Professional Documents
Culture Documents
UICC Profiles v1.0 Dec2010 2011112312532964
UICC Profiles v1.0 Dec2010 2011112312532964
EMVCo
Contactless Mobile Payment
Version 1.0
December 2010
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
EMVCo
Contactless Mobile Payment
Version 1.0
December 2010
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses
of these Specifications is subject to the terms and conditions of the EMVCo
Terms of Use agreement available at www.emvco.com. These Specifications
are provided "AS IS" without warranties of any kind, and EMVCo neither
assumes nor accepts any liability for any errors or omissions contained in
these Specifications. EMVCO DISCLAIMS ALL REPRESENTATIONS AND
WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT
LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT, AS
TO THESE SPECIFICATIONS.
EMVCo makes no representations or warranties with respect to intellectual
property rights of any third parties in or in relation to the Specifications.
EMVCo undertakes no responsibility to determine whether any
implementation of these Specifications may violate, infringe, or otherwise
exercise the patent, copyright, trademark, trade secret, know-how, or other
intellectual property rights of third parties, and thus any person who
implements any part of these Specifications should consult an intellectual
property attorney before any such implementation.
Without limiting the foregoing, the Specifications may provide for the use of
public key encryption and other technology, which may be the subject matter
of patents in several countries. Any party seeking to implement these
Specifications is solely responsible for determining whether its activities
require a license to any such technology, including for patents on public key
encryption technology. EMVCo shall not be liable under any theory for any
party's infringement of any intellectual property rights in connection with these
Specifications.
Contents
1
General .................................................................................................................1
1.1
Scope............................................................................................................1
1.2
1.3
Audience.......................................................................................................2
1.4
Overview.......................................................................................................2
References ...........................................................................................................3
2.1
EMV Documents...........................................................................................3
2.2
Standards .....................................................................................................3
Notations.......................................................................................................5
3.2
Terminology ..................................................................................................5
3.3
Conventions..................................................................................................6
3.3.1
Functional Requirements....................................................................................7
4.1
Profiles..........................................................................................................8
4.2
Security Domains..........................................................................................9
Communication Interface..................................................................................11
5.1
5.2
6.2
6.3
6.4
Security Domains........................................................................................15
6.4.1
6.4.2
6.4.3
Requirement Numbering...................................................................6
7.2
7.3
December 2010
Page iii
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
Annex A
Page iv
Glossary ................................................................................................29
December 2010
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
Figures
Figure 6.1:
Figure 6.2:
Figure 6.3:
Figure 6.4:
Figure 6.5:
Figure 6.6:
December 2010
Page v
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
Tables
Table 4-1: Highlighted Profiles Characteristics...........................................................8
Table 7-1: KEYDATA................................................................................................25
Page vi
December 2010
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
General
1.1 Scope
The focus of this document is to lay out the features and functionalities specified in
the GlobalPlatform UICC Configuration that are required for a contactless mobile
payment programs.
Other Secure Element types are out of scope of this document.
EMV is a registered trademark in the U.S. and other countries and an unregistered
trademark elsewhere. The EMV trademark is owned by EMVCo.
December 2010
Page 1
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
1 General
1.2 Underlying Standards
1.3 Audience
This specification is intended for use for suppliers of UICC for contactless mobile
payment and entities deploying one or more EMV contactless mobile payment
applications to a UICC enabled mobile device.
1.4 Overview
This volume includes the following chapters and annexes:
Chapter 1 contains general information that helps the reader understand and use
this specification.
Chapter 2 lists related specifications and standards.
Chapter 3 defines notations, terminology, and conventions used in this specification.
Chapter 4 describes required configuration features: profiles and security domains.
Chapter 5 includes requirements for contactless interface communication and
contact interface communication.
Chapter 6 discusses security principles and requirements and illustrates various
configurations employing Basic Profiles and Advanced Profiles.
Chapter 7 provides data requirements.
Chapter 8 provides key requirements.
Annex A is a glossary of terms and abbreviations used in this specification.
Page 2
December 2010
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
References
EMV Contactless
Communication Protocol
Specification, v2.0,
August 2007
2.2 Standards
ISO/IEC 7816-6,
15 May 1996
GlobalPlatform Card
Specification v2.2,
March 2006
GlobalPlatform Mapping
Guidelines of existing
GlobalPlatform 2.1.1
implementation on 2.2 v1,
February 2007
December 2010
Page 3
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
2 References
2.2 Standards
GlobalPlatform UICC
Configuration v1,
28 October 2008
GlobalPlatform Card
Confidential Card Content
Management
Card Specification v2.2Amendment A v1.0
Page 4
December 2010
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
3.1 Notations
'0' to '9' and 'A' to 'F'
16 hexadecimal characters
AND
Logical AND
Binary values
xx
Any value
3.2 Terminology
proprietary
may
shall
Should
Denotes a recommendation
December 2010
Page 5
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
3.3 Conventions
The following conventions apply.
3.3.1
Requirement Numbering
3.3.1.1
TheSecurityDomainwithContentManagementprivilegewithinthe
certifiedTSMhierarchyshallsupportSecureChannelProtocol'02'
implementationoption'55'.
Page 6
December 2010
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
Functional Requirements
December 2010
Page 7
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
4 Functional Requirements
4.1 Profiles
4.1 Profiles
A GlobalPlatform UICC shall be implemented according to one of the following
profiles. These profiles have been defined to allow card issuers and MNOs to choose
products that match their business and security requirements.
Functionality
Basic
Profile
Advanced
One
Optional
Mandatory
Mandatory
Mandatory
Page 8
December 2010
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
4 Functional Requirements
4.2 Security Domains
The Security Domains with Content Management capability. That is, the Issuer
Security Domain, the Security Domain(s) with the Authorized Management
privilege and the Security Domain(s) with Delegated Management privilege.
Support for the Controlling Authority Security Domain is not currently required.
December 2010
Page 9
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
4 Functional Requirements
4.2 Security Domains
Page 10
December 2010
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
Communication Interface
In mobile devices the ability to determine the origin of communication with the UICC
is achieved through support of multiple communications protocols.
5.1.1.1
TheAPDUcommunicationshallbeabletoflowoverthe
contactlessprotocolasdefinedintheEMVContactless
CommunicationProtocolSpecification,version2.0.
5.1.1.2
Whenthecontactlessprotocol(analoganddigital)isimplemented
directlybytheUICCitshalladheretotheEMVContactless
CommunicationProtocolSpecification,version2.0.
5.1.1.3
Inordertodeterminethesourceofthecommunicationan
implementationshallbeabletoidentifycommunicationreceived
overthecontactlessinterfacebyinterrogatingthetransfer
protocoltype(T=CL).
December 2010
Page 11
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
5 Communication Interface
5.2 Contact Interface Communication
5.2.1.1
TheAPDUcommunicationshallbeabletoflowoverthebasic
logicalchannelaswellaslogicalchannels1,2,and3.
5.2.1.2
Inordertodeterminethesourceofthecommunicationan
implementationshallbeabletoidentifycommunicationreceived
fromthemobiledevicebyinterrogatingthetransferprotocoltype
(T=0orT=1).
Page 12
December 2010
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
Security Principles
6.1.1.1
Ifthecontactlessmobilepaymentapplicationsexecutableload
fileresidesinImmutablePersistentMemoryorresidesinMutable
PersistentMemorypriortodeliveryoftheUICCtotheMNO,then
theassociatedSecurityDomainshallinitiallybeeitherofthe
following:
TheIssuerSecurityDomainfortheBasicProfile.AstheMNOis
acertifiedTSMitcanextraditethecontactlessmobilepayment
applicationsexecutableloadfiletoanotherSecurityDomainas
pertherulesimposedbytheapplicationowner.
ASecurityDomainwithAuthorizedManagementprivilege
locatedwithinaTSMhierarchyfortheAdvancedProfile.The
TSMcanextraditethecontactlessmobilepayment
applicationsexecutableloadfiletoanotherSecurityDomainas
pertherulesimposedbytheapplicationowner.
AcertifiedTSMsSecurityDomainwithDelegatedManagement
privilege.TheTSMcanextraditethecontactlessmobile
paymentapplicationsexecutableloadfiletoanotherSecurity
Domainaspertherulesimposedbytheapplicationowner.
December 2010
Page 13
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
6 Security Principles
6.2 Other Content Management Commands
6.2.1.1
AllContentManagementcommandsperformedOTAona
contactlessmobilepaymentapplicationsexecutableloadfile
includingpostissuancedownloadinganditsapplication
instancesshallbesecuredusingsecurechannelSCP02witha
securitylevelof'03'(MACandAPDUcommanddatafield
encryption).CommandsmaybefurtherencapsulatedusingSCP80
withorwithoutsecurity.
6.3.1.1
Page 14
ThetargetedApplicationProviderSecurityDomainofthe
confidentialloadoperationshallhavetheCipheredLoadFileData
BlockprivilegeandtheDAPVerificationprivilege.
December 2010
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
6 Security Principles
6.4 Security Domains
All Profiles
6.4.1.1
6.4.2
ASupplementarySecurityDomainassignedtoanissuingbankor
usedtosecurepersonalizationofacontactlessmobilepayment
applicationshallsupportandexclusivelyuseSecureChannel
Protocol'02'implementationoption'55'forpersonalization.
Basic Profiles
6.4.2.1
TheIssuerSecurityDomainshallsupportSecureChannelProtocol
'02'implementationoption'55'.
6.4.2.2
TheIssuerSecurityDomainshallbetheassociatedsecuritydomain
fortheexecutableloadfilesofallcontactlessmobilepayment
applications.
6.4.2.3
Instancesofthecontactlessmobilepaymentapplicationshallbe
createdbytheIssuerSecurityDomain.
December 2010
Page 15
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
6 Security Principles
6.4 Security Domains
One example of a Basic Profile where the payment applications executable load files
and all instances are associated to the ISD is shown in Figure 6.1. In this scenario
the MNO would be a certified TSM and possibly certified by multiple payment
schemes and trusted by one or more issuing banks.
In this scenario:
Page 16
December 2010
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
6 Security Principles
6.4 Security Domains
December 2010
Page 17
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
6 Security Principles
6.4 Security Domains
6.4.3
Advanced Profiles
6.4.3.1
AnySecurityDomainwithinacertifiedTSMhierarchythathasthe
ContentManagementprivilegeshallsupportSecureChannel
Protocol'02'implementationoption'55'.
6.4.3.2
ASecurityDomainwiththeContentManagementprivilegeshall
betheassociatedsecuritydomainfortheexecutableloadfileofa
contactlessmobilepaymentapplication.
6.4.3.3
ASecurityDomainwiththeAuthorizedManagementprivilegethat
istheassociatedsecuritydomainforanexecutableloadfileofa
contactlessmobilepaymentapplicationshallrejectextradition
requestsfromaSecurityDomainlocatedoutsideofthecertified
TSMhierarchy.
6.4.3.4
ASecurityDomainwiththeDelegatedManagementprivilegethat
istheassociatedsecuritydomainforanexecutableloadfileofa
contactlessmobilepaymentapplicationshallrejectextradition
requests.
Page 18
December 2010
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
6 Security Principles
6.4 Security Domains
December 2010
Page 19
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
6 Security Principles
6.4 Security Domains
Page 20
December 2010
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
6 Security Principles
6.4 Security Domains
December 2010
Page 21
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
6 Security Principles
6.4 Security Domains
Page 22
December 2010
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
Data Requirements
The following sections describe the data requirements for the possible entities on a
GlobalPlatform UICC.
7.1.1.1
TheSecurityDomainImageNumber(SDIN)shalluniquelyidentify
thecertifiedTSMsSecurityDomainforeachindividualUICC.
7.1.1.2
ToensuretheuniquenessacrossUICCsandtheirmanufacturerthe
SDINshallconsistoftheOID(orIIN)ofthemanufacturerending
(orconcatenated)with4bytesofasequentialbinarydigit.
7.1.1.3
TheSDINshallbecontainedintheISO/IEC78166specifiedtagof
'45'andtheDGIof'0070'shallbeusedbytheSTOREDATA
commandtopopulatethistag.
7.1.1.4
TheSDINshallberetrievedusingtheGETDATAcommand.
7.1.1.5
ThemechanismtoidentifytheMasterKey(KMCID)shallbethe
combinationoftheSDINandtheKeySetversion.Theentitythat
loadsthekeystothecertifiedTSMsSecurityDomainandthe
correspondingcertifiedTSMshallbeabletoretrievetheidentifier
oftheMasterkeysharedbetweenthem.
December 2010
Page 23
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
7 Data Requirements
7.2 Security Domain AID
7.2.1.1
ForimplementationsconfiguredaccordingtoanAdvancedProfile
theAIDforasinglecertifiedTSMsSecurityDomainwiththe
AuthorizedManagementprivilegeshallbe'A0000001515441
0000000000B2021000'.
7.2.1.2
IfmorethanonesuchAuthorizedManagementSecurityDomain
needstobecreated,thenthesecondtolastbyteshallbe
incrementedbyoneforeachadditionalinstance;i.e.'A0000001
5154410000000000B2021100',etc.,andupto'A0000001
5154410000000000B2021F00',foramaximumof16
possibleAuthorizedManagementSecurityDomains.
7.2.1.3
ForimplementationsconfiguredaccordingtoanAdvancedProfile
theAIDforasinglecertifiedTSMsSecurityDomainwiththe
DelegatedManagementprivilegeshallbe'A000000151544400
00000000B2022000'.
7.2.1.4
IfmorethanonesuchDelegatedManagementSecurityDomain
needstobecreated,thenthesecondtolastbyteshallbe
incrementedbyoneforeachadditionalinstance;i.e.'A0000001
5154440000000000B2022100',etc.,andupto'A0000001
5154410000000000B2022F00',foramaximumof16
possibleinstances.
Note: Bytes 13 to 15 of the AID constitute the Toolkit Application Reference (TAR)
for these Security Domains.
Page 24
December 2010
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
7 Data Requirements
7.3 Key Derivation Data
7.3.1.1
Thisdatashallbestoredinatagof'CF'oftheSecurityDomain.
TheDGIof'00CF'shallbeusedbytheSTOREDATAcommandto
populatetheKeyDerivationDatatoaSecurityDomain.
7.3.1.2
ThecertifiedTSMshallnotupdatethecontentofthetag'CF'once
itissetbytheentitythatloadedthe10SecureChannelKeySets.
HoweverthecertifiedTSMcanrotateitsassignedKeySetusinga
newMasterKey.
7.3.1.3
KEYDATAmustbesetasshowninTable71.KEYDATAiscomposed
ofSecurityDomainImageNumber(SDIN)andChipSerialNumber
(CSN).Theleftmost6bytesoftheSDINandtherightmost4bytes
ofthephysicalidentifierofthecard(CSN)shallbeusedas
KEYDATA.
Table 7-1: KEYDATA
Data Element
KEYDATA
Description
Key derivation data:
SDIN (6 bytes)
CSN (4 bytes) 2
Length
10
Format
Binary
Key Derivation Data is always 10 bytes and can be retrieved using the Get Data
command and is also returned as the first 10 bytes in the response to the Initialize
Update command.
If the CSN does not ensure the uniqueness of KEYDATA across different batches of cards,
then other unique data (e.g. 2 rightmost bytes of IC serial number and 2 bytes of IC batch
identifier) should be used instead.
December 2010
Page 25
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
7 Data Requirements
7.3 Key Derivation Data
Page 26
December 2010
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
Key Requirements
This section describes the requirements for the support of keys within the Security
Domains to be assigned to the certified TSMs for an Advanced Profile.
For the Basic profile as they are intended to be used by the UICC Issuers which are
certified as TSMs, there are no requirements other than those applying to a certified
TSM.
8.1.1.1
ForeachSecurityDomaintobeassignedtoacertifiedTSM,10
SecureChannelProtocol'02'KeySetsshallbegeneratedandbe
loadedasKeySetversions20to29priortosubmissionofthe
producttotheUICCIssuer.
Note:ThedisclosureofakeysetfromUICCmanufacturertoa
TSMshallfollowtherulesdefinedbyeachindividualpayment
system.
8.1.1.2
Thederivationmechanismdescribedinthissectionshallbeused
togeneratethekeys.
AdistinctMasterKey(KMC)shallbeusedtoderiveeachKey
Set.
TheKEYDATAisusedtoderivethe3SecureChannelkeys
(theKENC,theKMACandtheKDEK)fromthecorrespondingMaster
Key.
December 2010
Page 27
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
8 Key Requirements
8.1.1.3
AderivedkeyKENCmustbegeneratedforeachKeySet.TheKENC
willbederivedinthefollowingway:
KENC:= DES3(KMC)[SixleastsignificantbytesoftheKEYDATA||
'F0'||'01']||DES3(KMC)[Sixleastsignificantbytesofthe
KEYDATA||'0F'||'01']
8.1.1.4
AderivedkeyKMACmustbegeneratedforeachKeySet.TheKMAC
willbederivedinthefollowingway:
KMAC:= DES3(KMC)[SixleastsignificantbytesoftheKEYDATA||
'F0'||'02']||DES3(KMC)[Sixleastsignificantbytesofthe
KEYDATA||'0F'||'02']
8.1.1.5
AderivedkeyKDEKmustbegeneratedforeachKeySet.TheKDEK
willbederivedinthefollowingway:
KDEK:= DES3(KMC)[SixleastsignificantbytesoftheKEYDATA||
'F0'||'03']||DES3(KMC)[Sixleastsignificantbytesofthe
KEYDATA||'0F'||'03']
Page 28
December 2010
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
Annex A Glossary
This is a glossary of terms and abbreviations used in this specification.
AID
Application Identifier
AM
Authorized Management
API
APDU
CASD
Certified TSM
Controlling Authority
Security Domain
CSN
DAP
DEK
DES
DGI
December 2010
Page 29
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
Annex A Glossary
DM
Delegated Management
EMV
EMVCo
ENC
Encryption Key
ETSI
Handset
IEC
Immutable Persistent
Memory
ISD
ISO
KMC
KMCID
Logical Channel
LPO
Page 30
December 2010
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
Annex A Glossary
MAC
Master Key
Message Authentication
Code (MAC)
MNO
Mutable Persistent
Memory
Near Field
Communication (NFC)
NFC
OID
Object Identifier
OTA
Over-the-Air
SCP
SDIN
Security Domain
December 2010
Page 31
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
Annex A Glossary
SIM
Subscriber Identification
Module (SIM)/UICC
TLV
Toolkit Application
Reference (TAR)
TS
Technical Specification
TSM
TSM hierarchy
UICC
Universal Integrated
Circuit Card
VM
Virtual Machine
Page 32
December 2010
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.
Annex A Glossary
December 2010
Page 33
2009-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials)
shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo
found at http://www.emvco.com/specifications.aspx.