How to identify if an ISO7816 communication is GSM or EMV?

Question

I have read the ISO7816, 3GPP, and EMV datasheet, but I havn't understood how to identify if the communication is GSM or EMV or anything else.

The problem is that commands are different beetwin each protocol, but have sometimes the same INS (GSM FETCH : INS = 12 and basic ISO7816 PERFORM TRANSACTION OPERATION : INS = 12).

I need to know with previous commands like SELECT or READ BINARY, if the communication is etablished in GSM or EMV or something else.

Is it possible ? The CLA have something to do with that ?

ETSI 102 221 say FETCH : CLA = 80 ; INS = 12 ; ISO7816-7 say FETCH : INS = 10 ; P2 = 8A ;

I'm really confused, and I don't really understand.

Thanks for the help.

Tim

Answer 1

You can think of the first (high order) bit of the CLA byte as part of the INS byte. The reason is that this is the proprietary bit, which means that the rest of the APDU is only compatible with the format of ISO 7816, but not defined by it.

Obviously it is better to try and find other methods than fingerprinting the APDU communications, although I must admit I could not find much on protocol identification in the ETSI standard you pointed to. There are many different smart card protocols and ISO 7816-4 is only a (very badly designed) umbrella protocol.

If you are lucky you will have some more information in ISO 7816-15, but most of the time only ID cards adhere to that particular part.

Answer 2

@owlstead - PKCS#15 (or 7816-15) does not REALLY help with deciphering incoming APDU-s, in fact it does not describe APDU-s but data object relations.

But from practical perspective - you would most probably have two different applications (thus entry points) for EMV and GSM.

The basic commands are the same but their meaning varies (think of REST applications on top of HTTP...)