ISO/IEC 7816-4
Identification cards — Integrated circuit cards — Part 4: Organization, security and commands for interchange
Cartes d’identification — Cartes à circuit intégré — Partie 4: Organisation, sécurité et commandes pour les échanges

Data objects
If encoded in TLV, any data field, or concatenation of data fields, is a sequence of data objects. This clause specifies two categories of data objects:

SIMPLE-TLV data objects and BER-TLV data objects.

SIMPLE-TLV data objects
Each SIMPLE-TLV data object shall consist of two or three consecutive fields: a mandatory tag field, a mandatory length field and a conditional value field. A record (see 7.3.1) may be a SIMPLE-TLV data object.
–The tag field consists of a single byte encoding a tag number from 1 to 254. The values ’00′ and ‘FF’ are invalid for tag fields. If a record is a SIMPLE-TLV data object, then the tag may be used as record identifier.
–The length field consists of one or three consecutive bytes.
• If the first byte is not set to ‘FF’, then the length field consists of a single byte encoding a number from
zero to 254 and denoted N.
-If the first byte is set to ‘FF’, then the length field continues on the subsequent two bytes with any value encoding a number from zero to 65 535 and denoted N.
-If N is zero, there is no value field, i.e., the data object is empty. Otherwise (N > 0), the value field consists of N consecutive bytes.

BER-TLV data objects
Each BER-TLV data object consists of two or three consecutive fields (see the basic encoding rules of ASN.1 in ISO/IEC 8825-1): a mandatory tag field, a mandatory length field and a conditional value field.
–The tag field consists of one or more consecutive bytes. It indicates a class and an encoding and it encodes a tag number. The value ’00′ is invalid for the first byte of tag fields (see ISO/IEC 8825-1).
–The length field consists of one or more consecutive bytes. It encodes a length, i.e., a number denoted N.
–If N is zero, there is no value field, i.e., the data object is empty. Otherwise (N > 0), the value field consists of N consecutive bytes.

BER-TLV tag fields
ISO/IEC 7816 supports tag fields of one, two and three bytes; longer tag fields are reserved for future use.
Bits 8 and 7 of the first byte of the tag field indicate a class.
–The value 00 indicates a data object of the universal class.
–The value 01 indicates a data object of the application class.
–The value 10 indicates a data object of the context-specific class.
–The value 11 indicates a data object of the private class.

Bit 6 of the first byte of the tag field indicates an encoding.
–The value 0 indicates a primitive encoding of the data object, i.e., the value field is not encoded in BER-TLV.
–The value 1 indicates a constructed encoding of the data object, i.e., the value field is encoded in BER-TLV.
If bits 5 to 1 of the first byte of the tag field are not all set to 1, then they encode a tag number from zero to thirty and the tag field consists of a single byte.
Otherwise (bits 5 to 1 all set to 1), the tag field continues on one or more subsequent bytes.
–Bit 8 of each subsequent byte shall be set to 1, unless it is the last subsequent byte.
–Bits 7 to 1 of the first subsequent byte shall not be all set to 0.
–Bits 7 to 1 of the first subsequent byte, followed by bits 7 to 1 of each further subsequent byte, up to and including bits 7 to 1 of the last subsequent byte encode a tag number.

Table 7 shows the first byte of the tag field. The value ’00′ is invalid.
Table 7 — First byte of BER-TLV tag fields in ISO/IEC 7816

b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 0 - - - Universal class, not defined in ISO/IEC 7816
0 1 - - - Application class, identification defined in this document
1 0 - - - Context-specific class, defined in ISO/IEC 7816
1 1 - - - Private class, not defined in ISO/IEC 7816
- - 0 - - Primitive encoding
- - 1 - - Constructed encoding
- - -   Not all set to 1   Tag number from zero to thirty (short tag field, i.e., a single byte)
- - - 1 1 1 1 1 Tag number greater than thirty (long tag field, i.e., two or three bytes)

 In data fields encoded in BER-TLV, bytes set to ’00′ may be present before, between or after data objects (e.g., due to erasure or modification of data objects within an EF supporting data units). Such padding is prohibited within value fields of constructed data objects, called “templates” in ISO/IEC 7816.
When present in the historical bytes (see 8.1.1) or in EF.ATR (see 8.2.1.1) or in the control information of any file (see tag ’82′ in Table 12), the data coding byte (see Table 87) indicates whether the value ‘FF’ is
–valid for the first byte of long tag fields of the private class, constructed encoding (explicit statement), or
–invalid for the first byte of tag fields (default value), i.e., used for the same purpose (padding) and under the same conditions as the value ’00′.

In tag fields of two or more bytes, the values ’00′ to ’1E’ and ’80′ are invalid for the second byte.
–In two-byte tag fields, the second byte consists of bit 8 set to 0 and bits 7 to 1 encoding a number greater than thirty. The second byte is valued from ’1F’ to ’7F; the tag number is from 31 to 127.
–In three-byte tag fields, the second byte consists of bit 8 set to 1 and bits 7 to 1 not all set to 0; the third byte consists of bit 8 set to 0 and bits 7 to 1 with any value. The second byte is valued from ’81′ to ‘FF’ and the third byte from ’00′ to ’7F’; the tag number is from 128 to 16 383.