ISO/IEC 7816-4
Identification cards — Integrated circuit cards — Part 4: Organization, security and commands for interchange
Cartes d’identification — Cartes à circuit intégré — Partie 4: Organisation, sécurité et commandes pour les échanges

Response descriptor template
Each command data field may contain a response descriptor template. If present in the command data field, the response descriptor template shall indicate the SM data objects required in the response data field. Inside the response descriptor template, the security mechanisms are not yet applied; the receiving entity shall apply them for constructing the response data field. The security items (algorithms, modes of operation, keys and initial data) used for processing the command data field may be different from those used for producing the response data field. The following rules apply.
–The card shall fill each empty primitive basic SM data object.
–Each CRT present in the response descriptor template shall be present in the response at the same place with the same control reference data objects for security mechanisms, files and keys.
  -If the response descriptor template provides auxiliary data, then the respective data object shall be empty in the response.
  -If an empty reference data object for auxiliary data is present in the response descriptor template, then it shall be full in the response.
-By the relevant security mechanisms, with the selected security items, the card shall produce all the requested basic SM data objects.

SM impact on command-response pairs
Figure 5 illustrates a command-response pair.

ISO MIFARE DESFire EV1 4K Card,Mifare DESFire EV1 4K Clamshell Proximity Card,Mifare DESFire EV1 4K Printing Cards,

Figure 5 — Command-response pair

The following rules apply for securing a command-response pair of the interindustry class (see 5.1.1), i.e., when switching either bit 4 from 0 to 1 in CLA where bits 8, 7 and 6 are set to 000, or bit 6 from 0 to 1 in CLA where bits 8 and 7 are set to 01. The notation CLA* means that secure messaging is indicated in CLA.
–The secured command data field is an SM field; it shall be formed as follows.
  -If a command data field is present (Nc > 0), then either a plain value data object (SM tags ’80′, ’81′, ‘B2′, ‘B3′), or a data object for confidentiality (SM tags ’84′, ’85′, ’86′, ’87′) shall convey the Nc bytes.
  -The command header (four bytes) may be encapsulated for protection (SM tag ’89′).
  -If a Le field is present, then a new Le field (containing only bytes set to ’00′) and a Le data object (SM tags ’96′, ’97′) shall be present. Both zero and the empty Le data object mean the maximum, i.e., 256 or 65 536 depending upon whether the new Le field is short or extended.
–The secured response data field is an SM field; it shall be interpreted as follows.
  -If present, a plain value data object (SM tags ’80′, ’81′, ‘B2′, ‘B3′) or a data object for confidentiality (SM tags ’84′, ’85′, ’86′, ’87′) conveys the response data bytes.
  -If present, a processing status data object (SM tag ’99′) conveys SW1-SW2 encapsulated for protection. The empty processing status data object means SW1-SW2 set to ’9000′.
Figure 6 shows the corresponding secured command-response pair.

Mifare DESFire EV1 4K ISO Printing Cards,Mifare DESFire EV1 4K Proximity Smart Cards,Mifare DESFire EV1 4K ISO Printing Cards,

Figure 6 — Secured command-response pair

When bit 1 of INS is set to 1 (odd INS code, see 5.1.2), the unsecured data fields are encoded in BER-TLV and SM tags ‘B2′, ‘B3′, ’84′ and ’85′ shall be used for their encapsulation. Otherwise, as the format of the data fields to protect is not always apparent, SM tags ’80′, ’81′, ’86′ and ’87′ are recommended.
–The secured data fields are SM fields; they may contain further or other SM data objects, e.g., a cryptographic checksum (SM tag ’8E’) or a digital signature (SM tag ’9E’) at the end.
–The new Lc field encodes the number of bytes in the secured command data field.
–The new Le field shall be absent when no data field is expected in the secured response data field; otherwise, it shall contain only bytes set to ’00′.
–The response trailer indicates the status of the receiving entity after processing the secured command. The following specific error conditions may occur.
  -If SW1-SW2 is set to ’6987′, then expected secure messaging data objects are missing.
  -If SW1-SW2 is set to ’6988′, then secure messaging data objects are incorrect.
Annex B provides illustrative examples of secure messaging.