Smart card application protocol data unit
In the context of smart cards, an application protocol data unit (APDU) is the communication unit between a smart card reader and a smart card. The structure of the APDU is defined by ISO/IEC 7816-4 Organization, security and commands for interchange.[1]
APDU message command-response pair
There are two categories of APDUs: command APDUs and response APDUs. A command APDU is sent by the reader to the card – it contains a mandatory 4-byte header (CLA, INS, P1, P2) and from 0 to 255 bytes of data. A response APDU is sent by the card to the reader – it contains a mandatory 2-byte status word and from 0 to 256 bytes of data.
| Command APDU | ||
|---|---|---|
| Field name | Length (bytes) | Description |
| CLA | 1 | Instruction class - indicates the type of command, e.g. interindustry or proprietary |
| INS | 1 | Instruction code - indicates the specific command, e.g. "write data" |
| P1-P2 | 2 | Instruction parameters for the command, e.g. offset into file at which to write the data |
| Lc | 0, 1 or 3 | Encodes the number (Nc) of bytes of command data to follow |
| Command data | Nc | Nc bytes of data |
| Le | 0, 1, 2 or 3 | Encodes the maximum number (Ne) of response bytes expected |
| Response APDU | ||
| Response data | Nr (at most Ne) | Response data |
| SW1-SW2 (Response trailer) |
2 | Command processing status, e.g. 90 00 (hexadecimal) indicates success |
References
- ^ "ISO/IEC 7816-4:2005 Identification cards — Integrated circuit cards — Part 4: Organization, security and commands for interchange". Iso.org. 2008-10-03. Retrieved 2012-01-27.