or “Retype PIN”, respectively). If you fail to retype the new PIN correctly, the process will abort, and the PIN will remain unchanged. Depending on the software used, you may vary the display messages. Nevertheless, the security symbol of the padlock will always remain on display. The input can be aborted by using the cancel button, and may be corrected by using the correct button. You may possibly have to confirm your PIN input with the confirm button. For the arrangement of buttons, please confer Image 1.
Seite 13
KOBIL Smart Card Terminal Manual
Image 7: Sequence of Secure PIN Change
Internet Payment Using the GeldKarte Cash Card
KAAN Professional and B1 Professional support internet payment using the GeldKarte cash card as specified by the Committee of the German Financial Sector (ZKA) in the directive “GeldKarte – Customer Terminal.“ The specification protects you as a customer who wishes to pay on the internet with your GeldKarte cash card against hacker attacks on your GeldKarte. The fact that all security-relevant functions are handled directly by the smart card terminal guarantees effective protection against unauthorized use – such as caused by viruses. Nevertheless, there are a few aspects regarding the operation of the terminal that you should observe. Installation of the smart card terminal begins with the set-up of the so-called GKAPI interface on your computer. The interface will permit the pay software to access the smart card terminal in order to conduct financial transactions. The pay software is obtained from the respective provider of the goods or the service at issue, it is not included in the package of the smart card terminal.
Seite 14
KOBIL Smart Card Terminal Manual
Three different modes of payment are offered, such as there are normal-, incremental-, and fast incremental payment. If your payment software requests key administration from you, please confer Section 5.3. If a given application was authorized by the Committee of the German Financial Sector (ZKA), such as e.g. internet payment with the GeldKarte cash card, it will prompt the LEDs to light up (confer Table 2).
5.2.1 Normal Mode of Payment
As soon as the payment transaction has been initiated, the display will request you to insert your GeldKarte cash card, followed by the message “GeldKarte Charge.“ Next, the name of the recipient and the amount of payment, including the currency, will be displayed in plain text. You will have to confirm this information input with the confirm button. Otherwise the transaction will be aborted, and your GeldKarte cash card will not be charged. Image 8 shows the sequence of a normal transaction, including the typical display messages. If the transaction was successfully concluded, the message “Payment Transacted” will be displayed. Possible error will also be displayed by the pay software. Therefore always monitor the display message even in cases of error. In some rare instances of errors you will be requested to contact the financial institution that issued your card. Only information on display will actually enter into the transaction of payment. Possible displays on your computer screen are not subject to the same degree of security! Verify the identity of the recipient as well as the amount of payment displayed by the smart card terminal, and – If correct – confirm it with the confirm button. You can also abort the transaction by using the cancel button. In this case your GeldKarte will not be charged.
Seite 15
KOBIL Smart Card Terminal Manual
Image 8: Sequence of Normal Payment
5.2.2 Incremental Mode of Payment
During the incremental mode of payment, a given transaction can subdivide into several consecutive steps of deduction, e.g. in order to pay for service on the basis of elapsing time. To this end, the recipient and each installment have to be displayed and confirmed – as with any normal transaction. As soon as an incremental transaction of payment has been initiated, the request to insert your GeldKarte cash card will be displayed first of all, followed by the message “GeldKarte Charge”. Next, the name of the respective recipient and the partial amount to be paid will be displayed in plain text for each installment. You will have to confirm the information for each installment to be made. If you fail to confirm a given installment or use the cancel button to abort, the smart card terminal will automatically terminate the transaction. In this case, only those amounts that were previously authorized for payment, if any, will be charged to your GeldKarte. You will also find the information displayed whether the merchandise has already been dispatched by the respective dealer or not. Verify the information and confirm the transaction only if the information is correct. Image 9 shows the sequence of an incremental transaction of payment.
Seite 16
KOBIL Smart Card Terminal Manual
If the transaction was successfully concluded, the message “Payment Transacted” will be displayed. Possible error will also be displayed by the pay software. Therefore always monitor the display message even in cases of error. In some rare instances of error you will be requested to contact the financial institution that issued your card. Only information on display will actually enter into the transaction of payment. Possible displays on your computer screen are not subject to the same degree of security! Verify the identity of the recipient as well as the amount of payment displayed by the smart card terminal, and – If correct – confirm it with the confirm button. You can also abort the transaction by using the cancel button. In this case, your GeldKarte will not be charged.
Image 9: Sequence of Incremental Payment
Seite 17
KOBIL Smart Card Terminal Manual
5.2.3 Fast Incremental Mode of Payment
Fast incremental payment is principally transacted just like the incremental payment. However, you will not have to confirm each installment of a given transaction individually. In order to guarantee security against unauthorized charges to your GeldKarte cash card nonetheless, you will have to set a ceiling for the total amount as well as for each installment. Use the keyboard of the smart card terminal to enter this ceiling as soon as you are requested to do so. Once you have set the ceiling, the smart card terminal will automatically check each installment against the ceiling set for installments, and the total against the ceiling set for the total charge. If the ceiling for an installment is exceeded, the smart card terminal will automatically abort the transaction. In this case, only those amounts previously authorized by you, if any, are charged to your GeldKarte cash card. If the ceiling for the total is exceeded, you will again have the option of raising the ceiling or canceling the transaction.
Image 10 (below) shows the sequence of Fast Incremental Payment.
Seite 18
KOBIL Smart Card Terminal Manual
During the payment of the first installment you will find the information displayed whether the merchandise has already been dispatched by the respective dealer or not. Verify the information, and confirm the transaction only if the information is correct. If the transaction was successfully concluded, the message “Payment Transacted” will be displayed. Possible error will also be displayed by your pay software. Therefore always monitor the display messages even in cases of error. In some rare instances of error you will be requested to contact the financial institution that issued your card. Only information on display will actually enter into the transaction of payment. Possible displays on your computer screen are not subject to the same degree of security! Verify the identity of the recipient as well as the amount of payment displayed by the smart card terminal, and – If correct – confirm it with the confirm button. You can also abort the transaction by using the cancel button. In this case, your only the amount previously authorized by you will be charged to GeldKarte.
Seite 19
KOBIL Smart Card Terminal Manual
Image 10: Sequence of Fast Incremental Payment
Seite 20
KOBIL Smart Card Terminal Manual
5.2.4 Data Logging
For each payment transaction, the GKAPI interface created a “receipt” in the form of an entry in a log file. The log registers every concluded transaction of payment, as well as every transaction of payment that was aborted or aborted due to errors. It is located in the system file of your operating system and has the name gkapi.log. If complaints arise in the context of a transaction of payment, you can use this log file to prove the transaction of payment vis-à-vis the your bank. You should therefore take care to save this file. The enclosed program called GKAPI Manager manages the log file and provides a simple exporting option, giving you the possibility to make your log file available to your bank in the form of a diskette or in hard copy. Use the path Start Menu – Programs – KOBIL Systems – GKAPI Manager to start the GKAPI Manager.
5.3 Updates
The KOBIL smart card terminal KAAN Professional and B1 Professional are equipped with an update mechanism that allows you to import new functions and corrections on available smart card terminals.
5.3.1 Driver Updates
Updated versions of the driver software can be obtained under www.kobil.de. Start the file setup.exe, and follow the instructions on the screen.
Seite 21
KOBIL Smart Card Terminal Manual
5.3.2 Firmware Updates
Under www.kobil.de you will find the current firmware for your smart card terminal, as well as information updates. Use the enclosed program CT Manager to import higher software versions. The program CT Manager is accessed via the path.
Start Menu Programs KOBIL Systems CT-Manager
To download new firmware, use the menu
File Open...
The new firmware version will now appear in the menu view. Use our right mouse button to click on the firmware of your choice, and select Send to Card Terminal.
Seite 22
KOBIL Smart Card Terminal Manual
During the software update, the following message will be displayed by the smart card terminal:
“Software Update. Please Wait.“ CAUTION: Never switch off the smart card terminal while the software update is in progress. Also, never quit the program CT Manager while running. The software update process may take up to 2 minutes. Only if the smart card terminal fails to react after this time has elapsed you may quit the program CT Manager and restart the process. If the software update was successfully concluded you will get the following message:
“Software Update Successful.“ If the software update was not successfully concluded you will get one of the following messages:
“Software Update Denied.“ or
“Software Update Failed.“ In the first case, the security verification during the importation of the higher software failed, in the second case the failure was subject to a general error. In either event, contact:
Seite 23
KOBIL Smart Card Terminal Manual
5.3.3 Key Updates
If key administration is requested from you in the context of a GeldKarte transaction, you will also find updated key data sets under www.kobil.de that you can import into the smart card terminal, using the enclosed program CT Manager. The keys are intended for customer protection when paying with the GeldKarte cash card. That is why the keys are updated at regular intervals. Access the program CT-Manager via the path
Start Menu Programs KOBIL Systems CT-Manager
Open the update file via the menu item
File Open...
and identify the update file. Use the right mouse button to click on the key update set of your choice, and select the menu item Send to Card Terminal. If the software update was successfully concluded you will get the following message:
“Software Update Successful.“ If the software update was not successfully concluded you will get the message:
“Software Update Failed.“ In this case, the security verification during the importation of the higher software failed. In such cases, please contact:
Seite 24
KOBIL Smart Card Terminal Manual
5.4 SecOVID
KAAN Professional and B1 Professional support the authentication system SecOVID made by KOBIL Systems. The following section describes the use of the smart card terminal in combination with this authentication system. If you choose not to use the authentication system, you may skip this section. Note, however, that the SecOVID functionality of the smart card terminal is provided only in combination with a SecOVID authentication system. There are two different ways for generating SecOVID one-time passwords: the online mode and the offline mode. Which mode you use depends on the SecOVID system installed on your computer. When in doubt, contact your system administrator regarding this point.
5.4.1 SecOVID Online Mode
This mode presupposes that a special application software is installed on your computer that will initiate the application SecOVID on your smart card terminal. As soon as a one-time password needs to be generated for a given authentication process, the display will show a message prompting you to insert your SecOVID smart card. Next, the secure PIN input (confer Section 5.1) is used to accept the PIN of your SecOVID smart card. If your SecOVID-secured application supports more than one generator, the proper generator will automatically be selected and need not be defined. The SecOVID one-time password will then be forwarded to the application you called. No further input will be required from you. The complete procedure is displayed in Image 11. There, you will also find possible error messages.
Image 11: Sequence of SecOVID Online
Seite 25
KOBIL Smart Card Terminal Manual
5.4.2 SecOVID Offline Mode
In this mode, the smart card terminal can autonomously generate a SecOVID one-time password without having to be initiated by a special application software from your computer. Make sure that no other application is trying to access the smart card terminal from your computer. Otherwise, the smart card terminal will not be able to execute SecOVID in the offline mode! Activate the SecOVID offline mode of the smart card terminal, using the sequence of buttons F-1. In consequence, the display message shown in Image 12 will appear. Use the digit buttons to select a SecOVID generator, where applicable. The default setting is generator 0. Contact your system administrator to find out whether your system uses a generator, and if so, which one. Use the star button to change the PIN of your SecOVID smart card. Doing so will automatically call the change PIN change as described in Section 5.2. The cancel button will cause the SecOVID offline process to abort. Use the confirm button to start the SecOVID online mode, described in Section 5.4.1. This will cause the smart card terminal to display the new one-time password that you can take over for your SecOVID-protected application.
Image 12: SecOVID Offline
Seite 26
KOBIL Smart Card Terminal Manual
6 System Overview Thanks to the CPU integrated into the card terminal, one single driver suffices to address the most diverse smart card types. The implementation of the protocol interfaced between smart card terminal and card is effected in transparent form, so that merely the protocol for the PC input needs to be defined. This is effected in compliance with T=1 ISO 7816-3 Amd 1. Deviations exist only in regard to a few aspects, in which the T=1 protocol was adapted to the special situation at the V.24 interface. For instance, the Answer-to-Reset (ATR) and the Protocol-Type-Select (PTS) are dispensed with. Values deviating from the default settings of the transmission parameters can be set with the help of an application command (‘Select Parameter’) from the API.
Image 13: System Overview
During operation you can switch back and forth between different types of smart cards, i.e. diverse applications can be operated with the same hardware. At present, smart cards using the following protocols are supported:
Seite 27
KOBIL Smart Card Terminal Manual
Protocol Reference
T=0 ISO 7816-3
T=1 ISO 7816-3 Amd. 1
T=14 FTZ 1 TR 15, the joint proportion made by GZS and German Telekom for a national asynchronous block transmission protocol.
2-wire protocol Siemens data sheet t SLE 4432 and SLE 4442
3-wire protocol Siemens data sheet SLE 4418 and SLE 4428
I2C Bus Phillips data sheet PCF8582E-2
Telephone cards SLE 4401, SLE 4402, SLE 4403, SLE 4433
Table 3: Supported Protocols The flexible addressing of the T=1 protocol allows you to address various components of the card reader with the same ISO 7814-4-structured commands.
CT-API driver
Image 14: Addressing the Card Reader Components via the API
Seite 28
KOBIL Smart Card Terminal Manual
7 The CT–API The CT-API – being an application-independent Card Terminal Application Programming Interface for smart card applications – is subject to the copyrights held by the following authors, from whom further documentation and amendments can be obtained:
German Telekom AG / PZ Telesec GMD - Forschungszentrum Informationstechnik GmbH
RWTÜV Anlagentechnik GmbH TeleTrusT Deutschland e.V.
The proper implementation for this smart card terminal is based on version dated July 20, 1995 and is functionally compatible with the CT-API dated October 19, 1993. The CT-API is subsequently quoted in excerpts. A full version may be obtained from the manufacturer. The software enclosed contains a CT-API driver in the form of a Windows DLL (for 16 bit and 32 bit), as well as a DOS library. This must be interlinked with your own applications. Versions for Solaris und Linux can also be included upon request.
7.1 Functions
The Card Terminal Application Programming Interface (CT-API) provides three functions used to communicate with the smart card terminal on the application layer.
CT-API Functions Significance
CT_init Initializing the PC- and smart card terminal interface
CT_data Sending commands to the smart card terminal or to the smart card, respectively.
CT_close Terminating the communication
Table 4: CT-API Functions
Seite 29
KOBIL Smart Card Terminal Manual
7.2 CT_init
Use this function to select the serial interface, needed for communication purposes, to which the card reader is connected. The default settings for communication are automatically set. The CT_init function should be called during the start of each program. If an error occurs during the initialization of the interface, the function will return the value -1, otherwise the value 0. Function:
char CT_init(unsigned short ctn, unsigned short pn) Parameters:
Parameter Name Parameter Type Significance
ctn Input parameter logical card terminal number
pn Input parameter Interface (Port number)
Table 5: Parameters for CT_init For return values, confer Table 9.
Seite 30
KOBIL Smart Card Terminal Manual
7.3 CT_data
This function serves the sending of card control- or card reading application commands, and it will return the response to the command back to the called program. Function:
char CT_data(unsigned short ctn, unsigned char *dad, unsigned char *sad, unsigned short lenc, unsigned char *command, unsigned short *lenr,
unsigned char *response) Parameters:
Parameter Name Parameter Type Significance
ctn Input parameter Card Terminal Number 0 - 255
dad Input / output parameter
Destination Address (confer Table 7)
sad Input / output parameter
Source address (confer Table 7)
lenc Input parameter Length of command in bytes
command Input parameter CT control- or application command
lenr Input / output parameter
Length of response in bytes
response Input parameter Response to command
Table 6: Parameters for CT_data
Device Addresses (dad, sad):
Address Value Device
0 ICC (smart card)
1 CT (smart card terminal)
2 HOST (PC)
3 ICC 2 (second smart card) (not implemented)
4 Security module (not implemented)
5 REMOTE HOST (not implemented)
Table 7: dad / sad Device Addresses
For return values, confer Table 9.
Seite 31
KOBIL Smart Card Terminal Manual
7.4 CT_close
This function will terminate the communication with the card reader and release the interface. It must be called up when quitting the program. Function:
char CT_close(unsigned short ctn)
Parameters:
Parameter Name Parameter Type Significance
ctn Input parameter Logical card terminal number
Table 8: Parameters for CT_close
For return values, confer Table 9.
7.5 General Return Values for CT-API Functions
The return codes of all functions are homogenously listed in the following table.
Return Code Value Significance
OK 0 Function call-up successful
ERR_INVALID -1 Invalid parameter or value
ERR_CT -8 CT error (terminal not operational)
ERR_TRANS -10 Irremediable transmission error
ERR_HTSI -128 Host transport service interface error
Table 9: Return Codes of the CT-API Functions
Seite 32
KOBIL Smart Card Terminal Manual
7.6 Using the CT-API: The Example of the Public Health Insurance Card
The following example demonstrates the use of the functions CT_init, CT_data, as well as CT_close (without discussing the return codes). /* Example of Reading a Public Health Insurance Card */ #inlcude <windows.h> /* platform-spezific */ #include <stdio.h> #include "ct_api.h" int main(void) { unsigned char sad, dad; /* source address, destination address, are transmitted as pointers so that these can be evaluated as responses as well */ unsigned char response[300]; /* Field for the Response of Function */ unsigned char command[300]; /* Length of command here: max. 300 characters */ int i; unsigned int lenr; int ct_port = 2; /* Example: COM 2 */ int ctn = 1; /* first Terminal */ /* Select logical terminal number and port COM2 */ if(CT_init(ctn, ct_port) != OK) { /* Return code OK ? */ printf(“\nCard Reader cannot be Reached. Port?”); return(1); /* Quit Program */ } /* RESET CT */ sad = 2; /* source = Host (PC) */ dad = 1; /* destination = CardTerminal (Card Reader) */ lenr = sizeof(response); /* Set maximum length of response*/ command[0] = 0x20; /* CLA */ command[1] = 0x11; /* INS */ command[2] = 0x00; /* P1 */ command[3] = 0x00; /* P2 */ command[4] = 0x00; /* LEN */ /* Call up Function CT_data and Display Return Code */ printf("Reset CT Returnwert: %d\nSW1-SW2:", CT_data(ctn, &dad, &sad, 5, command, &lenr, response));
Seite 33
KOBIL Smart Card Terminal Manual
/* Issue Response*/ for(i=0;i<lenr;i++) printf("%02x ",response[i]); printf("\nInsert Card and Press Button!\n"); getch(); /* RESET ICC */ sad = 2; /* source = Host (PC) */ dad = 1; /* destination = CardTerminal */ lenr = sizeof(response); /* maximum length of response */ command[0] = 0x20; /* CLA */ command[1] = 0x12; /* INS */ command[2] = 0x01; /* P1 */ command[3] = 0x01; /* P2 */ command[4] = 0x00; /* LEN */ printf("Reset ICC Return Code:%d\nSW1-SW2:", CT_data(ctn, &dad, &sad, 5, command, &lenr, response)); for(i=0;i<lenr;i++) printf("%02x ",response[i]); /* READ BINARY */ printf("\n\nKVK Data:\n"); sad = 2; /* source = Host (PC) */ dad = 0; /* destination = card */ lenr = sizeof(response); /* maximum length of response */ command[0] = 0x00; /* CLA */ command[1] = 0xb0; /* INS */ command[2] = 0x00; /* P1 */ command[3] = 0x00; /* P2 */ command[4] = 0x00; /* Le */ printf("Read Binary Return Code:%d\nData:",CT_data(ctn, &dad, &sad, 5, command, &lenr, response)); for(i=0;i<lenr;i++) printf("%02x ",response[i]); /* DEACTIVATE ICC */ sad = 2; /* source = HOST */ dad = 1; /* destination = CardTerminal */ lenr = sizeof(response); /* maximum length of response */ command[0] = 0x20; /* CLA */ command[1] = 0x14; /* INS */ command[2] = 0x01; /* P1 */ command[3] = 0x00; /* P2 */ printf("\n\nDeactivate Returnwert:%d\nSW1-SW2:",CT_data(ctn, &dad, &sad, 4, command, &lenr, response)); for(i=0;i<lenr;i++) printf(" %02x ", response[i]); /* Close interface */ printf("\nCT_close Return Code:%d\n",CT_close(ctn)); printf("\nRemove Card!"); return(0); }
Seite 34
KOBIL Smart Card Terminal Manual
8 Tag Length Value (TLV) Representation
8.1 Set-up of a TLV Field
A TLV representation is frequently used for coding the files of smart cards as well as of card readers. This form of representation is set up homogeneously according to the following structure.
Tag LEN Value
1 byte 1 or 3 byte(s) LEN bytes
8.2 Coding Rules
Tags Tags represent values of a single byte in the range of 0 through 254. The value 255 is reserved for future extensions. The defined tags have the same significance for all files and commands of the card reader.
Length Length is coded in one or three bytes. If the value of the first byte is somewhere in the range between 0 and 254, this reflects the length. The value 255 indicates that the subsequent two bytes will state the length in the form of Hi-Byte, Lo-Byte.
Value The value field uses various coding rules that are precisely defined by the tag.
IA5 A sequence of IA5 (ASCII) characters whose length is defined by the length field.
Integer The integer value is two bytes in length, coded in the two’s complement. The first byte is the more significant one, with the most significant one serving as sign bit.
Enumeration A string of bytes.
Matrix The subsequent bytes are interlinked as table.
Seite 35
KOBIL Smart Card Terminal Manual
8.3 Coding the Tags
The contents of the TLV files is precisely defined by the tag definition and the corresponding values. At present, the following tags and values are used
Tag Value
Value
Significance Coding rule Value Significance
'01' Version IA5
'02' Module (if a given value exists more than once, then the corresponding module also exists more than once.)
Enumeration '00' ICC module
'01' CT file system
'20' Read-only protection for public health insurance card
'10' Freeze
'30' Serial switch of the CT
'40' Software update
'03' Memory size Integer (The module to which the memory size refers is identified by the context)
'08' Update Key Integer Index of the keys for software updates
'0E' Software revision
IA5
'0F' Card Terminal Number (CTN) / Port assignment (This tag can also occur more than once, that is, if the driver supports several ports and CTs.)
Matrix 1. Byte = card terminal number
2. Byte = physical port 3. Byte = interface type
'01' = serial interface
'02' = parallel interface
'03' = PC card (PCMCIA)
'10' Host / CT protocol
Enumeration '00' Protocol in accordance with Telesec layer 1, layer 2 Specification
'11' Baud rates Enumeration '00' 9600 Baud
'01' 19200 Baud
'02' 28800 Baud
'03' 38400 Baud
'04' 57600 Baud
'05' 115200 Baud
'06' 64000 Baud
Seite 36
KOBIL Smart Card Terminal Manual
'07' 12800 Baud
'12' Options for character component
Enumeration '00' Default values (9600 baud, 8 data bit, 1 stop bit, even parity)
'01' 1 stop bit
'02' 2 stop bits
'03' No parity
'04' Even parity
'05' Odd parity
'10' CWT may be changed
'11' BWT may be changed
'13' Options for block component
Enumeration '00' LRC
'01' CRC
'1C' IFSC Integer Length of information field for the reception of the CT
'1D' IFSD Integer Length of information field for the reception of the HOST (PC)
'1E' CWT Integer CWT in ms
'1F' BWT Integer BWT in ms
'20' Physical properties of the smart cardreading unit
Enumeration '10' Ejector
'30' Locking mechanism
'40' Mini ICC
'80' unicolored LED
'81' bicolored LED
'90' Acoustic signal
'A0' Transparent mode is supported
'21' Status of smart cardreading unit
Enumeration '00' No ICC is reading unit
'01' ICC in reading unit, not activated
'02' ICC in reading unit, electric interface activated
'80' Default behavior of LED
'81' Color 1 off / LED 1 off
'82' Color 2 off / LED 2 off
'89' Color 1 on / LED 1 on
'8A' Color 2 on / LED 2 on
'90' Acoustic signal off
'98' Acoustic signal on
'A0' Transparent mode active
'22' CT / ICC protocols
Enumeration '00' No protocols
'01' T=0 protocol
'02' T=1 protocol
Seite 37
KOBIL Smart Card Terminal Manual
'03' T=14 protocol
'80' I2C bus protocol
'81' 3-wire bus
'82' 2-wire bus
'90' Smart cardtype 4401
'91' Smart cardtype 4402
'92' Smart cardtype 4403
'93' Smart cardtype 4433
'23' DI Byte Parameter for PTS in compliance with ISO 7816-3
'24' FI Byte Parameter for PTS in compliance with ISO 7816-3
'25' PTS Parameter Enumeration '00' Extra Guard Time (N=255)
'26' Protocol status Byte '00' Not ready
'01' PTS
'02' Ready
'03' Active
'04' Error
'05' Fatal error
'27' Protocol parameter
Enumeration t.b.d.
'30' Freeze events Enumeration '01' ICC in contact unit 1
'02' ICC in contact unit t 2
'03' No ICC in contact unit 1
'04' No ICC in contact unit 2
'40' Bit length Integer Bit length in machine cycles
'41' CGT Integer CGT in etu
'42' BWT Integer BWT in machine cycles
'43' CWT Integer CWT in machine cycles
'44' Protocol parameter in transparent mode
Enumeration '00' Direct convention
'01' Indirect convention
'02' Switch on error remediation in compliance with ISO 7816-3 6.1.3
'03' Switch off error remediation in compliance with ISO 7816-3 6.1.3
'04' Switch on 'Active Low Reset'
'05' Switch off 'Active Low Reset'
Table 10: Coding the Tags
Seite 38
KOBIL Smart Card Terminal Manual
9 The Smart card terminal File System The smart card terminal (CT) file system serves the representation and configuration of special properties of smart card terminals. It has a hierarchical set-up and the following properties:
• You can assign reading and/or writing privileges to files or directories. • You can assign a password to any file or any directory in order to protect the reading-
and/or writing access. The length of the password is limited to 256 bytes. • The length of files or directories is limited to 65,535 bytes. • Aside from normal files, special files controlling the device access are supported as
well.
The file system always contains an active file that is referenced for the commands 'Read Binary', 'Write Binary', 'Erase Binary' and 'Verify'. The active file is selected with the command ‘Select File.’ The active file can also be a directory. After the reset the master file is set as active file.
9.1 File Control Information
The file control information consists of 10 bytes, and has the following structure:
Byte Significance Coding
1 -2 Current size 16 Bit binary
3 -4 Size of reserved memory space
16 Bit binary
5,00 Displays (flags) Bit 1 (LSB) Password-protected reading access
Bit 2 Reading access
Bit 3 Password-protected reading access
Bit 4 Reading access
Bit 5 Password verified
Bit 6 0 (reserved)
Bit 7 0 (reserved)
Bit 8 (MSB)
File is a directory
6,00 Reserved z.Zt. 0
7 - 8 Internal use 16 Bit binary (pointer)
9 - 10 Internal use 16 Bit binary (pointer)
Table 11: Coding the File Control Information
The file control information is displayed in the response for the ‘Select File’-command.
Seite 39
KOBIL Smart Card Terminal Manual
9.2 Directories
Directories are special files the system needs in order to be able to manage and structure the data. They contain directory entries describing the files and sub directories they contain. A directory entry consists of five bytes, and has the following structure:
Byte Significance Coding
1 - 2 ID 16 Bit binary
3 Displays (flags) Bit 1 (LSB) File located in ROM
Bit 2 File located in RAM
Bit 3 0 (reserved)
Bit 4 0 (reserved)
Bit 5 0 (reserved)
Bit 6 0 (reserved)
Bit 7 0 (reserved)
Bit 8 (MSB)
0 (reserved)
4 - 5 Internal use 16 Bit binary (pointer)
Table 12: Coding the Directory Entries
The first entry of a given directory refers to the super-ordinate directory (parent). At the root of the file system – which is the master file – the master file itself serves as super-ordinate directory. Directories can be read like normal files, but not be inscribed by the user. At any time, the file system has an active directory that the command ‘Select File’ causes to be searched. If a file that is a directory is selected under the ‘Select File’-command, the file becomes the active directory. A reset will set the master file to be the active directory.
Seite 40
KOBIL Smart Card Terminal Manual
9.3 Hierarchical Set-up
The card reader file system consists of the files listed in Table 13. Master File, ID = 3F 00
CT Configuration File, ID = 00 20
CT directory, ID = 7F 60
HOST / CT configuration file, ID = 60 20
HOST / CT status file, ID = 60 21
Freeze configuration File, ID = 60 30
Freeze ctatus file, ID = 60 31
ICC1 directory, ID = 7F 70
ICC1 configuration file, ID = 70 20
ICC1 status file, ID = 70 21
ICC2 directory, ID =7F 71
ICC2 configuration file,ID= 71 20 ICC2 status file,ID = 71 21
Files directly addressed in the host driver: Host configuration file ID = FF 10 Host status file ID = FF 11
Table 13: Card Reader File System
One needs to differentiate between configuration files and status files. Configuration files describe the properties of the card reader, of a module, or of a function unit. They are not writable, and their contents will not change. Status files show the status of the card reader, of a given module, or of a function unit. They are not writable. Their contents will change along with their status.
9.4 HOST Configuration File
The HOST configuration file describes the HOST driver, and is therefore located at the PC end while being addressed directly by the DAD = 01. HOST Configuration File
ID = FF 10 Description of the configuration and the properties of the HOST driver.
Tag Significance
'01' Driver version
'02' Available hardware- and software modules
Table 14: HOST Configuration File
Seite 41
KOBIL Smart Card Terminal Manual
9.5 HOST Status File
The HOST status file describes the HOST driver status, and is therefore located at the PC end while being directly addressed by the DAD = 01. The tag ‘0F’ may occur more than once if the driver supports more than one card reader. It describes the interface type (serial port) with the corresponding port that has been assigned to the card terminal number (CTN). HOST Status File
ID = FF 11 Description of the configuration and the properties of the HOST driver.
Tag Significance
'0F' Matrix for the representation of the link between the logical card terminal number, the physical port, and the type of interface.
'1C' IFSC - information field size for reception at the card reader end.
'1D' IFSD - information field size for reception at the host end.
Table 15: HOST Status File
9.6 CT Configuration File
CT Configuration File
ID = 00 20 Description of the configuration and the properties of the card reader.
Tag Significance
'01' Card terminal version
'02' Available hardware- and software modules
'03' Card terminal RAM size
'08' Index of update keys
'0E' Software revision
Table 16: CT Configuration File
Seite 42
KOBIL Smart Card Terminal Manual
9.7 HOST / CT Configuration File
The tags '11', '12' und '13' may occur more than once, in which case they apply to the previously identified type of protocol. If the tags are listed ahead of a given protocol, they apply to all protocols. HOST / CT Configuration File
ID = 60 20 Description of supported properties at the HOST / CT interface.
Tag Significance
'03' Size of protocol buffer
'10' Supported protocols
'11' Supported baud rates+
'12' Options for the character component
'13' Options for the block component
'1E' CWT
'1F' BWT
Table 17: HOST / CT Configuration File
9.8 HOST / CT Status File
HOST / CT Status File
ID = 60 21 Set parameters of the HOST / CT interface
Tag Significance
'03' Size of protocol buffer
'10' Supported protocols
'11' Baud rate
'12' Options for the character component
'13' Options for the block component
'1E' CWT
'1F' BWT
Table 18: HOST / CT Status File
9.9 Freeze Configuration File
Freeze Configuration File
ID = 60 30 Description of the supported freeze options
Tag Significance
'30' Freeze Options
Tabelle 19: Freeze Configuration File Seite 43
KOBIL Smart Card Terminal Manual
9.10 Freeze Status File
The freeze status is erased by a freeze command. After the termination of the freeze command, the freeze status will identify the event that terminated the freeze command. Freeze Status File
ID = 60 31 Freeze-Status
Tag Significance
'30' Freeze option that terminated the previous freeze command
Table 20: Freeze Status File
9.11 ICC Configuration File
ICC Configuration File
ID = 70 20 Description of the supported properties of the ICC1 interface
ID = 71 20 Description of the supported properties of the ICC2 interface
Tag Significance
'03' Size of the protocol buffer
'20' Supported options
'22' Supported protocols
Table 21: ICC Configuration File
9.12 ICC Status File
ICC Status File
ID = 70 21 Status at the ICC1 interface
ID = 71 21 Status at the ICC2 interface
Tag Significance
'03' Size of protocol buffer
'21' Status of the smart cardreading unit
'22' Protocol
'23' DI parameter for PTS
'24' FI parameter for PTS
'25' PTS parameter
'26' Protocol status
'27' Protocol parameter
Table 22: ICC Status File
Seite 44
KOBIL Smart Card Terminal Manual
10 Application Commands All commands issued to the card terminal require the structure of the CT-API that was specified for the public German healthcare system. The application commands subdivide into commands for card terminals (CT) and commands for smart cards (ICC). The CT commands are characterized by the fact that the destination address (DAD) is set to the value ‘01.’ The ICC application commands have the destination address ‘00’, provided a smart card is inserted in contact unit 1. In the case of card terminals having several switching options, the non-communicating interfaces are deactivated by sending a command.
10.1 CT Application Commands
The syntax of the commands and the responses complies with ISO 7816-4. The commands also support the expanded file format. The command structure, as well as the response structure, are represented in the two following tables:
Header (mandatory) Body (optional)
CLA INS P1 P2 Lc Data Le
Command class
Command Parameter 1 Parameter 2 Command length Daten Anticipated length of response
Table 23: Command structure
Body (optional) Trailer (mandatory)
Data SW1 SW2
Data Status byte 1 Status byte 2
Table 24: Response Structure
Seite 45
KOBIL Smart Card Terminal Manual
10.2 Overview of Commands
The following table provides an overview of the commands and their coding.
Command Coding
CLA INS P1 P2 Lc Parameter Le
Erase Binary '00' '0E' offset var. var. -
Verify '00' '20' '00' '00' var. PIN -
Select File '00' 'A4' '00' '00' 2,00 File ID -
Read Binary '00' 'B0' offset - - var.
Write Binary '00' 'D0' offset var. data -
Reset '20' '10' device rsp. type - - var.
Reset CT '20' '11' device rsp. type - - -
Request ICC '20' '12' device var. var. Time in sec. -
Get Status '20' '13' device var. - - -
Deactivate ICC '20' '14' device '00' - - -
Eject ICC '20' '15' device var. var. Time in sec. -
Input '20' '16' '50' var. var. Parameter var.
Output '20' '17' '40' '00' var. Parameter -
Perform Verification '20' '18' device '00' var. Parameter -
Modify Verif. Data '20' '19' device '00' var. Parameter -
Reset1 '20' '1F' device rsp. type - - var.
Set Interf. Parameter '80' '60' device '00' var. Parameter -
Set Mode '80' '61' device mode - - -
Freeze '80' '70' '00' '00' var. freeze events -
Wait Freeze '80' '71' var. var. - Timeout -
Table 25: Command Overview of CT Application Commands
Seite 46
KOBIL Smart Card Terminal Manual
10.3 Status Bytes SW1 and SW2
The response syntax complies with ISO 7816-4. The coding of SW1 and SW2 also complies with ISO 7816-4 as far as possible. However, expansions have been realized in order to be able to signalize error causes in a more differentiated manner. The following tables provides an overview of the general displays provided by SW1 and SW2 as well as their causes. These displays can appear as result of any CT application command. The command-specific displays in SW1 and SW2 are elaborated in the representation of the individual commands. SW1 SW2 Significance Possible Causes
'90 00' Error-free processing
'67 00' Incorrect length The structure of the command does not comply with ISO 7816-4.
'6E 00' CLA is not supported The command class on display is not supported.
'6A 00' Incorrect parameter P1 and/or P2
P1 or P2 shows an invalid value. A value displayed for P1 or P2 is not supported by this implementation.
'6C XX' Incorrect value for Le, SW2 shows incorrect value
'6D 00' INS is not supported The value displayed is not supported for this command class.
'6F 81' Invalid destination address The destination address (DAD) is not supported.
'6F 82' Invalid source address The source address (SAD) is not HOST or REMOTE HOST.
Table 26: General Displays by SW1 and SW2
Seite 47
KOBIL Smart Card Terminal Manual
10.4 Erase Binary
This command will erase the data in the file selected. Note: At present, the ‘Erase Binary’-command is permissible only if the protocol 4402 has been selected for the smart card SLE 4402. It is only possible to erase bits 80 through 111 (bytes 10 through 13) with ‘Erase Binary.’ The bytes 10, 11, and 12, 13 can only be erased collectively. Erasing the user code (bits 64 through 79) is possible only if a new user code (‘Write Binary’-command in the password file) has been set. The erasing of the frame memory (bits 112 through 319) is caused as a side effect of the successful verification of the frame code, using the ‘Verify’-command. Coding:
CLA '00'
INS '0E'
P1, P2 Offset of the first byte to be erased
Lc 0 or 2
Data field Where available (Lc = 2), Offset of the first byte not to be erased. If not available (Lc = 0), all bytes up to the end of the data area will be erased.
Le Empty
Table 27: Coding des Erase Binary Command
Special Status Displays:
SW1 SW2 Significance Possible Causes
'69 85' Command not possible Erasing is not possible for the smart card type selected. Erasing is not possible for the file type selected. There exists no active file or no active directory. Writing access is blocked.
'6A 86' Invalid parameter The specified area to be erased is invalid.
'65 00' Erasing not successful The number of possible erase cycles has been exceeded. The present smart card status does not permit any erasing (e.g. no password was entered, or an incorrect one).
Table 28: Special Status Displays for the Erase Binary Command
Seite 48
KOBIL Smart Card Terminal Manual
10.5 Verify
The ‘Verify’-command will execute a password verification for the active file. If the active file is changed, the status of the password verification will be lost. The parameter P2 of the ‘Verify’-command specifies the reference data. If P2 equals 0, no particular reference data will be specified. Coding:
CLA '00'
INS '20'
P1 '00' – if just a password, otherwise application-specific
P2 '00', '81', '82'
Lc Length of password
Data field Password
Le Empty
Table 29: Coding the Verify Command
The following definitions apply to P2:
P2 Length of Verification Data
Type of Verification
'00' 2 bytes Password verification for the 3-wire bus. No specific reference data are identified.
3 bytes Password verification for the 2-wire bus. No specific reference data are identified.
'80' 2 bytes Verification of the user code (bits 64 - 79) for the 4402 protocol. CAUTION: In case of successful verification, bits 80 through 95 will be erased as a side effect. Among other things, these bits contain the error counter.
'81' 4 bytes Verification of the frame code (bits 320 - 351) for the 4402 protocol. CAUTION: In case of successful verification; the frame memory (bits 112 though 319) will be erased as a side effect.
Table 30: P2 Parameters of the Verify Command
No password file is implemented for smart cards having the 3-wire bus protocol. As far as the access is concerned, the SLE 4428 will treat the operating error counter and the password like any other character. The B1 card reader is not able to distinguish between smart cards of the types SLE 4418 and SLE 4428. If a ‘Verify’-command is executed under SLE 4418, this can lead to an unintended change of data on the smart card. This concerns in particular the character 1021, at which address the operating error counter of the SLE 4428 is located.
Seite 49
KOBIL Smart Card Terminal Manual
Special Status Displays:
SW1 SW2 Significance Possible Causes
'62 00' No password The active file or the active directory are not password-protected.
'63 00' Incorrect password
'69 83' Operating error counter expired
'69 85' Command not possible
There exists no active file or directory. The writing access is blocked.
'6B 00' Offset outside file
'6A 88' No reference data
'63 01' Premature end of file The end of the memory space reserved for the file has been reached before the Lc bytes were written.
Table 31: Special Status Displays for the Verify Command
10.6 Select File
‘Select file’ will select an active file within the CT file system. The new file must be located in the active directory, or must be the master file. (Exempt from this rule are the files in the host driver that can be directly addressed.) If ‘Select File’ fails, there will be no active file. If the new active file is a directory, this directory will become the new active directory. Coding:
CLA '00'
INS 'A4'
P1 '00' (selection by file identifier)
P2 '00' (first or only occurrence, proprietary file control information format)
Lc '02'
Data field File ID (2 bytes)
Le Empty or length of the expected response
Table 32: Coding the Select File Command
Special Status Displays:
SW1 SW2 Significance Possible Causes
'6A 82' File not found File does not exist under the ID displayed or cannot be reached from the active directory.
Table 33: Special Status Displays for the Select File Command
Seite 50
KOBIL Smart Card Terminal Manual
10.7 Read Binary
‘Read binary’ will read data out of the active file of the file system. Coding:
CLA '00'
INS 'B0'
P1, P2 Offset of the first byte to be read
Lc Empty
Data field Empty
Le Number of bytes to be read. If Le = 00 or 000000 applies, the file is read through to its end, with Le = 00 having a maximum of 256 bytes.
Table 34:Coding the Read Binary Command
Special Status Displays: SW1 SW2 Significance Possible Causes
'69 82' No access authorization Reading of the file or the directory is password-protected, and the password verification has not been successfully performed yet.
'69 85' Access not possible There exists no active file or active directory. Reading access is blocked.
'6B 00' Offset outside of file
'62 82' Premature end of file The end of the file was reached before the Le bytes were read.
Table 35: Special Status Displays for the Read Binary Command
Seite 51
KOBIL Smart Card Terminal Manual
10.8 Write Binary
‘Write Binary’ will write data into the active file of the file system. Coding:
CLA '00'
INS 'D0'
P1, P2 Offset of the first byte to be written
Lc Number of bytes to be written
Data field Data to be written
Le Empty
Table 36: Coding the Write Binary Command
Special Status Displays:
SW1 SW2 Significance Possible Causes
'63 01' Premature end of file The end of the memory space reserved for the file was reached before the Lc bytes were written.
'65 00' Writing not possible Memory error
'69 82' No access authorization The writing access to the file is password-protected, and the password verification has not been successfully performed yet.
'69 85' Command not possible There exists no active file or active directory. Writing access is blocked.
'6B 00' Offset outside of file
Table 37: Special Status Displays for the Write Binary Command
Seite 52
KOBIL Smart Card Terminal Manual
10.9 Reset
A reset will be executed on the specified device, and will provide the ATR. In the case of card terminals having more than one interface, the blocked ports will be released again. Coding:
CLA '20'
INS '10'
P1 Device 00 = card reader, 01 = ICC1, 02 = ICC2
P2 00 = no responses 01 = entire ATR 02 = only historical characters as response
Lc Empty
Data field Empty
Le '00'
Table 38: Coding the Reset Command
Special Status Displays:
SW1 SW2 Significance Possible Causes
'90 00' ATR received from synchronous ICC (only with P1 = 01 or 02)
'90 01' ATR received from asynchronous ICC
'62 A5' No protocol selected No ATR was received by a synchronous card, the protocol byte is unknown.
'62 A6' No ATR in compliance with ISO 7816-3
The ATR was received with the I2C protocol, not compliant with ISO 7816-3.
'62 A7' no ATR compliant with ISO 7816-3, no protocol selected
It was not possible to receive an ATR either in compliance with ISO 7816-3, nor to read the ATR with the I2C protocol.
'64 00' Reset unsuccessful It was not possible to execute a successful reset.
'64 A1' No ICC No smart card in the contact unit.
'64 A2' ICC not activated ICC was removed from the contact unit after its activation, and then reinserted.
'64 A3' Protocol not supported The ATR of an asynchronous ICC was received. The protocols displayed in the ATR are not supported.
'64 A8' Protocol error The ATR of an asynchronous ICC was received. The check sum contained errors.
Table 39: Special Status Displays for the Reset Command
Seite 53
KOBIL Smart Card Terminal Manual
10.10 Reset CT
This command has the same effect as ‘Reset.’ It is only implemented for reasons of compatibility within the public German healthcare systems, subject to arrangement. Coding:
CLA '20'
INS '11'
P1 '00' = terminal, '01' = ICC1, '02' = ICC2 (only B1 Professional)
P2 '00' = no responses
'01' = entire ATR
'02' = only historical characters as response
Lc Empty
Data field Empty
Le Empty or '00'
Table 40: Coding the Reset CT Command
Special Status Displays: Confer ‘Reset’-Command.
Seite 54
KOBIL Smart Card Terminal Manual
10.11 Request ICC
‘Request ICC’ prompts the insertion of a smart card – with the option of specifying a waiting period – and will execute a reset once a card has been inserted. Card terminals equipped with display provide the option of displaying an input challenge. Coding:
CLA '20'
INS '12'
P1 Device '01' = ICC1, '02' = ICC2 (only B1 Professional)
P2 Bits b8 - b5:
'0' = standard display text No. 1 (confer Section 10.19)
'F' = no display message
Bits b4 - b1:
'0' = no response data
'1' = entire ATR
'2' = only historical characters
Lc Empty or length of data field
Data field Empty or waiting period in seconds or TLV with the tags:
'50' = display text coded as IA5
'80' = waiting period in seconds (coded integer)
Le Empty or '00'
Table 41: Coding the Request ICC Command
Seite 55
KOBIL Smart Card Terminal Manual
Special Status Displays:
SW1 SW2 Significance Possible Causes
'90 00' ATR received from synchronous ICC
'90 01' ATR received from asynchronous ICC
'62 00' Warning No smart card was inserted during the waiting period.
'62 01' Warning The smart card is already activated.
'62 A5' No protocol selected No ATR from a synchronous card was received, the protocol byte is unknown.
'62 A6' No ATR compliant with ISO 7816-3
The ATR was received with the I2C protocol, not in compliance with ISO 7816-3.
'62 A7' No ATR compliant with ISO 7816-3, no protocol selected
No ATR was received ISO 7816-3, nor was it possible to read the ATR with the I2C protocol.
'64 00' Reset unsuccessful No reset could be executed for the card.
'64 01' Reset break The cancel button was pressed.
'64 A2' ICC not activated ICC was removed from the contact unit after the activation and reinserted.
'64 A3' Protocol not supported
The ATR of an asynchronous ICC was received. The protocols displayed by the ATR are not supported
'64 A8' Protocol error The ATR of an asynchronous ICC was received. The check sum contained errors.
'69 00' Command not permissible
Timeout or LCD output not supported.
Table 42: Special Status Displays for the Request ICC Command
10.12 Deactivate
This command will deactivate the contacts to the smart card. Coding:
CLA '20'
INS '14'
P1 Device: 01 = ICC1, 02 = ICC2
P2 '00'
Lc Empty
Data field Empty
Le '00'
Table 43: Coding the Deactivate Command
Seite 56
KOBIL Smart Card Terminal Manual
Special Status Displays:
SW1 SW2 Significance Possible Causes
'90 00' Command successful
'64 A1' No ICC No ICC was activated.
10.13 Eject ICC
The card was deactivated. A message prompting removal of the card will be displayed whose display time can be defined by the timeout parameter. Coding:
CLA '20'
INS '15'
P1 Device: '01' = ICC1, '02' = ICC2
P2 '00' = standard display text No. 2 (confer Section 10.19)
'F0' = no display message
Lc 0, 1 or length of data field
Data field If available, 1 byte will state the timeout until removal of the card
or TLV structure
'50' = display text coded as IA5 (limited set of characters)
'80' = waiting period in seconds (coded integer)
Le Empty
Table 44: Coding the Eject ICC Command
Special Status Displays:
SW1 SW2 Significance Possible Causes
'90 00' Command successful
'90 01' Command successful, card was removed
'62 00' Warnung The card was not removed within the timeout period.
Table 45: Special Status Displays for the Eject ICC Command
Seite 57
KOBIL Smart Card Terminal Manual
10.14 Get Status
The ‘Get Status’-command permits queries for status information, which are returned as TLV-coded data objects (DO; confer Table 48).
Coding:
CLA '20'
INS '13'
P1 '00' = smart card terminal
'01' = ICC 1
'02' = ICC 2 (only B1 Professional)
P2 P1 = '00' :
'46' = make of terminal
'80' = status of all ICC interfaces
'81' = functional units
P1 ≠ '00' :
'80' = status of ICC specified in P1
Lc Empty
Data field Empty
Le '00'
Table 46: Coding the Get Status Command Special Status Displays:
SW1 SW2 Significance Possible Causes
'90 00' Command successful
Table 47: Special Status Displays for the Get Status Command Response DOs:
Wert von P2
Significance
'46' Manufacturer’s string
'80' For each ICC, one byte b8...b1:
b3b2 = '01' : ICC deactivated
b3b2 = '10' : ICC activated
b1 = 1: ICC available
'81' One byte for each functional unit:
'01' = ICC1, '02' = ICC2, '40' = display, '50' = keyboard
Table 48: Tags in the Response of the Get Status Command
Seite 58
KOBIL Smart Card Terminal Manual
10.15 Input
Use the ‘Input’-command to request input through the card terminal keyboard. Optionally, the requested input text or any other input text can be displayed on the display screen. Coding:
CLA '20'
INS '16'
P1 '50' = keyboard
P2 '00' = no optical feedback of the input
'01' = input is displayed in plain text on the display
'02' = input is shown on the display in the form of the character ’*’ (asterisk)
Lc Empty or length of data field
Data field Empty or TLV with the tags:
'50' = display text coded as IA5
'80' = waiting period in seconds (coded integer)
Le '00'
Table 49: Coding the Input Command
The default value for the input timeout is set at 15 seconds prior to the first entered character, and 5 seconds between the input of the other characters. The waiting period option allows you to extend or cut the 15 second period. Special Status Displays:
SW1 SW2 Significance Possible Causes
'90 00' Command successful
'64 00' Waiting period expired The waiting period expired.
'64 01' Break The user pressed the cancel button.
Table 50: Special Status Displays for the Input Command
Seite 59
KOBIL Smart Card Terminal Manual
10.16 Output
The output command is used to display the output on the display screen of the card terminal. Coding:
CLA '20'
INS '17'
P1 '40' = Display
P2 '00'
Lc Empty or length of data field
Data field Empty or TLV with the TAGs:
'50' = Display Text coded as IA5
'80' = waiting period in seconds (coded integer)
Le Empty
Table 51: Coding the Output Command
Special Status Displays:
SW1 SW2 Significance Possible Causes
'90 00' Command successful
Table 52: Special Status Displays for the Output Command
Seite 60
KOBIL Smart Card Terminal Manual
10.17 Perform Verification
This command causes a message to be displayed, requesting PIN input, the acceptance of the PIN input through the smart card terminal keyboard, and the corresponding interaction with the smart card(for a more accurate description of the present smart card terminal, confer Section 5.1). Support for a biometric sensor is not provided at present. The interaction of the smart card consists, on the one hand, of the sending of commands transmitted in the data field or the ‘Perform Verification’-command. In this context, you will either have to enter the PIN or the resetting code of the smart card terminal at the insert position identified in the DO ‘Command-to-Perform’. On the other hand, the interaction consists of the acceptance of the smart card response. Coding:
CLA '20'
INS '18'
P1 '01' = CT/ICC interface 1
'02' = CT/ICC interface 2 (only B1 Professional)
P2 '00' = user authentication via PIN pad
Lc Length of data field
Data field TLV with the tags (confer also ISO/IEC 7816-6 on this point):
'52' = command-to-perform: control byte (see below) || insert position || raw command1
'50' = display text for challenge to enter PIN is being ignored (default = “Please enter PIN”).
'80' = timeout in seconds (BCD coded) is ignored until the first digit is entered
Le Empty
Table 53: Coding the Perform Verification Command Bits Control Byte (Tag '52')
b8-b5 Length of PIN to be entered. '00' for any length (conclude with return key)
b4-b3 '00' = RFU
b2-b1 PIN coding
'00' = BCD
'01' = T.50-coded character with b8=0 (i.e. digit 0 = '30', digit 1 = '31' etc., ASCII)
'10' = format 2 PIN block (2L PP PP PP PP ... PF FF FF .. FF; L=length, P=BCD PIN digit)
'11' = RFU
b8-b1 'FF' for biometric authentication (not implemented)
Table 54: Coding the Control Bytes (Tag '52') The insert position is counted upward, starting at 1. The raw command in ‘Command-to-Perform’ may appear, depending on the application, in one of the two following formats: - Command Header (CLA, INS, P1 P2 = 4 bytes), if the PIN is entered into the data field of
the ICC command without padding.
Seite 61
1 For security reasons, the raw command permits only the INS bytes 0x20, 0x24, 0x26, 0x28 and 0x2c!
KOBIL Smart Card Terminal Manual
- Command Header with length field Lc and with data field pre-formatted with padding bytes.
Examples: 1. VERIFY-command compliant with ISO/IEC 7816-4 ('00 20 00 00'), 4-digit PIN 4712
(BCD) Contents of Tag '52' = '40 06 00 20 00 00' At position '05', starting from the begin of command, the length byte Lc (here: '02') is entered by the card terminal. Insert position is ‘06’, that is, the sixth byte after the beginning of the ‘Verify’-command. After the PIN has been successfully entered, the following command is sent to the card: '00 20 00 00 02 47 12'.
2. ‘Verify’-command compliant with CEN 726-3, 4-digit PIN 4712 (ASCII) with FF padding Contents of Tag '52' = '41 06 A0 20 00 01 08 FF FF FF FF FF FF FF FF' Insert position is ‘06’, that is, the sixth byte after the beginning of the ‘Verify CHV’-command. Once the PIN has been successfully entered, the following command is sent to the card: 'A0 20 00 01 08 34 37 31 32 FF FF FF FF'.
After the input request the PIN to be entered (usually between four and eight digits) is displayed on the screen in the form of a star for each digit entered. The PIN length is defined in the control byte. Next, the PIN is entered in the data field of the ICC command, which is found in the data field of the ‘Perform Verification’-command (‘Command-to-perform’ is entered ahead of the PIN in the Lc field, provided that nothing but the command header is found there). Afterwards the ICC command is transmitted to the smart card. The status bytes returned in the response of the ICC command (if the PIN was entered correctly, SW1-SW2 = ‘9000’) are forwarded to the application system in the form of status bytes of the ‘Perform Verification’-command, and the standard text ‘Action Successful’ will be issued through the display. If the PIN transmitted to the smart cardwas incorrect, the return code from the smart cardSW1-SW2 will differ from ‘9000.’ In this case, the standard display text ‘PIN Incorrect/Blocked’ will be issued, and the return code will be sent back to the application system. If the user presses the cancel button before the PIN input is concluded, the command will be sent back to the smart card, the standard display text ‘Break’ will be issued through the display, the input buffer will be erased, and the return code SW1-SW2 = '6401' will be returned. If the input request is not followed by the input of the next digit within 15 seconds (default value), or if more than 5 seconds expire between the input of the next consecutive digits, no command will be sent to the smart card, the standard display text ‘Break’ will be issued through the display, and the return code SW1-SW2 = '6400' will be returned. If the user simply forgot to press the confirmation button – regardless of the PIN length – the process will be aborted after the expiration of another timeout period. Special Status Displays:
SW1 SW2 Significance Possible Cause
'9000' PIN was successfully transferred.
'6400' Timeout No input during the timeout period
'6401' Break The cancel button was pressed.
Table 55: Special Status Displays for the Perform Verification Command
Seite 62
KOBIL Smart Card Terminal Manual
10.18 Modify Verification Data
This command will prompt the request for the old PIN (or for the resetting code, confer ISO/IEC 7816-8; or for the unblocking key, confer EN 726-3) and the new PIN and the corresponding interaction with the smart card. No biometric support is implemented at present. The interaction with the smart card consists, on the one hand of the transmission of the commands entered into the data field of the ‘Modify Verification Data’-command, and of the acceptance of the smart card response. In the process, the old PIN, or the resetting code of the smart card terminal, will be inserted together with the new PIN into the insert position in the DO ‘Command-to-Perform.’ On the other hand it consists of the acceptance of the smart card response. Coding:
CLA '20'
INS '19'
P1 '01' = CT/ICC interface 1
'02' = CT/ICC interface 2 (only B1 Professional)
P2 '00' = user authentication via PIN pad
Lc Length of data field
Data field TLV with the Tags (confer also ISO/IEC 7816-6 on this point):
'52' = command-to-perform: control byte (see below) || insert position ALT || raw command2
'50' = display text for challenge to enter PIN is being ignored (default = “Please enter PIN”).
'80' = timeout in seconds (BCD coded) is ignored until the first digit is entered
Le Empty
Table 56: Coding the Modify Verification Data Command
The significance and usage of the tags matches the ‘Perform Validation’-command (confer Section 10.17) Examples: 1. ‘Change Reference Data’ compliant with ISO/IEC 7816-8, having old reference data (4-
digit PIN) and new reference data (6-digit PIN), i.e. PINs of variable length, and representation as ASCII characters. The value of the old reference data in the example is 4712, the value of the new reference data is 231546.
Contents of Tag '52' = '01 06 00 00 24 00 00' Insert position for the old reference data: '06', that is the sixth byte after the beginning of the ‘Change Reference Data’-command, insert position for new reference data: byte '00', i.e. immediately following upon the old reference data. The length byte Lc is inserted by the smart card terminal at position 05 after the beginning of the command. The command sent to the smart card has the following coding: '00 24 00 00 0A 34 37 31 32 32 33 31 35 34 36' Note: Under ISO/IEC 7816-8 is assumed that the smart cardknows the length of the old reference data, and that is therefore requires neither a fixed field length of 8 bytes, nor any delimiters!
Seite 63
2 For security reasons, the raw command permits only the INS bytes 0x20, 0x24, 0x26, 0x28 and 0x2c!
KOBIL Smart Card Terminal Manual
2. ‘Change CHV’-command compliant with CEN 726-3, having a 4-digit PIN (old PIN 4712, new PIN 2315) and BCD-coding with FF padding.
Contents of Tag '52' = '40 06 0E A0 24 00 01 10 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF' Insert position for the old PIN: '06', that is, the sixth byte after the beginning of the ‘Change CHV’-command, insert position for the new PIN: byte '0E', that is, the fourteenth byte after the beginning of the ‘Change CHV’-command. The command sent to the smart cardhas the following coding: 'A0 24 00 01 10 47 12 FF FF FF FF FF FF 23 15 FF FF FF FF FF FF'
The execution of the ‘Modify Verification Data’-command in the smart card terminal begins with the output of the standard display text ‘Please enter PIN.’ The data object ‘50’ (Command-to-Perform) should be entered in the data field if no standard display text is supposed to be used for user guidance. The data object ‘52’ (Command-to-Perform’) should always be the last tag in the data field. After the old PIN or the resetting code has been entered, the standard display text ‘Enter new PIN’ is issued. After the new PIN has been entered, the standard display text ‘Retype PIN’ is displayed. Once the PIN input has been repeated, and once it has been verified to match the first input, the two PINs are entered into their respective insert positions in the data field of the ICC command that is supposed to be sent to the smart card. The status bytes SW1-SW2 (usually ‘9000’), returned in the response of the ICC command, are forwarded to the application system as status bytes of the ‘Modify Verification Data’-command, and the standard display text ‘Action Successful’ is issued through the display. If the smart card returns a return code SW1-SW2 other than '9000,' the standard display text 'PIN Incorrect/Blocked' will be issued. If the input during the retyping of the new PIN fails to match the previous input, the display text ‘PIN mismatch. Break’ is issued over the display, and the SW1-SW2 = '6402' will be sent back to the application system as status bytes. In case the timeout period is exceeded during the user input, and if the process is cancelled by the user, the same rules as for the ‘Perform Verification Data’-command apply. Special Status Displays:
SW1-SW2 Significance Possible Cause
'9000' PIN change successfully performed
'6400' Timeout No input within the timeout period
'6401' Break The cancel button was pressed.
'6402' PIN mismatch The new PIN was incorrectly retyped the second time.
Table 57: Special Status Displays for the Modify Verification Data Command
10.19 Display Texts
According to the MKT specification, the following display texts for a display size of 2x16 characters have been defined. The character set supported is the alphabet (including German vowel shift characters) in upper and lower case, as well as the digits and standard special characters, in particular the asterisk. For use as control characters in display texts only CR is permitted. No. Text
Seite 64
KOBIL Smart Card Terminal Manual
1 Please insert card
2 Please remove card
3 Card cannot be read. Wrong position?
4 Please enter PIN
5 Action successful
6 PIN incorrect/blocked
7 Enter new PIN
8 Repeat input
9 PIN mismatch. Break.
10 Please confirm input
11 Please enter data
12 Break
Table 58: Standard-Anzeigetexte
Seite 65
KOBIL Smart Card Terminal Manual
10.20 Reset 1
‘Reset 1’ will execute a reset for asynchronous smart cards, and provides the ATR. If the interface to the smart card has already been activated, it will not be completely deactivated before the reset, and the power supply VCC remains consistent. Note: The Reset1 command was implemented in order to support the non-ISO-compliant protocol switch of some smart cards. Coding:
CLA '20'
INS '1F'
P1 Device 01 = ICC1, 02 = ICC2
P2 00 = no responses 01 = entire ATR 02 = only historical characters as response
Lc Empty
Data field Empty
Le '00'
Table 59: Coding the Reset 1 Command
Special Status Displays:
SW1 SW2 Significance Possible Causes
'90 01' Received ATR from asynchronous ICC
'64 A1' No ICC No smart card in the contact unit.
'64 A2' ICC not activated ICC was removed from the contact unit after activation, and then reinserted.
'64 A3' Protocol not supported The ATR of an asynchronous ICC was received. The protocols displayed in the ATR are not supported.
'64 A7' No ATR compliant with ISO 7816-3, no protocol selected
No ATR from an asynchronous ICC was received.
'64 A8' Protocol Error The ATR of an asynchronous ICC was received. The check sum contained errors.
Table 60: Special Status Displays for the Reset 1 Command
Seite 66
KOBIL Smart Card Terminal Manual
10.21 Set Interface Parameter
The ‘Set Interface Parameter’-command effects the reset of the protocol, of the protocol parameters, or of the other adjustable properties at the identified interface. When resetting the HOST / CT interface, the setting of the new parameters is effected after the transmission of the response from the ‘Set Interface Parameters’-command. A resetting of the protocol or of the protocol parameters at the ICC interface is possible only under the protocol status PTS or READY – directly after the reset and prior to the beginning of the data transmission. However, the transparent mode allows for the resetting of parameters at any time. Coding:
CLA '80'
INS '60'
P1 Device: 00 = CT/HOST, 01 = ICC1, 02 = ICC2
P2 '00'
Lc Variable
Data field TLV
Tags '10','11','12','13' for device = 00
Tags '21','22','23','24','25' for device = 01 or 02
Tags '40','41','42',43','44' additional in transparent mode
Le Empty
Table 61: Coding the Set Interface Parameter Command
Special Status Displays:
SW1 SW2 Significance Possible Causes
'69 85' Command not possible in the present status
Protocol settings at the ICC interface are possible only directly after the reset and before the data transmission is begun.
'6A 80' Invalid parameters in the data field
Options not supported, or combination of options not supported, are displayed in the data field. The parameters displayed in the data field are incompatible.
'6A 85' Inconsistent data in the data field
The data transmitted to the data field cannot be interpreted as TLV field.
Table 62: Special Status Displays for the Set Interface Parameter Command
Seite 67
KOBIL Smart Card Terminal Manual
10.22 Set Mode
This command is used to set the transmission mode to handle asynchronous smart cards. Two modes are supported. In the normal mode, the data is transmitted according to the set protocol. In the transparent mode, the transferred data are forward to the smart card in unchanged form. Switching to the transparent mode is possible only prior to activating the smart card, whereas switching from the transparent mode back into the normal mode is possible any time. Coding:
CLA '80'
INS '61'
P1 Device: 01 = ICC1, 02 = ICC2
P2 Mode 00 = normal mode, 01 = transparent mode
Lc Empty
Data field Empty
Le Empty
Table 63: Coding the Set Mode Command
Special Status Displays:
SW1 SW2
Significance Possible Causes
'69 85' Command not possible in the current status
Switching from the normal mode to the transparent mode is possible only if the interface to the smart card is not activated.
'6A A3' Protocol is not supported
No valid asynchronous protocol was set for the switch from transparent mode back to normal mode.
Table 64: Special Status Displays for the Set Mode Command
Seite 68
KOBIL Smart Card Terminal Manual
10.23 Freeze
Freeze commands will convert the card reader into the freeze status. In the freeze status, the card reader retains its current status, and waits for the event identified by the freeze command to occur. The freeze status begins with the transmission of the response to the freeze command. The card reader will show the beginning freeze status by deactivating the DTR line – where available. The freeze status is terminated as soon as one of the events identified by the freeze command has occurred, or if a syntactically correct block of layer 2 (new command) has been received. In either case, termination of the freeze status is indicated by the activation of the DTR line. Coding:
CLA '80'
INS '70'
P1 '00'
P2 '00'
Lc Variable
Data field TLV
Tags '30' freeze events
Le Empty
Table 65: Coding the Freeze Command
Special Status Displays:
SW1 SW2 Significance Possible Causes
'6A 80' Invalid parameters in the data field
An event not supported is displayed in the data field.
'6A 85' Inconsistent data in the data field
The data transmitted to the data field was not interpreted as TLV structure.
Table 66: Special Status Displays for the Freeze Command
Seite 69
KOBIL Smart Card Terminal Manual
10.24 Wait Freeze
'Wait Freeze' is sent after the successful issuance of a ‘freeze’ and will not return until after the event identified in the ‘Freeze’ has occurred, or if an error has manifested itself. Unlike with other commands, CT_data(...'Wait Freeze'...) will block the calling thread of the program. If the respective application has only one thread, the entire process will be blocked. Since this is hardly ever intended, CT_data(...'Wait Freeze'...) should be executed in a separate thread. If CT_close() is called up during a multiple thread process, while CT_data(...'Wait Freeze'...) is being processed, CT_data() will be terminated with the return code ERR_HTSI. Coding:
CLA '80'
INS '71'
P1 Timeout in minutes
P2 Timeout in seconds
Lc Empty
Data field Empty
Le Empty
Table 67: Coding the Wait Freeze Command If the value '00' is entered in P1 and P2, no timeout will be performed. ‘Wait Freeze’ will not return until the freeze event has occurred or in case of an error. Special Status Displays:
SW1-SW2 Significance Possible Causes '62F0' Timeout ‘Wait Freeze’ was terminated by a
timeout, the freeze event was not received.
'64F0' DSR already occupied during call-up The CT does not have freeze status.
Table 68: Special Status Displays for the Freeze Command During the reception of SW1-SW2 = '90 00' the change of the DSR_Line from LO to HI was received. In this case the application should read out the freeze status file or the ICC status file. The signal line could have been set by the activity of another application. In this case, the event did not occur even though DSR was set. After the ICC status file of the B1-CT has been read out, the application has to transmit ‘Freeze’ or ‘Wait Freeze’ once more.
Seite 70
KOBIL Smart Card Terminal Manual
10.25 ICC Application Commands
ICC application commands are characterized by the fact that the destination address (DAD) is set to the value 00 (ICC1) or to the value 02 (ICC2). The card reader attempts principally to forward the data addressed to an ICC, or received from there, to the respective destination address in transparent form. That is, each command to an ICC that is received by the HOST interface generally causes a response by an ICC to be transmitted to the HOST interface. There are two instances that take exception to this principle.
• The card terminal allows for access to synchronous smart cards by presenting them as file to the application layer. You may access such files with ICC commands specified for file operations.
• If an error occurs during the transmission of a command to an ICC, the card terminal will generate an error code. In order to enable the application to recognize that the response was generated by the card terminal, the source address (SAD) is set to the value of 01 (CT) in the response. The error messages generated by the card terminal are represented in the following table.
SW1 SW2 Significance Possible Causes
'62 A5' No protocol selected No ATR from a synchronous card was received. The type of protocol is unknown.
'62 A6' No ATR compliant with ISO 7816-3
The ATR was received with the I2C protocol, not in compliance with ISO 7816-3.
'62 A7' No ATR compliant with ISO 7816-3, no protocol selected
No ATR in compliance with ISO 7816-3 was received, nor could the ATR be read with the I2C protocol.
'64 A0' Unspecified ICC error
'64 A1' No ICC No smart card in the contact unit.
'64 A2' ICC not activated ICC was removed from the contact unit after activation , and then reinserted.
'64 A3' Protocol not supported
The ATR of an asynchronous ICC was received. The protocols displayed in the ATR are not supported.
'64 A5' No protocol selected No ICC protocol was selected.
'64 A8' Protocol error A protocol error occurred during the communication with the ICC. The error can possibly be remedied by re-synchronizing the layer 2 protocol. This will automatically be attempted during the next data transmission.
'64 A9' Irremediable ICC Protocol error
An irremediable protocol error occurred during the communication with the ICC.
'64 AA' PTS Protokollfehler An error occurred during the PTS with the ICC.
'64 AB' WTX error Communication with the ICC was interrupted because an extension of the waiting period requested by the HOST was denied.
'65 AB' WTX error, memory contents changed
The communication with the ICC was interrupted because an extension of the waiting period requested by the HOST was denied. The contents of the non-volatile memory may already be changed.
'69 85' Security violation Command was rejected due to security reasons.
'6F 82' Invalid source address.
The source address (SAD) is not 02 (HOST) or 05 (REMOTE HOST).
Table 69: Error Messages of the Smart card terminal when Accessing an ICC
Seite 71
KOBIL Smart Card Terminal Manual
10.26 Selecting a Synchronous ICC
If the card reader recognizes a synchronous ICC during reset, or if the user resets the protocol to process synchronous ICCs, using the command ‘Set Interface Parameter,’ a server module for synchronous ICCs is activated. This module presents synchronous ICCs as files, which allows for the addressing of additional ICC properties by way of selecting different files.
10.27 Commands for Selecting a Synchronous ICC
The following table provides an overview of the commands of the server module. For the coding the descriptions for the CT application commands applies.
Command Coding
CLA INS P1 P2 Lc Parameters Le
Erase Binary '00' '0E' offset var. var. -
Verify '00' '20' '00' '00' var. PIN -
Select File '00' 'A4' '00' '00' 2 File ID -
Read Binary '00' 'B0' offset - - var.
Write Binary '00' 'D0' offset var. data -
Table 70: Overview of the Commands for Synchronous ICCs
Seite 72
KOBIL Smart Card Terminal Manual
10.28 File Types
In order to be able to address additional properties of synchronous ICCs, various file types have been implemented. These are selected with the ‘Select File’-command. At present, the following files types are supported:
File Type File ID Significance
Data File '3F01' The data of the synchronous ICC are treated as a sequence of bytes, the file is implicitly selected during the activation of the server module.
Attribute File
'3F81' The data of the synchronous ICC are treated as a sequence of bytes. Each data byte is followed by an attribute byte. Bit 1 (the bit with the lowest value) of the attribute byte, indicates whether the byte is read-only protected, The significance of the remaining bytes of the attribute bytes remains undefined at present.
Password File
'3F82' The password of the ICC is treated a sequence of bytes. A password file does not exist for all synchronous ICCs.
Table 71: File Types for Operations Involving ICCs
10.29 Handling the Public Health Insurance Card
If the CT configuration file indicates that a read-only module exists, the smart card terminal verifies in the case of synchronous cards whether the inserted card matches the specification of the public German health insurance card. In this case, any writing access to the card is prevented.
Seite 73
KOBIL Smart Card Terminal Manual
11 Transparent Mode The transparent mode allows for data transmission to asynchronous cards outside of protocol regulations. The transparent mode is supported only if indicated accordingly in the ICC configuration file of the respective interface. You switch to the transparent mode by using the ‘Set Mode’-command. Doing so will not be possible if the interface to the smart card has already been activated. If the transparent mode is switched on, the ICC status file will say so. The user may use the ‘Set Interface Parameters’-command to change the following parameters in the transparent mode:
Parameter Significance Unit Default Value
Elementary Time Unit (etu)
Length of a bit Machine cycle 70
Character Guard Time (CGT)
Waiting period when switching from receive to send.
etu 12
Block Waiting Time (BWT)
Waiting period for the first sign of a given block
Machine cycle 4608000
Character Waiting Time (CWT)
Waiting period for the first sign of a given block.
Machine cycle 921600
Conventions direct / inverse conventions in compliance with ISO 1177
direct / inverse direct
Error handling Error remediation in compliance with ISO 7816-3
on / off off
Active low reset Before waiting for ATR, the RST signal is set to HIGH
on / off on
Table 72: Parameters in the Transparent Mode
Once you have switched to the transparent mode, the defined default values will be set. The possible range of parameter values is limited, depending on the implementation. The number of machine cycles for a given time span can be calculated with the help of the following formula. Number of machine cycles = time in ms x 9216 In the transparent mode, the data are sent to the ICC in unchanged form. The waiting time for the first character is defined in machine cycles by the BWT, the waiting time for the next consecutive character by the CWT. Data received by the ICC are saved in the card reader for the time being. Once the waiting period has expired, the card reader will terminate the reception phase. Afterwards, the length of the received data and the data itself are transmitted to the HOST. Use the ‘Set Mode’-command to terminate the transparent mode. If the protocol was set to an asynchronous protocol prior to switching back, you can continue to work with the former protocol afterwards. In the case of block-oriented protocols T=1 and T=14, the card reader will re-synchronize the internal protocol counters.
Seite 74