ISO/IEC 7816-9:2017 pdf download – Identification cards — Integrated circuit cards — Part 9: Commands for card management.
5 Life cycle 5.1 General properties A life cycle status (see coding in ISO/IEC 7816-4:2013, 7.4.10) may be associated with any object in the card and with the card itself. The card shall use the life cycle status in combination with additional security attributes when present and applicable, unless defined otherwise by the application, to determine whether an operation on an object is in accordance with a security policy. The life cycle status determines the use of objects when the card supports life cycle status dependent security attributes according to the following rules. — If an object is in creation state, then no security attribute shall apply unless otherwise specified. — If an object is in initialization state, then any security attribute specific to this state may apply. — If an object is in operational state, then any associated security attribute specific to this state shall apply. — If an object is in termination state, then the value of the object shall not be accessed unless determined otherwise by its associated security attributes, e.g. it can be deleted. In addition to the behaviour described above, distinguishing characteristics for primary states of life cycle are defined as follows. — Creation state — an object is newly created (e.g. by create or create file command) or appended (e.g. update data, put data commands) to an existing object. These operations may fit the created item with its control parameters and may provision it with data elements. — Initialization state — a newly created object or an existing object in creation state may be initialized. The object is not active but selectable and may be provisioned with data.— Operational state comprises two secondary states: operational activated and operational deactivated. When activated, the object and its contents may be accessed according to its security attributes. When deactivated, the object is logically reduced with restricted capabilities or functionality but selectable and the access to its content depends on the application. From these states, the object can be terminated. — Termination state — the object is logically reduced with restricted capabilities or functionality but selectable. The only applicable command is for object deletion unless determined otherwise by the application. Upon selection of a selectable terminated object, the warning status SW1-SW2 = ‘6285’ shall be returned; otherwise, i.e. not selectable object, an error code shall be returned. Further possible actions are not defined in ISO/IEC 7816 (all parts). — Card Termination state — after a successful completion of the TERMINATE CARD USAGE command, the card shall reject the select command.
5.3 Command-dependent life cycle status transition A command-dependent LCS transition for an object is an LCS transition triggered by a command according to the execution rules applicable for the object. The security handling or operation commands general authenticate, generate asymmetric key pair, reset retry counter and change reference data, and commands initiating the modification of the current template contents as put/put next/update data may have a command-dependent LCS transition effect of initiating an LCS transition. Unlike the rest of the transitions initiated by other commands and that are said explicit (see Table 1), these transitions are provided as optional functionality. In the last step of command processing onto an object featuring CP, the assigned CP shall be evaluated to check for the requirement to perform a command-dependent LCS transition. To be applicable, command-dependent LCS transition functionality shall conform to the following rules: — for an existing object, all transitions from Figure 1 could be triggered by a command-dependent LCS transition; — the command-dependent LCS transition applicable for the object shall be executed after successful execution of the command, i.e. the response trailer indicates “normal processing” (see ISO/IEC 7816- 4:2013, Table 5); — such a transition shall be declared during object creation phase with the use of create command only; the use of any other command to achieve the same goal is out of scope of this document; — the payload of create shall contain within CP template (DO‘62’) a data object ‘AE’ nesting one or more context-specific configuration DO‘A1’, each of which features a value field describing the conditions for a command-dependent LCS transition and is comprised of: — an LCS DO‘8A’ according to ISO/IEC 7816-4:2013, Table 14 denoting the starting LCS for the transition;