Application protocol data unit (APDU) is a command-response protocol for invoking functions executed on AmbiPay Smart card reader. In essence, the command consists of a 4-byte header followed by up to 255 bytes of data. The response contains a 2-byte header followed by up to 256 bytes of data. The headers and data are specified in a suite of standards from ISO and others. It is possible to develop custom secure elements using Java cards.
AmbiPay, AFC-module, will come with a set of drivers and libraries to interface with it. We will assume that you do not need to build communication with the AmbiPay reader to use it.
The AmbiPay comes with an interface to send APDU commands.
List of APDU responses for EMV processing in AmbiPay, AFC-module, with their description.
SW1 | SW2 | Info/ Warning/ Error/ Security |
Description |
---|---|---|---|
6 | E | Class not supported. | |
61 | — | I | Response bytes still available |
61 | XX | I | Command successfully executed; ‘XX’ bytes of data are available and can be requested using GET RESPONSE. |
62 | — | W | State of non-volatile memory unchanged |
62 | 00 | W | No information given (NV-Ram not changed) |
62 | 01 | W | NV-Ram not changed 1. |
62 | 81 | W | Part of returned data may be corrupted |
62 | 82 | W | End of file/record reached before reading Le bytes |
62 | 83 | W | Selected file invalidated |
62 | 84 | W | Selected file is not valid. FCI not formated according to ISO |
62 | 85 | W | No input data available from a sensor on the card. No Purse Engine enslaved for R3bc |
62 | A2 | W | Wrong R-MAC |
62 | A4 | W | Card locked (during reset( )) |
62 | CX | W | Counter with value x (command dependent) |
62 | F1 | W | Wrong C-MAC |
62 | F3 | W | Internal reset |
62 | F5 | W | Default agent locked |
62 | F7 | W | Cardholder locked |
62 | F8 | W | Basement is current agent |
62 | F9 | W | CALC Key Set not unblocked |
62 | FX | W | – |
62 | XX | W | RFU |
63 | — | W | State of non-volatile memory changed |
63 | 00 | W | No information given (NV-Ram changed) |
63 | 81 | W | File filled up by the last write. Loading/updating is not allowed. |
63 | 82 | W | Card key not supported. |
63 | 83 | W | Reader key not supported. |
63 | 84 | W | Plaintext transmission not supported. |
63 | 85 | W | Secured transmission not supported. |
63 | 86 | W | Volatile memory is not available. |
63 | 87 | W | Non-volatile memory is not available. |
63 | 88 | W | Key number not valid. |
63 | 89 | W | Key length is not correct. |
63 | C0 | W | Verify fail, no try left. |
63 | C1 | W | Verify fail, 1 try left. |
63 | C2 | W | Verify fail, 2 tries left. |
63 | C3 | W | Verify fail, 3 tries left. |
63 | CX | W | The counter has reached the value ‘x’ (0 = x = 15) (command dependent). |
63 | F1 | W | More data expected. |
63 | F2 | W | More data expected and proactive command pending. |
63 | FX | W | – |
63 | XX | W | RFU |
64 | — | E | State of non-volatile memory unchanged |
64 | 00 | E | No information given (NV-Ram not changed) |
64 | 01 | E | Command timeout. Immediate response required by the card. |
64 | XX | E | RFU |
65 | — | E | State of non-volatile memory changed |
65 | 00 | E | No information given |
65 | 01 | E | Write error. Memory failure. There have been problems in writing or reading the EEPROM. Other hardware problems may also bring this error. |
65 | 81 | E | Memory failure |
65 | FX | E | – |
65 | XX | E | RFU |
66 | — | S | |
66 | 00 | S | Error while receiving (timeout) |
66 | 01 | S | Error while receiving (character parity error) |
66 | 02 | S | Wrong checksum |
66 | 03 | S | The current DF file without FCI |
66 | 04 | S | No SF or KF under the current DF |
66 | 69 | S | Incorrect Encryption/Decryption Padding |
66 | XX | S | – |
67 | — | E | |
67 | 00 | E | Wrong length |
67 | XX | E | length incorrect (procedure)(ISO 7816-3) |
68 | — | E | Functions in CLA not supported |
68 | 00 | E | No information given (The request function is not supported by the card) |
68 | 81 | E | Logical channel not supported |
68 | 82 | E | Secure messaging not supported |
68 | 83 | E | Last command of the chain expected |
68 | 84 | E | Command chaining not supported |
68 | FX | E | – |
68 | XX | E | RFU |
69 | — | E | Command not allowed |
69 | 00 | E | No information given (Command not allowed) |
69 | 01 | E | Command not accepted (inactive state) |
69 | 81 | E | Command incompatible with file structure |
69 | 82 | E | Security condition not satisfied. |
69 | 83 | E | Authentication method blocked |
69 | 84 | E | Referenced data reversibly blocked (invalidated) |
69 | 85 | E | Conditions of use not satisfied. |
69 | 86 | E | Command not allowed (no current EF) |
69 | 87 | E | Expected secure messaging (SM) object missing |
69 | 88 | E | Incorrect secure messaging (SM) data object |
69 | 8D | Reserved | |
69 | 96 | E | Data must be updated again |
69 | E1 | E | POL1 of the currently Enabled Profile prevents this action. |
69 | F0 | E | Permission Denied |
69 | F1 | E | Permission Denied – Missing Privilege |
69 | FX | E | – |
69 | XX | E | RFU |
6A | — | E | Wrong parameter(s) P1-P2 |
6A | 00 | E | No information given (Bytes P1 and/or P2 are incorrect) |
6A | 80 | E | The parameters in the data field are incorrect. |
6A | 81 | E | Function not supported |
6A | 82 | E | File not found |
6A | 83 | E | Record not found |
6A | 84 | E | There is insufficient memory space in record or file |
6A | 85 | E | Lc inconsistent with TLV structure |
6A | 86 | E | Incorrect P1 or P2 parameter. |
6A | 87 | E | Lc inconsistent with P1-P2 |
6A | 88 | E | Referenced data not found |
6A | 89 | E | File already exists |
6A | 8A | E | DF name already exists. |
6A | F0 | E | Wrong parameter value |
6A | FX | E | – |
6A | XX | E | RFU |
6B | — | E | |
6B | 00 | E | Wrong parameter(s) P1-P2 |
6B | XX | E | Reference incorrect (procedure byte), (ISO 7816-3) |
6C | — | E | Wrong length Le |
6C | 00 | E | Incorrect P3 length. |
6C | XX | E | Bad length value in Le; ‘xx’ is the correct exact Le |
6D | — | E | |
6D | 00 | E | Instruction code not supported or invalid |
6D | XX | E | Instruction code not programmed or invalid (procedure byte), (ISO 7816-3) |
6E | — | E | |
6E | 00 | E | Class not supported |
6E | XX | E | Instruction class not supported (procedure byte), (ISO 7816-3) |
6F | — | E | Internal exception |
6F | 00 | E | Command aborted – more exact diagnosis not possible (e.g., operating system error). |
6F | FF | E | Card dead (overuse, …) |
6F | XX | E | No precise diagnosis (procedure byte), (ISO 7816-3) |
9- | — | ||
90 | 00 | I | Command successfully executed (OK). |
90 | 04 | W | PIN not succesfully verified, 3 or more PIN tries left |
90 | 08 | Key/file not found | |
90 | 80 | W | Unblock Try Counter has reached zero |
91 | 00 | OK | |
91 | 01 | States.activity, States.lock Status or States.lockable has wrong value | |
91 | 02 | Transaction number reached its limit | |
91 | 0C | No changes | |
91 | 0E | Insufficient NV-Memory to complete command | |
91 | 1C | Command code not supported | |
91 | 1E | CRC or MAC does not match data | |
91 | 40 | Invalid key number specified | |
91 | 7E | Length of command string invalid | |
91 | 9D | Not allow the requested command | |
91 | 9E | Value of the parameter invalid | |
91 | A0 | Requested AID not present on PICC | |
91 | A1 | Unrecoverable error within application | |
91 | AE | Authentication status does not allow the requested command | |
91 | AF | Additional data frame is expected to be sent | |
91 | BE | Out of boundary | |
91 | C1 | Unrecoverable error within PICC | |
91 | CA | Previous Command was not fully completed | |
91 | CD | PICC was disabled by an unrecoverable error | |
91 | CE | Number of Applications limited to 28 | |
91 | DE | File or application already exists | |
91 | EE | Could not complete NV-write operation due to loss of power | |
91 | F0 | Specified file number does not exist | |
91 | F1 | Unrecoverable error within file | |
92 | 0x | I | Writing to EEPROM successful after ‘x’ attempts. |
92 | 10 | E | Insufficient memory. No more storage available. |
92 | 40 | E | Writing to EEPROM not successful. |
93 | 01 | Integrity error | |
93 | 02 | Candidate S2 invalid | |
93 | 03 | E | Application is permanently locked |
94 | 00 | E | No EF selected. |
94 | 01 | Candidate currency code does not match purse currency | |
94 | 02 | Candidate amount too high | |
94 | 02 | E | Address range exceeded. |
94 | 03 | Candidate amount too low | |
94 | 04 | E | FID not found, record not found or comparison pattern not found. |
94 | 05 | Problems in the data field | |
94 | 06 | E | Required MAC unavailable |
94 | 07 | Bad currency : purse engine has no slot with R3bc currency | |
94 | 08 | R3bc currency not supported in purse engine | |
94 | 08 | E | Selected file type does not match command. |
95 | 80 | Bad sequence | |
96 | 81 | Slave not found | |
97 | 00 | PIN blocked and Unblock Try Counter is 1 or 2 | |
97 | 02 | Main keys are blocked | |
97 | 04 | PIN not succesfully verified, 3 or more PIN tries left | |
97 | 84 | Base key | |
97 | 85 | Limit exceeded – C-MAC key | |
97 | 86 | SM error – Limit exceeded – R-MAC key | |
97 | 87 | Limit exceeded – sequence counter | |
97 | 88 | Limit exceeded – R-MAC length | |
97 | 89 | Service not available | |
98 | 02 | E | No PIN defined. |
98 | 04 | E | Access conditions not satisfied, authentication failed. |
98 | 35 | E | ASK RANDOM or GIVE RANDOM not executed. |
98 | 40 | E | PIN verification not successful. |
98 | 50 | E | INCREASE or DECREASE could not be executed because a limit has been reached. |
98 | 62 | E | Authentication Error, application specific (incorrect MAC) |
99 | 00 | 1 PIN try left | |
99 | 04 | PIN not succesfully verified, 1 PIN try left | |
99 | 85 | Wrong status – Cardholder lock | |
99 | 86 | E | Missing privilege |
99 | 87 | PIN is not installed | |
99 | 88 | Wrong status – R-MAC state | |
9A | 00 | 2 PIN try left | |
9A | 04 | PIN not succesfully verified, 2 PIN try left | |
9A | 71 | Wrong parameter value – Double agent AID | |
9A | 72 | Wrong parameter value – Double agent Type | |
9D | 05 | E | Incorrect certificate type |
9D | 07 | E | Incorrect session data size |
9D | 08 | E | Incorrect DIR file record size |
9D | 09 | E | Incorrect FCI record size |
9D | 0A | E | Incorrect code size |
9D | 10 | E | Insufficient memory to load application |
9D | 11 | E | Invalid AID |
9D | 12 | E | Duplicate AID |
9D | 13 | E | Application previously loaded |
9D | 14 | E | Application history list full |
9D | 15 | E | Application not open |
9D | 17 | E | Invalid offset |
9D | 18 | E | Application already loaded |
9D | 19 | E | Invalid certificate |
9D | 1A | E | Invalid signature |
9D | 1B | E | Invalid KTU |
9D | 1D | E | MSM controls not set |
9D | 1E | E | Application signature does not exist |
9D | 1F | E | KTU does not exist |
9D | 20 | E | Application not loaded |
9D | 21 | E | Invalid Open command data length |
9D | 30 | E | Check data parameter is incorrect (invalid start address) |
9D | 31 | E | Check data parameter is incorrect (invalid length) |
9D | 32 | E | Check data parameter is incorrect (illegal memory check area) |
9D | 40 | E | Invalid MSM Controls ciphertext |
9D | 41 | E | MSM controls already set |
9D | 42 | E | Set MSM Controls data length less than 2 bytes |
9D | 43 | E | Invalid MSM Controls data length |
9D | 44 | E | Excess MSM Controls ciphertext |
9D | 45 | E | Verification of MSM Controls data failed |
9D | 50 | E | Invalid MCD Issuer production ID |
9D | 51 | E | Invalid MCD Issuer ID |
9D | 52 | E | Invalid set MSM controls data date |
9D | 53 | E | Invalid MCD number |
9D | 54 | E | Reserved field error |
9D | 55 | E | Reserved field error |
9D | 56 | E | Reserved field error |
9D | 57 | E | Reserved field error |
9D | 60 | E | MAC verification failed |
9D | 61 | E | Maximum number of unblocks reached |
9D | 62 | E | Card was not blocked |
9D | 63 | E | Crypto functions not available |
9D | 64 | E | No application loaded |
9E | 00 | PIN not installed | |
9E | 04 | PIN not succesfully verified, PIN not installed | |
9F | 00 | PIN blocked and Unblock Try Counter is 3 | |
9F | 04 | PIN not succesfully verified, PIN blocked and Unblock Try Counter is 3 | |
9F | XX | Command successfully executed; ‘xx’ bytes of data are available and can be requested using GET RESPONSE. | |
9x | XX | Application related status, (ISO 7816-3) |