Professional Documents
Culture Documents
PayPass - MChip Flex Technical Specifications (V1.1)
PayPass - MChip Flex Technical Specifications (V1.1)
Technical Specifications
Copyright
The information contained in this manual is proprietary and confidential to MasterCard and its members. This material may not be duplicated, published, or disclosed, in whole or in part, without the prior written permission of MasterCard.
Media
This document is available in both electronic and printed format. MasterCard Worldwide - CCOE Chausse de Tervuren, 198A B-1410 Waterloo Belgium E-mail: specifications@paypass.com
2006 MasterCard
Table of Contents
Introduction .............................................................................. 15
1.1 1.2 1.3 Overview..........................................................................................................15 Offline Counters...............................................................................................16 Co-application..................................................................................................16
State Machine........................................................................... 21
3.1 3.2 3.3 Signals and Transitions ....................................................................................21 Application States ............................................................................................22 Variables ..........................................................................................................24
Signal Processing.................................................................... 27
4.1 4.2 Overview..........................................................................................................27 C-APDU Recognition ......................................................................................32
4.2.1 Input ..................................................................................................................32 4.2.2 Processing .........................................................................................................33 4.2.3 Output................................................................................................................34
4.3
4.4
2006 MasterCard
Table of Contents
4.4.2 Processing .........................................................................................................38 4.4.3 Data Field Returned in the Response Message .................................................39 4.4.4 Destination State ...............................................................................................39
4.5
4.6
UNSELECT Processing...................................................................................45
4.6.1 Processing .........................................................................................................45 4.6.2 Destination State ...............................................................................................46
4.7
C-APDU Processing................................................................. 49
5.1 COMPUTE CRYPTOGRAPHIC CHECKSUM ...........................................................49
5.1.1 5.1.2 5.1.3 5.1.4 Command Message ...........................................................................................49 Processing .........................................................................................................49 Data Field Returned in the Response Message .................................................51 Destination State ...............................................................................................51 Command Message ...........................................................................................52 Processing .........................................................................................................53 Data Field Returned in the Response Message .................................................75 Destination State ...............................................................................................75 Command Message ...........................................................................................76 Processing .........................................................................................................77 Data Field Returned in the Response Message .................................................79 Destination State ...............................................................................................79 Command Message ...........................................................................................80 Processing .........................................................................................................81 Data Field Returned in the Response Message .................................................83 Destination State ...............................................................................................83 Command Message ...........................................................................................84 Processing .........................................................................................................85 Data Field Returned in the Response Message .................................................87 Destination State ...............................................................................................87
5.2
5.3
GET DATA.........................................................................................................76
5.3.1 5.3.2 5.3.3 5.3.4
5.4
5.5
5.6
SELECT .............................................................................................................88
5.6.1 Command Message ...........................................................................................88 5.6.2 Processing .........................................................................................................89
2006 MasterCard
Table of Contents
5.6.3 Data Field Returned in the Response Message .................................................89 5.6.4 Destination State ...............................................................................................89
6.5 6.6
2006 MasterCard
Table of Contents
A.6 Application Transaction Counter...................................................................117 A.7 Application Transaction Counter Limit .........................................................117 A.8 Card Issuer Action Code Decline, Default, Online.....................................117 A.9 Card Verification Results...............................................................................120 A.10 CDOL 1..........................................................................................................125 A.11 CDOL 1 Related Data Length........................................................................125 A.12 Co-application Indicator ................................................................................126 A.13 Consecutive Offline Transactions Number....................................................126 A.14 Counters .........................................................................................................126 A.15 CRM Country Code .......................................................................................127 A.16 CRM Currency Code .....................................................................................127 A.17 Cryptogram Information Data........................................................................127 A.18 Cryptogram Version Number ........................................................................127 A.19 Cumulative Offline Transaction Amount ......................................................128 A.20 Currency Conversion Parameters ..................................................................128 A.21 Currency Conversion Table ...........................................................................128 A.22 CVR CCD ...................................................................................................129 A.23 CVR - M/Chip 2.05 .......................................................................................132 A.24 CVR - M/Chip Lite 2.1 ..................................................................................135 A.25 CVR - UKIS...................................................................................................138 A.26 File Control Information ................................................................................140 A.27 Issuer Application Data (CCD)......................................................................141 A.28 Issuer Application Data (M/Chip 2.05) .........................................................141 A.29 Issuer Application Data (M/Chip Lite 2.1) ....................................................142 A.30 Issuer Application Data (UKIS).....................................................................142 A.31 IVCVC3TRACK1 ...............................................................................................143 A.32 IVCVC3TRACK2 ...............................................................................................143 A.33 Key Derivation Index.....................................................................................143 A.34 Lower Consecutive Offline Limit..................................................................143 A.35 Lower Cumulative Offline Transaction Amount...........................................143 A.36 Offline Balance ..............................................................................................144 A.37 Offline Consecutive Transactions Remaining ...............................................144 A.38 Previous Transaction History.........................................................................144
Version 1.1 - October 2006
2006 MasterCard
Table of Contents
A.39 Security Limits...............................................................................................145 A.40 Security Limits Status ....................................................................................146 A.41 Static CVC3TRACK1 .........................................................................................146 A.42 Static CVC3TRACK2 .........................................................................................146 A.43 Upper Consecutive Offline Limit ..................................................................147 A.44 Upper Cumulative Offline Transaction Amount ...........................................147
2006 MasterCard
Table of Contents
2006 MasterCard
Scope
MasterCard PayPass technology enables fast, easy and globally accepted payments through the use of contactless chip technology on the traditional MasterCard card platform. PayPass M/Chip Flex is designed specifically for authorization networks that presently support chip card authorizations for credit or debit applications. PayPass M/Chip Flex is an independent contactless application intended to reside on a dual interface card together with an implementation of a choice of several supported contact-based EMV applications (M/Chip 2.05, M/Chip Lite 2.1, CCD, UKIS Compliant Payment Application).
Audience
This document is intended for use by vendors that want to implement the MasterCard PayPass M/Chip Flex application on a card or acceptance device. This document is also intended for type approval services, which would test the actual implementations against this specification. It is assumed that the audience already has an understanding of chip card technology in general and of M/Chip 4 and ISO/IEC 14443 in particular.
Related Publications
The following publications contain information directly related to the contents of this specification. [PAYPASS MCHIP] [PAYPASS ISO/IEC 14443] [M/CHIP4] [SECURITY] PayPass M/Chip Technical Specification PayPass ISO/IEC 14443 Implementation Specification M/Chip 4 Card Application Specifications for Credit and Debit M/Chip 4 Cryptography & Key Management v4.0
2006 MasterCard
[ISO/IEC 8825:1990]
Information technology Open systems interconnection Specification of basic encoding rules for abstract syntax notation one (ASN.1) Identification cards Recording technique Part 2: Magnetic stripe Identification cards Financial transaction cards Information technology Identification cards Integrated circuit(s) cards with contacts Part 4: Interindustry commands for interchange Identification cards Integrated circuit(s) cards with contacts Part 5: Numbering system and registration procedure for application identifiers Identification cards Integrated circuit(s) cards with contacts Part 6: Interindustry data elements Integrated Circuit Card Specification for Payment Systems: Application Independent ICC to Terminal Interface Requirements. Version 4.1, May 2004 Integrated Circuit Card Specification for Payment Systems: Security and Key Management. Version 4.1, May 2004 Integrated Circuit Card Specification for Payment Systems: Application Specification. Version 4.1, May 2004 Integrated Circuit Card Specification for Payment Systems: Cardholder, Attendant and Acquirer Interface Requirements. Version 4.1, May 2004
[ISO/IEC 7816-5:1993]
[EMV BOOK 2]
[EMV BOOK 3]
[EMV BOOK 4]
2006 MasterCard
10
Abbreviations
The following abbreviations are used in this specification:
Abbreviation AAC AC ADF AFL AID AIP an ans APDU ARQC ATC b BER CDA CDOL CIAC CID CRM CVR DDA DDOL DEA DES EMV FCI IAD ICC MAC MKAC MKIDN n NIC PAN PDOL PIN Description Application Authentication Cryptogram Application Cryptogram Application Definition File Application File Locator Application Identifier Application Interchange Profile Alphanumeric characters Alphanumeric and Special characters Application Protocol Data Unit Authorization Request Cryptogram Application Transaction Counter Binary Basic Encoding Rules Combined DDA / Application Cryptogram Generation Card Risk Management Data Object List Card Issuer Action Code Cryptogram Information Data Card Risk Management Card Verification Results Dynamic Data Authentication Dynamic Data Authentication Data Object List Data Encryption Algorithm Data Encryption Standard Europay MasterCard Visa File Control Information Issuer Application Data Integrated Circuit Card Message Authentication Code AC Master Key ICC Dynamic Number Master Key Numeric characters Length of the ICC Public Key Modulus Primary Account Number Processing Options Data Object List Personal Identification Number
2006 MasterCard
11
Abbreviation POI RFU SDA SFI SHA SW1- SW2, SW12 TC TLV TVR var.
Description PayPass Options Indicator Reserved for Future Use Static Data Authentication Short File Identifier Secure Hash Algorithm Status bytes 1-2 Transaction Certificate Tag Length Value Terminal Verification Results Variable
Notational Conventions
The following notations apply:
Notation 0 to 9 and A to F 1001b abcd digit [] xx A := B C := (A || B) Y := ALG(K)[X] X&Y X|Y Application File Locator STATE GENERATE AC Description Hexadecimal notation. Values expressed in hexadecimal form are enclosed in single quotes (i.e. _). Binary notation. Values expressed in binary form are followed by a lower case b. an or ans string Any of the ten Arabic numerals from 0 to 9 Optional part Any value A is assigned the value of B. The concatenation of an n-bit number A and an m bit number B, which is defined as C = 2mA + B. Encipherment of a 64-bit data block X with a 64-bit block cipher using a secret key K. The bit-wise and of the data blocks X and Y The bit-wise or of the data blocks X and Y Data elements used for this specification are written in italics to distinguish them from the text. States are written in COURIER FONT to distinguish them from the text. Command APDUs used for this specification are written in SMALL CAPITALS to distinguish them from the text.
2006 MasterCard
12
Specification Principles
In this document, the PayPass M/Chip Flex application is specified according to the following principles: The application is a state machine. The processing of an external signal (e.g. C-APDU) causes a transition between states.
These principles are used in order to present the application concepts. These principles do not need to be followed in the implementation. However, the implementation must behave in a way that is indistinguishable from the behavior specified in this document.
Note
The Type Approval service tests an implementation against the behavior specified in this document. The Type Approval service treats the card application as a black box and validates the output signals that the application generates as a result of processing of input signals, against the output signals defined by these specifications.
2006 MasterCard
13
2006 MasterCard
14
Introduction
Overview
1
1.1
Introduction
Overview
PayPass M/Chip Flex is a contactless chip card application which resides on a dual interface card which also carries a second payment application. The second application (referred to in this document as the co-application) uses the contact interface. Only coapplications from an approved list can be used with PayPass M/Chip Flex. PayPass M/Chip Flex has the following characteristics: It only uses the contactless interface of the dual-interface card. It has an internal interface to the co-application in order to exchange information. It supports the PayPass Mag Stripe functionality to ensure acceptance on a PayPass Mag Stripe only terminal. It supports only one co-application at a time. The PayPass M/Chip Flex application must be configured for a specific co-application during personalization. It is able to store a complete set of cryptographic keys to perform transactions compatible with any supported co-application. It supports all the cryptographic algorithms and key derivation mechanisms used by any supported co-application. It provides a mechanism for selecting the appropriate cryptographic algorithm or key derivation mechanism, depending on the co-application. It supports SDA and (optionally) CDA. The support of CDA is an implementation option. It performs Card Risk Management using the Card Verification Results as specified for the M/Chip 4 application. Additionally, for each supported co-application the relevant CVR is added to the PayPass M/Chip Flex application. During processing of the first GENERATE AC command, the Card Verification Results of the PayPass M/Chip Flex application is mapped on the CVR of the active co-application.
Transaction logging Encryption of counters DDA Application Cryptograms of type AAR PDOL processing Issuer-to-card script processing Second GENERATE AC command.
2006 MasterCard
15
Introduction
Offline Counters
1.2
Offline Counters
The Consecutive Offline Transactions Number and the Cumulative Offline Transaction Amount are referred to as offline counters in this specification. These counters are used to monitor and control offline spending, and in EMV payment cards they are reset when the application receives a valid issuer response to an online authorization request. The PayPass M/Chip Flex application does not support the second GENERATE AC command which would normally reset the offline counters, because during a PayPass M/Chip Flex transaction, the card is removed after the first GENERATE AC command. The offline counters can therefore only be reset by the co-application using the contact interface. Additionally, the PayPass M/Chip Flex application provides a mechanism to force the coapplication to go online at the next contact transaction whenever one of the offline counters exceeds its lower limit. The issuer is then able to reset the offline counters for both applications.
1.3
Co-application
The interface between the PayPass M/Chip Flex application and the issuer host is controlled by the co-application. PayPass M/Chip Flex properties which are dependant on the co-application are fixed during personalization by defining the Co-application Indicator. By checking the Co-application Indicator, the PayPass M/Chip Flex application can recognize the active co-application, and can then create responses compliant with the issuer host interface. The following co-applications are supported:
M/Chip 2.05 M/Chip Lite 2.1 CCD-compliant application UKIS Compliant Payment Application
2006 MasterCard
16
Co-application Interface
Overview
2
2.1
Co-application Interface
Overview
A PayPass M/Chip Flex transaction is completed by returning a response to the first GENERATE AC command or to the COMPUTE CRYPTOGRAPHIC CHECKSUM command. As neither online processing nor issuer-to-card script processing is supported, there is a mechanism to allow issuers to control PayPass M/Chip Flex offline counters by using the co-application. The offline counters must be reset by the issuer after exceeding their predefined limits, in order to allow the card to continue to make offline transactions.
2.2
Note
The details of the mechanism for accessing and protecting the POI are proprietary to the card implementer. MasterCard will perform a security evaluation of the access mechanism as part of the CAST program.
2006 MasterCard
17
Co-application Interface
PayPass Options Indicator
Instructions from the issuer to reset PayPass M/Chip Flex offline counters are transmitted during an online contact transaction using the second GENERATE AC command. Figure 2.1 shows an overview of this offline counters reset mechanism.
Figure 2.1Offline Counters Reset Mechanism Overview
Issuer Host
Terminal
2nd GENERATE AC
T=CL
POI
Read/Write
Co-application
Offline Counters
Offline Counters
2006 MasterCard
18
Co-application Interface
Co-application Interoperability Requirements
2.3
Before responding to the first GENERATE AC command, the co-application must read the 'Go online on next transaction' indicator (POI [2]): If POI [2] = 1b, then: If the terminal is online capable, then the co-application must request to go online. If the terminal is offline only, then no further action is required by the co-application.
To reset the offline counters of the PayPass M/Chip Flex application, the following must be performed by the co-application: Set the 'Reset PayPass M/Chip Flex offline counters' bit in the POI:
SAVE
Note
If the co-application receives the script command APPLICATION BLOCK, then the coapplication must set the 'Block PayPass M/Chip Flex application' bit in the POI:
SAVE
If the co-application receives the script command UNBLOCK APPLICATION, then the coapplication must reset the 'Block PayPass M/Chip Flex application' bit in the POI:
SAVE
Note
The POI mechanism specified in this chapter follows a set of general design principles. Implementers deviating from these principles must make sure that their implementation behaves in a way that is indistinguishable from the behavior specified in this document.
2006 MasterCard
19
Co-application Interface
Co-application Interoperability Requirements
2.3.2
Updating the limits of the offline counters of the PayPass M/Chip Flex application must be done by sending script commands to the co-application. The actual script commands are proprietary to the co-application (e.g. PUT DATA, UPDATE RECORD). The limits of the offline counters of the PayPass M/Chip Flex application must be identified to the co-application by the following tag values:
Table 2.2Tag Values for Updating Limits of Offline Counters Tag DF0A DF0B DF0C DF0D Limit Lower Consecutive Offline Limit Lower Cumulative Offline Transaction Amount Upper Consecutive Offline Limit Upper Cumulative Offline Transaction Amount
If the co-application receives a script command to update a limit of an offline counter of the PayPass M/Chip Flex application, then the co-application must map the tag received in the script command on the tag that is used by the PayPass M/Chip Flex application to identify this offline counter limit, and then the co-application must update the limit. How the co-application obtains access to the limits of the offline counters of the PayPass M/Chip Flex application is implementation specific.
2006 MasterCard
20
State Machine
Signals and Transitions
3
3.1
State Machine
Signals and Transitions
When the application has been personalized and is being used in live operation, its behavior can be specified as an Extended Finite State Machine (EFSM). Using this model, transitions between states are triggered by the reception of signals which may convey values. Signals conveying values are used to represent the reception of C-APDUs, i.e. of application-layer data units. When the ICC receives a C-APDU in the input buffer, an internal application-layer signal is sent to the PayPass M/Chip Flex application, which then processes the C-APDU. As a result of C-APDU processing the application generates a response. The model for sending responses is also that of transmitting application-layer signals, i.e. of R-APDUs. Apart from C-APDUs, there are also external signals which do not convey values but which change the application state. These are the SELECT and UNSELECT signals: The SELECT signal is used to activate the PayPass M/Chip Flex application. The UNSELECT signal is used to de-activate the PayPass M/Chip Flex application.
Conditions which trigger the UNSELECT signal and thereby lead to the de-activation of the PayPass M/Chip Flex application, are: 1. Selection of another application, in the case of a multi-application card 2. Reset 3. Power off of the ICC When processing triggered by reception of an application-layer signal is completed, the application reaches a destination state.
2006 MasterCard
21
State Machine
Application States
3.2
Application States
The application states of the PayPass M/Chip Flex application are listed in Table 3.1.
Table 3.1Application States of the PayPass M/Chip Flex Application State IDLE SELECTED INITIATED Description Application is not currently selected Application is selected Transaction is initiated
The PayPass M/Chip Flex application is in state IDLE if it is not currently activated. In a multi-application card for instance, the application may be in state IDLE if another application is activated. The application also goes to the state IDLE when the card is reset or powered off. In the state IDLE the application does not process C-APDUs, but is only waiting for an external SELECT signal. The technical signal processing mechanism depends on card platform and card operating system and is outside the scope of this specification. Successful processing of the SELECT signal changes the application state from IDLE to SELECTED. Every transaction starts in the state SELECTED. There are four C-APDUs handled by the PayPass M/Chip Flex application in this state:
The PayPass M/Chip Flex application goes to state INITIATED after the successful processing of the GET PROCESSING OPTIONS command. In this state, a new transaction is initiated. There are five C-APDUs handled by the PayPass M/Chip Flex application in the INITIATED state:
The GET DATA and the READ RECORD command do not modify the application state, whether used in the state SELECTED or in the state INITIATED. The SELECT command is only present for compatibility reasons. Refer to Section 5.6 for details.
2006 MasterCard
22
State Machine
Application States
The PayPass M/Chip Flex application goes back from the state INITIATED to the state SELECTED:
After the successful processing of the COMPUTE CRYPTOGRAPHIC CHECKSUM command After the successful processing of the first GENERATE AC command. The second GENERATE AC command is not supported by the PayPass M/Chip Flex application.
Figure 3.1 illustrates the state transitions supported by the PayPass M/Chip Flex application.
Figure 3.1State Machine of the PayPass M/Chip Flex Application
IDLE
ERROR
SELECT
signal processing
SELECTED
SELECT READ RECORD GET DATA ERROR
INITIATED
2006 MasterCard
23
State Machine
Variables
3.3
Variables
An Extended Finite State Machine uses state variables for maintaining its history. In this specification state variables are called data elements. There are two kinds of data elements described in this document: Data elements with a lifetime exceeding a single card session (persistent data elements) Data elements with a lifetime that does not exceed a single card session (transient data elements)
Persistent data elements must be stored in non-volatile memory (e.g. EEPROM). Transient data elements are generally stored in volatile memory (e.g. RAM), although this is not mandated. Refer to Section 7.2 for an identification of persistent data elements. Any modification of the value of a persistent data element is explicitly specified with the word SAVE. For instance
SAVE
Var1(new value)
means that the new value of Var1 is written in non-volatile memory. The other data elements used in this specification are transient. The lifetime of a transient data element is defined as the period where the value of the data element is accessible, in either read or write mode. The creation of a transient data element is explicitly specified with the word NEW. The initial value is then specified. For instance
NEW
Var1(00000)
means that the data element Var1 becomes accessible and has its initial value set to all zeros. Only one instance of a data element exists at a time in the PayPass M/Chip Flex application.
SET SET
When a specific value is assigned to a transient data element, it is specified with the words or RESET or the symbol :=. The value is then specified. For instance Var1(00000)
means that the zero value is assigned to the data element Var1. There is no difference between SET, RESET or :=. The RESET is only used to emphasize that the data element takes back its initial value. This is generally a value of all zeros. In figures the symbol := is used for convenience. The destruction of a transient data element is explicitly specified with the word FREE. For instance
FREE
Var1
2006 MasterCard
24
State Machine
Variables
This specification identifies two types of transient data elements: Transient data elements with a lifetime that does not exceed the processing of a single C-APDU. For brevity, these data elements are not explicitly created or killed (using NEW and FREE) in this document. Transient data elements with a lifetime that does exceed the processing of a single CAPDU. Their creation and destruction using NEW and FREE are shown explicitly in this document.
It is acceptable to create and kill transient data elements at other points in time, as far as the external behavior of the application is indistinguishable from the behavior specified in this document. Section 7.1 specifies the use of transient data elements with a lifetime spanning a single CAPDU processing throughout the application. This information can be used to decide when to create and kill the data elements in the implementation. Table 3.2 lists the conventions used for data element manipulation.
Table 3.2Conventions used for Data Element Manipulation Operation create kill assign Persistent SAVE
Transient
NEW FREE SET, RESET,
:=
2006 MasterCard
25
State Machine
Variables
2006 MasterCard
26
Signal Processing
Overview
4
4.1
Signal Processing
Overview
The PayPass M/Chip Flex application can reside in either a multi-application environment or in a mono-application environment without changing its behavior. Depending on the ICC platform there will be an internal interface between the PayPass M/Chip Flex application and a 'lower level' ICC processing unit. This unit can be the card operating system or a subunit controlled by the card operating system, e.g. a multi-application manager. For ease of use a common term - card manager - has been chosen for this entity. The card manager controls the PayPass M/Chip Flex application by sending signals via the internal interface. The application state determines which signals are accepted by the PayPass M/Chip Flex application. When the PayPass M/Chip Flex application is in the state IDLE, the only signal accepted from the card manager is the SELECT signal. When the PayPass M/Chip Flex application is active (i.e. the application state is SELECTED or INITIATED), the signals that it accepts from the card manager are: 1. The SELECT signal After successful processing of an incoming SELECT signal the PayPass M/Chip Flex application is activated, i.e. the application goes from the state IDLE to the state SELECTED. If the application receives the SELECT signal in a state other than IDLE, the application, already activated, stays in or goes back to the state SELECTED. 2. A string of bytes representing a card command (i.e. a C-APDU) Any C-APDU received by the card when the PayPass M/Chip Flex application is active will lead to one of the following behaviors: If the C-APDU is recognized by the card manager as a SELECT command of the PayPass M/Chip Flex application, the card manager sends the SELECT signal to the PayPass M/Chip Flex application. If the C-APDU leads to the selection of another application on the card (in the case of a multi-application environment), the UNSELECT signal is sent to the PayPass M/Chip Flex application. If the C-APDU is not a SELECT command, and does not lead to the selection of an application on the card, then the C-APDU is sent to the PayPass M/Chip Flex application as a CARD COMMAND. It is assumed in this specification that the card manager would not send a C-APDU to the application if the bytes received do not contain a valid C-APDU header, so a CARD COMMAND has the following characteristic: Length (CARD COMMAND) >= 4.
2006 MasterCard
27
Signal Processing
Overview
3. The UNSELECT signal The PayPass M/Chip Flex application is de-activated through the UNSELECT signal. Any event leading to an application state transition with destination state IDLE triggers the UNSELECT signal. Table 4.1 lists the valid signals depending on the application state.
Table 4.1Signals sent by the Card Manager Application State Valid signals IDLE
SELECT
SELECTED, INITIATED
SELECT, CARD COMMAND, UNSELECT
Note
The use of the SELECT, CARD COMMAND, UNSELECT signals is an abstraction which, in a real card, can be implemented in various ways.
Figure 4.1 illustrates the overall processing of signals. The following sections of this chapter describe in more detail the different functions referenced in Figure 4.1.
2006 MasterCard
28
Signal Processing
Overview
signal
signal analysis
CARD COMMAND blocked ?
2 4
2'4
2''
no
signal
yes
blocked ? signal
yes
SELECT
no
UNSELECT
signal
no
initial state
yes
C-APDU Recognition
5
other
6
yes
C-APDU Acceptance
6'
no
accepted
yes
signal processing
7 8 9 11
RejectedC-APDU Processing
C-APDU Processing
SELECT Processing
UNSELECT Processing
10
response
12
final state
2006 MasterCard
29
Signal Processing
Overview
Symbol 0, 1 The application receives external signals in any of its states. The current application state determines which signals are accepted by the PayPass M/Chip Flex application, as shown in Table 4.1. Symbol 2
COMMAND
This type of signal carries a string of bytes called CARD COMMAND or C-APDU. A CARD has the following characteristic:
Length (CARD COMMAND) >= 4. It is assumed in this specification that the card manager will not send a C-APDU to the application if the bytes received do not contain a valid C-APDU header. A CARD COMMAND will pass a recognition process called C-APDU Recognition. C-APDU Recognition transforms input bytes sent by the card manager into C-APDU literals recognized by the PayPass M/Chip Flex application. Basically, the application checks that the bytes received represent a C-APDU supported by the application. C-APDU Recognition for PayPass M/Chip Flex is specified as a procedure and described in Section 4.2. Symbol 2' To activate the PayPass M/Chip Flex application, the card manager sends a SELECT signal. The activation of the PayPass M/Chip Flex application (i.e. the processing triggered by the SELECT signal) is specified in Section 4.5. Symbol 2'' The PayPass M/Chip Flex application can be de-activated by the card manager, e.g. if another application is selected in a multi-application environment. The PayPass M/Chip Flex application is also de-activated if the card is reset or powered off. The signals resulting from these events are gathered under the generic name UNSELECT. Symbol 3 Any other signal is ignored. The PayPass M/Chip Flex application returns to the state IDLE. Symbol 4 C-APDUs received from the card manager are first checked against recognized C-APDUs. This is specified in Section 4.2. Symbol 5 Further processing depends on the results of the C-APDU Recognition procedure. Symbol 6 C-APDUs are only accepted if the PayPass M/Chip Flex application is in a state where the C-APDU is allowed to be processed. The C-APDU Acceptance procedure is specified in Section 4.3. Symbol 6' Further processing depends on the results of the C-APDU Acceptance procedure.
2006 MasterCard
30
Signal Processing
Overview
Symbol 7 C-APDUs not supported or C-APDUs received when the PayPass M/Chip Flex application is in an inconsistent state are rejected by the application. The processing of rejected C-APDUs is specified in Section 4.4. Symbol 8 An accepted C-APDU is processed by the application. The processing of accepted C-APDUs is specified in Section 4.7. Symbol 9
SELECT
Symbol 10 The application response may be either an R-APDU, or may consist only of SW1-SW2. Symbol 11 When the PayPass M/Chip Flex application is de-activated, the transient data elements are destroyed. UNSELECT processing is specified in Section 4.6. Symbol 12 When the processing of an external signal is terminated, the application goes to a destination state. The destination state depends on both the signal that has been processed and the original state (i.e. the application state when the signal was received). The destination state is specified in the sections dedicated to the processing of each signal.
2006 MasterCard
31
Signal Processing
C-APDU Recognition
4.2
C-APDU Recognition
The C-APDU Recognition procedure identifies the C-APDU transmitted by the terminal to the PayPass M/Chip Flex application via the card manager. Recognition is based on the CLA and INS byte. The PayPass M/Chip Flex application only supports the CLA and INS bytes specified in Table 4.2. The C-APDU Recognition procedure takes the CLA and INS bytes as input and produces as output the literals specified in the third column of Table 4.2. If the CLA byte of the C-APDU is not one of those listed in Table 4.2, then the C-APDU Recognition procedure returns BAD CLA. If the CLA byte is listed in Table 4.2, but the combination of the CLA and INS byte is not, then the C-APDU Recognition procedure returns BAD INS.
Table 4.2C-APDU Recognition CLA 80 80 80 80 00 00 INS 2A AE CA A8 B2 A4 C-APDU COMPUTE CRYPTOGRAPHIC CHECKSUM GENERATE AC GET DATA GET PROCESSING OPTIONS READ RECORD SELECT
Furthermore, when the application has recognized the C-APDU, it must perform a validity check on the following:
These checks are protocol dependent and cannot be specified independently from the transport layer. As a result, they are not described in the C-APDU Recognition processing flow. However, when the validity check detects an error in the lengths, the output of the procedure C-APDU Recognition is BAD LENGTH. If the output of the C-APDU Recognition is BAD CLA, BAD INS or BAD LENGTH, the C-APDU is not supported by the PayPass M/Chip Flex application.
4.2.1
Input
Input to the procedure C-APDU Recognition is a string of bytes - CARD COMMAND - with the following characteristics: Length (CARD COMMAND) >= 4.
2006 MasterCard
32
Signal Processing
C-APDU Recognition
4.2.2
Processing
CLA = '80'
yes
3
no
CLA = '00'
yes
4 3
else
BAD CLA
4
INS = 'A8'
yes
INS = 'B2'
yes
READ RECORD
4
INS = 'AE'
yes
yes
SELECT
4
else
4
INS = 'CA'
yes
GET DATA
3 4
BAD INS
INS = '2A'
yes
BAD INS
Symbol 2 The CLA byte is checked. Symbol 3 The INS byte is checked. Symbol 4 The result of the CLA byte check and INS byte check is mapped on an output literal.
2006 MasterCard
33
Signal Processing
C-APDU Recognition
4.2.3
Output
The output of the procedure can be one of the following literals: READ RECORD COMPUTE CRYPTOGRAPHIC CHECKSUM GET PROCESSING OPTIONS GENERATE AC SELECT GET DATA BAD CLA BAD INS BAD LENGTH
2006 MasterCard
34
Signal Processing
C-APDU Acceptance
4.3
C-APDU Acceptance
The C-APDU Acceptance procedure checks whether the PayPass M/Chip Flex application is in a valid state to process the C-APDU currently received. Acceptance or rejection of a C-APDU is specified in Table 4.3. If the C-APDU is accepted in the current application state (P: Processed), then the C-APDU is processed as specified in the particular section of Chapter 5 dedicated to the C-APDU. If the C-APDU is rejected in the current state (R/CNS: Rejected, Conditions Not Satisfied), then further processing is specified in Section 4.4.
Table 4.3Acceptance Matrix COMMAND COMPUTE CRYPTOGRAPHIC CHECKSUM GENERATE AC GET PROCESSING OPTIONS READ RECORD SELECT GET DATA SELECTED R/CNS R/CNS P P P P INITIATED P P R/CNS P P P
4.3.1
Input
Input to this procedure is the result of the C-APDU Recognition procedure, i.e. one of the following literals: READ RECORD COMPUTE CRYPTOGRAPHIC CHECKSUM GET PROCESSING OPTIONS GENERATE AC SELECT GET DATA
2006 MasterCard
35
Signal Processing
C-APDU Acceptance
4.3.2
Processing
2 else
yes
yes
3 yes
3 yes
3 yes
else
3 C-APDU = GENERATE AC
yes
else
R / CNS
R / CNS
R / CNS
2006 MasterCard
36
Signal Processing
Rejected C-APDU Processing
Symbol 2 The PayPass M/Chip Flex application checks whether it is in a valid state to process C-APDUs. Symbol 3 The C-APDU currently received is compared to the C-APDUs accepted for processing in the current application state. Depending on the result the decision is P (Process) or R/CNS (Reject, Conditions Not Satisfied).
4.3.3
Output
Output of the procedure can be one of the following literals: P (Process) R/CNS (Reject, Conditions Not Satisfied)
4.4
2. The C-APDU is supported by the PayPass M/Chip Flex application, but the application is in a state where the C-APDU is not accepted. In this case the C-APDU is rejected in the procedure C-APDU Acceptance, with the reason R/CNS.
4.4.1
Input
Input to the procedure is one of the following literals: BAD CLA BAD INS BAD LENGTH R/CNS (Rejected, Conditions not Satisfied)
2006 MasterCard
37
Signal Processing
Rejected C-APDU Processing
4.4.2
Processing
BAD CLA
yes
SW1-SW2='6E00'
BAD INS
yes
SW1-SW2='6D00'
BAD LENGTH
yes
SW1-SW2='6700'
else
SW1-SW2='6985'
R / CNS
CDOL 1 Related Data (00..00) Card Verification Results (00...00) Amount, Authorised (00...00) Amount, Other (0000) Terminal Country Code (0000) Transaction Currency Code (0000) Transaction Date (00...00) Transaction Type (00) Data Authentication Code (0000)
2006 MasterCard
38
Signal Processing
Rejected C-APDU Processing
First AC (00...00) AC Session Key (0000) ICC Dynamic Number(00...00) (if CDA supported)
If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then RESET CVR-UKIS (00...00) If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then RESET CVR-CCD (00...00) If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then RESET CVR-M/Chip 2.05 (00...00) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then RESET CVR-M/Chip Lite 2.1 (00...00)
Symbol 3 The error literal ( the reason for performing Rejected C-APDU Processing) is converted to the appropriate values of SW1-SW2.
4.4.3
4.4.4
Destination State
Table 4.4 lists the destination states after Rejected C-APDU Processing.
Table 4.4Destination State after Rejected C-APDU Processing SW1 6E 6D 67 69 SW2 00 00 00 85 SELECTED SELECTED SELECTED SELECTED SELECTED SELECTED INITIATED SELECTED SELECTED SELECTED SELECTED SELECTED
Other
2006 MasterCard
39
Signal Processing
SELECT Signal Processing
4.5
The processing of the PayPass M/Chip Flex application when a SELECT signal is received varies depending on the application state. If the application is in state IDLE, then the application behavior is specified in Section 4.5.1.1. If the application is in any other state (SELECTED, INITIATED), then its behavior is specified in Section 4.5.1.2.
Note Do not confuse the terms 'SELECT signal' and ' SELECT command'. The SELECT signal is a card level trigger signal whereas the SELECT command is processed by the application during C-APDU processing.
4.5.1.1
POI [1] = 1b
no
yes
2
update PTH
no
blocked ?
yes
2006 MasterCard
40
Signal Processing
SELECT Signal Processing
Symbol 1 The 'Reset PayPass M/Chip Flex offline counters' bit in the POI is checked. Symbol 2 If the 'Reset PayPass M/Chip Flex offline counters' bit in the POI is set (i.e. if POI [1] = 1b), then first the offline counters are reset in non-volatile memory:
SAVE SAVE
Cumulative Offline Transaction Amount (0000) Consecutive Offline Transactions Number (00)
Secondly, the 'Reset PayPass M/Chip Flex offline counters' bit in the POI is reset:
SAVE
Symbol 3 Copy the 'Block PayPass M/Chip Flex application' bit in the POI (i.e. PayPass Options Indicator [3]) to the 'Block application' bit in the Previous Transaction History:
SAVE
CDOL 1 Related Data (00..00) Card Verification Results (00...00) Amount, Authorised (00...00) Amount, Other (0000) Terminal Country Code (0000) Transaction Currency Code (0000) Transaction Date (00...00) Transaction Type (00) Data Authentication Code (0000) ICC Dynamic Number (0000) (if CDA supported) First AC (00...00) AC Session Key (0000)
If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then NEW CVR-UKIS (00...00) If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then NEW CVR-CCD (00...00) If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then NEW CVR-M/Chip 2.05 (00...00) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then NEW CVR-M/Chip Lite 2.1 (00...00)
2006 MasterCard
41
Signal Processing
SELECT Signal Processing
Note
This step corresponds to the creation of all the transient data elements whose existence extends beyond the processing of a single C-APDU. It is possible to create these data elements during the processing of other CAPDUs, without changing the external behavior of the PayPass M/Chip Flex application. This is allowed since it is undetectable by Type Approval services. Section 7.1 gives information about the usage of these transient data elements throughout the PayPass M/Chip Flex application.
Symbol 5 If the application is blocked (i.e. if Previous Transaction History [5] =1b), then the application will return with the FCI and SW1-SW2=6283, otherwise (i.e. if Previous Transaction History [5] = 0b), the application will return with the FCI and SW1-SW2=9000.
4.5.1.2
1 no
blocked?
yes
2006 MasterCard
42
Signal Processing
SELECT Signal Processing
CDOL 1 Related Data (00..00) Card Verification Results (00...00) Amount, Authorised (00...00) Amount, Other (0000) Terminal Country Code (0000) Transaction Currency Code (0000) Transaction Date (00...00) Transaction Type (00) Data Authentication Code (0000) ICC Dynamic Number (0000) (if CDA supported) First AC (00...00) AC Session Key (0000)
If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then RESET CVR-UKIS (00...00) If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then RESET CVR-CCD (00...00) If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then RESET CVR-M/Chip 2.05 (00...00) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then RESET CVR-M/Chip Lite 2.1 (00...00)
Note
This step corresponds to the resetting of all the transient data elements whose existence extends beyond the processing of a single C-APDU. It is possible to reset these data elements during the processing of other CAPDUs, without changing the external behavior of the PayPass M/Chip Flex application. This is allowed since it is undetectable by Type Approval services. Section 7.1 gives information about the usage of these transient data elements throughout the PayPass M/Chip Flex application.
Symbol 1 If the application is blocked (i.e. if Previous Transaction History [5] =1b), then the application will return with the FCI and SW1-SW2=6283, otherwise (i.e. if Previous Transaction History [5] = 0b), the application will return with the FCI and SW1-SW2=9000.
2006 MasterCard
43
Signal Processing
SELECT Signal Processing
4.5.2
The response to the SELECT signal is the FCI corresponding to the ADF selected.
Table 4.5SELECT Signal Response Message Data Element FCI Template Tag 6F
4.5.3
Destination State
2006 MasterCard
44
Signal Processing
UNSELECT Processing
4.6
UNSELECT Processing
When the PayPass M/Chip Flex application is de-selected, the application goes to the state IDLE. All transient data elements are deleted.
4.6.1
Processing
CDOL 1 Related Data Card Verification Results Amount Authorised Amount, Other Terminal Country Code Transaction Currency Code Transaction Date Transaction Type Data Authentication Code ICC Dynamic Number (if CDA supported) First AC AC Session Key
2006 MasterCard
45
Signal Processing
UNSELECT Processing
If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then FREE CVR-UKIS If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then FREE CVR-CCD If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then FREE CVR-M/Chip 2.05 If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then FREE CVR-M/Chip Lite 2.1
4.6.2
Destination State
Table 4.7 lists the application states accepting the UNSELECT signal, together with the resulting destination states.
Table 4.7Destination States for UNSELECT Processing SELECTED IDLE INITIATED IDLE
2006 MasterCard
46
Signal Processing
C-APDU Processing
4.7
C-APDU Processing
Figure 4.8 illustrates the actions taken by the PayPass M/Chip Flex application when a C-APDU is processed.
Figure 4.8Processing a C-APDU
ACCEPTED
SPECIFIC PROCESSING
RESPONSE
DESTINATION STATE
A C-APDU is processed if the C-APDU acceptance procedure has determined that the CAPDU can be accepted in the current application state. The processing that is specific to the C-APDU, the R-APDU resulting from the processing of a C-APDU, and the destination state of the application when the C-APDU has been processed is specified in the section dedicated to the C-APDU. The way the response is sent depends on the protocol and is outside the scope of this specification. The processing that is specific to the C-APDU is specified Chapter 5.
2006 MasterCard
47
Signal Processing
C-APDU Processing
2006 MasterCard
48
C-APDU Processing
Compute Cryptographic Checksum
C-APDU Processing
This chapter specifies the processing specific to each C-APDU supported by the PayPass M/Chip Flex application.
5.1
The COMPUTE CRYPTOGRAPHIC CHECKSUM command message coding is shown in Table 5.1.
Table 5.1COMPUTE CRYPTOGRAPHIC CHECKSUM Command Message Code CLA INS P1 P2 Lc Data Le Value 80 2A 8E 80 04 Unpredictable Number (Numeric) 00
As the UDOL is not provided by the PayPass M/Chip Flex application, the data field of the command message is the value field of the Unpredictable Number (Numeric) data object.
5.1.2
Processing
Figure 5.1 specifies the flow of the COMPUTE CRYPTOGRAPHIC CHECKSUM command processing.
2006 MasterCard
49
C-APDU Processing
Compute Cryptographic Checksum
P1-P2 OK
1
NOK
SW1-SW2='6A86' NOK
Lc OK
2
SW1-SW2='6700' NOK
BLOCKED? OK
3
SW1-SW2='6985' NO
YES
SW1-SW2='9000'
Symbol 0 If P1 8E or P2 80, then the C-APDU is rejected (SW1-SW2 = 6A86). Symbol 1 If Lc 4, then the C-APDU is rejected (SW1-SW2 = 6700). Symbol 2 If the application is blocked (i.e. if Previous Transaction History[5] = 1b), then the C-APDU is rejected (SW1-SW2=6985). Symbol 3 The PayPass M/Chip Flex application checks if the Static CVC3 must be used (i.e. if Application Control[3][8] = 1b).
Version 1.1 - October 2006
2006 MasterCard
50
C-APDU Processing
Compute Cryptographic Checksum
Symbol 4 If Static CVC3 must be used, then the PayPass M/Chip Flex application sets CVC3TRACK1 equal to Static CVC3TRACK1 and CVC3TRACK2 equal to Static CVC3TRACK2. Symbol 5 The PayPass M/Chip Flex application generates CVC3TRACK1 and CVC3TRACK2 as specified in Section6.2. Symbol 6 The PayPass M/Chip Flex application generates the response message template containing the CVC3TRACK1, the CVC3TRACK2 and the ATC.
5.1.3
The data field of the response message is a constructed data object with tag 77. As shown in Table 5.2, the value field of the constructed data object includes the CVC3TRACK1, the CVC3TRACK2 and the ATC.
Table 5.2COMPUTE CRYPTOGRAPHIC CHECKSUM Response Message Data Element Response Message Template CVC3TRACK2 CVC3TRACK1 ATC Tag 77 9F61 9F60 9F36 Length 15 2 2 2
The CVC3TRACK2 and the CVC3TRACK1 are cryptograms generated by the PayPass M/Chip Flex application according the algorithm specified in Sections 6.2, 6.3 and 6.5. Both cryptograms are generated with the same dynamic data (UN and ATC) and with the same secret key (ICC Derived Key for CVC3 Generation), but with a different initialization vector (IVCVC3TRACK1 for CVC3TRACK1 and IVCVC3TRACK2 for CVC3TRACK2).
5.1.4
Destination State
The destination states for the COMPUTE CRYPTOGRAPHIC CHECKSUM command are listed in Table 5.3.
Table 5.3Destination State for COMPUTE CRYPTOGRAPHIC CHECKSUM Command SW1 67 69 6A 90 SW2 00 85 86 00 Other INITIATED SELECTED SELECTED SELECTED SELECTED SELECTED
2006 MasterCard
51
C-APDU Processing
Generate Application Cryptogram
5.2
2006 MasterCard
52
C-APDU Processing
Generate Application Cryptogram
5.2.2
5.2.2.1
Processing
Flow, First Generate AC, Starting Diagram
P1-P2
KO
sw12:='6A86'
OK 2
Lc
KO
sw12:='6700'
OK
update CVR
application blocked?
no 6 ARQC
yes
AC requested?
AAC
TC 7 8 9
ARQC requested
TC requested
decision AAC
2006 MasterCard
53
C-APDU Processing
Generate Application Cryptogram
Symbol 1 If CDA supported: (P1[8-7] = 00b or 01b or 10b) and P2=00, otherwise the C-APDU is rejected (SW1-SW2 = 6A86). If CDA not supported: (P1[8-7] = 00b or 01b or 10b) and P1[5] = 0b and P2=00, otherwise the C-APDU is rejected (SW1-SW2 = 6A86). Symbol 2 32 <= Lc and Lc = CDOL 1 Related Data Length, otherwise the C-APDU is rejected (SW1-SW2 = 6700). Symbol 3 The transaction related transient data elements are filled with the values given in the Transaction Related Data (GENERATE AC command message data):
SET CDOL 1 Related Data (CDOL 1 Related Data Length bytes from the Transaction Related Data) SET SET SET SET SET SET SET SET SET SET SET
Amount, Authorised (Numeric) (6 bytes from the Transaction Related Data) Amount, Other (6 bytes from the Transaction Related Data) Terminal Country Code (2 bytes from the Transaction Related Data) Terminal Verification Results (5 bytes from the Transaction Related Data) Transaction Currency Code (2 bytes from the Transaction Related Data) Transaction Date (3 bytes from the Transaction Related Data) Transaction Type (1 byte from the Transaction Related Data) Unpredictable Number (4 bytes from the Transaction Related Data) Terminal Type (1 byte from the Transaction Related Data) Data Authentication Code (2 bytes from the Transaction Related Data)
CDOL1 Extension (CDOL 1 Related Data Length 32 remaining bytes from the Transaction Related Data)
Note that it is possible to keep only the value of CDOL 1 Related Data and to work with offsets to access the values corresponding to the variables in CDOL 1 Related Data. In this case, no assignation is required. Note also that the application does not use the CDOL1 Extension as an individual element, but always as part of the CDOL 1 Related Data.
Note
2006 MasterCard
54
C-APDU Processing
Generate Application Cryptogram
Symbol 4 The Card Verification Results is updated: If (Terminal Country Code = CRM Country Code), then the Domestic Transaction bit in the Card Verification Results is set to 1b:
SET
Card Verification Results [4][2] (1b) Card Verification Results [4][3] (1b)
Byte 5 bits 8 to 5 in the Card Verification Results are updated to reflect the values of the offline counters: If (Consecutive Offline Transactions Number > Lower Consecutive Offline Limit), then the Lower Consecutive Offline Limit Exceeded bit in the Card Verification Results is set to 1b:
SET
If (Consecutive Offline Transactions Number > Upper Consecutive Offline Limit), then the Upper Consecutive Offline Limit Exceeded bit in the Card Verification Results is set to 1b:
SET
If (Cumulative Offline Transaction Amount > Lower Cumulative Offline Transaction Amount), then the Lower Cumulative Offline Limit Exceeded bit in the Card Verification Results is set to 1b:
SET
If (Cumulative Offline Transaction Amount > Upper Cumulative Offline Transaction Amount), then the Upper Cumulative Offline Limit Exceeded bit in the Card Verification Results is set to 1b:
SET
The Card Verification Results is mapped on the CVR of the active co-application: If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then If (Card Verification Results [5][8] = 1b or Card Verification Results [5][7] = 1b or Card Verification Results [5][6] = 1b or Card Verification Results [5][5] = 1b), then
SET
2006 MasterCard
55
C-APDU Processing
Generate Application Cryptogram
If (Card Verification Results [5][7] = 1b), then SET CVR-CCD [3][7] (1b) If (Card Verification Results [5][6] = 1b), then SET CVR-CCD [3][6] (1b) If (Card Verification Results [5][5] = 1b), then SET CVR-CCD [3][5] (1b) If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then If (Card Verification Results [5][8] = 1b or Card Verification Results [5][7] = 1b), then SET CVR-M/Chip 2.05 [3][6] (1b) If (Card Verification Results [5][8] = 1b or Card Verification Results [5][6] = 1b), then SET CVR-M/Chip 2.05 [4][3] (1b) If (Card Verification Results [5][7] = 1b or Card Verification Results [5][5] = 1b), then SET CVR-M/Chip 2.05 [4][2] (1b) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then If (Card Verification Results [5][8] = 1b or Card Verification Results [5][7] = 1b), then SET CVR-M/Chip Lite 2.1 [3][6] (1b) If (Card Verification Results [5][8] = 1b or Card Verification Results [5][6] = 1b), then SET CVR-M/Chip Lite 2.1 [4][3] (1b) If (Card Verification Results [5][7] = 1b or Card Verification Results [5][5] = 1b), then SET CVR-M/Chip Lite 2.1 [4][2] (1b) If 'Activate additional check table' is set in the Application Control (i.e. if Application Control [2][3] = 1b), then the application performs the additional check on CDOL 1 Related Data with the Additional Check Table. If (Position in CDOL 1 Related Data = 00), then the check with the Additional Check Table is terminated (the application goes to Symbol 5 without setting bits in the Card Verification Results [6]). If (Position in CDOL 1 Related Data + Length in CDOL 1 Related Data 1 > CDOL 1 Related Data Length), then the check with the Additional Check Table is terminated (the application goes to Symbol 5 without setting bits in the Card Verification Results [6]). If (Length in CDOL 1 Related Data * Number of Entries > 15), then the check with the Additional Check Table is terminated (the application goes to Symbol 5 without setting bits in the Card Verification Results [6]). Masked Value = CDOL 1 Related Data [Position in CDOL 1 Related Data to Position in CDOL 1 Related Data + Length in CDOL 1 Related Data - 1] & Bit Mask
2006 MasterCard
56
C-APDU Processing
Generate Application Cryptogram
for (i = 2; i <= Number of Entries, i++) { Entry i = Additional Check Table [4 + (i-1) * Length in CDOL 1 Related Data to 4 + i * Length in CDOL 1 Related Data - 1] if (Masked Value = Entry i), then SET Card Verification Results [6][2](1b) (match found in Additional Check Table) Exit loop and terminate check with the Additional Check Table (the application goes to Symbol 5) }
SET
Card Verification Results [6][1](1b) (no match found in Additional Check Table)
Terminate check with the Additional Check Table (the application goes to Symbol 5).
Note
This is the first time bits from the Card Verification Results are set since they were reset to 0b. Therefore, all bits that are not set in this step have a value of 0b.
Symbol 5 If the application is blocked (i.e. if Previous Transaction History[5] =1b), then the PayPass M/Chip Flex application generates an AAC. Symbols 6-7-8-9 If the application is not blocked (i.e. if Previous Transaction History[5] = 0b), then the process depends on the terminal request. If the terminal requests an ARQC (i.e. if Reference Control Parameter [8-7] = 10b), then the terminal asks for an online transaction. This PayPass M/Chip Flex application process is specified in Section 5.2.2.2. If the terminal requests a TC (i.e. if Reference Control Parameter [8-7] = 01b), then the terminal asks for an offline transaction. This PayPass M/Chip Flex application process is specified in Section 5.2.2.3. If the terminal requests an AAC (i.e. if Reference Control Parameter [8-7] = 00b), then the terminal declines the transaction. The PayPass M/Chip Flex application generates an AAC. The computation of an AAC is specified in Section 5.2.2.4 (if CDA supported) and Section 5.2.2.5 (if CDA not supported).
2006 MasterCard
57
C-APDU Processing
Generate Application Cryptogram
5.2.2.2
ARQC requested
do not decline 11 9
decision ARQC
decision AAC
Symbol 10' If the Offline-only bit is set in the Application Control (i.e. Application Control[1][6] = 1b), then the PayPass M/Chip Flex application will decline the transaction and compute an AAC, otherwise the PayPass M/Chip Flex application will check the Card Issuer Action Code Decline. Symbol 10 The decisional part of the Card Verification Results is checked against the Card Issuer Action Code Decline: If ((Card Verification Results[4-6] & Card Issuer Action Code Decline) <> 000000), then the PayPass M/Chip Flex application declines the transaction and will compute an AAC, otherwise the PayPass M/Chip Flex application will compute an ARQC. Symbol 9 The computation of an AAC is specified in Section 5.2.2.4 (if CDA supported) and Section 5.2.2.5 (if CDA not supported). Symbol 11 The computation of an ARQC is specified in Section 5.2.2.4 (if CDA supported) and Section 5.2.2.5 (if CDA not supported).
2006 MasterCard
58
C-APDU Processing
Generate Application Cryptogram
5.2.2.3
TC requested
decline
decision AAC
do not decline
13
transaction currency
application currency
other
convertible currency
15
15 '
KO
17
KO 14 '
KO
16 '
NO
19
18
2006 MasterCard
59
C-APDU Processing
Generate Application Cryptogram
update POI
20'
offline-only?
no
20
yes
offline only
22
no
21 23
offline
offline
25
online
update counters
decline
11
27
decision ARQC
decision TC
decision AAC
2006 MasterCard
60
C-APDU Processing
Generate Application Cryptogram
Symbol 12 The decisional part of the Card Verification Results is checked against the Card Issuer Action Code Decline: If ((Card Verification Results[4-6] & Card Issuer Action Code Decline) <> 000000), then the PayPass M/Chip Flex application declines the transaction and will compute an AAC. Symbol 9 The computation of an AAC is specified in Section 5.2.2.4 (if CDA supported) and Section 5.2.2.5 (if CDA not supported). Symbol 13 The Transaction Currency Code is checked against the CRM Currency Code and the Currency Conversion Parameters 1 to 5: If (Transaction Currency Code = CRM Currency Code), then the Amount, Authorised will be added to the Cumulative Offline Transaction Amount without conversion, otherwise the Transaction Currency Code is checked against the Currency Code in the Currency Conversion Parameters 1 to 5 1: for (i=1; i<=5, i++) { If (Transaction Currency Code = Currency Conversion Parameters i [1-2]), then exit loop to convert the Amount, Authorised into the Amount in Counter Currency, using the Currency Conversion Parameters i } If ((Transaction Currency Code <> CRM Currency Code ) and (Transaction Currency Code <> Currency Code for Currency Conversion Parameters 1 to 5)), then the Consecutive Offline Transactions Number will be incremented. Symbols 14, 14 The value of the Cumulative Offline Transaction Amount is computed and stored in a temporary variable: Temp Cumulative Offline Transaction Amount := Cumulative Offline Transaction Amount + Amount, Authorised. If an overflow happens during the addition (i.e. the result exceeds 999999999999), then the C-APDU is rejected (SW1-SW2 = 6985).
Note The result of the addition is not stored in non-volatile memory at this point (i.e. Cumulative Offline Transaction Amount in non-volatile memory is not yet impacted by the addition) as the addition is performed on a transient data element. The Temp Cumulative Offline Transaction Amount does not exist beyond a single C-APDU processing, as it is not mentioned in Section 7.1.
Note
2006 MasterCard
61
C-APDU Processing
Generate Application Cryptogram
Symbols 15, 15 The Amount, Authorised is converted into the Amount in Counter Currency, using the Currency Conversion Parameters 1 to 5. This process is specified in Annex B. If an overflow happens during the conversion, then the C-APDU is rejected (SW1-SW2 = 6985). Symbol 16, 16 The value of the Cumulative Offline Transaction Amount is computed and stored in a temporary variable: Temp Cumulative Offline Transaction Amount := Cumulative Offline Transaction Amount + Amount in Counter Currency. If an overflow happens during the addition (i.e. the result exceeds 999999999999), then the C-APDU is rejected (SW1-SW2 = 6985). Symbol 17 The value of the Consecutive Offline Transactions Number is computed and stored in a temporary variable: Temp Consecutive Offline Transactions Number := Consecutive Offline Transactions Number +1. If an overflow happens during the addition (i.e. the result exceeds FF), then the counter remains at FF (i.e. FF+1=FF for this operation).
Note The result of the increment is not stored in non-volatile memory at this point (i.e. Consecutive Offline Transactions Number in non-volatile memory is not yet impacted by the addition) as addition is performed on a transient data element. The Temp Consecutive Offline Transactions Number does exist beyond a single C-APDU processing, since it is not mentioned in Section 7.1.
Note
Symbols 18 If the always add to consecutive transaction number bit is set in the Application Control (i.e. if Application Control [2][4] = 1b), then the current transaction is added to the Consecutive Offline Transactions Number. Symbol 18 The Card Verification Results is updated: If (Temp Cumulative Offline Transaction Amount > Lower Cumulative Offline Transaction Amount), then the Lower Cumulative Offline Limit Exceeded bit in the Card Verification Results is set to 1b:
SET
2006 MasterCard
62
C-APDU Processing
Generate Application Cryptogram
If (Temp Cumulative Offline Transaction Amount > Upper Cumulative Offline Transaction Amount), then the Upper Cumulative Offline Limit Exceeded bit in the Card Verification Results is set to 1b:
SET
The Card Verification Results is mapped on the CVR of the active co-application: If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then If (Card Verification Results [5][6] = 1b or Card Verification Results [5][5] = 1b), then SET CVR-UKIS [3][6] (1b) If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then If (Card Verification Results [5][6] = 1b), then SET CVR-CCD [3][6] (1b) If (Card Verification Results [5][5] = 1b), then SET CVR-CCD [3][5] (1b) If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then If (Card Verification Results [5][6] = 1b), then SET CVR-M/Chip 2.05 [4][3] (1b) If (Card Verification Results [5][5] = 1b) , then SET CVR-M/Chip 2.05 [4][2] (1b) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then If (Card Verification Results [5][6] = 1b) , then SET CVR-M/Chip Lite 2.1 [4][3] (1b) If (Card Verification Results [5][5] = 1b), then SET CVR-M/Chip Lite 2.1 [4][2] (1b)
Symbol 19 The Card Verification Results is updated: If (Temp Consecutive Offline Transactions Number > Lower Consecutive Offline Limit), then the Lower Consecutive Offline Limit Exceeded bit in the Card Verification Results is set to 1b:
SET
If (Temp Consecutive Offline Transactions Number > Upper Consecutive Offline Limit), then the Upper Consecutive Offline Limit Exceeded bit in the Card Verification Results is set to 1b:
SET
The Card Verification Results is mapped on the CVR of the active co-application: If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then If (Card Verification Results [5][8] = 1b or Card Verification Results [5][7] = 1b), then SET CVR-UKIS [3][6] (1b)
2006 MasterCard
63
C-APDU Processing
Generate Application Cryptogram
If (Card Verification Results [5][7] = 1b), then SET CVR-CCD [3][7] (1b) If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then If (Card Verification Results [5][8] = 1b), then SET CVR-M/Chip 2.05 [3][6] (1b) SET CVR-M/Chip 2.05 [4][3] (1b) If (Card Verification Results [5][7] = 1b), then SET CVR-M/Chip 2.05 [3][6] (1b) SET CVR-M/Chip 2.05 [4][2] (1b) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then If (Card Verification Results [5][8] = 1b), then SET CVR-M/Chip Lite 2.1 [3][6] (1b) SET CVR-M/Chip Lite 2.1 [4][3] (1b) If (Card Verification Results [5][7] = 1b), then SET CVR-M/Chip Lite 2.1 [3][6] (1b) SET CVR-M/Chip Lite 2.1 [4][2] (1b) Symbol 20 Update the Go online on next transaction bit in the POI. If one of the offline counters exceeds the lower limit, then the bit is set, otherwise the bit is reset:
SAVE
POI [2] (Card Verification Results [5][8] | Card Verification Results [5][6])
Symbol 20 If the Offline-only bit is set in the Application Control (i.e. Application Control[1][6] = 1b), then the PayPass M/Chip Flex application will not check the Card Issuer Action Code Online, otherwise the PayPass M/Chip Flex application will check if the terminal is online capable. Symbol 20 If the terminal is offline only (i.e. if Terminal Type = 23 or 26 or 36), then the PayPass M/Chip Flex application will not check the Card Issuer Action Code Online, otherwise the PayPass M/Chip Flex application will check the Card Issuer Action Code Online.
2006 MasterCard
64
C-APDU Processing
Generate Application Cryptogram
Symbol 21 If the terminal is online capable, then the PayPass M/Chip Flex application checks the Card Issuer Action Code Online: If ((Card Verification Results[4-6] & Card Issuer Action Code Online) <> 000000), then the PayPass M/Chip Flex application will compute an ARQC, otherwise the PayPass M/Chip Flex application will approve the transaction and compute a TC. Symbol 22 If the terminal is offline only, then the PayPass M/Chip Flex application checks if the Card Issuer Action Code Default is to be used: If (the terminal is a CAT3 terminal (i.e. if the Terminal Type = 26) and the Skip CIAC-Default on CAT3 bit is set in the Application Control (i.e. if Application Control[1][7] = 1b)), then the PayPass M/Chip Flex application will approve the transaction without checking the Card Issuer Action Code Default and will compute a TC, otherwise the PayPass M/Chip Flex application will check the Card Issuer Action Code Default. Symbol 23 The PayPass M/Chip Flex application checks the Card Issuer Action Code Default: If ((Card Verification Results[4-6] & Card Issuer Action Code Default) <> 000000), then the PayPass M/Chip Flex application will decline the transaction and compute an AAC, otherwise the PayPass M/Chip Flex application will approve the transaction and compute a TC. Symbol 25 If modified, then the Cumulative Offline Transaction Amount is updated in non-volatile memory:
SAVE
If modified, then the Consecutive Offline Transactions Number is updated in non-volatile memory:
SAVE
Consecutive Offline Transactions Number (Temp Consecutive Offline Transactions Number) Symbol 27
The computation of a TC is specified in Section 5.2.2.4 (if CDA supported) and Section 5.2.2.5 (if CDA not supported).
2006 MasterCard
65
C-APDU Processing
Generate Application Cryptogram
5.2.2.4
This section specifies how the AAC, TC and ARQC are computed by the PayPass M/Chip Flex application. It also specifies how the PayPass M/Chip Flex application calculates the corresponding response message to the GENERATE AC when CDA is supported.
Figure 5.6AAC, TC, ARQC Generation and Corresponding Response Message for GENERATE AC 1 (CDA Supported)
decision AAC
9
decision TC
27
decision ARQC
11
100
101
102
103
103
combined
combined
104
combined
combined
104
2006 MasterCard
66
C-APDU Processing
Generate Application Cryptogram
Figure 5.7AAC, TC, ARQC Generation and Corresponding Response Message for GENERATE AC 2 (CDA Supported)
previous diagram
107
compute AAC/TC/ARQC
108
111
combined
112
113
not combined
build response
build response
118
118
resp., sw12='9000'
2006 MasterCard
67
C-APDU Processing
Generate Application Cryptogram
Symbol 100 The Card Verification Results is updated (the AC Returned in First Generate AC bits are set to AAC, the AC Returned in Second Generate AC bits are set to not requested):
SET
The Card Verification Results is mapped on the CVR of the active co-application: If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then SET CVR-UKIS [2][8-5] (1000b)
SET
If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then CVR-CCD [1][8-5] (1000b)
If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then SET CVR-M/Chip 2.05 [2][8-5] (1000b) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then SET CVR-M/Chip Lite 2.1 [2][8-5] (1000b) The Cryptogram Information Data is set to AAC:
SET
Symbol 101 The Card Verification Results is updated (the AC Returned in First Generate AC bits are set to TC, the AC Returned in Second Generate AC bits are set to not requested):
SET
The Card Verification Results is mapped on the CVR of the active co-application: If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then SET CVR-UKIS [2][8-5] (1001b)
SET
If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then CVR-CCD [1][8-5] (1001b)
If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then SET CVR-M/Chip 2.05 [2][8-5] (1001b) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then SET CVR-M/Chip Lite 2.1 [2][8-5] (1001b) The Cryptogram Information Data is set to TC:
SET
2006 MasterCard
68
C-APDU Processing
Generate Application Cryptogram
Symbol 102 The Card Verification Results is updated (the AC Returned in First Generate AC bits are set to ARQC, the AC Returned in Second Generate AC bits are set to not requested):
SET
The Card Verification Results is mapped on the CVR of the active co-application: If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then SET CVR-UKIS [2][8-5] (1010b) If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then SET CVR-CCD [1][8-5] (1010b) If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then SET CVR-M/Chip 2.05 [2][8-5] (1010b) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then SET CVR-M/Chip Lite 2.1 [2][8-5] (1010b)
Symbol 103 If the terminal asks for combined DDA/AC generation (i.e. if Reference Control Parameter[5] = 1b), then the Card Verification Results is updated. Symbol 104 The Combined DDA/AC Generation Returned in First Generate AC bit is set in the Card Verification Results:
SET
If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then the CDA performed bit is set in the CVR-CCD:
SET
Symbol 107 The PayPass M/Chip Flex application computes the AAC, TC or ARQC using the algorithm determined in Section 6.1. Symbol 108 The PayPass M/Chip Flex application computes the Issuer Application Data. For values refer to Annex A.
2006 MasterCard
69
C-APDU Processing
Generate Application Cryptogram
Symbol 111 If the terminal asks for combined DDA/AC generation (i.e. if Reference Control Parameter[5] = 1b) and the decision is to compute a TC or ARQC, then the PayPass M/Chip Flex application will wrap the TC/ARQC in a RSA envelope. If the terminal does not ask for combined DDA/AC generation (i.e. if Reference Control Parameter[5] = 0b) or the decision is to compute an AAC, then the PayPass M/Chip Flex application will build the response. Symbol 112 The PayPass M/Chip Flex application computes the Hash Result on CDOL 1 Related Data and Generate AC Response Data (except the Signed Dynamic Application Data). See [EMV BOOK 2], Section 6.6.1, for details. Symbol 113 The PayPass M/Chip Flex application builds the ICC Dynamic Data. See [EMV BOOK 2], Section 6.6.1, for details. Symbol 114 The PayPass M/Chip Flex application computes the Hash of the Dynamic Application Data and its Related Information. See [EMV BOOK 2], Section 6.6.1, for details. Symbol 115 The PayPass M/Chip Flex application computes the RSA signature. See [EMV BOOK 2], Section 6.6.1, for details. Symbol 116 If Combined DDA/Application Cryptogram Generation (CDA) has been chosen for the current transaction and the ICC returns a TC or ARQC, then the GENERATE AC response message data field is an EMV Format 2 constructed data object with tag equal to '77' containing the BER-TLV coded objects specified in Table 5.6. If the ICC returns an AAC, then the GENERATE AC response message data field is an EMV Format 2 constructed data object with tag equal to '77' containing the BER-TLV coded objects specified in Table 5.7.
Table 5.6 GENERATE AC Response Message Data Field (CDA) Tag 9F27 9F36 9F4B 9F10 Length 1 2 NIC up to 32 Description Cryptogram Information Data Application Transaction Counter Signed Dynamic Application Data Issuer Application Data (coded according to the active co-application)
2006 MasterCard
70
C-APDU Processing
Generate Application Cryptogram
Symbol 117 If Static Data Authentication has been chosen for the current transaction (i.e. AC generation is not combined with DDA), then the GENERATE AC response message data field for an AAC, TC or ARQC is an EMV Format 2 constructed data object with tag equal to '77' containing the BER-TLV coded objects specified in Table 5.7.
Table 5.7 GENERATE AC Response Message Data Field (SDA) Tag 9F27 9F36 9F26 9F10 Length 1 2 8 up to 32 Description Cryptogram Information Data Application Transaction Counter Application Cryptogram Issuer Application Data (coded according to the active co-application)
2006 MasterCard
71
C-APDU Processing
Generate Application Cryptogram
5.2.2.5
This section specifies how the AAC, TC and ARQC are computed by the PayPass M/Chip Flex application, as well as the corresponding response message to the first GENERATE AC when CDA is not supported.
Figure 5.8AAC, TC, ARQC Generation and Corresponding Response Message for GENERATE AC (CDA not supported)
decision AAC
9
decision TC
27
decision ARQC
11
100
101
102
103
compute AAC/TC/ARQC
103'
build response
105
2006 MasterCard
72
C-APDU Processing
Generate Application Cryptogram
Symbol 100 The Card Verification Results is updated (the AC Returned in First Generate AC bits are set to AAC, the AC Returned in Second Generate AC bits are set to not requested):
SET
The Card Verification Results is mapped on the CVR of the active co-application: If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then SET CVR-UKIS [2][8-5] (1000b)
SET
If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then CVR-CCD [1][8-5] (1000b)
If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then SET CVR-M/Chip 2.05 [2][8-5] (1000b) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then SET CVR-M/Chip Lite 2.1 [2][8-5] (1000b) The Cryptogram Information Data is set to AAC:
SET
Symbol 101 The Card Verification Results is updated (the AC Returned in First Generate AC bits are set to TC, the AC Returned in Second Generate AC bits are set to not requested):
SET
The Card Verification Results is mapped on the CVR of the active co-application: If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then SET CVR-UKIS [2][8-5] (1001b)
SET
If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then CVR-CCD [1][8-5] (1001b)
If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then SET CVR-M/Chip 2.05 [2][8-5] (1001b) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then SET CVR-M/Chip Lite 2.1 [2][8-5] (1001b) The Cryptogram Information Data is set to TC:
SET
2006 MasterCard
73
C-APDU Processing
Generate Application Cryptogram
Symbol 102 The Card Verification Results is updated (the AC Returned in First Generate AC bits are set to ARQC, the AC Returned in Second Generate AC bits are set to not requested):
SET
The Card Verification Results is mapped on the CVR of the active co-application: If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then SET CVR-UKIS [2][8-5] (1010b) If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then SET CVR-CCD [1][8-5] (1010b) If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then SET CVR-M/Chip 2.05 [2][8-5] (1010b) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then SET CVR-M/Chip Lite 2.1 [2][8-5] (1010b)
Symbol 103 The PayPass M/Chip Flex application computes the AAC, TC or ARQC using the algorithm determined in Section 6.1. Symbol 103' The PayPass M/Chip Flex application builds the Issuer Application Data. For values refer to Annex A. Symbol 104 The GENERATE AC response message data field for an AAC, TC or ARQC is an EMV Format 2 constructed data object with tag equal to '77' containing the BER-TLV coded objects specified in Table 5.8.
Table 5.8 GENERATE AC Response Message Data Field (SDA) Tag 9F27 9F36 9F26 9F10 Length 1 2 8 up to 32 Description Cryptogram Information Data Application Transaction Counter Application Cryptogram Issuer Application Data (coded according to the active co-application)
2006 MasterCard
74
C-APDU Processing
Generate Application Cryptogram
5.2.3
The response message varies with the cryptogram computed and is specified in the sections dedicated to the cryptogram generation.
5.2.4
Destination State
The destination states for the GENERATE AC command are listed in Table 5.9.
Table 5.9Destination State for GENERATE AC Command SW1 67 69 6A 90 SW2 00 85 86 00 Other INITIATED SELECTED SELECTED SELECTED SELECTED SELECTED
2006 MasterCard
75
C-APDU Processing
Get Data
5.3
GET DATA
5.3.1 Command Message
Single byte tags are preceded with a leading 00 byte to fill P1/P2. Table 5.11 shows the tag values that must be supported by the GET DATA command of the PayPass M/Chip Flex application.
Table 5.11Tag Values for GET DATA P1/P2 0082 0094 00C3 00C4 00C5 00C6 00C7 00C8 00C9 00CA 00CB 00D1 00D3 00D5 9F14 9F23 9F50 9F7A 9F7E DF02 Data Element Application Interchange Profile Application File Locator Card Issuer Action Code Decline Card Issuer Action Code Default Card Issuer Action Code Online Counters CDOL 1 Related Data Length CRM Country Code CRM Currency Code Lower Cumulative Offline Transaction Amount Upper Cumulative Offline Transaction Amount Currency Conversion Table Additional Check Table Application Control Lower Consecutive Offline Limit Upper Consecutive Offline Limit Offline Balance Offline Consecutive Transactions Remaining Application Life Cycle Data Security Limits Status Length 2 var 3 3 3 10 1 2 2 6 6 25 18 3 1 1 6 1 48 1
2006 MasterCard
76
C-APDU Processing
Get Data
5.3.2
Processing
Figure 5.9 specifies the flow of the GET DATA command processing.
Figure 5.9GET DATA Processing
P1-P2
KO
sw12:= '6A88'
OK 2 3 yes
allowed
no yes 4
no
6 yes
Tag = no '9F7A'
allowed
no yes 7
no
2006 MasterCard
77
C-APDU Processing
Get Data
Symbol 1 P1/P2 is an accepted tag (i.e. tag in Table 5.11), otherwise the C-APDU is rejected (6A88). Symbol 2 If P1/P2 carry the tag of the Offline Balance (i.e. if P1/P2 = 9F50), then the application will check the Application Control. Symbol 3 If retrieval of the Offline Balance is allowed (i.e. if Application Control[2][2] = 1b), then the application will compute the offline balance. Otherwise the C-APDU is rejected (6985). Symbol 4 The Offline Balance is computed as follows: Offline Balance = Upper Cumulative Offline Transaction Amount - Cumulative Offline Transaction Amount. If an overflow occurs (i.e. if Upper Cumulative Offline Transaction Amount < Cumulative Offline Transaction Amount), then the value returned for the Offline Balance is 000000000000. Symbol 5 If P1/P2 carry the tag of the Offline Consecutive Transactions Remaining (i.e. if P1/P2 = 9F7A), then the application will check the Application Control. Symbol 6 If retrieval of the Offline Balance is allowed (i.e. if Application Control[2][2] = 1b), then the application will compute the Offline Consecutive Transactions Remaining. Otherwise the C-APDU is rejected (6985). Symbol 7 The Offline Consecutive Transactions Remaining is computed as follows: Offline Consecutive Transactions Remaining = Upper Consecutive Offline Limit Consecutive Offline Transactions Number. If an overflow occurs (i.e. if Upper Consecutive Offline Limit < Consecutive Offline Transaction Number), then the value returned for the Offline Consecutive Transactions Remaining is 00.
2006 MasterCard
78
C-APDU Processing
Get Data
5.3.3
The data field of the response message contains the data object, TLV encoded.
Table 5.12GET DATA Response Message Name Tag Length Value Length 1 or 2 1 var.
5.3.4
Destination State
The destination states for the GET DATA command are listed in Table 5.13.
Table 5.13Destination State for GET DATA Command SW1 69 6A 90 SW2 85 88 00 Other SELECTED SELECTED SELECTED SELECTED SELECTED INITIATED SELECTED SELECTED INITIATED SELECTED
2006 MasterCard
79
C-APDU Processing
Get Processing Options
5.4
The GET PROCESSING OPTIONS command message is coded according to Table 5.14.
Table 5.14GET PROCESSING OPTIONS Command Message Code CLA INS P1 P2 Lc Data Le Value 80 A8 00 00 02 PDOL Related Data 00
PDOL Related Data follows a command template equal to 83 and is empty as shown in Table 5.15.
Table 5.15PDOL Related Data Data Element PDOL Related Data Tag 83 Length 00 Value empty
2006 MasterCard
80
C-APDU Processing
Get Processing Options
5.4.2
Processing
Figure 5.10 specifies the flow of the GET PROCESSING OPTIONS command processing.
Figure 5.10GET PROCESSING OPTIONS Processing
P1-P2
KO
sw12:='6A86'
4''
application disabled?
OK 2 no KO 5
yes
sw12:='6985'
Lc
sw12:='6700'
OK 3
KO
sw12:='6985'
compute ICC DN
no
4'
disable application
Symbol 1 P1=00 and P2=00, otherwise the C-APDU is rejected (6A86). Symbol 2 Lc=02, otherwise the C-APDU is rejected (6700). Symbol 3 PDOL Related Data = 8300, otherwise the C-APDU is rejected (6985).
2006 MasterCard
81
C-APDU Processing
Get Processing Options
Symbol 4, 4' If the Application Transaction Counter has reached the limit (i.e. if Application Transaction Counter >= Application Transaction Counter Limit), then the application is disabled:
SAVE
Symbol 4'' If the application is disabled (i.e. if Previous Transaction History [6] = 1b), then GET PROCESSING OPTIONS is rejected (6985). Symbol 5 The transaction related transient data elements are reset:
RESET RESET RESET RESET RESET RESET RESET RESET RESET RESET RESET RESET
CDOL 1 Related Data (00..00) Card Verification Results (00...00) Amount, Authorised (00...00) Amount, Other (0000) Terminal Country Code (0000) Transaction Currency Code (0000) Transaction Date (00...00) Transaction Type (00) Data Authentication Code (0000) ICC Dynamic Number (0000) (if CDA supported) First AC (00...00) AC Session Key (0000)
If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then RESET CVR-UKIS (00...00) If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then RESET CVR-CCD (00...00) If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then RESET CVR-M/Chip 2.05 (00...00) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then RESET CVR-M/Chip Lite 2.1 (00...00)
This step corresponds to the resetting of all the transient data elements that exist beyond the processing of a single C-APDU. It is possible to reset these data elements during the processing of other C-APDUs, without changing the external behavior of the PayPass M/Chip Flex application. This is allowed since it is undetectable by Type Approval. Section 7.1 gives information about the usage of these transient data elements throughout the PayPass M/Chip Flex application.
Note
2006 MasterCard
82
C-APDU Processing
Get Processing Options
Symbol 6 The Application Transaction Counter is incremented and saved in non-volatile memory:
SAVE
Symbol 7 If CDA supported: The ICC Dynamic Number (ICC DN) is computed using the ICC Dynamic Number Master Key (MKIDN) and the Application Transaction Counter (ATC): ICC DN := DES3 (MKIDN) [(ATC ||00||00||00||00||00||00)]
5.4.3
The data field of the response message is an EMV Format 2 constructed data object with tag equal to '77' containing the BER-TLV coded objects specified in Table 5.16.
Table 5.16 GET PROCESSING OPTIONS Response Message Data Element Response Message Template Application Interchange Profile Application File Locator Tag 77 82 94
5.4.4
Destination State
Table 5.17 lists the destination states for the GET PROCESSING OPTIONS command.
Table 5.17Destination State for GET PROCESSING OPTIONS Command SW1 67 69 6A 90 SW2 00 85 86 00 Other SELECTED SELECTED SELECTED SELECTED INITIATED SELECTED
2006 MasterCard
83
C-APDU Processing
Read Record
5.5
READ RECORD
The PayPass M/Chip Flex application supports only one form of the READ RECORD C-APDU: the EMV 4.1 READ RECORD.
5.5.1
Command Message
2006 MasterCard
84
C-APDU Processing
Read Record
5.5.2
Processing
Figure 5.11 specifies the flow of the READ RECORD command processing.
Figure 5.11READ RECORD Processing
1 P1-P2 KO sw12:='6A86' OK 1' EMV SFI other out of scope payment system 2 file supported KO KO file supported 5 1''
2006 MasterCard
85
C-APDU Processing
Read Record
Symbol 1 The PayPass M/Chip Flex application checks that: P1<>00 and (P2 & 07) = 04
otherwise the C-APDU is rejected (6A86). Symbol 1' If the C-APDU is the READ RECORD as reserved by EMV 4.1, then the PayPass M/Chip Flex application checks if the file to read is an EMV file, a payment system specific file, or another file: If the SFI in the Reference Control Parameter is in the range 1 to 10, then the file to read is an EMV file. If the SFI in the Reference Control Parameter is in the range 11 to 20, then the file to read is a payment system specific file. If the SFI in the Reference Control Parameter is not in the range 1 to 20, then the file to read is neither an EMV file nor a payment system specific file.
Symbol 1'' If the file to read is neither an EMV file nor a payment system specific file, it may be that the platform supports it anyway (for instance, issuer specific files). This would be in addition to the functionality needed for the PayPass M/Chip Flex application and is allowed but is proprietary to the implementation. Symbol 2 If the file to read is an EMV file, the PayPass M/Chip Flex application verifies that the SFI in the Reference Control Parameter corresponds to a supported record file. If the record file is not supported, the C-APDU is rejected (6A82). The way the PayPass M/Chip Flex application checks that the record file is supported is proprietary and left to the implementation. Symbol 3 The PayPass M/Chip Flex application verifies that there is a record corresponding to the Record Number, otherwise the C-APDU is rejected (6A83). The way the PayPass M/Chip Flex application checks that the record is supported is proprietary and left to the implementation. Symbol 4 The PayPass M/Chip Flex application checks if the record is referenced in the Application File Locator. If the record is not referenced in the Application File Locator, the C-APDU is rejected (6985). If the record is referenced in the Application File Locator, it is sent in the response.
2006 MasterCard
86
C-APDU Processing
Read Record
Symbol 5 If the file to read is a payment system specific file, the PayPass M/Chip Flex application verifies that the SFI in the Reference Control Parameter corresponds to a supported record file. If the file is not supported, the C-APDU is rejected (6A82). The way the PayPass M/Chip Flex application checks that the file is supported is proprietary and left to the implementation. Symbol 6 The PayPass M/Chip Flex application verifies that there is a non-empty record corresponding to the Record Number, otherwise the C-APDU is rejected (6A83). The way the PayPass M/Chip Flex application checks that the record is supported or empty is proprietary and left to the implementation.
5.5.3
The records referenced in the Application File Locator are stored in files with SFI in the range 1-10. For these records, the response message follows the AEF Data Template 70, as shown in Table 5.20.
Table 5.20READ RECORD Response Message (SFI in the range 1-10) Name AEF Data Template Record Tag 70
5.5.4
Destination State
Table 5.21 lists the destination states for the READ RECORD command.
Table 5.21Destination State for READ RECORD Command SW1 90 6A 6A 6A SW2 00 86 82 83 Other SELECTED SELECTED SELECTED SELECTED SELECTED SELECTED INITIATED INITIATED SELECTED SELECTED SELECTED SELECTED
2006 MasterCard
87
C-APDU Processing
Select
5.6
SELECT
The PayPass M/Chip Flex application does not use the SELECT command for application selection. The application selection mechanism is described in Section 4.5. A SELECT command transferred to the PayPass M/Chip Flex application indicates that the file/application to be selected is not present on the ICC.
Note In order to comply with the EMV 4.1 application selection process, the PayPass M/Chip Flex application must support the SELECT command (i.e. CLA/INS = 00A4) if any special behavior (i.e. responding 6A82 when the application to be selected is not present on the ICC) is not handled by a lower card layer (for example by the card manager, the multi-application manager, or the operating system). If an ICC platform is used that handles this behavior by a lower layer, then the SELECT command does not have to be supported by the PayPass M/Chip Flex application.
5.6.1
Command Message
2006 MasterCard
88
C-APDU Processing
Select
5.6.2
Processing
1 P1-P2 KO sw12:='6A86'
OK sw12:='6A82'
Symbol 1 If P1= 04 and (P2 = 00 or 02), then the C-APDU is rejected with SW1-SW2 = 6A82, otherwise the C-APDU is rejected with SW1-SW2 = 6A86.
5.6.3
5.6.4
Destination State
Table 5.23 lists the destination states for the SELECT command.
Table 5.23Destination State for SELECT Command SW1 6A 6A SW2 82 86 SELECTED SELECTED SELECTED SELECTED INITIATED SELECTED SELECTED SELECTED
Other
2006 MasterCard
89
C-APDU Processing
Select
2006 MasterCard
90
6.1
Terminal resident data objects (referenced in CDOL1 transmitted to the terminal in response to the READ RECORD command) and Card internal data objects depending on the co-application.
Table 6.1 shows the terminal resident data objects to be included in the Application Cryptogram.
Table 6.1Data Input for AC Generation (Terminal Resident Data Objects) Tag 9F02 9F03 9F1A 95 5F2A 9A 9C 9F37 Description Amount, Authorized Amount, Other Terminal Country Code Terminal Verification Results Transaction Currency Code Transaction Date Transaction Type Unpredictable Number
If the co-application is CCD-compliant, then the card data elements listed in Table 6.2 are included in the Application Cryptogram. They are included in the Application Cryptogram in the order shown at the end of the terminal residing data.
Table 6.2 Card Data Input for AC Generation (CCD-compliant) Tag 82 9F36 9F10 Length 2 2 32 Description Application Interchange Profile Application Transaction Counter Issuer Application Data (CCD-compliant co-application)
2006 MasterCard
91
If the co-application is M/Chip 2.05, or M/Chip Lite 2.1, or UKIS, then the card data elements listed in Table 6.3 are included in the Application Cryptogram. They are included in the Application Cryptogram in the order shown at the end of the terminal residing data.
Table 6.3Card Data Input for AC Generation (M/Chip 2.05, M/Chip Lite 2.1, UKIS) Tag 82 9F36 9F52 Length 2 2 var. Description Application Interchange Profile Application Transaction Counter CVR-M/Chip 2.05 or CVR-M/Chip Lite 2.1 or CVR-UKIS
6.2
If Application Control[3][7] = 0b (do not include the ATC in dynamic CVC3 generation), then the 2 bytes are filled with hexadecimal zeroes (00 00).
2. Calculate O as follows: O := DES3(KDCVC3)[D] 3. The two least significant bytes of O are the CVC3TRACK1. The CVC3TRACK2 is generated in the same way by replacing IVCVC3TRACK1 with IVCVC3TRACK2.
2006 MasterCard
92
6.3
IVCVC3 Generation
The IVCVC3TRACK1 and IVCVC3TRACK2 are issuer proprietary static data elements that are used as input for the generation of the CVC3TRACK1 and CVC3TRACK2 cryptograms. IVCVC3TRACK1 is a MAC calculated over the static part of the Track 1 Data using the ICC Derived Key for CVC3 Generation. IVCVC3TRACK2 is a MAC calculated over the static part of the Track 2 Data also using the ICC Derived Key for CVC3 Generation. The MAC is generated using DES encipherment as specified in Section 6.6 using KDCVC3 as the key. For the generation of IVCVC3TRACK1 the message M consists of the static part of the Track 1 Data. For the generation of IVCVC3TRACK2 the message M consists of the static part of the Track 2 Data. The two least significant bytes of the MAC are the IVCVC3TRACK1 or IVCVC3TRACK2.
6.4
6.4.1
A unique 16-byte AC Master Key (MKAC) is stored in the ICC during personalization. For Application Cryptogram generation a session key valid only for the current Application Cryptogram is used. This 16-byte session key SKAC = (SKAC,L || SKAC,R) is derived from MKAC using: The 2-byte Application Transaction Counter (ATC) of the ICC A 4-byte terminal Unpredictable Number (UN)
The session key is derived as follows: SKAC,L: = DES3(MKAC)[(ATC || F0 || 00 ||UN)], and SKAC,R: = DES3(MKAC)[(ATC || 0F || 00 ||UN)]
2006 MasterCard
93
6.4.2
CCD
A unique 16-byte AC Master Key (MKAC) is stored in the ICC during personalization. For Application Cryptogram generation the EMV Common Session Key Derivation Method (EMV CSK) is used in order to produce a session key, valid for the current transaction and derived from the MKAC. This 16-byte session key SKAC = (SKAC,L || SKAC,R) is derived from MKAC using the 2-byte Application Transaction Counter (ATC) of the ICC. The session key is derived as follows: SKAC,L: = DES3(MKAC)[(ATC || F0 || 00 || 00 || 00 || 00 || 00)], and SKAC,R: = DES3(MKAC)[(ATC || 0F || 00 || 00 || 00 || 00 || 00)].
If (AC Session Key Counter AC Session Key Counter Limit), then The 'Application Cryptogram Error Limit Exceeded' bit in the Security Limits Status is set: SET Security Limits Status [8] (1b) The application is disabled: SAVE Previous Transaction History [6] (1b)
6.4.3
UKIS
A unique 16-byte AC Master Key (MKAC), consisting of two 8-byte keys Unique DEA Key A and Unique DEA Key B, is stored in the ICC during personalization, where MKAC = Unique DEA Key A || Unique DEA Key B. This key is used for Application Cryptogram generation according to Cryptogram Version 10. Cryptogram Version 12: Not supported. Cryptogram Version 14: Not supported.
2006 MasterCard
94
6.5
6.6
MAC Algorithm
The following algorithm, commonly known as Retail MAC, is used for Application Cryptogram generation and for IVCVC3 generation: ISO/IEC 9797-1 MAC algorithm 3 with block cipher DES, zero IV (8 bytes), and ISO9797-1 padding method 2. The MAC length must be 8 bytes.
2006 MasterCard
95
2006 MasterCard
96
7
7.1
Table 7.1Transient Data Elements Management Data Element CDOL 1 Related Data Mode create reset kill read write Card Verification Results create reset kill read write C-APDU SELECT SELECT, GET PROCESSING OPTIONS
UNSELECT
2
Usage The CDOL 1 Related Data is used to compute the intermediate hash result if the response to the first GENERATE AC uses the Combined DDA/AC generation. Furthermore CDOL 1 Related Data is used for the Additional Check Table. The Card Verification Results contains the results of checks performed for Card Risk Management. The first part contains some information for the issuer. The second part is used by the PayPass M/Chip Flex application to take a decision: the Card Verification Results is compared to the Card Issuer Action Codes during the Card Risk Management to decide which cryptogram is computed. It is used as input to the MAC for first GENERATE AC.
UNSELECT does not designate a C-APDU supported by the PayPass M/Chip Flex application, but is a generic term for any operation that de-activates the application. It is used here for convenience. Refer to section 3.1 for more details.
2006 MasterCard
97
Usage The Amount, Authorised is received from the terminal in the first GENERATE AC command. It is used for Card Risk Management and as input to the MAC for the first GENERATE AC.
Amount, Other
The Amount, Other is received from the terminal in the first GENERATE AC command. It is used as input to the MAC for first GENERATE AC.
The Terminal Country Code is received from the terminal in the first GENERATE AC command. It is used for Card Risk Management and as input to the MAC for the first GENERATE AC.
The Transaction Currency Code is received from the terminal in the first GENERATE AC command. It is used for Card Risk Management and as input to the MAC for the first GENERATE AC.
Transaction Date
The Transaction Date is received from the terminal in the first GENERATE AC command. It is used as input to the MAC for the first GENERATE AC.
Transaction Type
The Transaction Type is received from the terminal in the first GENERATE AC command. It is used as input to the MAC for the first GENERATE AC.
2006 MasterCard
98
Usage The Data Authentication Code is received from the terminal in the first GENERATE AC command. It is used as part of the Issuer Application Data for the first GENERATE AC.
The ICC Dynamic Number is only present if CDA is supported. The ICC Dynamic Number is computed by the PayPass M/Chip Flex application in the GET PROCESSING OPTIONS. It is used as input to the signed data in the first GENERATE AC with Combined DDA/AC generation.
7.2
Table 7.3 lists the persistent data elements referenced in the AFL and their access conditions.
2006 MasterCard
99
Table 7.3Persistent Data Elements Referenced in the AFL Tag 56 9F62 9F63 9F64 9F65 9F66 9F67 9F68 9F6B 9F6C 9F42 5F25 5F24 9F07 5A 5F34 9F0D 9F0E 9F0F 9F08 8C 5F20 5F28 9F4A 57 8F 9F32 92 93 90 9F47 9F48 9F46 Name Track 1 Data PCVC3TRACK1 PUNATCTRACK1 NATCTRACK1 PCVC3TRACK2 PUNATCTRACK2 NATCTRACK2 Mag Stripe CVM List Track 2 Data Mag Stripe Application Version Number Application Currency Code Application Effective Date Application Expiration Date Application Usage Control Application Primary Account Number Application PAN Sequence Number Issuer Action Code Default Issuer Action Code Denial Issuer Action Code Online Application Version Number CDOL 1 Cardholder Name Issuer Country Code SDA Tag List Track-2 Equivalent Data Certification Authority Public Key Index Issuer Public Key Exponent Issuer Public Key Remainder Signed Application Data Issuer Public Key Certificate ICC Public Key Exponent ICC Public Key Remainder ICC Public Key Certificate read record Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes internal internal get read update data No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No
2006 MasterCard
100
Table 7.4 lists the persistent data elements for Card Risk Management and their access conditions.
Table 7.4Persistent Data Elements for Card Risk Management Tag D5 9F14 9F23 CA CB C4 C5 C3 C9 D1 D3 C7 C8 Name Application Control Lower Consecutive Offline Limit Upper Consecutive Offline Limit Lower Cumulative Offline Transaction Amount Upper Cumulative Offline Transaction Amount Card Issuer Action Code Default Card Issuer Action Code Online Card Issuer Action Code Decline CRM Currency Code Currency Conversion Table Additional Check Table CDOL 1 Related Data Length CRM Country Code read record No No No No No No No No No No No No No internal internal get read update data Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No No No No No No No No No No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Table 7.5 shows miscellaneous persistent data elements and their access conditions.
Table 7.5Miscellaneous Persistent Data Elements Tag DF01 DF02 9F7E Name Co-application Indicator Key Derivation Index Security Limits Security Limits Status Application Life Cycle Data read record No No No No No internal internal get read update data Yes Yes Yes Yes No No No No Yes No No No No Yes Yes
2006 MasterCard
101
Table 7.6 lists the persistent data elements for the GPO response and their access conditions.
Table 7.6Persistent Data Elements for the GPO Response Tag 94 82 Name Application File Locator Application Interchange Profile read record No No internal internal get read update data No No No No Yes Yes
Table 7.7 lists the persistent data elements for the COMPUTE CRYPTOGRAPHIC CHECKSUM command and their access conditions.
Table 7.7Persistent Data Elements for COMPUTE CRYPTOGRAPHIC CHECKSUM Tag ----Name Static CVC3TRACK1 Static CVC3TRACK2 IVCVC3TRACK1 IVCVC3TRACK2 read record No No No No internal internal get read update data Yes Yes Yes Yes No No No No No No No No
Table 7.8 lists the persistent data elements for the Counters and Previous Transaction History and their access conditions.
Table 7.8Persistent Data Elements for Counters and Previous Transaction History Tag 9F36 Name Application Transaction Counter Application Transaction Counter Limit Cumulative Offline Transaction Amount Consecutive Offline Transactions Number AC Session Key Counter AC Session Key Counter Limit Previous Transaction History read record No No No No No No No internal internal get data read update Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes No Yes As part of Counters No No No No No No
2006 MasterCard
102
7.3
Secret Keys
The secret keys that are listed in this section are supported by the PayPass M/Chip Flex application. Table 7.9 shows the Triple DES key for CVC3 generation.
Table 7.9Triple DES Key for CVC3 Generation Data Element ICC Derived Key for CVC3 Generation (KDCVC3) length 16 get data internal update No No
Table 7.10 shows the Triple DES key for ICC Dynamic Number generation. This key is only present if CDA is supported.
Table 7.10Triple DES Key for ICC Dynamic Number Generation Data Element ICC Dynamic Number Master Key (MKIDN) length 16 get data internal update No No
Table 7.11 shows the Triple DES master key for Session Key Derivation and Application Cryptogram generation. Refer to Section 6.4 for details.
Table 7.11Triple DES Master Key for Session Key Derivation Data Element AC Master Key (MKAC) length 16 get data internal update No No
Table 7.12 shows the ICC's RSA private key and a related data element. These data elements are only present if CDA is supported.
Table 7.12ICC's RSA Private Key Data Element Length of ICC Public Key Modulus (NIC) ICC Private Key length 1 get data internal update No No No
2006 MasterCard
103
2006 MasterCard
104
Personalization
Application Selection Data Elements
Personalization
This section specifies the data elements that are available to the issuer for personalization. The personalization commands are not in the scope of this specification. They are left to the implementation.
8.1
8.2
2006 MasterCard
105
Personalization
Persistent Data Referenced in the AFL
8.3
9F6C Mag Stripe Application Version Number (Card) 9F62 Track 1 Bit Map for CVC3 (PCVC3TRACK1) 9F63 Track 1 Bit Map for UN and ATC (PUNATCTRACK1) 56 Track 1 Data 9F64 Track 1 Nr of ATC Digits (NATCTRACK1) 9F65 Track 2 Bit Map for CVC3 (PCVC3TRACK2) 9F66 Track 2 Bit Map for UN and ATC (PUNATCTRACK2) 9F6B Track 2 Data 9F67 Track 2 Nr of ATC Digits (NATCTRACK2) 9F68 Mag Stripe CVM List
(1)
Table 8.4 lists the data elements to be included in record 1 of the file with SFI 2. The file with SFI 2 shall have only one record. Record 1 of SFI 2 is the only record to be used as input for the generation of the Signed Static Application Data.
Table 8.4SFI 2 Record 1 Tag 57 5A 5F20 5F24 5F25 5F28 5F34 8C 8D 8E 9F07 9F08 9F0D 9F0E 9F0F 9F42 9F4A Description Track 2 Equivalent Data Application Primary Account Number (PAN) Cardholder Name Application Expiry Date Application Effective Date Issuer Country Code PAN Sequence Number CDOL1 CDOL2 CVM List Application Usage Control Application Version Number Issuer Action Code Default Issuer Action Code Denial Issuer Action Code Online Application Currency Code SDA Tag List Length (bytes) var. up to 19 var. up to 10 var. up to 26 3 3 2 1 var. (refer to Section A.10) var. var. 2 2 5 5 5 2 var. up to 1
2006 MasterCard
106
Personalization
Persistent Data Referenced in the AFL
Table 8.5 and Table 8.6 list the data elements included in the first and second record of the file with SFI 3. These records include the data objects required to retrieve the Issuer Public Key and to perform static data authentication.
Table 8.5SFI 3 Record 1 Tag 8F 9F32 92 90 Description Certification Authority Public Key Index Issuer Public Key Exponent Issuer Public Key Remainder Issuer Public Key Certificate Length (bytes) 1 var. up to 3 NI-NCA+36 NCA
Table 8.6SFI 3 Record 2 Tag 93 Description Signed Static Application Data Length (bytes) NI
Table 8.7 and Table 8.8 list the data objects required to retrieve the ICC Public Key and to perform combined DDA/AC generation.
Table 8.7SFI 4 Record 1 Tag 9F47 9F48 Description ICC Public Key Exponent ICC Public Key Remainder Length (bytes) var. up to 3 NIC-NI+42
Table 8.8SFI 4 Record 2 Tag 9F46 Description ICC Public Key Certificate Length NI
2006 MasterCard
107
Personalization
Persistent Data Elements for GPO Response
8.4
For a card that supports only static data authentication, the AFL shall be personalized with the value: 08 01 01 00 10 01 01 01 18 01 02 00 For a card that supports combined DDA/AC generation, the AFL shall be personalized with the value: 08 01 01 00 10 01 01 01 18 01 02 00 20 01 02 00 The AIP includes the M/Chip profile is supported bit and must be personalized as specified in Table 8.10 and Table 8.11.
Table 8.10Byte 1 of the Application Interchange Profile b8 b7 b6 b5 b4 b3 b2 b1 Meaning 0 0/1 0 1 1 0 0 RFU Offline static data authentication supported Offline dynamic data authentication supported Cardholder verification supported Terminal risk management to be performed Issuer authentication supported RFU 0/1 Combined DDA GENERATE AC supported
Table 8.11Byte 2 of the Application Interchange Profile b8 b7 b6 b5 b4 b3 b2 b1 Meaning 1 0 0 0 0 0 0 0 M/Chip profile is supported RFU
2006 MasterCard
108
Personalization
Persistent Data Elements for CRM
8.5
9F14 Lower Consecutive Offline Limit 9F23 Upper Consecutive Offline Limit CA CB C9 D1 C8 C3 C4 C5 D3 C7 Lower Cumulative Offline Transaction Amount Upper Cumulative Offline Transaction Amount CRM Currency Code Currency Conversion Table CRM Country Code Card Issuer Action Code Decline Card Issuer Action Code Default Card Issuer Action Code Online Additional Check Table CDOL 1 Related Data Length
8.6
Secret Keys
Table 8.13 lists the Triple DES keys.
Table 8.13Triple DES Keys Data Element ICC Dynamic Number Master Key (MKIDN) (if CDA supported) AC Master Key (MKAC) ICC Derived Key for CVC3 Generation (KDCVC3) Length (bytes) 16 16 16
Table 8.14 shows the ICC's RSA private key and a related data element (only if CDA supported).
Table 8.14ICC's RSA Private Key Data Element Length of ICC Public Key Modulus (NIC) ICC Private Key Length (bytes) 1 Implementation specific
2006 MasterCard
109
Personalization
Miscellaneous
Note
If the PayPass M/Chip Flex application supports CDA, then it must accept any RSA key with modulus in the range 80 to128. The storage format of the RSA key is implementation specific. The card application developer must provide storage format details for the RSA keys.
8.7
Miscellaneous
Table 8.15 shows miscellaneous persistent data elements.
Table 8.15Miscellaneous Persistent Data Elements Tag 9F7E Name Co-application Indicator Key Derivation Index Application Life Cycle Data Length (bytes) 1 1 48
8.8
2006 MasterCard
110
Personalization
Data Elements with a Fixed Initial Value
8.9
2006 MasterCard
111
Personalization
Data Elements with a Fixed Initial Value
2006 MasterCard
112
2006 MasterCard
113
2006 MasterCard
114
Table A.2Byte 2 of the Application Control b8 b7 b6 b5 b4 b3 b2 b1 Meaning x 0 x 0 x 0 x 0 x 0 1 x 0 1 x 0 1 x 0 reserved other values RFU always add to consecutive transaction number do not add always add always activate additional check table do not activate additional check table activate additional check table allow retrieval of balance do not allow retrieval of balance allow retrieval of balance include counters in AC not supported
2006 MasterCard
115
2006 MasterCard
116
Format: Description:
2006 MasterCard
117
Table A.5Coding of CIAC (Byte 1) b8 x 0 x 0 x 0 x 0 x 0 x 0 1 x 0 1 x 0 b7 b6 b5 b4 b3 b2 b1 Meaning Reserved-no meaning Other value RFU Unable to go online indicated Not supported Offline PIN verification not performed Not supported Offline PIN verification failed Not supported PTL exceeded Not supported International transaction Do not take action if International transaction Take action if International transaction Domestic transaction Do not take action if Domestic transaction Take action if Domestic transaction Terminal erroneously considers offline PIN OK Not supported
2006 MasterCard
118
Table A.6Coding of CIAC (Byte 2) b8 x 0 1 x 0 1 x 0 1 x 0 1 x 0 x 0 x 0 x 0 b7 b6 b5 b4 b3 b2 b1 Meaning Lower consecutive offline limit exceeded Do not take action if lower consecutive offline limit exceeded Take action if lower consecutive offline limit exceeded Upper consecutive offline limit exceeded Do not take action if upper consecutive offline limit exceeded Take action if upper consecutive offline limit exceeded Lower cumulative offline limit exceeded Do not take action if lower cumulative offline limit exceeded Take action if lower cumulative offline limit exceeded Upper cumulative offline limit exceeded Do not take action if upper cumulative offline limit exceeded Take action if upper cumulative offline limit exceeded Go online on next transaction was set Not supported Issuer Authentication failed Not supported Script received Not supported Script failed Not supported
2006 MasterCard
119
Table A.7Coding of CIAC (Byte 3) b8 x 0 b7 x 0 b6 x 0 b5 x 0 b4 x 0 b3 x 0 x 0 1 x 0 1 b2 b1 Meaning Reserved Other values RFU Match found in Additional Check Table Do not take action if match found in Additional Check Table Take action if match found in Additional Check Table No match found in Additional Check Table Do not take action if no match found in Additional Check Table Take action if no match found in Additional Check Table
2006 MasterCard
120
Table A.8Coding of the Card Verification Results (Byte 1) b8 x 0 0 1 1 b7 x 0 1 0 1 x 0 0 1 1 x 0 1 0 1 x 0 x 0 x 0 x 0 b6 b5 b4 b3 b2 b1 Meaning AC returned in second GENERATE AC AAC TC Not requested RFU AC returned in first GENERATE AC AAC TC ARQC RFU Reserved Other value RFU Offline PIN verification performed Not supported Offline Encrypted PIN verification performed Not supported Offline PIN verification successful Not supported
2006 MasterCard
121
Table A.9Coding of the Card Verification Results (Byte 2) b8 x 0 x 0 1 x 0 x 0 x 0 x 0 x 0 x 0 b7 b6 b5 b4 b3 b2 b1 Meaning DDA Returned Not supported Combined DDA/AC Generation returned in first GENERATE AC Combined DDA/AC Generation not returned in first GENERATE AC Combined DDA/AC Generation returned in first GENERATE AC Combined DDA/AC Generation returned in second GENERATE AC Not supported Issuer Authentication performed Not supported CIAC-Default skipped On CAT3 Not supported Reserved All other values RFU
2006 MasterCard
122
Table A.11Coding of the Card Verification Results (Byte 4) b8 x 0 x 0 x 0 x 0 x 0 x 0 1 x 0 1 x 0 b7 b6 b5 b4 b3 b2 b1 Meaning Reserved Other value RFU Unable to go online indicated Not supported Offline PIN verification not performed Not supported Offline PIN verification failed Not supported PTL exceeded Not supported International transaction Domestic transaction International transaction Domestic transaction International transaction Domestic transaction Terminal erroneously considers Offline PIN OK Not supported
2006 MasterCard
123
Table A.12Coding of the Card Verification Results (Byte 5) b8 x 0 1 x 0 1 x 0 1 x 0 1 x 0 x 0 x 0 x 0 b7 b6 b5 b4 b3 b2 b1 Meaning Lower Consecutive Offline Limit exceeded Lower Consecutive Offline Limit not exceeded Lower Consecutive Offline Limit exceeded Upper Consecutive Offline Limit exceeded Upper Consecutive Offline Limit not exceeded Upper Consecutive Offline Limit exceeded Lower Cumulative Offline Limit exceeded Lower Cumulative Offline Limit not Exceeded Lower Cumulative Offline Limit exceeded Upper Cumulative Offline Limit exceeded Upper Cumulative Offline Limit not exceeded Upper Cumulative Offline Limit exceeded Go online on next transaction was set Not supported Issuer Authentication failed Not supported Script received Not supported Script failed Not supported
2006 MasterCard
124
A.10 CDOL 1
Tag: Format: Description: 8C b, var. Informs the terminal of data needed by the ICC in the first GENERATE AC command. Table A.14 defines the content of the CDOL 1 for the PayPass M/Chip Flex application.
Table A.14Content of the CDOL 1 Data Element Amount Authorized (Numeric) Amount Other (Numeric) Terminal Country Code Terminal Verification Results Transaction Currency code Transaction Date Transaction Type Unpredictable Number Terminal Type Data Authentication Code Tag 9F02 9F03 9F1A 95 5F2A 9A 9C 9F37 9F35 9F45 Length 6 6 2 5 2 3 1 4 1 2
2006 MasterCard
125
Table A.15Co-application Indicator Coding b8 0 b7 0 b6 0 b5 0 b4 0 b3 0 0 0 1 1 0 1 0 1 b2 b1 Meaning Other values RFU M/Chip Lite 2.1 co-application active M/Chip 2.05 co-application active UKIS co-application active CCD-compliant co-application active
A.14 Counters
Tag: Format: Description: C6 b, 10 bytes Counters is the concatenation of internal counters as specified in Table A.16.
Table A.16Content of Counters Element Application Transaction Counter AC Session Key Counter RFU Length 2 2 6
2006 MasterCard
126
2006 MasterCard
127
Table A.17 Currency Conversion Parameters Position Byte 1-2 Byte 3-4 Byte 5 Data Currency Code Conversion Rate Conversion Exponent Length 2 2 1 Value Issuer specific Decimal, BCD coding of multiplication factor Binary coding of 10-power (most significant bit is the sign)
Table A.18Currency Conversion Table Data Element Currency Conversion Table Currency Conversion Parameters 1 Currency Conversion Parameters 2 Currency Conversion Parameters 3 Currency Conversion Parameters 4 Currency Conversion Parameters 5 Length 25 5 5 5 5 5
2006 MasterCard
128
2006 MasterCard
129
Table A.20Coding of CVR - CCD (Byte 2) b8 x 0 b7 x 0 b6 x 0 b5 x 0 x 0 x 0 x 0 x 0 b4 b3 b2 b1 Meaning Low order nibble of PIN Try Counter VERIFY command not supported Offline PIN verification performed VERIFY command not supported Offline PIN verification performed and PIN not successfully verified VERIFY command not supported PIN Try Limit exceeded VERIFY command not supported Last online transaction not completed PayPass never completes online transactions
2006 MasterCard
130
b8
b7
b6
b5
b4 x 0
b3
b2
b1
x 0 x 0 x 0
Issuer-discretionary bit 2 Not used Issuer-discretionary bit 3 Not used Issuer-discretionary bit 4 Not used
2006 MasterCard
131
2006 MasterCard
132
Table A.25Coding of CVR - M/Chip 2.05 (Byte 3) b8 x 0 x 0 x 1 b7 b6 b5 b4 b3 b2 b1 Meaning Last online transaction not completed PayPass never completes online transactions Pin Try Limit exceeded VERIFY command not supported Exceeded velocity checking 'Lower Consecutive Offline Limit Exceeded' bit = 1 or 'Upper Consecutive Offline Limit Exceeded' bit = 1 in Card Verification Results 'Lower Consecutive Offline Limit Exceeded' bit = 0 and 'Upper Consecutive Offline Limit Exceeded' bit = 0 in Card Verification Results x 0 x 0 x 0 0 x 0 New card Not supported Issuer Authentication failure on last online transaction No Issuer Authentication supported because card is removed after first GENERATE AC Issuer Authentication not performed after online authorization No Issuer Authentication supported because card is removed after first GENERATE AC Not set by the application Static Data Authentication failed on last transaction and transaction declined offline Information not available from terminal because card is removed after first GENERATE AC (SDA performed after GENERATE AC)
2006 MasterCard
133
Table A.26Coding of CVR - M/Chip 2.05 (Byte 4) b8 x 0 b7 x 0 b6 x 0 x 0 x 0 x 1 b5 b4 b3 b2 b1 Meaning Number of Issuer Script Commands containing secure messaging processed on last transaction Issuer-to-card Script Processing not supported DDA failed on last transaction and transaction declined offline DDA not supported Issuer script processing failed on last transaction Issuer-to-card Script Processing not supported Lower Consecutive Offline Limit or Lower Cumulative Offline Transaction Amount exceeded 'Lower Consecutive Offline Limit Exceeded' bit = 1 or 'Lower Cumulative Offline Limit Exceeded' bit = 1 in Card Verification Results 'Lower Consecutive Offline Limit Exceeded' bit = 0 and 'Lower Cumulative Offline Limit Exceeded' bit = 0 in Card Verification Results x 1 Upper Consecutive Offline Limit or Upper Cumulative Offline Transaction Amount exceeded 'Upper Consecutive Offline Limit Exceeded' bit = 1 or 'Upper Cumulative Offline Limit Exceeded' bit = 1 in Card Verification Results 'Upper Consecutive Offline Limit Exceeded' bit = 0 and 'Upper Cumulative Offline Limit Exceeded' bit = 0 in Card Verification Results x 0 Maximum offline transaction amount exceeded Not supported
2006 MasterCard
134
Byte 3 of the CVR - M/Chip Lite 2.1 is coded according to Table A.28.
2006 MasterCard
135
Table A.28Coding of CVR - M/Chip Lite 2.1 (Byte 3) b8 x 0 x 0 x 1 b7 b6 b5 b4 b3 b2 b1 Meaning Last online transaction not completed PayPass never completes online transactions Pin Try Limit exceeded VERIFY command not supported Exceeded velocity checking 'Lower Consecutive Offline Limit Exceeded' bit = 1 or 'Upper Consecutive Offline Limit Exceeded' bit = 1 in Card Verification Results 'Lower Consecutive Offline Limit Exceeded' bit = 0 and 'Upper Consecutive Offline Limit Exceeded' bit = 0 in Card Verification Results x 0 x 0 x 0 x 0 x 0 New card Not supported Issuer Authentication failure on last online transaction No Issuer Authentication supported because card is removed after first GENERATE AC Issuer Authentication not performed after online authorization No Issuer Authentication supported because card is removed after first GENERATE AC Application blocked by card because PIN Try Limit exceeded VERIFY command not supported Offline Static Data Authentication failed on last transaction Information not available from terminal because card is removed after first GENERATE AC (SDA performed after GENERATE AC)
Byte 4 of the CVR - M/Chip Lite 2.1 is coded according to Table A.29.
2006 MasterCard
136
Table A.29Coding of CVR - M/Chip Lite 2.1 (Byte 4) b8 x 0 b7 x 0 b6 x 0 0 x 0 x 1 b5 b4 b3 b2 b1 Meaning Number of script commands processed successfully Issuer-to-card Script Processing not supported Not used Issuer script processing failed on last or current transaction Issuer-to-card Script Processing not supported Lower Consecutive Offline Limit or Lower Cumulative Offline Transaction Amount exceeded 'Lower Consecutive Offline Limit Exceeded' bit = 1 or 'Lower Cumulative Offline Limit Exceeded' bit = 1 in Card Verification Results 'Lower Consecutive Offline Limit Exceeded' bit = 0 and 'Lower Cumulative Offline Limit Exceeded' bit = 0 in Card Verification Results x 1 Upper Consecutive Offline Limit or Upper Cumulative Offline Transaction Amount exceeded 'Upper Consecutive Offline Limit Exceeded' bit = 1 or 'Upper Cumulative Offline Limit Exceeded' bit = 1 in Card Verification Results 'Upper Consecutive Offline Limit Exceeded' bit = 0 and 'Upper Cumulative Offline Limit Exceeded' bit = 0 in Card Verification Results 0 Not used
2006 MasterCard
137
2006 MasterCard
138
Table A.31Coding of CVR UKIS (Byte 3) b8 x 0 x 0 x 1 b7 b6 b5 b4 b3 b2 b1 Meaning Last online transaction not completed PayPass never completes online transactions Pin Try Limit exceeded VERIFY command not supported Exceeded velocity checking counters 'Lower Consecutive Offline Limit Exceeded' bit = 1 or 'Lower Cumulative Offline Limit Exceeded' bit = 1 or 'Upper Consecutive Offline Limit Exceeded' bit = 1 or 'Upper Cumulative Offline Limit Exceeded' bit = 1 in Card Verification Results 'Lower Consecutive Offline Limit Exceeded' bit = 0 and 'Lower Cumulative Offline Limit Exceeded' bit = 0 and 'Upper Consecutive Offline Limit Exceeded' bit = 0 and 'Upper Cumulative Offline Limit Exceeded' bit = 0 in Card Verification Results x 0 x 0 x 0 x 0 x 0 New card Not supported Issuer Authentication failure on last online transaction No Issuer Authentication supported because card is removed after first GENERATE AC Issuer Authentication not performed after online authorization No Issuer Authentication supported because card is removed after first GENERATE AC Application blocked by card because PIN Try Limit exceeded VERIFY command not supported Offline Static Data Authentication failed on last transaction and transaction declined offline Information not available from terminal because card is removed after first GENERATE AC
2006 MasterCard
139
Table A.32Coding of CVR - UKIS (Byte 4) b8 x b7 x b6 x b5 x b4 b3 b2 b1 Meaning Number of Issuer Script Commands received after the second GENERATE AC command containing secure messaging processed on last transaction Issuer-to-card Script Processing not supported x 0 x 0 x 0 0 Issuer script processing failed on last transaction Issuer-to-card Script Processing not supported Offline dynamic data authentication failed on last transaction and transaction declined offline Dynamic Data Authentication not supported Offline dynamic data authentication performed Dynamic Data Authentication not supported RFU
Table A.33FCI Coding Tag 6F Value FCI Template 84 A5 DF Name FCI Proprietary Template 50 87 5F2D 9F11 9F12 BF0C Application Label Application Priority Indicator Language Preference Issuer Code Table Index Application Preferred Name FCI Issuer Discretionary Data Presence Mandatory Mandatory Mandatory Optional Optional Optional Optional Optional Optional
2006 MasterCard
140
Table A.34Coding of CCD-compliant Issuer Application Data IAD Byte 1 2 3 4-8 9-16 17 18-32 Description Length Indicator Common Core Identifier (CCI) Derivation Key Index (DKI) CVR CCD Counters Length Indicator Issuer-Discretionary Comment '0F' 'A4' Issuer-discretionary The Card Verification Results from Card Risk Management processing Cumulative Offline Transaction Amount || Consecutive Offline Transaction Number || 'FF' '0F' any
Table A.35Coding of M/Chip 2.05 Issuer Application Data IAD Byte 1 2 3-6 7-8 Description Derivation Key Index Cryptogram Version Number CVR - M/Chip 2.05 Data Validation Response Comment Determined by issuer Determined by issuer The Card Verification Results from Card Risk Management processing Data Authentication Code if SDA is performed. Otherwise, set to zero.
2006 MasterCard
141
Table A.36Coding of M/Chip Lite 2.1 Issuer Application Data IAD Byte 1 2 3-6 7-8 Description Key Derivation Index Cryptogram Version Number CVR - M/Chip Lite 2.1 Data Authentication Code Comment Determined by issuer Determined by issuer The Card Verification Results from Card Risk Management processing Determined by issuer
Table A.37Coding of UKIS Issuer Application Data IAD Byte 1 2 3 4-7 8-23 Description Length Indicator Derivation Key Index (DKI) Cryptogram Version Number CVR UKIS Issuer Discretionary Data Assigned by the issuer (default '00') Assigned by Visa, value supported: '0A' The Card Verification Results from Card Risk Management processing Optional, first byte indicates length Comment
2006 MasterCard
142
A.31 IVCVC3TRACK1
Tag: Format: Description: DC b, 2 bytes The IVCVC3TRACK1 is an issuer proprietary static data element that is used as input for the generation of the CVC3TRACK1 cryptogram. Refer to Section 6.3 for a detailed description of the generation of IVCVC3TRACK1.
A.32 IVCVC3TRACK2
Tag: Format: Description: DD b, 2 bytes The IVCVC3TRACK2 is an issuer proprietary static data element that is used as input for the generation of the CVC3TRACK2 cryptogram. Refer to Section 6.3 for a detailed description of the generation of IVCVC3TRACK2.
2006 MasterCard
143
2006 MasterCard
144
Table A.38Previous Transaction History Coding b8 b7 b6 b5 b4 b3 b2 b1 Meaning x 0 x 0 x 0 1 x 0 1 x 0 x 0 x 0 x 0 Reserved Other value RFU Application disabled Application is not disabled Application is disabled Application blocked Application is not blocked Application is blocked Go online on next transaction Not supported Issuer Authentication failed Not supported Script received Not supported Script failed Not supported
Table A.39Content of Security Limits Element AC Session Key Counter Limit Length 2
2006 MasterCard
145
Table A.40Content of Security Limits Status b8 b7 b6 b5 b4 b3 b2 b1 Meaning 1 0 0 0 0 0 0 0 Application Cryptogram Error Limit Exceeded not used RFU
2006 MasterCard
146
2006 MasterCard
147
2006 MasterCard
148
Currency Conversion
Currency Conversion Process
If the Transaction Currency Code is not equal to one of the five currencies in the Currency Conversion Table, then the Consecutive Offline Transactions Number is incremented by 1. Figure B.1 illustrates the currency conversion process.
2006 MasterCard
149
Currency Conversion
Currency Conversion Parameters
yes
no
yes
Table B.1Currency Conversion Parameters Position Byte 1-2 Byte 3-4 Byte 5 Data Currency Code Conversion Rate Conversion Exponent Length 2 2 1 Value Issuer specific Decimal, BCD coding of multiplication factor Binary coding of 10-power (most significant bit is the sign)
2006 MasterCard
150
Currency Conversion
Currency Conversion Algorithm
the integer division is the truncated division, which can be implemented as a shift.
Version 1.1 - October 2006
2006 MasterCard
151
Currency Conversion
Currency Conversion Algorithm
2006 MasterCard
152
2006 MasterCard
153
154
AC Type returned in second Generate AC " AC Type returned in first Generate AC " Issuer Authentication failed Offline PIN Verification performed Offline PIN Verification failed Unable to go online Last online transaction not completed Pin Try Limit exceeded Exceeded velocity checking New card Issuer Auth. failure on last online transaction Issuer Auth. not performed after online author. Not set by the application SDA failed on last trans. and trans. decl. offl. N. of Iss. Script Com. con. sm pr. on last trans. " " DDA failed on last trans. and trans. decl. offl. Issuer script proc. failed on last trans. LCOL or LCOTA exceeded UCOL or UCOTA exceeded Maximum offline transaction amount exceeded
2006 MasterCard
2006 MasterCard
AC Type returned in second Generate AC " AC Type returned in first Generate AC " Issuer Authentication failed Offline PIN Verification performed Offline PIN Verification failed Unable to go online Last online transaction not completed Pin Try Limit exceeded Exceeded velocity checking New card Issuer Auth. failure on last online transaction Issuer Auth. not performed after online author. Appl. blocked by card because PTL exceeded Offline SDA failed on last transaction N. of script commands processed successfully " " Not used Issuer script proc. fail. on last or current trans. LCOL or LCOTA exceeded UCOL or UCOTA exceeded Not used
155
CVR - CCD
156
AC returned in second Generate AC " AC returned in first GENERATE AC " CDA performed Offline DDA performed Issuer Authentication not performed Issuer Authentication failed Low order nibble of PIN Try Counter " " " Offline PIN Verification performed Off. PIN Verif. perf. and PIN not suc. ver. PIN Try Limit exceeded Last online transaction not completed Lower Offline Trans. Count Limit exceeded Upper Offline Trans. Count Limit exceeded Lower Cumul. Offl. Amount Limit exceeded Upper Cumu. Offl. Amount Limit exceeded Issuer-discretionary bit 1 Issuer-discretionary bit 2 Issuer-discretionary bit 3 Issuer-discretionary bit 4 Num. of Issuer Scr. Com. containing sm proc. " " " Issuer script processing failed Offline data auth. failed on previous trans. Go online on next transaction was set Unable to go online
2006 MasterCard
CVR - UKIS
Unable to go online
No Match Found in Additional Check Table Match Found in Additional Check Table Reserved " " " " " Script Failed Script Received Issuer Authentication Failed Go Online On Next Transaction Was Set Upper Cumulative Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Consecutive Offline Limit Exceeded Terminal Err. Considers Offline PIN OK Domestic Transaction International Transaction PTL Exceeded Offline PIN Verification Failed Offline PIN Verification Not Performed Unable To Go Online Indicated Reserved Right nibble of PIN Try Counter " " " Right nibble of Script Counter " " " Reserved Reserved Reserved CIAC-Default Skipped On CAT3 Issuer Authentication Performed Comb. DDA/AC Gen. Ret. In Sec. G EN AC Comb. DDA/AC Gen. Ret. In First G EN AC DDA returned Offline PIN Verification Successful Offline Encrypted PIN Verification Performed Offline PIN Verification Performed Reserved AC returned in first G ENERATE AC " AC returned in second Generate AC "
Byte 1
8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1
Byte 2
Byte 3
Byte 4
Byte 5
Byte 6
2006 MasterCard
157
RFU
"
"
"
"
New card
2006 MasterCard
158
2006 MasterCard
159
+
bit mask table value 1 value 2 value 3 CVR comparison masked value =?
match found
1 0
The part that is extracted from CDOL 1 Related Data is defined at personalization, with two parameters: Position in CDOL 1 Related Data Length in CDOL 1 Related Data
2006 MasterCard
160
length
The Additional Check Table is the concatenation (without TLV coding) of the data elements identified in Table D.1.
Table D.1Additional Check Table Data Element Position In CDOL 1 Related Data Length In CDOL 1 Related Data Number of Entries Entries Bit Mask Value 1 ... Value Number Of Entries - 1 Padding Length 1 1 1 15 Length In CDOL 1 Related Data Length In CDOL 1 Related Data ... Length In CDOL 1 Related Data 15 - Number Of Entries * Length In CDOL 1 Related Data Format binary binary binary binary binary binary ... binary FF ... FF
The following sections describe the contents of the data elements in Table D.1. Position In CDOL 1 Related Data This data element contains the position of the portion of CDOL 1 Related Data that is compared to the table entries. If the first byte in CDOL 1 Related Data is checked against the entries in the table, the value of Position in CDOL 1 Related Data is 01. Length In CDOL 1 Related Data This data element contains the length of the portion of CDOL 1 Related Data that is compared to the table entries.
2006 MasterCard
161
Number Of Entries This data element contains the number of values (including the Bit Mask) in the Table Content that are used for the comparison. Entries This data element contains the concatenation of the values used for the comparison, optionally padded with FF to make up 15 bytes. The first value is used as a Bit Mask. Figure D.3 illustrates the Additional Check Table.
Figure D.3Additional Check Table
entries
offset
length
number
bit mask
val1
val2
...
padding
Note
It is possible to apply the check on any value that can be requested from the terminal.
Example The Additional Check Table is used to take a decision when the value of the Terminal Country Code indicates that the transaction did not take place in the following countries: Belgium (0056) France (0250).
The position of the Terminal Country Code in CDOL 1 Related Data is the 13th byte, i.e. 0D in hexadecimal. The length of the Terminal Country Code is 2 bytes. The two values in the table used for the comparison are the Terminal Country Code for Belgium and France. The comparison is performed on the complete value of the Terminal Country Code. The Bit Mask is therefore equal to FFFF. The Additional Check Table value is therefore equal to: 0D0203FFFF00560250FFFFFFFFFFFFFFFFFF.
2006 MasterCard
162
2006 MasterCard
163