What is an APDU?

On July 10, 2008, in APDU Commands, by Rebel SimCard

Answer
The APDU (Application Protocol Data Unit) is the communication unit between a reader and a card. The structure of an APDU is defined by the ISO 7816 standards.

There are two categories of APDUs: command APDUs and response APDUs. As the name implies, the former is sent by the reader to the card: it contains a mandatory 5-byte header and from 0 to up to 255 bytes of data. The latter is sent by the card to the reader: it contains a mandatory 2-byte status word and from 0 to up to 256 bytes of data.

The APDU is an application level protocol as specified in the ISO 7816-4, which takes place between a smart card and a host application for the communication purpose.

APDU consist of two structures, as defined below:

  1. Command APDU (C-APDU: this command is used by the host application to send command to the card.
    1. Header: it consist of 4 bytes:-
      1. Class of instruction (CLA)
      2. Instruction code (INS)
      3. Parameters: P1 and 2
    2. Optional body: varies in length.
      1. Lc = specifies the length of the optional body or the data field (Bytes).
      2. Le = specifies the length of the data or the number of bytes that the host is expecting in response to the command sent.
      3. Data field contains the data that are sent to the card for executing the instruction specified in the header.
  2. Response APDU (R-APDU): this command is used by the card in order to respond to the command send by the host application.
    1. Optional body: it consist of data field whose length is specified by the Le
    2. Trailer: it consist of two words SW1 and SW2 called as status word, which denotes the processing state in the card after the execution of the command APDU.

Structure of the APDU is given below:

1. Command APDU

Mandatory Header Optional body
CLA INS P1 P2 Lc Data Field Le

2. Response APDU

Optional body Mandatory Trailer
Data Field SW1 SW1

Note:

  • A command is always paired with response APDU
  • The data field is optional in both command APDU and response APDU.

The second case further divides the command and response APDU in four categories.

  1. There is no transfer of data to or from the card
    1. C- APDU: contains header only.
    2. R- APDU: contains only the trailer status word.
  2. There is no transfer of data to the card but data are returned from the card
    1. C- APDU: contains Le only, which specifies the number of data bytes in the corresponding response APDU.
  3. There is transfer of data to the card but no data is returned from the card
    1. C- APDU: contains Lc and data field, Lc which specifies the length of the data field.
    2. R-APDU: contains the trailer status word SW1 and SW2.
  4. There is transfer of data to the card and data is returned from the card
    1. C- APDU: contains Lc and data field and Le.
    2. R-APDU: contains both the optional body and the trailer status word SW1 and SW2.
Popular Posts
Tagged with:  

Leave a Reply