Copyright © 2000-2002 KOBIL Systems GmbH.
All rights reserved. This manual may not be copied, or reproduced in any other way,
without prior permission by KOBIL System GmbH. This applies equally to any part of
the manual.
Every effort has been made to guarantee the correctness of this manual.
Nonetheless, KOBIL Systems GmbH assumes no warranty regarding its correctness
or completeness. The serviceability and suitability for any specific purposes is not
guaranteed. Information contained in this manual is subject to change without prior
notification, with no legal claims arising out of this fact.
Information that was unavailable until after this manual went into print may be found
– where applicable – in the file README.TXT on the enclosed data medium.
For further information on KOBIL smart card terminals, technical assistance, and
other KOBIL security products, confer the internet under http://www.kobil.com/.
Version: 1.2
Date: December 3, 2002
Editor: hjr
All brand and product name identified here are trademarks or registered trademarks
the rights to which are held by their respective legal rights owners.
Published by KOBIL Systems GmbH
Copyright © 2000-2002
KOBIL Smart Card Terminal Manual
Page
3
1 Contents
1 Contents ............................................................................................................... 3
2 Abbreviations........................................................................................................ 6
3 General Information.............................................................................................. 7
4 Installation and Startup......................................................................................... 7
4.1 Items Included in the Package ..................................................................... 7
4.2 System Requirements .................................................................................. 8
4.3 Connecting to PC with Windows Operating System..................................... 9
4.3.1 Product: KAAN Standard Plus USB / SecOVID Reader Plus USB ........... 9
Step 1: Installing the Driver......................................................................................... 9
Step 2: Shutting down the Computer.......................................................................... 9
Step 3: Connecting the Smart Card Terminal........................................................... 10
Step 4: Rebooting your Computer ............................................................................ 11
How to Insert the Smart card:................................................................................... 11
Function of the ‘C’ Button ......................................................................................... 12
4.3.2 Product: KAAN Standard Plus serial / SecOVID Reader Plus serial....... 13
Step 1: Installing the Drivers..................................................................................... 13
Step 2: Shutting down the Computer........................................................................ 13
Step 3: Connecting the Smart card Terminal............................................................ 13
Step 4: Rebooting the Computer .............................................................................. 15
How to Insert the Smart card:................................................................................... 15
Function of the ‘C’ button.......................................................................................... 16
4.4 Installing the Software ................................................................................ 17
5 Security-relevant Functions ................................................................................ 18
5.1 Secure PIN Input........................................................................................ 20
5.2 Secure PIN Change ................................................................................... 21
5.3 SecOVID .................................................................................................... 23
5.3.1 SecOVID Online Mode ........................................................................... 24
5.3.2 SecOVID Offline Mode ........................................................................... 25
6 System Overview................................................................................................ 27
7 The CT–API........................................................................................................ 29
7.1 Functions.................................................................................................... 29
7.2 CT_init........................................................................................................ 30
7.3 CT_data ..................................................................................................... 31
7.4 CT_close .................................................................................................... 32
7.5 General Return Codes of the CT-API Functions ........................................ 32
7.6 Using the CT-API: The Example of the Public Health Insurance Card....... 33
8 Tag Length Value (TLV) Representation ............................................................ 35
8.1 Set-up of a TLV Field ................................................................................. 35
8.2 Coding Rules.............................................................................................. 35
8.3 Coding the Tags ......................................................................................... 36
9 The Smart card Terminal File System ................................................................ 39
9.1 File Control Information .............................................................................. 39
9.2 Directories .................................................................................................. 40
9.3 Hierarchical Set-up..................................................................................... 41
9.4 HOST Configuration File ............................................................................ 41
9.5 HOST Status File ....................................................................................... 42
KOBIL Smart Card Terminal Manual
Page
4
9.6 CT Configuration File ................................................................................. 42
9.7 HOST / CT Configuration File .................................................................... 43
9.8 HOST / CT Status File................................................................................ 43
9.9 Freeze Configuration File ........................................................................... 43
9.10 Freeze Status File ...................................................................................... 44
9.11 ICC Configuration File ................................................................................ 44
9.12 ICC Status File ........................................................................................... 44
10 Application Commands .................................................................................. 45
10.1 CT Application Commands......................................................................... 45
10.2 Command Overview................................................................................... 46
10.3 Status Bytes SW1 and SW2....................................................................... 47
10.4 Erase Binary............................................................................................... 48
10.5 Verify .......................................................................................................... 49
10.6 Select File .................................................................................................. 50
10.7 Read Binary ............................................................................................... 51
10.8 Write Binary................................................................................................ 52
10.9 Reset.......................................................................................................... 53
10.10 Reset CT ................................................................................................ 54
10.11 Request ICC ........................................................................................... 55
10.12 Deactivate............................................................................................... 57
10.13 Eject ICC ................................................................................................ 58
10.14 Get Status............................................................................................... 59
10.15 Input........................................................................................................ 60
10.16 Output..................................................................................................... 61
10.17 Perform Verification ................................................................................ 62
10.18 Modify Verification Data.......................................................................... 65
10.19 Reset 1 ................................................................................................... 67
10.20 Set Interface Parameter.......................................................................... 68
10.21 Freeze .................................................................................................... 69
10.22 Wait Freeze ............................................................................................ 70
10.23 ICC Application Commands.................................................................... 71
10.24 Selecting Synchronous ICCs - (only KAAN Standard Plus).................... 72
10.25 Commands for Selecting Synchronous ICCs - (only KAAN Standard Plus)
73
10.26 File Types - (only KAAN Standard Plus)............................................... 73
10.27 Handling the Public Health Insurance Card (only KAAN Standard Plus) 73
KOBIL Smart Card Terminal Manual
Page
5
Change Management
Version Changes
V 1.2.1 MAY 5, 03 In section10.14 Get Status in the table
response DOs:
the designations of the functional units in the functional unit data
object have been corrected in the following manner:
'01' = ICC1, '02' = ICC2, '40' = display, '50' = keyboard
V 1.2 DEC 3, 02 Deployment area, replacing the battery
V 1.1 NOV 21, 02 SecOVID online, synchronous protocols, TAGS table 9, image
labels
V 1.0 NOV 13, 02 Initial version
KOBIL Smart Card Terminal Manual
Page
6
2 Abbreviations
API Application Programming Interface
ATR Answer to Reset
CLA Class-Byte
CT Smart Card Terminal
CTN Card Terminal Number
CWT Character Waiting Time
DAD Device Address; here: Destination Address
DO Data Object (also confer TLV)
GKAPI GeldKarte Application Programming Interface (for German cash card type)
HTSI Host Transport Service Interface
IA5 International Alphabet No. 5
ICC Integrated Circuit Card
ID Identification
INS Instruction Byte
KSS KAAN serial interface (Protocol, commands... etc.)
KVK Kranken-Versicherten-Karte (German public health insurance card)
LED Light Emitting Diode
P1 Parameter Byte 1
P2 Parameter Byte 2
PTS Protocol Type Select
SAD Source Address
SW1 Status Byte 1
SW2 Status Byte 2
TLV Tag Length Value
USB Universal Serial Bus
Table 1: Abbreviations
KOBIL Smart Card Terminal Manual
Page
7
3 General Information
This manual describes the performance features, installation, operation, and
programming of KOBIL smart card terminals KAAN Standard Plus and SecOVID
Reader Plus. Sections 6 though 10 serve exclusively the documentation of the
programming interfaces.
Important information is highlighted in bold type.
4 Installation and Startup
4.1 Items Included in the Package
Included in your KOBIL smart card terminal package are:
• KOBIL smart card terminal KAAN Standard Plus or SecOVID Reader Plus,
respectively
• Data medium including manual, drivers and test applications
• Set of cables (either a serial cable or a USB cable)
• Device base station
• Quick guide for start-up
Image 1 shows the three security labels of the smart card terminal. Since the smart
card terminal is offering a variety of security-related functions, it is essential for the
three decals displayed on the backside of the smart card terminal (“security labels”)
to show that the housing has not been tampered with.
Please make sure that none of the three
security labels have been removed or
destroyed. This is the only way to guarantee that the smart card terminal
functions properly. The security labels protect you as a consumer against
unauthorized manipulation of the hardware and/or software of the smart card
terminal.
Please be sure to read up on the security features of the smart card terminal
under Section 5.
Image 1 also shows the function buttons of the smart card terminal (cancel/correct-,
function-, and confirm buttons).
KOBIL Smart Card Terminal Manual
Page
8
4.2 System Requirements
You will need a free COM port and a (sliding contact) PS/2 socket, or a USB port.
Software drivers for MS Windows 9x / ME / NT / 2000 / XP as well as for Linux,
Solaris, HP-UX and OS/2 are enclosed. Drivers for MS-DOS versions 5.0 and higher,
as well as for MS Windows 3.1, can be obtained from KOBIL Systems upon request.
You will find other drivers as well as updated versions in the internet under
www.kobil.com.
Image 1: Arrangement of Buttons and Security Labels
KOBIL Smart Card Terminal Manual
Page
9
4.3 Connecting to PC with Windows Operating System
The smart card terminal will be ready for operation as soon as it is connected
to your PC. It requires no configuration. In order to enable your application to
access the smart card terminal you need to install a driver. The subsequent
sections will discuss the installation process in detail.
4.3.1 Product: KAAN Standard Plus USB / SecOVID Reader Plus USB
Note: Before connecting the KAAN Standard Plus / SecOVID Reader Plus you
will have to install a driver!
Note for Windows NT users: Windows NT will not support the USB variation of
the smart card terminal at present.
Step 1: Installing the Driver
Start your PC. The smart card terminal has not yet been connected. Insert
the driver CD enclosed. The set-up should start automatically. In case it does
not, use the Explorer to start the set-up manually.
Note: Please quit all running programs before starting the set-up,
because the PC will automatically reboot once the set-up has been
executed.
Step 2: Shutting down the Computer
Setup will now cause your computer to shut down. Please switch off your
computer off as soon as it has shut down.
KOBIL Smart Card Terminal Manual
Page
10
Step 3: Connecting the Smart Card Terminal
There are two options for connecting the KAAN Standard Plus / SecOVID
Reader Plus to your PC:
a)
Use the USB cable enclosed to connect the base station of the smart card
terminal to a free USB port of your PC (cf. Image 2). Afterwards, place the
smart card terminal in the base station. When doing so, make sure that the
triangular markings on the smart card terminal are exactly aligned with those
of the base station (cf. Image 4 below).
Image 2
b) Use the USB cable enclosed to connect the smart card terminal directly to a
free USB port at your PC (cf. Image 3).
Image 3
Note: If you are using a USB hub, please make sure that it is a socalled “powered hub” complete with its own power supply.
KOBIL Smart Card Terminal Manual
Page
11
Step 4: Rebooting your Computer
Please switch your computer back on now. After the start of Windows the setup will resume automatically and conclude the installation.
Note: Under Windows 2000 and Windows XP it can happen that a
warning message regarding the digital signature of the drivers is
being displayed. You may simply skip his warning message by
clicking on “Continue Installation.”
How to Insert the Smart card:
Thanks to its card tray, the KAAN Standard Plus / SecOVID Reader Plus
allows you to insert both smart cards of credit card size (ID-1 format) and
smaller SIM cards (ID-000 format).
Before inserting a “normal” smart card, please make sure that the tray has
been removed from the device. Now insert the card with the chip (goldcolored) head-first into the smart card terminal (cf. Image 4).
Image 4
KOBIL Smart Card Terminal Manual
Page
12
In order to insert a small-format SIM card, please remove the tray. The SIM
card can only be placed in the tray in one position. Make sure when emplacing
the card that the card contacts remain visible. Afterwards, reinsert the
emplaced card into the device (cf. Image 5).
Image 5
Function of the ‘C’ Button
During the secure PIN input, or during PIN change via the keyboard of the
KAAN Standard Plus / SecOVID Reader Plus, the ‘C’ button serves the
purpose of deleting the digit last entered. Pressing the ‘C’ button before any
digit has been entered, or after all entered digits have been deleted, will cause
the entire process to abort.
KOBIL Smart Card Terminal Manual
Page
13
4.3.2 Product: KAAN Standard Plus serial / SecOVID Reader Plus serial
Note: Before connecting the KAAN Standard Plus / SecOVID Reader Plus
you will have to install the drivers!
Step 1: Installing the Drivers
Start your PC. The smart card terminal has not yet been connected. Insert
the driver CD enclosed. The set-up should start automatically. If it does not,
use the Explorer to start the set-up manually.
Note: Please quit all running programs before starting the set-up,
because the PC will automatically reboot once the set-up has been
executed.
Step 2: Shutting down the Computer
The set-up will now shut down your computer. Please switch your computer off
as soon as it has shut down.
Step 3: Connecting the Smart card Terminal
First of all, please make sure that your PC is switched off, otherwise you might
damage the PS/2 port if the Reader is plugged in or out while the PC is up and
running.
KOBIL Smart Card Terminal Manual
Page
14
You have two options for connecting the smart card terminal to your PC:
a) Connect the base station of the smart card terminal to the serial
interface (COM1 or COM2) of the PC (nine pin socket). The power is
supplied through a PS/2 adapter which is looped in the PS/2 socket of
keyboard or mouse, that is, the adapter is plugged directly into the PC
and the keyboard or mouse into the adapter (cf. Image 6). Afterwards,
place the smart card terminal in its base station. Make sure when doing
so that the triangular markings are exactly aligned with those of the
base station (cf. Image 8 below).
Image 6
b) Use the Y cable enclosed to connect the smart card terminal directly to
the serial interface (COM1 or COM2) of the PC (nine pin socket). The
power is supplied through a PS/2 adapter which is looped in the PS/2
socket of the keyboard of the mouse, that is, the adapter is plugged
directly into the PC and the keyboard or mouse into the adapter (cf.
Image 7).
Image 7
Mouse or Keyboard
KOBIL Smart Card Terminal Manual
Page
15
If your computer does not come with a PS/2 port, get an adapter at your
electronics dealer’s.
Step 4: Rebooting the Computer
Please switch your computer back on now. After the Windows start the set-up
will automatically resume and conclude the installation.
Note: Under Windows 2000 and Windows XP it may happen that a
warning message regarding the digital signature of the drivers is
displayed. You may simply skip his warning message by clicking on
“Continue Installation.”
How to Insert the Smart card:
Thanks to its card tray, the KAAN Standard Plus / SecOVID Reader Plus
allows you to insert both smart cards of credit card size (ID-1 format) and
smaller SIM cards (ID-000 format).
To insert a “normal” smart card, please make sure that the tray has been
removed from the device. Then insert the card with the chip (gold-colored)
head-first into the top of the smart card terminal (cf. image 8).
Image 8
KOBIL Smart Card Terminal Manual
Page
16
In order to insert a small-format SIM card, please remove the tray. The SIM
card can only be placed in the tray in one position. Make sure when emplacing
the card that the card contacts remain visible. Afterwards, reinsert the
embedded card into the device (cf. Image 9).
Image 9
Function of the ‘C’ button
During the secure PIN input, or during PIN change via the keyboard of the
KAAN Standard Plus / SecOVID Reader Plus, the ‘C’ button serves the
purpose of deleting the digit last entered. Pressing the ‘C’ button before any
digit has been entered, or after all entered digits have been deleted, will cause
the entire process to abort.
KOBIL Smart Card Terminal Manual
Page
17
4.4 Installing the Software
If you wish to install drivers, the new smart card terminal should not yet be
connected.
Insert the drivers CD enclosed. The set-up should start automatically. If it does not,
please use your Explorer to start the file “setup.exe” manually on your data medium
(diskette or CD-ROM). Select the software of your choice and follow the steps as
displayed on the screen.
Note: Please quit all running program before starting the driver set-up,
because your PC will automatically reboot after executing the driver setup.
Download updated version of the driver software under. www.kobil.com.
Optionally, you may install the files for software development in your workstation.
You will need these files only if you intend to develop applications for accessing and
using the smart card terminal. To this end you will have to install the corresponding
header files CT_API.H and the corresponding import library and DLL into any
directory.
KOBIL Smart Card Terminal Manual
Page
18
5 Security-relevant Functions
The KOBIL smart card terminals KAAN Standard Plus and SecOVID Reader Plus are
intended for deployment in the customer’s domestic sphere and at non-public work
places. They are explicitly not intended for unsupervised public usage.
The smart card terminals come with several security-relevant functions designed to
protect you as a user. From this perspective it is important for you to verify that the
smart card terminal has not been subject to manipulation.
Please see for yourself that none of the three security labels (Image 10: Security
Label) has been removed or destroyed (Image 1: Arrangement of Buttons and
Security Labels). This is the only way to guarantee that the smart card terminal is
functioning properly. The security labels are printed on a special film, making it
impossible to remove a given label without destroying it. Another security feature is
the special imprint. When exposed to UV light, the lettering “KOBIL” will become
visible. The security labels are designed to protect you as customer against
unauthorized manipulation of the hardware and/or software of the smart card
terminal.
Image 10: Security Label
Please make sure before taking any security-relevant functions into operation
that your KOBIL smart card terminal is equipped with a certified firmware for
the purpose. The respective firmware version is identified on the label in the
back of the smart card terminal.
KOBIL Smart Card Terminal Manual
Page
19
KOBIL Smart Card
Terminal
Certification / Evaluation Versions
SecOVID Reader Plus1
ITSEC “E2-high,”
confirmed in compliance with the
German Signature Act (SigG)
FW: 02101612
KAAN Standard Plus
ITSEC “E2-high,”
confirmed in compliance with the
German Signature Act (SigG)
FW: 02101652
Table 2: Certified Firmware Versions of KOBIL Smart card Terminals
Replacing the batteries: In case the batteries of your SecOVID Reader Plus need
to be replaced, you can request KOBIL Systems GmbH to take care of it against a
charge. In the process, the batteries and the label on the battery compartment will be
replaced. To this end, you will find a corresponding order form on our homepage
http://www.kobil.com. Please note that the battery will only be replaced by KOBIL if
all security labels are intact.
1
The SecOVID functionality of the SecOVID Reader Plus as described in Chapter 5.3 was not part of
the ITSEC-Evaluation.
KOBIL Smart Card Terminal Manual
Page
20
5.1 Secure PIN Input
The smart card terminal KAAN Standard Plus / SecOVID Reader Plus (in the online
mode) supports the secure input of your smart card PINs. This application allows
you, for instance, to enter the PIN (personal identification number) of your smart card
– such as for smart cards compliant with the German Signature Act – directly at the
smart card terminal. The advantage of doing so is that no virus or malicious software
can intercept the PIN on your PC. Make sure when buying security-relevant software
that it supports secure PIN input according to the MKT standard.
The character 'P’ followed by a sequence of vertical bars in the lower half of the
display will prompt you to enter your PIN. Whenever a digit is entered the next
vertical bar (from left to right) will move into the upper half of the display.
Image 11: Sequence of Secure PIN Input
Image 11 shows the sequence of the secure PIN entry. Secure PIN input is indicated
when the letter ‘P’ is followed by a sequence of fourteen vertical bars in the lower half
of the display (cf. Image 11).
Whenever you see the letter ‘P,’ followed by a sequence of fourteen
vertical bars in the lower half of the display, you can safely enter your PIN
through the keyboard of the smart card terminal. Never enter your PIN into
the keyboard of the smart card terminal if your display shows a different
message.
KOBIL Smart Card Terminal Manual
Page
21
Always be sure to enter the PIN unobserved in order to prevent others from
intercepting your PIN.
To keep your PIN secret, it must not be shared with anyone, or noted on the
smart card terminal or any other place.
You may correct your input by using the ‘C’ button. If necessary, you will have to
confirm the input of the PIN with the confirmation button. To view the arrangement of
the buttons, confer Image 1.
5.2 Secure PIN Change
The smart card terminal KAAN Standard Plus SecOVID / Reader Plus (in the online
mode) supports the secure input of your smart card PINs. This application allows
you, for instance, to enter the PIN of your smart card – such as for smart cards
compliant with the German Signature Act – directly at the smart card terminal. The
advantage here is that no virus or malicious software can intercept the PIN on your
PC. Make sure when buying security-relevant software that it supports secure PIN
changes according to the MKT standard.
Image 12 shows the procedure for secure PIN change. Like the previous procedure,
the secure changing of your PIN is equally indicated by a ‘P’ followed by a sequence
of fourteen vertical bars in the lower half of the display (cf. Image 12).
First, you will have to enter your old PIN into the keyboard of the smart card terminal
(on display: a ‘P,’ followed by a sequence of fourteen vertical bars in the lower half of
the display). Next, enter your new PIN twice (on display: an ‘N’ plus a superior ‘1’
during the first input, and an ‘N’ plus a superior ‘2’ for the retyped input). If you enter
your old PIN incorrectly, or if you fail to retype the new PIN correctly, the process will
abort, and the PIN will remain unchanged.
The input can be corrected with the ‘C’ button. You may possibly have to confirm the
PIN input with the confirmation button. To view the arrangement of buttons, please
confer Image 1.
Whenever you see the letter ‘P’ (and subsequently an ‘N’ with a superior
‘1’ or ‘2’), followed by a sequence of fourteen vertical bars in the lower half
of the display, you can safely enter your PIN through the keyboard of the
smart card terminal. Never enter your PIN through the keyboard of the smart
card terminal if your display shows a different message.
Always be sure to enter the PIN unobserved in order to prevent others from
intercepting your PIN.
To keep your PIN secret, it must not be shared with anyone, or noted on the
smart card terminal or any other place.
KOBIL Smart Card Terminal Manual
Page
22
Image 12: Sequence of Secure PIN Change
Break
KOBIL Smart Card Terminal Manual
Page
23
5.3 SecOVID
The SecOVID Reader Plus supports the authentication system SecOVID made by
KOBIL Systems. The following section describes the deployment of the smart card
terminal in combination with this authentication system. If you are not using the
SecOVID authentication system, you may skip this part. The SecOVID functionality of
the smart card terminal is provided only in combination with a SecOVID
authentication system.
There are two ways of generating SecOVID one-time passwords: in the online mode
and in the offline mode. Your choice of mode to be used depends on the type of
SecOVID system installed on your workstation. When in doubt, please contact your
system administrator.
KOBIL Smart Card Terminal Manual
Page
24
5.3.1 SecOVID Online Mode
This mode presupposes that a special application software is installed on your
computer that will initiate the application SecOVID on your smart card terminal.
As soon as a one-time password needs to be generated for a given authentication
process, the display will show the character ‘P,’ prompting you to insert your
SecOVID smart card and to enter your smart card PIN. Next, the secure PIN input
(confer Section 0) is used to accept the PIN of your SecOVID smart card. If your
SecOVID-secured application supports more than one generator, the proper
generator will automatically be selected and will not need to be defined. The
SecOVID one-time password will then be passed on to the application you called. No
further input will be required from you. The complete procedure is displayed in Image
13. There, you will also find possible error messages.
Image 13: SecOVID Online Sequence
KOBIL Smart Card Terminal Manual
Page
25
5.3.2 SecOVID Offline Mode
In this mode, the smart card terminal can autonomously generate a SecOVID onetime password without having to be initiated by a special application software from
your computer.
If the smart card terminal is connected to your PC, SecOVID cannot be
executed in the offline mode!
Since the SecOVID Reader Plus comes with a battery, it does not have to be
connected to a PC in order to generate SecOVID one-time passwords.
Once the SecOVID Reader Plus has been disconnected from the PC it is
automatically in the offline mode. Next, the device will display a message of the kind
shown in Image 14. As soon as a smart card is inserted, it will show the string
‘0P000000,’ prompting you thereby to enter your PIN. The ‘0’ preceding the ‘P’
indicates that the SecOVID generator ‘0’ has been selected.
Use the key combination of “F” plus a digit button (for the number of the respective
generator) to select another SecOVID generator, where applicable. The default
setting is always generator 0. Contact your system administrator to find our whether
your system is using a generator, and if so, which one it is using.
Use the confirmation button to start the calculation of the one-time password. Next,
the smart card terminal will display the new one-time password that you can adopt for
your SecOVID-secured application (retype into respective keyboard).
Use the key combination of “F” and “C” to change the PIN of your SecOVID smart
card. The cancel button will cause the SecOVID offline process to abort.
For a graphic representation of the sequences in the offline mode confer Image 14.
KOBIL Smart Card Terminal Manual
Page
26
Image 14: SecOVID Offline
KOBIL Smart Card Terminal Manual
Page
27
6 System Overview
Thanks to the CPU integrated into the card terminal, one single driver suffices to
address the most diverse smart card types. The implementation of the protocol
interfaced between smart card terminal and card is effected in transparent form, so
that merely the protocol for the PC input needs to be defined (KSS – confer Chapter
2 Abbreviations). A description of this protocol is available from KOBIL Systems upon
request. Values deviating from the default settings of the transmission parameters
can be set with the help of an application command (‘Select Parameter’) from the
API.
Image 15: System Overview
2
During operation you can switch back and forth among different types of smart cards,
i.e. diverse applications can be operated with the same hardware. At present, smart
cards using the following protocols are supported:
2
Synchronous protocols are not supported by the SecOVID Reader Plus.
KOBIL Smart Card Terminal Manual
Page
28
Protocol Reference
T=0 ISO 7816-3
T=1 ISO 7816-3 Amd. 1
2 wire protocol 3 Siemens data sheet SLE 4432 and SLE 4442
3 wire protocol 3 Siemens data sheet SLE 4418 and SLE 4428
I2C Bus 3
Phillips data sheet PCF8582E-2
Telephone cards 3 SLE 4401, SLE 4402, SLE 4403, SLE 4433
Table 3: Supported Protocols
The flexible addressing of the T=1 protocol allows you to address various
components of the card reader with the same ISO 7814-4-structured commands.
Image 16: Addressing the Card Reader Components via the API
3
Not supported by SecOVID Reader Plus.
KOBIL Smart Card Terminal Manual
Page
29
7 The CT–API
The CT-API – being an application-independent Card Terminal Application
Programming Interface for smart card applications – is subject to the copyrights held
by the following authors, from whom further documentation and amendments can be
obtained:
German Telekom AG / T-TeleSec
Fraunhofer Institute Sichere Telekooperation
TÜV Informationstechnik GmbH
TELETRUST Deutschland e.V.
The proper implementation for this smart card terminal is based on version 1.1, dated
October 14, 1998. The CT-API is subsequently quoted in excerpts. A full version may
be downloaded from the internet under the address http://www.ct-api.de.
The software included in the package contains a CT-API driver in the form of a
Windows DLL (for 32 bit). This must be interlinked with your own applications. The
versions for Solaris, Linux, and other operating system are also found on the
enclosed CD.
7.1 Functions
The Card Terminal Application Programming Interface (CT-API) provides three
functions used to communicate with the smart card terminal on the application layer.
CT-API Funktion Significance
CT_init Initializing the PC- and smart card terminal interface
CT_data Sending commands to the smart card terminal or to the smart card, respectively.
CT_close Quitting the communication
Table 4: CT-API Functions
KOBIL Smart Card Terminal Manual
Page
30
7.2 CT_init
Use this function to select the serial (or USB) interface, needed for communication
purposes, to which the card reader is connected. The default settings for
communication are automatically set. The CT_init function should be called during
the start of each program.
If an error occurs during the initialization of the interface, the function will return the
value -1, otherwise the value 0.
Function:
char CT_init(unsigned short ctn, unsigned short pn)
Parameters:
Parameter Name Parameter Type Significance
ctn Input parameter Logical card terminal number
pn Input parameter Interface
(port number)
Table 5: Parameters for CT_init
For return code, confer Table 9.
KOBIL Smart Card Terminal Manual
Page
31
7.3 CT_data
This function serves the sending of card control- or card reading application
commands, and it will return the response to the command back to the called
program.
Function:
char CT_data(unsigned short ctn, unsigned char *dad, unsigned char *sad,
unsigned short lenc, unsigned char *command, unsigned
short *lenr,
unsigned char *response)
Parameters:
Parameter Name Parameter Type Significance
ctn Input parameter Card terminal number 0 - 255
dad
Input- outputparameter
Destination address
(confer Table 7)
sad
Input- outputparameter
Source address (confer Table 7)
lenc Input parameter Length of command in bytes
command Input parameter CT control- or application command
lenr
Input outputparameter
Length of the response in bytes
response Input parameter Response to the command
Table 6: Parameter for CT_data
Device Addresses (dad, sad):
Address Value Device
0 ICC (smart card)
1 CT (smart card terminal)
2 HOST (PC)
3 ICC 2 (second smart card) (not implemented)
4 Security module (not implemented)
5 REMOTE HOST (not implemented)
Table 7: dad / sad Device Addresses
For return codes, confer Table 9.
KOBIL Smart Card Terminal Manual
Page
32
7.4 CT_close
This function will terminate the communication with the card reader and release the
interface. It must be called up when quitting the program.
Function:
char CT_close(unsigned short ctn)
Parameters:
Parameter name Parameter type Significance
ctn Input parameter Logical card terminal number
Table 8: Parameters of CT_close
For return codes, confer Table 9.
7.5 General Return Codes of the CT-API Functions
The return codes of all functions are homogenously listed in the following table:
Return Code Value Significance
OK 0 Function call-up was successful
ERR_INVALID -1 Invalid parameter or value
ERR_CT -8 CT error (terminal not operational)
ERR_TRANS -10 Irremediable transmission error
ERR_HTSI -128 Host transport service interface error
Table 9: Return Codes of the CT-API Functions
KOBIL Smart Card Terminal Manual
Page
33
7.6 Using the CT-API: The Example of the Public Health Insurance Card
The following example demonstrates the use of the functions CT_init, CT_data as
well as CT_close (without discussing the return codes). One C++ exemplary project
is found on the enclosed CD, or can be obtained from KOBIL Systems upon request.
/* Example of Reading a Public Health Insurance Card */
#include <windows.h> /* platform-specific */
#include <stdio.h>
#include "ct_api.h"
int main(void)
{
unsigned char sad, dad; /* source address, destination
address, are transmitted as pointers
so that these can be evaluated
as responses as well */
unsigned char response[300]; /* field for the response of the
function */
unsigned char command[300]; /* Commands have a maximum length of 300
characters here */
int i;
unsigned int lenr;
int ct_port = 2; /* Example: COM 2 */
int ctn = 1; /* first terminal */
/* Select logical terminal number and port COM2 */
if(CT_init(ctn, ct_port) != OK) { /* Return Code OK ? */
printf(“\nCard reader cannot be reached. Port?”);
return(1); /* Quit program */
}
/* RESET CT */
sad = 2; /* source = Host (PC) */
dad = 1; /* destination = CardTerminal
(card reader) */
lenr = sizeof(response); /* Set maximum length of response */
command[0] = 0x20; /* CLA */
command[1] = 0x11; /* INS */
command[2] = 0x00; /* P1 */
command[3] = 0x00; /* P2 */
command[4] = 0x00; /* LEN */
/* Call up function CT_data and display return code */
printf("Reset CT return code: %d\nSW1-SW2:", CT_data(ctn, &dad,
&sad, 5, command, &lenr, response));
KOBIL Smart Card Terminal Manual
Page
34
/* issue response */
for(i=0;i<lenr;i++)
printf("%02x ",response[i]);
printf("\nPlease insert card and press button!\n");
getch();
/* RESET ICC */
sad = 2; /* source = Host (PC) */
dad = 1; /* destination = CardTerminal */
lenr = sizeof(response); /* maximum length of response */
command[0] = 0x20; /* CLA */
command[1] = 0x12; /* INS */
command[2] = 0x01; /* P1 */
command[3] = 0x01; /* P2 */
command[4] = 0x00; /* LEN */
printf("Reset ICC return code:%d\nSW1-SW2:", CT_data(ctn, &dad,
&sad, 5, command, &lenr, response));
for(i=0;i<lenr;i++)
printf("%02x ",response[i]);
/* READ BINARY */
printf("\n\nKVK Data:\n");
sad = 2; /* source = Host (PC) */
dad = 0; /* destination = card */
lenr = sizeof(response); /* maximum length of response */
command[0] = 0x00; /* CLA */
command[1] = 0xb0; /* INS */
command[2] = 0x00; /* P1 */
command[3] = 0x00; /* P2 */
command[4] = 0x00; /* Le */
printf("Read binary return code:%d\nData:",CT_data(ctn, &dad,
&sad, 5, command, &lenr, response));
for(i=0;i<lenr;i++)
printf("%02x ",response[i]);
/* DEACTIVATE ICC */
sad = 2; /* source = HOST */
dad = 1; /* destination = CardTerminal */
lenr = sizeof(response); /* maximum length of response */
command[0] = 0x20; /* CLA */
command[1] = 0x14; /* INS */
command[2] = 0x01; /* P1 */
command[3] = 0x00; /* P2 */
printf("\n\nDeactivate return code:%d\nSW1-SW2:",CT_data(ctn,
&dad, &sad, 4, command, &lenr, response));
for(i=0;i<lenr;i++)
printf(" %02x ", response[i]);
/* Close interface */
printf("\nCT_close return code:%d\n",CT_close(ctn));
printf("\nRemove Card!");
return(0);
}
KOBIL Smart Card Terminal Manual
Page
35
8 Tag Length Value (TLV) Representation
8.1 Set-up of a TLV Field
A TLV representation is frequently used for coding the files of smart cards as well as
of card readers. This form of representation is set up homogeneously according to
the following structure.
Tag LEN Value
1 byte 1 or 3 byte(s) LEN bytes
8.2 Coding Rules
Tags
Tags represent values of a single byte in the range of 0 through 254. The value 255
is reserved for future extensions. The defined tags have the same significance for all
files and commands of the car reader.
Length
Length is coded in one or three bytes. If the value of the first byte is somewhere in
the range between 0 and 254, this reflects the length. The value 255 indicates that
the subsequent two bytes will state the length in the form of Hi-Byte, Lo-Byte.
Value
The value field uses various coding rules that are precisely defined for the tag.
IA5
A sequence of IA5 (ASCII) characters whose length is defined by the length field.
Integer
The integer value is two bytes in length, coded in the two’s complement.
Enumeration
A string of bytes.
Matrix
The subsequent bytes are interlinked as table.
KOBIL Smart Card Terminal Manual
Page
36
8.3 Coding the Tags
The contents of the TLV files is precisely defined by the tag definition and
corresponding values. At present, only the tags and values highlighted in color are
used by the KAAN Standard Plus and the SecOVID Reader Plus.
Tag Value
Value Significance Coding Rules Value Significance
'01' Version IA5
'02'
Module
(if a
given value exists
more than once,
the respective
module is also
available more
than once.)
Enumeration '00' ICC module
'01' CT file system
’0F’ VK module
'20' Read-only protection for public health insurance cards
'10' Freeze
'30' Serial switch-on of the CT
'40' Software update
'80' EMV module
'03' Memory size Integer
(The module to which the memory size relates is identified by the context)
'08' Update key Integer Index of keys for software updates
'0E'
Card terminal
number (CTN) /
Port
assignment
(This tag may
appear more than
once if the driver
supports several
ports and CTs.)
Matrix 1. byte = card terminal number
2. byte = physical port
3. byte = type of interface
'01' = serial interface
'02' = parallel interface
'03' = PC card (PCMCIA)
'04' = USB
'0F'
Software
revision
IA5
'10'
Host / CT
Protocol
Enumeration '00'
Protocol in accordance with Telesec layer 1, layer 2
Specification
'FE' Manufacturer-specific
'FF' reserved
‘11’ Baud rates Enumeration ‚00’ 9600 Baud
‚01’ 19200 Baud
‚02’ 28800 Baud
‚03’ 38400 Baud
‚04’ 57600 Baud
KOBIL Smart Card Terminal Manual
Page
37
‚05’ 115200 Baud
‚06’ 64000 Baud
07’ 12800 Baud
‘12’
Options for
character
components
Enumeration ‘00’ Default value
(9600 baud, 8 data bit, 1 stop bit, even parity)
‘01’ 1 stop bit
‘02’ 2 stop bits
‘03’ No parity
‘04’ Even parity
‘05’ Odd parity
‘10’ CWT may be changed
‘11’ BWT may be changed
‘13’
Options for
block
components
Enumeration ‘00’ LRC
‘01’ CRC
‘1C’ IFSC Integer Length of information field for the reception of CT
‚1D’ IFSD Integer Length of information field for the reception of the HOST (PC)
‚1E’ CWT Integer CWT in ms
‘1F’ BWT Integer BWT in ms
‚20’
Physical
properties of
the smart card
reader unit
Enumeration ‚10’ Ejector
‘30’ Locking mechanism
‘40’ Mini ICC
‘80’ Uni-colored LED
‘81’ Bi-colored LED
‘90’ Acoustic signal
‘A0’ Transparent mode is supported
‘21’
Status of smart
card reader unit
Enumeration ‘00’ no ICC inside the reader unit
‘01’ ICC in reader unit, not activated
‘02’ ICC in reader unit, electrical interface activated
‘80’ Default behavior of the LED
‘81’ Color 1 on / LED 1 off
‘82’ Color 2 on / LED 2 off
‘89’ Color 1 on / LED 1 on
‘8A’ Color 2 on / LED 2 on
‘90’ Acoustic signal off
‘98’ Acoustic signal on
‘A0’ Transparent mode active
‘22’
CT / ICC
protocols
Enumeration ‘00’ No protocols
‘01’ T=0 protocol
KOBIL Smart Card Terminal Manual
Page
38
‘02’ T=1 protocol
‘03’ T=14 protocol
m ‘80’
I2C bus protocol
‘81’ 3-wire bus
‘82’ 2-wire bus
‘90’ Smart card type 4401
‘91’ Smart card type 4402
‘92’ Smart card type 4403
‘93’ Smart card type 4433
‘23’ DI byte Parameters for PTS in compliance with ISO 7816-3
‘24’ FI byte Parameters for PTS in compliance with ISO 7816-3
‘25’ PTS parameter Enumeration ‘00’ Extra guard time (N=255)
‘26’ Protocol status byte ‘00’ Not ready
‘01’ PTS
‘02’ Ready
‘03’ Active
‘04’ Error
‘05’ Fatal error
‘27’
Protocol
parameter
Enumeration t.b.d.
‘30’ Freeze events Enumeration ‘01’ ICC in contact unit 1
‘02’ ICC in contact unit 2
‘03’ no ICC in contact unit 1
‘04’ no ICC in contact unit 2
‚40’ Bit length Integer Bit length in machine cycles
‚41’ CGT Integer CGT in etu
‚42’ BWT Integer BWT in machine cycles
‚43’ CWT Integer CWT in machine cycles
‚44’
Protocol
parameter in
transparent
mode
Enumeration ‚00’ Direct convention
‘01’ Indirect convention
‘02’
Switch on error management in compliance with
ISO 7816-3 6.1.3
‘03’
Switch off error management in compliance with
ISO 7816-3 6.1.3
‘04’ Switch on ‘Active Low Reset’
‘05’ Switch off ‘Active Low Reset’
'45'
Behavior under
ISO/EMV
Enumeration '00' ISO
'01' EMV
Table 10: Coding the Tags
KOBIL Smart Card Terminal Manual
Page
39
9 The Smart card Terminal File System
The smart card terminal (CT) file system serves the representation and configuration
of special properties of smart card terminals. In the cases of the KAAN Standard Plus
and the SecOVID Reader Plus, it is entirely simulated in the CT-API DLL
(CT32.DLL). It has a hierarchical set-up and the following properties:
• You can assign reading and/or writing privileges to files or directories.
• You can assign a password to any file or any directory in order to protect the
reading- and/or writing access. The length of the password is limited to 256
bytes.
• The length of files or directories is limited to 65,535 bytes.
• Aside from normal files, special files controlling the device access are supported
as well.
The file system always contains an active file that is referenced for the commands
'Read Binary', 'Write Binary', 'Erase Binary' and 'Verify'. The active file is selected
with the command ‘Select File.’ The active file can also be a directory. After the reset
the master file is set as active file.
9.1 File Control Information
The file control information consists of 10 bytes, and has the following structure:
Byte Significance Coding
1 -2 Current size 16 Bit binary
3 -4
Size of the memory
reserved
16 Bit binary
5.00 Displays (Flags) Bit 1 (LSB) Writing access is password-protected
Bit 2 Writing access
Bit 3 Reading access is password-protected
Bit 4 Reading access
Bit 5 Password verified
Bit 6 0 (reserved)
Bit 7 0 (reserved)
Bit 8
(MSB)
File is a directory
6.00 Reserved At present 0
7 - 8 Internal use 16 Bit binary (pointer)
9 - 10 Internal use 16 Bit binary (pointer)
Table 11: Coding the Data Control Information
The file control information is displayed in the response for the ‘Select File’command.
KOBIL Smart Card Terminal Manual
Page
40
9.2 Directories
Directories are special files the system needs in order to be able to manage and
structure the data. They contain directory entries describing the files and sub
directories they contain. A directory entry consists of five bytes, and has the following
structure:
Byte Significance Coding
1 - 2 ID 16 Bit binary
3 Displays (flags) Bit 1 (LSB) File is stored in the ROM
Bit 2 File is stored in the RAM
Bit 3 0 (reserved)
Bit 4 0 (reserved)
Bit 5 0 (reserved)
Bit 6 0 (reserved)
Bit 7 0 (reserved)
Bit 8
(MSB)
0 (reserved)
4 - 5 Internal use 16 Bit binary (pointer)
Table 12: Coding the Directory Entries
The first entry of a given directory refers to the super-ordinate directory (parent). At
the root of the file system – which is the master file – the master file itself serves as
super-ordinate directory. Directories can be read like normal files, but not be
inscribed by the user. At any time, the file system has an active directory that the
command ‘Select File’ causes to be searched. If a file that is a directory is selected
under ‘Select File’-command, the file becomes the active directory. A reset will set
the master file to be the active directory.
KOBIL Smart Card Terminal Manual
Page
41
9.3 Hierarchical Set-up
The card reader file system consists of the files listed in Table 13.
Master File, ID = 3F 00
CT configuration file, ID = 00 20
CT directory, ID = 7F 60
HOST / CT configuration file, ID = 60 20
HOST / CT status file, ID = 60 21
Freeze configuration file, ID = 60 30
Freeze status file, ID = 60 31
ICC1 directory, ID = 7F 70
ICC1 configuration file, ID = 70 20
ICC1 status file, ID = 70 21
ICC2 directory, ID =7F 71
ICC2 configuration file, ID= 71 20
ICC2 status file, ID = 71 21
KAAN smart card terminals (including
corresponding drivers) that are able to
handle two smart cards are available from
KOBIL Systems as an option.
Files that can be addressed directly in the host driver:
Host configuration file ID = FF 10
Host status file ID = FF 11
Table 13: Card Reader File System
One needs to differentiate between configuration files and status files. Configuration
files describe the properties of the card reader, of a module, or of a function unit.
They are not writable, and their contents will not change. Status files show the status
of the card reader, of a given module, or of a function unit. They are not writable.
Their contents will change along with their status.
9.4 HOST Configuration File
The HOST configuration file describes the HOST driver, and is therefore located at
the PC end while being addressed directly by the DAD = 01.
HOST Configuration File
ID = FF 10 Description of the configuration and the properties of the HOST driver.
Tag Significance
'01' Driver version
'02' Available hardware- and software modules
Table 14: HOST Configuration File
KOBIL Smart Card Terminal Manual
Page
42
9.5 HOST Status File
The HOST status file describes the HOST driver status, and is therefore located at
the PC end while being directly addressed by the DAD = 01. The tag ‘0F’ may occur
more than once if the driver supports more than one card reader. It describes the
interface type (serial port) with the corresponding port that has been assigned to the
card terminal number (CTN).
HOST Status File
ID = FF 11 Description of the configuration and the properties of the HOST driver.
Tag Significance
'0F'
Matrix for the representation of the link between the logical card terminal number, the physical port,
and the type of interface.
'1C' IFSC - information field size for reception at the card reader end.
'1D' IFSD - information field size for reception at the host end.
Table 15: HOST Status File
9.6 CT Configuration File
CT Configuration File
ID = 00 20 Description of the configuration and the properties of the card reader.
Tag Significance
'01' Card terminal version
'02' Available hardware- and software modules
'03' Card terminal RAM size
'0E' Software revision
Table 16: CT Configuration File
KOBIL Smart Card Terminal Manual
Page
43
9.7 HOST / CT Configuration File
The tags '11', '12' und '13' may occur more than once, in which case they apply to the
previously identified type of protocol. If the tags are listed ahead of a given protocol,
they apply to all protocols.
HOST / CT Configuration File
ID = 60 20 Description of supported properties at the HOST / CT interface.
Tag Significance
'03' Size of protocol buffer
'10' Supported protocols
'11' Supported baud rates
'12' Options for the character component
'13' Options for the block component
'1E' CWT
'1F' BWT
Table 17: HOST / CT Configuration File
9.8 HOST / CT Status File
HOST / CT Status File
ID = 60 21 Set parameters of the HOST / CT interface
Tag Significance
'03' Size of the protocol buffer
'10' Supported protocols
'11' Baud rate
'12' Options for the character component
'13' Options for the block component
'1E' CWT
'1F' BWT
Table 18: HOST / CT Status File
9.9 Freeze Configuration File
Freeze Configuration File
ID = 60 30 Description of the supported freeze options
Tag Significance
'30' Freeze options
Table 19: Freeze Configuration File
KOBIL Smart Card Terminal Manual
Page
44
9.10 Freeze Status File
The free status is erased by a freeze command. After the termination of the freeze
command, the freeze status will identify the event that terminated the freeze
command.
Freeze Status File
ID = 60 31 Freeze status
Tag Significance
'30' Freeze option that terminated the previous freeze command
Table 20: Freeze Status File
9.11 ICC Configuration File
ICC Configuration File
ID = 70 20 Description of the supported properties of the ICC1 interface
ID = 71 20 Description of the supported properties of the ICC2 interface
Tag Significance
'03' Size of the protocol buffer
'20' Supported options
'22' Supported protocols
Table 21: ICC Configuration File
9.12 ICC Status File
ICC Status File
ID = 70 21 Status at the ICC1 interface
ID = 71 21 Status at the ICC2 interface
Tag Significance
'03' Size of protocol buffer
'21' Status of the smart card reading unit
'22' Protocol
'23' DI parameters for PTS
'24' FI parameters for PTS
'25' PTS parameters
'26' Protocol status
'27' Protocol parameters
Table 22: ICC Status File
KOBIL Smart Card Terminal Manual
Page
45
10 Application Commands
All commands issued to the card terminal require the structure of the CT-API that
was specified for the public German healthcare system. The application commands
subdivide into commands for card terminals (CT) and commands for smart cards
(ICC). The CT commands are characterized by the fact that the destination address
(DAD) is set to the value ‘01.’ The ICC application commands have the destination
address ‘00’, provided a smart card is inserted in contact unit 1.
In the case of card terminals having several switching options, the noncommunicating interfaces are deactivated by sending a command.
10.1 CT Application Commands
The syntax of the commands and the responses complies with ISO 7816-4. The
commands also support the expanded file format. The command structure, as well as
the response structure, are represented in the two following tables:
Header (mandatory) Body (optional)
CLA INS P1 P2 Lc Data Le
Command
class
Command Parameter 1 Parameter 2 Command length Data Expected length of response
Table 23: Command Structure
Body (optional) Trailer (mandatory)
Data SW1 SW2
Data Status byte 1 Status byte 2
Table 24: Response Structure
KOBIL Smart Card Terminal Manual
Page
46
10.2 Command Overview
The following table provides an overview of the commands and their coding.
Command Coding
CLA INS P1 P2 Lc Parameters Le
Erase Binary '00' '0E' offset var. var. -
Verify '00' '20' '00' '00' var. PIN -
Select File '00' 'A4' '00' '00' 2,00 File ID -
Read Binary '00' 'B0' offset - - var.
Write Binary '00' 'D0' offset var. data -
Reset '20' '10' device rsp. type - - var.
Reset CT '20' '11' device rsp. type - - -
Request ICC '20' '12' device var. var. Time in sec. -
Get Status '20' '13' device var. - - -
Deactivate ICC '20' '14' device '00' - - -
Eject ICC '20' '15' device var. var. Time in sec. -
Input '20' '16' '50' var. var. Parameters var.
Output
'20' '17' '40' '00' var. Parameters -
Perform Verification '20' '18' device '00' var. Parameters -
Modify Verif. Data '20' '19' device
'00'
var. Parameters -
Reset1 '20' '1F' device rsp. type - - var.
Set Interf. Parameter '80' '60' device '00' var. Parameters -
Freeze '80' '70' '00' '00' var. freeze events -
Wait Freeze '80' '71' var. var. - Timeout -
Table 25: Command Overview of CT Application Commands
KOBIL Smart Card Terminal Manual
Page
47
10.3 Status Bytes SW1 and SW2
The response syntax complies with ISO 7816-4. The coding of SW1 and SW2 also
complies with ISO 7816-4 as far as possible. However, expansions have been
realized in order to be able to signalize error causes in a more differentiated manner.
The following tables provides an overview of the general displays provided by SW1
and SW2 as well as their causes. These displays can appear as result of any CT
application command. The command-specific displays in SW1 and SW2 are
elaborated in the representation of the individual commands.
SW1 SW2 Significance Possible causes
'90 00' Error-free processing
'67 00' Incorrect length The structure of the command does not comply with ISO 7816-4.
'6E 00' CLA is not supported This command class on display is not supported.
'6A 00'
incorrect parameter P1
and/or P2
P1 or P2 shows an invalid value. A value displayed for P1 or P2 is
not supported by this implementation.
'6C XX'
Incorrect value for Le, SW2
shows incorrect value
'6D 00' INS is not supported The value displayed is not supported for this command class.
'6F 81' Invalid destination address The destination address (DAD) is not supported.
'6F 82' Invalid source address The source address (SAD) is not HOST or REMOTE HOST.
Table 26: General Displays by SW1 and SW2
KOBIL Smart Card Terminal Manual
Page
48
10.4 Erase Binary
This command will erase the data in the file selected.
Note:
At present, the ‘Erase Binary’-command is permissible only if the protocol 4402 has
been selected for the smart card SLE 4402. It is only possible to erase bits 80
through 111 (bytes 10 through 13) with ‘Erase Binary.’ The bytes 10, 11, and 12, 13
can only be erased collectively. Erasing the user code (bits 64 through 79) is possible
only if a new user code (‘Write Binary’-command in the password file) has been set.
The erasing of the frame memory (bits 112 through 319) is caused as a side effect of
the successful verification of the frame code, using the ‘Verify’-command.
Coding:
CLA '00'
INS '0E'
P1, P2 Offset of the first byte to be erased
Lc 0 or 2
Data field
Where available (Lc = 2), Offset of the first byte not to be erased. If not available (Lc = 0),
all bytes up to the end of the data area will be erased.
Le leer
Table 27: Coding the Erase Binary Command
Special Status Displays:
SW1 SW2 Significance Possible Causes
'69 85' Command not possible
Erasing is not possible for the smart card type selected. Erasing is not
possible for the file type selected. There exists no active file or no active
directory. Writing access is blocked.
'6A 86' Invalid parameters The specified area to be erased is invalid.
'65 00' Erasing not successful
The number of possible erase cycles has been exceeded. The present
smart card status does not permit any erasing (e.g. no password was
entered, or an incorrect one).
Table 28: Special Status Displays for the Erase Binary Command
KOBIL Smart Card Terminal Manual
Page
49
10.5 Verify
The ‘Verify’-command will execute a password verification for the active file. If the
active file is changed, the status of the password verification will be lost. The
parameter P2 of the ‘Verify’-command specifies the reference data. If P2 equals 0, no
particular reference data will be specified.
Coding:
CLA '00'
INS '20'
P1 '00' – if just a password, otherwise application-specific
P2 '00', '81', '82'
Lc Length of password
Data field password
Le Empty
Table 29: Coding the Verify Command
The following definitions apply to P2:
P2
Length of
Verification Data
Type of Verification
'00' 2 bytes Password verification for the 3-wire bus. No specific reference data are identified.
3 bytes Password verification for the 2-wire bus. No specific reference data are identified.
'80' 2 bytes
Verification of the user code (bits 64 - 79) for the 4402 protocol. CAUTION: In case
of successful verification, the Bits 80 through 95 will be erased as a side effect.
Among other things, these bits contain the error counter.
'81' 4 bytes
Verification of the frame code (bits 320 - 351) for the 4402 protocol. CAUTION: In
case of successful verification; the frame memory (bits 112 though 319) will be
erased as a side effect.
Table 30: P2 Parameters of the Verify Command
No password file is implemented for smart cards having the 3-wire bus protocol. As
far as the access is concerned, the SLE 4428 will treat the operating error counter
and the password like any other character.
The B1 card reader is not able to distinguish between smart cards of the types SLE
4418 and SLE 4428. If a ‘Verify’-command is executed under SLE 4418, this can
lead to an unintended change of data on the smart card. This concerns in particular
the character 1021, at which address the operating error counter of the SLE 4428 is
located.
KOBIL Smart Card Terminal Manual
Page
50
Special Status Displays:
SW1 SW2 Significance Possible Causes
'62 00' No password The active file or the active directory are not password-protected.
'63 00' Incorrect password
'69 83'
Operating error
counter expired
'69 85'
Command not
possible
There exists no active file or directory. The writing access is blocked.
'6B 00' Offset outside file
'6A 88' No reference data
'63 01' Premature end of file
The end of the memory space reserved for the file has been reached before
the Lc bytes were written.
Table 31: Special Status Displays for the Verify Command
10.6 Select File
‘Select file’ will select an active file within the CT file system. The new file must be
located in the active directory, or must be the master file. (Exempt from this rule are
the files in the host driver that can be directly addressed.) If ‘Select File’ fails, there
will be no active file. If the new active file is a directory, this directory will become the
new active directory.
Coding:
CLA '00'
INS 'A4'
P1 '00' (selection by file identifier)
P2 '00' (first or only occurrence, proprietary file control information format)
Lc '02'
Data field File ID (2 bytes)
Le Empty or length of the expected response
Table 32: Coding the Select File Command
Special Status Displays:
SW1 SW2 Significance Possible Causes
'6A 82' File not found
File does not exist under the ID displayed or cannot be reached from the
active directory.
Table 33: Special Status Displays for the Select File Command
KOBIL Smart Card Terminal Manual
Page
51
10.7 Read Binary
‘Read binary’ will read data out of the active file of the file system.
Coding:
CLA '00'
INS 'B0'
P1, P2 Offset of the first byte to be read
Lc Empty
Data field Empty
Le
Number of bytes to be read. If Le = 00 or 000000 applies, the file is read through to its end, with Le
= 00 having a maximum of 256 bytes.
Table 34: Coding the Read Binary Command
Special Status Displays:
SW1 SW2 Significance Possible Causes
'69 82' No access authorization
Reading of the file or the directory is password-protected, and the
password verification has not been successfully performed yet.
'69 85' Access not possible
There exists no active file or active directory. Reading access is
blocked.
'6B 00' Offset outside of file
'62 82' Premature end of file The end of the file was reached before the Le bytes were read.
Table 35: Special Status Displays for the Read Binary Command
KOBIL Smart Card Terminal Manual
Page
52
10.8 Write Binary
‘Write Binary’ will write data into the active file of the file system.
Coding:
CLA '00'
INS 'D0'
P1, P2 Offset of the first byte to be written
Lc Number of bytes to be written
Data field Data to be written
Le Empty
Table 36: Coding the Write Binary Command
Special Status Displays:
SW1 SW2 Significance Possible Causes
'63 01' Premature end of file
The end of the memory space reserved for the file was reached before
the Lc bytes were written.
'65 00' Writing not possible Memory error
'69 82' No access authorization
The writing access to the file is password-protected, and the password
verification has not been successfully performed yet.
'69 85' Command not possible There exists no active file or active directory. Writing access is blocked.
'6B 00' Offset outside of file
Table 37: Special Status Displays for the Write Binary Command
KOBIL Smart Card Terminal Manual
Page
53
10.9 Reset
A reset will be executed on the specified device, and will provide the ATR. In the
case of card terminals having more than one interface, the blocked ports will be
released again.
Coding:
CLA '20'
INS '10'
P1 Device 00 = card reader, 01 = ICC1, 02 = ICC2
P2 00 = no responses
01 = entire ATR
02 = only historical characters as response
Lc Empty
Data field Empty
Le '00'
Table 38: Coding the Reset Command
Special Status Displays:
SW1 SW2 Significance Possible Causes
'90 00'
ATR received from
synchronous ICC
(only with P1 = 01 or 02)
'90 01'
ATR received from
asynchronous ICC
'62 A5' No protocol selected
No ATR was received by a synchronous card, the protocol byte is
unknown.
'62 A6'
No ATR compliant with ISO
7816-3
The ATR was received with the I2C protocol, not compliant with ISO
7816-3.
'62 A7'
no ATR compliant with ISO
7816-3, no protocol selected
It was not possible to receive an ATR either in compliance with ISO
7816-3, nor to read the ATR with the I2C protocol.
'64 00' Reset unsuccessful It was not possible to execute a successful reset.
'64 A1' No ICC No smart card in the contact unit.
'64 A2' ICC not activated
ICC was removed from the contact unit after its activation, and then
reinserted.
'64 A3' Protocol not supported
The ATR of an asynchronous ICC was received. The protocols
displayed in the ATR are not supported.
'64 A8' Protocol error
The ATR of an asynchronous ICC was received. The check sum
contained errors.
Table 39: Special Status Displays for the Reset Command
KOBIL Smart Card Terminal Manual
Page
54
10.10 Reset CT
This command has the same effect as ‘reset.’ It is only implemented for reasons of
compatibility within the public German healthcare systems, subject to arrangement.
Coding:
CLA '20'
INS '11'
P1 '00' = terminal, '01' = ICC1, '02' = ICC2 (only SecOVID Reader Plus )
P2 '00' = no responses
'01' = entire ATR
'02' = only historical characters as response
Lc Empty
Data field Empty
Le Empty or '00'
Table 40: Coding the Reset CT Command
Special Status Displays:
Confer Reset command.
KOBIL Smart Card Terminal Manual
Page
55
10.11 Request ICC
Request ICC prompts the insertion of a smart card—with the option of specifying a
waiting period—and will execute a reset once a card has been inserted. Card
terminals equipped with display provide the option of displaying an input challenge.
Coding:
CLA '20'
INS '12'
P1 Device '01' = ICC1, '02' = ICC2 (only SecOVID Reader Plus)
P2 Bits b8 - b5:
'0' = no display message. A display message will show only if entered into the data field.
'F' = no display message
Bits b4 - b1:
'0' = no response data
'1' = entire ATR
'2' = only historical characters
Lc Empty or length of data field
Data field Empty or waiting period in seconds or TLV with the tags:
'50' = display text coded as IA5
'80' = waiting period in seconds (coded integer)
Le Empty or '00'
Table 41: Coding the Request ICC Command
KOBIL Smart Card Terminal Manual
Page
56
Special Status Displays:
SW1 SW2 Significance Possible Causes
'90 00'
ATR received from
synchronous ICC
'90 01'
ATR received from
asynchronous ICC
'62 00' Warning No smart card was inserted during the waiting period.
'62 01' Warning The smart card is already activated.
'62 A5' No protocol selected
No ATR from a synchronous card was received, the protocol byte is
unknown.
'62 A6'
No ATR compliant
with ISO 7816-3
The ATR was received with the I2C protocol, not in compliance with ISO
7816-3.
'62 A7'
No ATR compliant
with ISO 7816-3, no
protocol selected
No ATR was received ISO 7816-3, nor was it possible to read the ATR with
the I2C protocol.
'64 00' Reset unsuccessful No reset was executed for the card.
'64 01' Reset break The cancel button was pressed.
'64 A2' ICC not activated ICC was removed from the contact unit after the activation and reinserted.
'64 A3'
Protocol not
supported
The ATR of an asynchronous ICC was received. The protocols displayed by
the ATR are not supported
'64 A8' Protocol error
The ATR of an asynchronous ICC was received. The check sum contained
errors.
'69 00'
Command not
permissible
Timeout or LCD output not supported.
Table 42: Special Status Displays for the Request ICC Command
KOBIL Smart Card Terminal Manual
Page
57
10.12 Deactivate
This command will deactivate the contacts to the smart card.
Coding:
CLA '20'
INS '14'
P1 Device: 01 = ICC1, 02 = ICC2
P2 '00'
Lc Empty
Data field Empty
Le '00'
Table 43: Coding of the Deactivate Command
Special Status Displays:
SW1 SW2 Significance Possible causes
'90 00' Command successful
'64 A1' No ICC No ICC was activated.
Table 44: Special Status Displays for the Deactivate Command
KOBIL Smart Card Terminal Manual
Page
58
10.13 Eject ICC
The card was deactivated. A message prompting removal of the card will be
displayed whose display time can be defined by the timeout parameter. Composition
of the text to be displayed will have to take into account that only a limited set of
characters can be represented (confer Table 52).
Coding:
CLA '20'
INS '15'
P1 Device: '01' = ICC1, '02' = ICC2
P2 '00' = no display message. A display message will show whenever one is entered into the data field.
'F0' = no display message
Lc 0, 1 or length of data field
Data field If available, 1 byte will state the timeout until removal of the card
or TLV structure
'50' = display text coded as IA5 (limited set of characters)
'80' = waiting period in seconds (coded integer)
Le Empty
Table 45: Coding the Eject ICC Command
Special Status Displays:
SW1 SW2 Significance Possible Causes
'90 00' Command successful
'90 01'
Command successful, card
was removed
'62 00' Warning The card was not removed within the timeout period.
Table 46: Special Status Displays for the Eject ICC Command
KOBIL Smart Card Terminal Manual
Page
59
10.14 Get Status
The ‘Get Status’-command permits queries for status information, which are returned
as TLV-coded data objects (DO; confer Table 49).
Coding:
CLA '20'
INS '13'
P1 '00' = smart card terminal
'01' = ICC 1
'02' = ICC 2 (only SecOVID Reader Plus)
P2 P1 = '00' :
'46' = make of terminal
'80' = status of all ICC interfaces
'81' = functional units
P1 ≠ '00' :
'80' = status of ICC specified in P1
Lc Empty
Data field Empty
Le '00'
Table 47: Coding the Get Status Command
Special Status Displays:
SW1 SW2 Significance Possible Causes
'90 00' Command successful
Table 48: Special Status Displays for the Get Status Command
Response DOs:
Value of
P2
Significance
'46' Manufacturer string
'80' For each ICC, one byte b8...b1:
b3b2 = '01' : ICC deactivated
b3b2 = '10' : ICC activated
b1 = 1: ICC available
'81' One byte for each functional unit:
'01' = ICC1, '02' = ICC2, '40' = Display, '50' = keyboard
Table 49: Tags in the Response of the Get Status Command
KOBIL Smart Card Terminal Manual
Page
60
10.15 Input
Use the ‘Input’-command to request input through the card terminal keyboard.
Optionally, the requested input text or any other input text can be displayed on the
display screen. You have the choice of having the entered text displayed either as
plain text, as hyphens (‘-’), or not at all. When selecting the characters to be
displayed, the limited set of characters that can be displayed must be taken into
account (confer Table 52).
Coding:
CLA '20'
INS '16'
P1 '50' = keyboard
P2 '00' = no optical feedback of the input
'01' = input is displayed in plain text on the display
'02' = input is shown on the display in the form of the characters ’-’
Lc Empty or length of data field
Data field Empty or TLV with the Tags:
'50' = display text coded as IA5, taking the limited set of characters into account (confer Table 52)
'80' = waiting period in seconds (coded integer)
Le '00'
Table 50: Coding the Input Command
The default value for the timeout of the input is set at 15 seconds prior to the first
entered character, and 5 seconds between the input of the other characters. The
waiting period option allows you to extend or cut the 15 second period.
Special Status Displays:
SW1 SW2 Significance Possible Causes
'90 00' Command successful
'64 00' Waiting period expired The waiting period expired.
'64 01' Break The user pressed the cancel button.
Table 51: Special Status Displays for the Input Command
KOBIL Smart Card Terminal Manual
Page
61
10.16 Output
The ‘output’-command is used to display the output on the display screen of the card
terminal, though only as display using the limited set of characters (confer Table 52).
Coding:
CLA '20'
INS '17'
P1 '40' = display
P2 '00'
Lc Empty or length of data field
Data field Empty or TLV with the Tags:
'50' = display text, taking the limited set of characters into account (confer Table 52)
'80' = waiting period in seconds (coded integer)
Le Empty
Table 52: Coding the Output Command
Special Status Displays:
SW1 SW2 Significance Possible Causes
'90 00' Command successful
Table 53: Special Status Displays for the Output Command
The following table lists the text displayed for possible ASCII characters (<text>; n/d
= no display). For all other values, the character ‘-‘ will be displayed. Exceptions are
the values 00, 08, 0A, 0C and 20 which generate no output.
<text> display <text> display <text> display <text> display <text> display
30 0 3f - 4e N 5d - 6c L
31 1 40 - 4f o 5e - 6d n
32 2 41 A 50 P 5f - 6e N
33 3 42 b 51 n/d 60 - 6f o
34 4 43 C 52 r 61 A 70 P
35 5 44 d 53 S (=5) 62 b 71 n/d
36 6 45 E 54 t 63 C 72 r
37 7 46 F 55 U 64 d 73 S (=5)
38 8 47 G (=6) 56 - 65 E 74 t
39 9 48 H 57 - 66 F 75 U
3a - 49 I 58 - 67 G (=6) 76 3b - 4a J 59 y 68 H 77 3c - 4b - 5a - 69 I 78 3d - 4c L 5b - 6a J 79 y
3e - 4d n 5c - 6b - 7a -
Table 54: Limited Set of Characters
KOBIL Smart Card Terminal Manual
Page
62
10.17 Perform Verification
This command causes the character ‘P’ to be displayed, requesting the PIN input, the
acceptance of the PIN input through the smart card terminal keyboard, and the
corresponding interaction with the smart card (for a more accurate description of the
present smart card terminal, confer Section 5.1). Support for a biometric sensor is not
provided at present. The interaction of the smart card consists, on the one hand, of
the sending of commands transmitted in the data field or the ‘Perform Verification’command. In this context, you will either have to enter the PIN or the resetting code
of the smart card terminal at the insert position identified in the DO ‘Command-toPerform’. On the other hand, the interaction consists of the acceptance of the smart
card response. For more details, confer Chapter 5.1.
Coding:
CLA '20'
INS '18'
P1 '01' = CT/ICC interface 1
'02' = CT/ICC interface 2 (only SecOVID Reader Plus )
P2 '00' = user authentication via PIN pad
Lc Length of data field
Data field TLV with the Tags (confer also ISO/IEC 7816-6 on this point):
'52' = command-to-perform: control byte (see below) || insert position || raw command
4
'50' = display text for challenge to enter PIN is being ignored.
'80' = timeout in seconds (BCD coded) is ignored until the first digit is entered.
Le Empty
Table 55: Coding the Command PERFORM VERIFICATION
Bits Control Byte (Tag '52')
b8-b5 Length of PIN to be entered. '00' for any length (conclude with return key)
b4-b3 '00' = RFU
b2-b1 PIN coding
'00' = BCD
'01' = T.50-coded character with b8=0 (i.e. digit 0 = '30', digit 1 = '31' etc., ASCII)
'10' = format 2 PIN block (2L PP PP PP PP ... PF FF FF .. FF; L=length, P=BCD PIN digit)
'11' = RFU
b8-b1 'FF' for biometric authentication (not implemented)
Table 56: Coding the Control Bytes (Tag '52')
4
For security reasons, the raw command permits only the INS bytes 0x20, 0x24, 0x26, 0x28 and
0x2c!
KOBIL Smart Card Terminal Manual
Page
63
The insert position is counted upward, starting at 1. The raw command in ‘Commandto-Perform’ may appear, depending on the application, in one of the two following
formats:
- Command Header (CLA, INS, P1 P2 = 4 bytes), if the PIN is entered into the data
field of the ICC command without padding.
- Command Header with length field Lc and with data field pre-formatted with
padding bytes.
Examples:
1. VERIFY-command compliant with ISO/IEC 7816-4 ('00 20 00 00'), 4-digit PIN
4712 (BCD)
Contents of Tag '52' = '40 06 00 20 00 00'
At position '05', starting from the begin of command, the length byte Lc (here:
'02') is entered by the card terminal. Insert position is ‘06’, that is, the sixth byte
after the beginning of the ‘Verify’-command. After the PIN has been successfully
entered, the following command is sent to the card: '00 20 00 00 02 47 12'.
2. ‘Verify’-command compliant with CEN 726-3, 4-digit PIN 4712 (ASCII) with FF
padding
Contents of Tag '52' = '41 06 A0 20 00 01 08 FF FF FF FF FF FF FF FF'
Insert position is ‘06’, that is, the sixth byte after the beginning of the ‘Verify
CHV’-command. Once the PIN has been successfully entered, the following
command is sent to the card: 'A0 20 00 01 08 34 37 31 32 FF FF FF FF'.
After the input request – consisting of the character ‘P’ and fourteen vertical bars –
the PIN to be entered (usually between four and eight digits) is displayed on the
screen in such a way that one of the vertical bars will move into the upper half of the
display for each digit entered. The PIN length is defined in the control byte. Next, the
PIN is entered in the data field of the ICC command, which is found in the data field
of the ‘Perform Verification’-command (command-to-perform is entered ahead of the
PIN in the Lc field, provided that nothing but the command header is found there).
Afterwards the ICC command is transmitted to the smart card. The status bytes
returned in the response of the ICC command (if the PIN was entered correctly,
SW1-SW2 = ‘9000’) are forwarded to the application system in the form of status
bytes of the ‘Perform Verification’-command, and the standard text ‘LINE’ will be
issued through the display.
KOBIL Smart Card Terminal Manual
Page
64
If the PIN transmitted to the smart card was incorrect, the return code from the smart
card SW1-SW2 will differ from ‘9000.’ In this case, the standard display text ‘PIN
Error’ will be issued, and the return code will be sent back to the application system.
If the user presses the cancel button before the PIN input is concluded, the command
will be sent back to the smart card, the standard display text ‘CANCEL’ will be issued
through the display, the input buffer will be erased, and the return code SW1-SW2 =
'6401' will be returned. If the input request is not followed by the input of the next digit
within 15 seconds (default value), or if more than 5 seconds expire between the input
of the next consecutive digits, no command will be sent to the smart card, the
standard display text ‘CANCEL’ will be issued through the display, and the return
code SW1-SW2 = '6400' will be returned. If the user simply forgot to press the
confirmation button – regardless of the PIN length – the process will be aborted after
the expiration of another timeout period.
Special Status Displays:
SW1 SW2 Significance Possible cause
'9000' PIN was successfully transferred.
'6400' Timeout No input during the timeout period
'6401' break The cancel button was pressed.
Table 57: Special Status Displays for the Perform Verification Command
KOBIL Smart Card Terminal Manual
Page
65
10.18 Modify Verification Data
This command will prompt the request for the old PIN (or for the resetting code,
confer ISO/IEC 7816-8; or for the unblocking key, confer EN 726-3) and the new PIN
and the corresponding interaction with the smart card. No biometric support is
implemented at present. The interaction with the smart card consists of the
transmission of the commands entered into the data field of the ‘Modify Verification
Data’-command, and of the acceptance of the smart card response. In the process,
the old PIN, or the resetting code of the smart card terminal, will be inserted together
with the new PIN into the insert position in the DO ‘Command-to-Perform.’
Coding:
CLA '20'
INS '19'
P1 '01' = CT/ICC interface 1
'02' = CT/ICC interface 2 (only SecOVID Reader Plus)
P2 '00' = User authentication via PIN pad
Lc Length of data field
Data field TLV with the tags (on this point, confer also ISO/IEC 7816-6):
'52' = command-to-perform:
control byte (cf. 10.17) || insert position OLD || insert position NEW || raw command
5
'50' = display text for the request for PIN input (default = “P“) is being ignored
'80' = timeout in seconds (BCD-coded) up to the input of the first digit is being ignored
Le Empty
Table 58: Coding the Command Modify Verification Data
The significance and use of the tags matches the ‘Perform Validation’-command
(confer Section 10.17)
Examples:
1. ‘Change Reference Data’ compliant with ISO/IEC 7816-8 with old reference data
(4-digit PIN) and new reference data (6-digit PIN), i.e. PINs of variable length, and
representation as ASCII characters. The value of the old reference data in the
example is 4712, the value of the new reference data is 231546.
Content of Tag '52' = '01 06 00 00 24 00 00'
5
For security reasons, the raw command allows only for the INS-Bytes 0x20, 0x24, 0x26, 0x28
and 0x2c!
KOBIL Smart Card Terminal Manual
Page
66
Insert position for the old reference data: '06', that is the sixth byte after the
beginning of the ‘Change Reference Data’-command, insert position for new
reference data: byte '00', i.e. immediately following upon the old reference data.
The length byte Lc is inserted by the smart card terminal at position 05 after the
beginning of the command. The command sent to the smart card has the
following coding:
'00 24 00 00 0A 34 37 31 32 32 33 31 35 34 36'
Note: Under ISO/IEC 7816-8 is assumed that the smart card knows the length of
the old reference data, and that is therefore requires neither a fixed field length of
8 bytes, nor any delimiters!
2. ‘Change CHV’-command compliant with CEN 726-3, having a 4-digit PIN (old PIN
4712, new PIN 2315) and BCD-coding with FF padding.
Contents of Tag '52' = '40 06 0E A0 24 00 01 10 FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF'
Insert position for the old PIN: '06', that is, the sixth byte after the beginning of the
‘Change CHV’-command, insert position for the new PIN: byte '0E', that is, the
fourteenth byte after the beginning of the ‘Change CHV’-command. The
command sent to the smart card has the following coding: 'A0 24 00 01 10 47 12
FF FF FF FF FF FF 23 15 FF FF FF FF FF FF'
The execution of the ‘Modify Verification Data’-command in the smart card terminal
begins with the output of the standard display text ‘P.’ The data object ‘52’
(Command-to-Perform) should always be the last tag in the data field. After the old
PIN or the resetting code has been entered, the standard display text ‘N’ is issued,
bearing a superior ‘1’ in the upper left-hand corner of the screen. After the new PIN
has been entered, the standard display text ‘N’ prompts the retyping of the new PIN
by showing a superior ‘2’ in the upper left-hand corner of the display. Once the PIN
input has been repeated, and once it has been verified to match the first input, the
two PINs are entered into their respective insert positions in the data field of the ICC
command that is supposed to be sent to the smart card. The status bytes SW1-SW2
(usually ‘9000’), returned in the response of the ICC command, are forwarded to the
application system as status bytes of the ‘Modify Verification Data’-command, and
the standard display text ‘LINE’ is issued through the display.
If the smart card returns a return code SW1-SW2 other than '9000,' the standard
display text 'PIN Error' will be issued. For instance, if the input during the retyping of
the new PIN fails to match the previous input, SW1-SW2 = '6402' will be sent back to
the application system as status bytes.
In case the timeout period is exceeded during the user input, and if the process is
cancelled by the user, the same rules as for the ‘Perform Verification Data’-command
apply.
KOBIL Smart Card Terminal Manual
Page
67
Special Status Displays:
SW1-SW2 Significance Possible Cause
'
9000'
PIN change successfully performed
'
6400'
Timeout No input within the timeout period
'
6401'
Break The cancel button was pressed.
'
6402'
PIN mismatch The new PIN was incorrectly retyped the second time.
Table 59: Special Status Displays for the Modify Verification Data Command
10.19 Reset 1
Reset 1 executes a reset for asynchronous smart cards, and provides the ATR. If the
interface to the smart card has already been activated, it will not be completely
deactivated before the reset, and the power supply VCC remains consistent.
Note:
The Reset1 command was implemented in order to support the non-ISO-compliant
protocol switch of some smart cards.
Coding:
CLA '20'
INS '1F'
P1 Device 01 = ICC1, 02 = ICC2
P2 00 = no responses
01 = entire ATR
02 = only historical characters as response
Lc Empty
Data field Empty
Le '00'
Table 60: Coding the Reset 1 Command
KOBIL Smart Card Terminal Manual
Page
68
Special Status Displays:
SW1 SW2 Significance Possible Causes
'90 01'
Received ATR from
asynchronous ICC
'64 A1' No ICC No smart card in the contact unit.
'64 A2' ICC not activated
ICC was removed from the contact unit after activation, and then
reinserted.
'64 A3' Protocol not supported
The ATR of an asynchronous ICC was received. The protocols displayed
in the ATR are not supported.
'64 A7'
No ATR compliant with
ISO 7816-3, no protocol
selected
No ATR from an asynchronous ICC was received.
'64 A8' Protocol error
The ATR of an asynchronous ICC was received. The check sum
contained errors.
Table 61: Special Status Displays for the Reset 1 Command
10.20 Set Interface Parameter
The ‘Set Interface Parameter’-command effects the reset of the protocol, of the
protocol parameters, or of the other adjustable properties at the identified interface.
When resetting the HOST / CT interface, the setting of the new parameters is
effected after the transmission of the response from the ‘Set Interface Parameters’command. A resetting of the protocol or of the protocol parameters at the ICC
interface is possible only under the protocol status PTS or READY – directly after the
reset and prior to the beginning of the data transmission. However, the transparent
mode allows for the resetting of parameters at any time.
Coding:
CLA '80'
INS '60'
P1 Device: 00 = CT/HOST, 01 = ICC1, 02 = ICC2
P2 '00'
Lc Variable
Data field TLV
Tags '10','11','12','13' for device = 00
Tags '21','22','23','24','25' for device = 01 or 02
Tags '40','41','42',43','44' additional in transparent mode
Le Empty
Table 62: Coding the Set Interface Parameter Command
KOBIL Smart Card Terminal Manual
Page
69
Special Status Displays:
SW1 SW2 Significance Possible Causes
'69 85'
Command not possible in
the present status
Protocol settings at the ICC interface are possible only directly after the
reset and before the data transmission is begun.
'6A 80'
Invalid parameters in the
data field
Options not supported, or combination of options not supported, are
displayed in the data field. The parameters displayed in the data field are
incompatible.
'6A 85'
Inconsistent data in the
data field
The data transmitted to the data field cannot be interpreted as TLV field.
Table 63: Special Status Displays for the Set Interface Parameter Command
10.21 Freeze
Freeze commands will convert the card reader into the freeze status. In the freeze
status, the card reader retains its current status, and waits for the event identified by
the freeze command to occur. The freeze status begins with the transmission of the
response to the freeze command. The freeze status is simulated in the CT-API DLL.
The freeze status is terminated as soon as one of the events identified by the freeze
command has occurred, or if a syntactically correct block of layer 2 (new command)
has been received.
Coding:
CLA '80'
INS '70'
P1 '00'
P2 '00'
Lc Variable
Data field TLV
Tags '30' freeze events
Le Empty
Table 64: Coding the Freeze Command
Special Status Displays:
SW1 SW2 Significance Possible Causes
'6A 80'
Invalid parameters in the
data field
An event not supported is displayed in the data field.
'6A 85'
Inconsistent data in the
data field
The data transmitted to the data field cannot be interpreted as TLV
structure.
Table 65: Special Status Displays for the Freeze Command
KOBIL Smart Card Terminal Manual
Page
70
10.22 Wait Freeze
'Wait Freeze' is sent after the successful issuance of a ‘freeze’ and will not return until
after the event identified has occurred, or if an error has manifested itself. Unlike with
other commands, CT_data(...'Wait Freeze'...) will block the calling thread of the
program. If the respective application has only one thread, the entire process will be
blocked. Since this is hardly ever intended, CT_data(...'Wait Freeze'...) should be
executed in a separate thread.
If CT_close() is called up during a multiple thread process, while CT_data(...'Wait
Freeze'...) is being processed, CT_data() will be terminated with the return code
ERR_HTSI.
Coding:
CLA '80'
INS '71'
P1 Timeout in minutes
P2 Timeout in seconds
Lc Empty
Data field Empty
Le Empty
Table 66: Coding the 'Wait Freeze' Command
If the value '00' is entered in P1 and P2, no timeout will be performed. ‘Wait Freeze’
will not return until the freeze event has occurred or in case of an error.
Special Status Displays:
SW1-SW2 Significance Possible causes
'62F0' Timeout ‘Wait Freeze’ was terminated by a
timeout, the freeze event was not
received.
'64F0' Freeze already set during call-up The CT does not have freeze status.
Table 67: Special Status Displays for the 'Freeze' Command
KOBIL Smart Card Terminal Manual
Page
71
During the reception of SW1-SW2 = '90 00' the change of the DSR_Line from LO to
HI was received. In this case the application should read out the freeze status file or
the ICC status file. The signal line may have been set by the activity of another
application. In this case, the event did not occur even though DSR was set.
After the ICC status file of the B1-CT has been read out, the application may have to
transmit ‘Freeze’ or ‘Wait Freeze’ once more.
10.23 ICC Application Commands
ICC application commands are characterized by the fact that the destination address
(DAD) is set to the value 00 (ICC1) or to the value 02 (ICC2). The card reader
attempts principally to forward the data addressed to an ICC, or received from there,
to the respective destination address in transparent form. That is, each command to
an ICC that is received by the HOST interface generally causes a response by an
ICC to be transmitted to the HOST interface. There are two instances that take
exception to this principle.
• The card terminal allows for access to synchronous smart cards by presenting
them as file to the application layer. You may access such files with ICC
commands specified for file operations.
• If an error occurs during the transmission of a command to an ICC, the card
terminal will generate an error code. In order to enable the application to
recognize that the response was generated by the card terminal, the source
address (SAD) is set to the value of 01 (CT) in the response. The error
messages generated by the card terminal are represented in the following table.
KOBIL Smart Card Terminal Manual
Page
72
SW1 SW2 Significance Possible Causes
'62 A5' No protocol selected
No ATR from a synchronous card was received. The type of protocol is
unknown.
'62 A6'
No ATR compliant
with ISO 7816-3
The ATR was received with the I2C protocol, not in compliance with ISO
7816-3.
'62 A7'
No ATR compliant
with ISO 7816-3, no
protocol selected
No ATR in compliance with ISO 7816-3 was received, nor could the ATR be
read with the I2C protocol.
'64 A0' unspecified ICC error
'64 A1' No ICC No smart card in the contact unit.
'64 A2' ICC not activated ICC was removed from the contact unit after activation , and then reinserted.
'64 A3'
Protocol not
supported
The ATR of an asynchronous ICC was received. The protocols displayed in
the ATR are not supported.
'64 A5' No protocol selected No ICC protocol was selected.
'64 A8' Protocol error
A protocol error occurred during the communication with the ICC. The error
can possibly be remedied by re-synchronizing the layer 2 protocol. This will
automatically be attempted during the next data transmission.
'64 A9'
Irremediable ICC
Protocol error
An irremediable protocol error occurred during the communication with the
ICC.
'64 AA' PTS protocol error An error occurred during the PTS with the ICC.
'64 AB' WTX error
Communication with the ICC was interrupted because an extension of the
waiting period requested by the HOST was denied.
'65 AB'
WTX error, memory
contents changed
The communication with the ICC was interrupted because an extension of
the waiting period requested by the HOST was denied. The contents of the
non-volatile memory may already be changed.
'69 85' Security violation Command was rejected due to security reasons.
'6F 82'
Invalid source
address.
The source address (SAD) is not 02 (HOST) or 05 (REMOTE HOST).
Table 68: Error Messages of the Smart card Terminal when Accessing an ICC
10.24 Selecting Synchronous ICCs - (only KAAN Standard Plus)
If the card reader recognizes a synchronous ICC during reset, or if the user resets
the protocol to process synchronous ICCs, using the command ‘Set Interface
Parameter,’ a server module for synchronous ICCs is activated. This module
presents synchronous ICCs as file, which allows for the addressing of additional
properties of the ICC by way of selecting different files.
KOBIL Smart Card Terminal Manual
Page
73
10.25 Commands for Selecting Synchronous ICCs - (only KAAN Standard Plus)
The following table provides an overview of the commands of the server module. For
the coding the descriptions for the CT application commands applies.
Command Coding
CLA INS P1 P2 Lc Parameters Le
Erase Binary '00' '0E' offset var. var. -
Verify '00' '20' '00' '00' var. PIN -
Select File '00' 'A4' '00' '00' 2 File ID -
Read Binary '00' 'B0' offset - - var.
Write Binary '00' 'D0' offset var. data -
Table 69: Overview of the Commands for Synchronous ICCs
10.26 File Types - (only KAAN Standard Plus)
In order to be able to address additional properties of synchronous ICCs, various file
types have been implemented. These are selected with the ‘Select File’-command. At
present, the following files types are supported:
File Type File ID Significance
Data File '3F01'
The data of the synchronous ICC are treated as a sequence of bytes, the file is implicitly
selected during the activation of the server module.
Attribute
File
'3F81'
The data of the synchronous ICC are treated as a sequence of bytes. Each data byte is
followed by an attribute byte. Bit 1 (the bit of the lowest value) of the attribute byte,
indicates whether the byte is read-only protected, The significance of the remaining bytes
of the attribute bytes remains undefined at present.
Password
File
'3F82'
The password of the ICC is treated a sequence of bytes. A password file does not exist
for all synchronous ICCs.
Table 70: File Types for Operations Involving Synchronous ICC
10.27 Handling the Public Health Insurance Card (only KAAN Standard Plus)
If the CT configuration file indicates that a read-only module exists, the CT-API DLL
verifies in the case of synchronous cards whether the inserted card matches the
specification of the public German health insurance card. In this case, any writing
access to the card is prevented.
Loading...