Professional Documents
Culture Documents
Application
Specification
Payment
Version 1.2, June 2015
Proprietary Rights
Please ensure that you have signed an M/Chip™ Development Agreement and
have any other relevant license before developing a product.
Trademarks
Trademark notices and symbols used in this manual reflect the registration status of
MasterCard trademarks in the United States. Please consult with the Customer
Operations Services team or the MasterCard Law Department for the registration
status of particular product, program, or service names outside the United States.
All third-party product and service names are trademarks or registered trademarks
of their respective owners.
Disclaimer
MasterCard Worldwide
Chaussée de Tervuren, 198A
B-1410 Waterloo
Belgium
E-mail: chip_help@mastercard.com
www.mastercard.com
Table of Contents
1. Using This Manual................................................................. 9
1.1. Purpose......................................................................................................... 10
1.2. Audience ...................................................................................................... 10
1.3. Related Information ..................................................................................... 10
1.4. Abbreviations ............................................................................................... 11
1.5. Specification Language ................................................................................ 13
1.6. Notational Conventions ............................................................................... 15
1.6.1. Hexadecimal Notational Convention ................................................... 15
1.6.2. Binary Notational Convention ............................................................. 15
1.6.3. Decimal Notational Convention .......................................................... 15
1.6.4. Data Object Notational Convention ..................................................... 15
1.6.5. Logic .................................................................................................... 16
1.6.6. Memory ................................................................................................ 17
1.6.7. State Notational Convention ................................................................ 18
1.6.8. C-APDU Notational Convention ......................................................... 18
1.7. Data Object Format ...................................................................................... 19
1.8. Specification Principles ............................................................................... 19
1.9. Revision History .......................................................................................... 20
2. General Card Requirements ............................................... 21
2.1. Overview ...................................................................................................... 22
2.2. State Machine Interface ............................................................................... 22
2.3. The ICC interface ......................................................................................... 23
2.3.1. Contact ................................................................................................. 23
2.3.2. Contactless ........................................................................................... 23
2.4. Multiple Logical Channels ........................................................................... 23
2.5. Selection and Multi-application Cards......................................................... 23
2.5.1. M/Chip Advance Application Activation ............................................ 24
2.5.2. M/Chip Advance Application De-activation ....................................... 26
2.6. Signals from the Multi-application Manager to M/Chip Advance .............. 26
2.7. Linked Applications ..................................................................................... 29
2.8. Support for the PSE ..................................................................................... 30
2.9. Support for the PPSE ................................................................................... 30
3. State Machine ...................................................................... 31
3.1. Application States ........................................................................................ 32
3.1.1. Idle ....................................................................................................... 32
3.1.2. Selectednotenabled .............................................................................. 33
3.1.3. Selected ................................................................................................ 33
3.1.4. Initiated ................................................................................................ 33
3.1.5. Online................................................................................................... 34
3.1.6. Script .................................................................................................... 34
3.2. Knowledge of the Active Interface .............................................................. 35
3.3. Signal Processing and Notation ................................................................... 35
1.1. Purpose
The M/Chip Advance Card Application Specification—Payment defines the behavior
of M/Chip™ Advance, once deployed.
1.2. Audience
MasterCard provides this manual for customers and their authorized agents.
Specifically, the following personnel should find this manual useful:
Card application developers
Card application testers
Customers
1.4. Abbreviations
Table 1.1 contains the abbreviations used in this document.
Table 1.1—Abbreviations
AAC Application Authentication Cryptogram
AC Application Cryptogram
ADF Application Definition File
AFL Application File Locator
AID Application Identifier
AIP Application Interchange Profile
an Alphanumeric characters
ans Alphanumeric and Special characters
APDU Application Protocol Data Unit
ARPC Authorization Response Cryptogram
ARQC Authorization Request Cryptogram
ATC Application Transaction Counter
b Binary
BER Basic Encoding Rules
C-APDU Command APDU
CAT Cardholder Activated Terminal
CDA Combined DDA/AC Generation
CDOL Card Risk Management Data Object List
CIAC Card Issuer Action Code
CID Cryptogram Information Data
CLA Class byte of command message
cn Compressed Numeric
CRM Card Risk Management
CRT Chinese Remainder Theorem
CSK Common Session Key
CTR Session Key Counter
CVC Card Verification Code
CVR Card Verification Results
DAC Data Authentication Code
DDA Dynamic Data Authentication
DDOL Dynamic Data Authentication Data Object List
DES Data Encryption Standard
DF Dedicated File
DRDOL Data Recovery Data Object List
EMV Europay MasterCard Visa
FCI File Control Information
IAD Issuer Application Data
ICC Integrated Circuit Card
IDN ICC Dynamic Number
INS Instruction byte of command message
IVCVC3 Initialization Vector for CVC3 generation
KDCVC3 ICC Derived Key for CVC3 generation
LCOL Lower Consecutive Offline Limit
Procedure
YES NO
NO
state
YES
Each diagram in this specification has a unique label and each symbol in a diagram
has a unique identifier. The identifier is the concatenation of the diagram label with
the symbol number. When a paragraph in the textual description starts with a symbol
identifier, then it corresponds to the symbol bearing the same identifier in the
transition flow diagram.
Example
Symbols in the diagram in Figure 1.2 are labeled as VY.1.x. The symbol with
number 1 is identified in the textual description by VY.1.1.
Figure 1.2— Example of Symbol Identifier
VY.1
Verify
1
Update Get Challenge
Flag
VY.1.1
'Challenge Availability' in Get Challenge Flag := 'Successful Get Challenge' in Get
Challenge Flag
Clear 'Successful Get Challenge' in Get Challenge Flag
The order of execution of the processing steps is defined by the relevant flow
diagram. The textual description specifies the behavior of the individual steps not the
order of execution.
A GOTO statement is used to indicate the next step in the following two instances:
A decision diamond, containing a test whose outcome determines subsequent
processing
An off-page reference to another flow diagram
To refer to a sub-element of a data object (i.e. a specific bit, set of bits or byte of a
multi-byte data object), the following notational convention is used:
'Name of Sub-element' in Data Object Name
Example:
'Allow Retrieval Of Balance' in Application Control
refers to bit 2 of byte 2 in the Application Control
The sub-elements are defined in the data dictionary.
Each of the possible values of a sub-element has a name. To refer to a value, the
following notational convention is used:
Value Of Sub-element
Example:
'Key For Offline Encrypted PIN Verification' in Application Control := DDA
Key
means the same as bit 5 of byte 1 of Application Control is set to 0b.
To refer to a specific byte of a multi-byte data object, a byte index is used within
brackets (i.e. [_]).
For example, Transaction Related Data[11] represents byte 11 of the Transaction
Related Data. The first byte (leftmost or most significant) of a data object has
index 1.
To refer to a specific bit of a single byte multi-bit data object, a bit index is used
within brackets [_].
For example, Cryptogram Version Number[7] represents the 7th bit of the
Cryptogram Version Number. The first bit (rightmost or least significant) of a
data object has index 1.
To refer to a specific bit of a multi-byte data object, a byte index and a bit index
are used within brackets (i.e. [_][_]).
For example, Card Verification Results[2][4] represents bit 4 of byte 2 of the
Card Verification Results.
1.6.5. Logic
Decision symbols in the transition flow diagrams are translated in the textual
description as follows:
IF T
THEN
GOTO X
ELSE
GOTO Y
ENDIF
Where T is a statement resulting in true or false and X and Y are symbol
identifiers.
Example:
IF Amount, Authorized (Numeric) > MTA CVM
THEN
GOTO 2G.1.22
ELSE
GOTO 2G.1.23
ENDIF
Example:
CALL UpdateTempAccsCntrs( )
Example:
'Offline PIN Verification Not Performed' in Card Verification Results :=
NOT 'Offline PIN Verification Performed' in PIN Verification Status
The notational conventions OR and AND are used for both the logical and bitwise
operations. Their meaning is context specific.
Example:
Logical OR:
IF (Authorisation Response Code = Y3) OR (Authorisation Response Code
= Z3)
Bitwise AND:
IF 'CVR Decisional Part' in Card Verification Results AND (Card Issuer
Action Code – Default = '000000')
The notational convention | is used for the concatenation of two binary data
objects.
Example:
A := 'AB34'
B := A | 'FFFF'
means that B is assigned the value 'AB34FFFF'
1.6.6. Memory
When a specific bit in a data object is set to 1b the word Set is used.
Example:
Set 'MTA Limit Exceeded' in Card Verification Results
When a specific bit in a data object is set to 0b the word Clear is used.
Example:
Clear 'Issuer Authentication Failed' in Card Verification Results
When a specific value is assigned to a data object the symbol ':=' is used.
Example:
Script Counter := '00'
When a write to a persistent data object must not be committed at the moment of
the assignment in the flow diagram, the notational convention (do not commit) is
used. In this case, the commit of the persistent data object happens at the end of
the command processing as explicitly indicated in the flow diagram.
If the symbol ':= ' is used for an assignment of a persistent data object without the
(do not commit) indication, it means an actual write in persistent memory of the
new value of the persistent data object.
Example:
Accumulator 1 Amount := Accumulator 1 Amount Temp (do not
commit)
The notational conventions are strictly followed in the body of this specification
but not in the diagrams.
Example:
Successful processing of the select(active interface, C-APDU) signal changes
the application state from idle to:
selected
or to selectednotenabled.
Example:
GET PROCESSING OPTIONS
Data objects that have the alphanumeric (an) or alphanumeric special (ans) format are
ASCII encoded, left justified and padded with trailing hexadecimal zeros.
These principles are used in order to present the application concepts. The same
principles do not have to be followed in the actual implementation. However, the
implementation must behave in a way that is indistinguishable from the behavior
specified in this document.
The Type Approval services consider the card application as a black box. They
validate output signals that the application generates as a result of processing of input
signals, against the output signals predicted by these specifications.
2.1. Overview
The main part of this specification is at the application layer. M/Chip Advance is
specified as an abstract state machine using states, transitions and signals to model its
behavior. However, the behavior of the card –even for a mono application card– is
not fully covered by the state machine; the card must follow a number of requirements
and principles that are not present in the state machine.
Furthermore, the interface defined by the state machine is not the card interface at the
application layer. The interface defined by the state machine is in fact internal to the
card. To fully specify the card interface at the application layer, the link between the
state machine and the card interface is needed.
This section captures the requirements and principles that are not covered by the state
machine.
card interface
state machine
Since it is internal to the card, the actual implementation of this interface is left to the
vendor.
2.3.1. Contact
The physical, data link and transport layers on the contact interface must be compliant
with [EMV BOOK 1]. The transmission protocol may be T = 0 or T = 1.
The application layer on the contact interface must be compliant with [EMV]. The C-
APDUs and R-APDUs visible on the contact interface are a direct transposition of all
C-APDUs and R-APDUs defined in this specification.
2.3.2. Contactless
The physical, data link and transport layers on the contactless interface must be
compliant with [EMV BOOK D]. The signaling scheme may be Type A or Type B.
Note
The requirements below are also valid when M/Chip Advance is the only application
present on the card.
card interface
Multi-application manager
Note
Only one interface may be active at a time and switching the active interface implies
the power off of the currently active interface.
select(contactless,
C-APDU)
In other words, it is mandatory to support partial selection and the select next C-
APDU, as defined in [EMV BOOK 1]. This is true on both the contact and
contactless interface.
When M/Chip Advance is inactive, the only signal that it can receive from the multi-
application manager is the select(active interface, C-APDU) signal.
reset
unselect
Any C-APDU received by the card when M/Chip Advance is active will lead to one of
the following behaviors:
The C-APDU is recognized by the multi-application manager as a select
carrying an AID supported by M/Chip Advance or a select next as mentioned
above. The multi application manager sends the select(active interface, C-
APDU) signal to M/Chip Advance. The active interface parameter is used to
represent the fact that M/Chip Advance has knowledge of the active interface
when processing the select(active interface, C-APDU) signal. The C-APDU
parameter represents the complete C-APDU (header and conditional body of
variable length).
The C-APDU leads to the selection of another application on the card. The
unselect signal is sent to M/Chip Advance .
The C-APDU does not lead to the selection of an application on the card. The
C-APDU is sent to M/Chip Advance as a card command(active interface, C-
APDU). The active interface parameter is used to represent the fact that
M/Chip Advance has knowledge of the active interface when processing the C-
APDU. The C-APDU parameter represents the complete C-APDU (header
and conditional body of variable length). In Figure 2.5, the multi-application
manager sends a card command to application App. 1.
Figure 2.5—Sending a Card Command to an Application
C-APDU
card command(contact,
C-APDU)
The first exception is when the format of the C-APDU received by the card is not
correct. Format errors include:
The number of bytes received is insufficient to carry a C-APDU header
Lc in the command header is inconsistent with the number of command data
bytes
The second exception is the select C-APDU with an AID that is not supported on the
active interface. In this case, the response from the card must be SW12 equal to
'6A82', as specified in [EMV]. It is assumed that this response is handled by the multi-
application manager. In some implementations, the response would be handled by the
M/Chip Advance software. This is allowed and how to implement this behavior is left
to the implementation. The impact of such a C-APDU on the M/Chip Advance state
machine (if M/Chip Advance is active) is also left to the implementation. M/Chip
Advance may go to the idle state, or to the selected state or may remain in its
current state.
The third exception is the select next C-APDU when all matching DF files have
already been selected. In that case, the response from the card must also be SW12
equal to '6A82', as specified in [EMV]. Again, it is assumed that this response is
handled by the multi-application manager. In some implementations, the response
would be handled by the M/Chip Advance software. This is allowed and how to
implement this behavior is also left to the implementation. Again, the impact of such a
C-APDU on the M/Chip Advance state machine (if M/Chip Advance is active) is left
to the implementation: M/Chip Advance may go to the idle state, or to the
selected state or may remain in the current state.
Assuming the exceptions above are handled by the multi-application manager, the
signals received by M/Chip Advance from the multi-application manager are given in
Table 2.1.
Table 2.1—Signals from the Multi-application Manager
M/Chip Advance Inactive Active
State for the Multi-
application
Manager
Possible signals select(active select(active interface, C-APDU)
interface, C- card command(active interface,
APDU) C-APDU)
unselect
The update mechanism is available whenever any of the M/Chip Advance applications
present on the card is in the script state and works as described here.
A PUT DATA is sent as a script command to the currently selected M/Chip Advance
application.
This application verifies the MAC on the PUT DATA using its SMI Session Key and
if the verification is successful the update is applied to one of the following:
the currently selected application
any other M/Chip Advance application present on the card
the PSE present on the card
the PPSE present on the card.
This implies that the strict firewalling between these applications must be loosened.
How the mechanism is implemented internally between the linked applications is left
to the implementer.
The PUT DATA is done on Linked Application Data. The target application (that is
the application that will be updated) can be addressed in two ways via Linked
Application Data:
through its AID
through its Linked Application Index (for M/Chip Advance target applications
only).
When the target application is addressed via Linked Application Index, M/Chip
Advance application updates the first target application it finds with a matching
Linked Application Index. Thefore, all linked M/Chip Advance target applications
must be assigned different indexes by the issuer. The index of an M/Chip Advance
application is defined at personalization by assigning a value to the data object Linked
Application Index.
Addressing the target application by index is not supported for PSE and PPSE.
If the PSE is supported, it must comply with [EMV]. The PSE may be visible on the
contactless interface.
If the PSE is not supported, the response from the ICC when the terminal attempts to
select it must comply with [EMV], i.e. the response must consist of SW12 equal to
'6A82'.
If the PSE is supported, then the PSE must be supported as target application in
Linked Application Data passed in the PUT DATA command to update the FCI
Proprietary Template (tag 'A5') of the PSE.
The PPSE must be supported as target application in Linked Application Data passed
in the PUT DATA command to update the FCI Proprietary Template (tag 'A5') of the
PPSE.
3. State Machine
3.1. Application States ........................................................................................ 32
3.1.1. Idle ....................................................................................................... 32
3.1.2. Selectednotenabled .............................................................................. 33
3.1.3. Selected ................................................................................................ 33
3.1.4. Initiated ................................................................................................ 33
3.1.5. Online................................................................................................... 34
3.1.6. Script .................................................................................................... 34
3.2. Knowledge of the Active Interface .............................................................. 35
3.3. Signal Processing and Notation ................................................................... 35
3.4. Select Processing ......................................................................................... 36
3.4.1. Select Processing in State Idle ............................................................. 37
3.4.2. Select Processing in Any Other State .................................................. 40
3.5. Card Command(C-APDU)........................................................................... 42
3.5.1. C-APDU Recognition .......................................................................... 42
3.5.2. BAD CLA, BAD INS or BAD LENGTH ........................................... 43
3.5.3. C-APDU Acceptance ........................................................................... 43
3.6. Unselect processing ..................................................................................... 46
3.7. Get Challenge Flag ...................................................................................... 47
3.1.1. Idle
M/Chip Advance is in state idle if it is not currently activated. In a multi-application
card for instance, the application may be in state idle if another application is
activated. The application also goes to the state idle when the card is reset or
powered off (unselect signal).
In the state idle the application does not process C-APDUs (i.e. card
command(active interface, C-APDU)), but is only waiting for an external select(active
interface, C-APDU) signal.
Successful processing of the select(active interface, C-APDU) signal changes the
application state from idle to:
selected
or to selectednotenabled.
The destination state from the idle state depends on the following:
Which interface is currently active
Whether that interface is currently enabled or not
3.1.2. Selectednotenabled
In the state selectednotenabled all C-APDUs are rejected and M/Chip
Advance remains in this state. The select signal is processed but does not change the
state. Only the unselect signal allows to leave this state (and go back to the idle
state).
3.1.3. Selected
Every transaction starts in the state selected. There are six C-APDUs processed in
this state:
GET CHALLENGE
GET DATA
GET PROCESSING OPTIONS
OFFLINE CHANGE PIN
READ RECORD
VERIFY
M/Chip Advance goes to state initiated after the successful processing of the
GET PROCESSING OPTIONS command. The other commands do not modify the
application state.
3.1.4. Initiated
In this state, a new transaction is initiated. There are eleven C-APDUs processed in
this state:
COMPUTE CRYPTOGRAPHIC CHECKSUM
EXCHANGE RELAY RESISTANCE DATA
GENERATE AC
GET CHALLENGE
GET DATA
GET PROCESSING OPTIONS,
INTERNAL AUTHENTICATE
OFFLINE CHANGE PIN
READ RECORD
RECOVER AC
VERIFY
M/Chip Advance goes back from the state initiated to the state selected after
successful processing of the COMPUTE CRYPTOGRAPHIC CHECKSUM
command.
M/Chip Advance proceeds from the state initiated to the state script after
successful processing of the first GENERATE AC command, completed with a TC or
AAC.
M/Chip Advance proceeds from the state initiated to the state online after
successful processing of the first GENERATE AC command, completed with an
ARQC.
3.1.5. Online
In this state, the application is expecting a response from the issuer. There are ten
C-APDUs processed in this state:
APPLICATION BLOCK
APPLICATION UNBLOCK
GENERATE AC
GET CHALLENGE
GET DATA
ISSUER UPDATES
OFFLINE CHANGE PIN
PIN CHANGE/UNBLOCK
READ RECORD
VERIFY
M/Chip Advance proceeds from the state online to the state script after
successful processing of the second GENERATE AC command, which may or may
not carry the response from the issuer. The other commands do not modify the
application state.
3.1.6. Script
In this state, the application can process script commands from the issuer. The script
commands processed in this state are:
APPLICATION BLOCK
APPLICATION UNBLOCK
PIN CHANGE/UNBLOCK
PUT DATA
UPDATE RECORD
M/Chip Advance stays in the state script after successful processing of a script
command.
As the difference in behavior is only in the data used, the processing of the card
command(active interface, C-APDU) signals can be specified generically, i.e. not
differentiating between contact and contactless. The context (i.e. the interface
currently active) determines which data is used, following the rule in section 3.2. As
a consequence, the parameter carrying the identifier of the active interface in the card
command signals will be omitted in the remainder of this document. The card
command(C-APDU) signals will be used instead of the card command(active
interface, C-APDU) signals, leaving the interface dependencies as contextual.
Note
The validity check on Le might be performed by the application manager instead of
the application.
Select
1
Create global transient
data
2
No
Application Yes
blocked?
4 3
Build response Build response
SW12 = '9000' SW12 = '6283'
5
contact Active interface? contactless
6 7
Interface Yes Yes
Interface
disabled? disabled?
9
Build response for
disabled interface
No No
8 10 8
SI.1
The global transient data objects are created. The initial value is binary zero(es). The
global transient data objects are listed in chapter 4.
Note
It is possible to create these data objects during the processing of other C-APDUs,
without changing the external behavior of M/Chip Advance. This is allowed as long as
it is indistinguishable from the behavior described in this specification.
SI.2
IF 'Application Blocked' in Previous Transaction History is set
THEN
GOTO SI.3
ELSE
GOTO SI.4
ENDIF
SI.3
Build the response. The application will return the File Control Information and
SW12 equal to '6283'.
SI.4
Build the response. The application will return the File Control Information and
SW12 equal to '9000'.
SI.5
IF the contact interface is active
THEN
GOTO SI.6
ELSE
GOTO SI.7
ENDIF
SI.6
IF 'Interfaces Status' in Interface Enabling Switch = Contact Interface Disabled
THEN
GOTO SI.9
ELSE
GOTO SI.8
ENDIF
SI.7
IF 'Interfaces Status' in Interface Enabling Switch = Contactless Interface Disabled
THEN
GOTO SI.9
ELSE
GOTO SI.8
ENDIF
SI.8
Send the response and go to state selected.
SI.9
Build the response for a disabled interface. The implementer has the choice of either
of the following methods:
Use the File Control Information and SW12 as prepared in SI.3 and SI.4, or
Set SW12= '6985' or another appropriate error status word, and do not return
the File Control Information
SI.10
Send the response and go to state selectednotenabled.
Select
1
Clear global transient
data
2
No
Application Yes
blocked?
4 3
Build response Build response
SW12 = '9000' SW12 = '6283'
5
contact Active interface? contactless
6 7
Interface Yes Yes
Interface
disabled? disabled?
9
Build response for
disabled interface
No No
8 10 8
SO.1
The global transient data objects are cleared. The resulting value is binary zero(es).
The global transient data objects are listed in chapter 4.
Note
It is possible to clear these data objects during the processing of other C-APDUs,
without changing the external behavior of the M/Chip Advance application. This is
allowed as long as it is indistinguishable from the behavior described in this
specification.
SO.2
IF 'Application Blocked' in Previous Transaction History is set
THEN
GOTO SO.3
ELSE
GOTO SO.4
ENDIF
SO.3
Build the response. The application will return the File Control Information and
SW12 equal to '6283'.
SO.4
Build the response. The application will return the File Control Information and
SW12 equal to '9000'.
SO.5
IF the contact interface is active
THEN
GOTO SO.6
ELSE
GOTO SO.7
ENDIF
SO.6
IF 'Interfaces Status' in Interface Enabling Switch = Contact Interface Disabled
THEN
GOTO SO.9
ELSE
GOTO SO.8
ENDIF
SO.7
IF 'Interfaces Status' in Interface Enabling Switch = Contactless Interface Disabled
THEN
GOTO SO.9
ELSE
GOTO SO.8
ENDIF
SO.8
Send the response and go to state selected.
SO.9
Build the response for a disabled interface. The implementer has the choice of either
of the following methods:
Use the File Control Information and SW12 as prepared in SO.3 and SO.4, or
Set SW12= '6985' or another appropriate error status word, and do not return
the File Control Information.
SO.10
Send the response and go to state selectednotenabled.
The application must perform a validity check on Le. C-APDUs that fail this validity
check lead to BAD LENGTH.
The order in which the CLA check, the INS check and the Le validity check are done
is left to the implementation. However, it is required that:
The checks are done and that only C-APDUs passing all checks are supported
The C-APDUs that do not pass all checks are processed as specified in
section 3.5.2
If the outcome of the C-APDU recognition is BAD CLA, BAD INS or BAD
LENGTH, the C-APDU is not supported by M/Chip Advance and the application
processes as specified in section 3.5.2. Otherwise the C-APDU is supported and the
application processes as specified in section 3.5.3.
Rejected C-APDUs identified as R/CNS (2) in Table 3.7 are processed as follows:
The global transient data objects are cleared
The application does not perform any other action than transitioning states and
responds with only SW12 equal to '6985'
The destination state is the state selected
C-APDU
APPLICATION
BLOCK
'9000' - - online script
Other (error) - - online script
APPLICATION
UNBLOCK
'9000' - - online script
Other (error) - - online script
COMPUTE
CRYPTOGRAPHIC
CHECKSUM
'9000' - selected - -
Other (error) - selected - -
EXCHANGE RELAY
RESISTANCE DATA
'9000' initiated
Other (error) initiated
GENERATE AC
AAC '9000' - script script -
TC '9000' - script script -
ARQC '9000' - online - -
Other (error) - selected selected -
GET CHALLENGE
'9000' selected initiated online script
Other (error) selected initiated online script
GET DATA
'9000' selected initiated online script
Other (error) selected initiated online script
GET PROCESSING
OPTIONS
'9000' initiated initiated - -
Other (error) selected selected - -
INTERNAL
AUTHENTICATE
'9000' - initiated - -
Other (error) - initiated - -
ISSUER UPDATES
'9000' - - online -
Other (error) - - online -
C-APDU
OFFLINE CHANGE
PIN
'9000' selected initiated online script
Other (error) selected initiated online script
PIN
CHANGE/UNBLOCK
'9000' - - online script
Other (error) - - online script
PUT DATA
'9000' - - - script
Other (error) - - - script
READ RECORD
'9000' selected initiated online script
Other (error) selected initiated online script
RECOVER AC
'9000' - initiated - -
Other (error) - initiated - -
UPDATE RECORD
'9000' - - - script
Other (error) - - - script
VERIFY
'9000', '63Cx', selected initiated online script
'6983'
Other (error) selected initiated online script
4. Data Organization
4.1. Knowledge of the Active Interface .............................................................. 49
4.2. Single Code .................................................................................................. 49
4.3. Interface Specific Data ................................................................................. 50
4.3.1. Characteristics ...................................................................................... 50
4.3.2. The Interface Specific Data ................................................................. 50
4.3.3. Notation for the Usage of Interface Specific Data ............................... 51
4.4. Common Data .............................................................................................. 51
4.5. Persistent Data ............................................................................................. 52
4.6. Transient Data Objects ................................................................................. 55
4.7. Transient Data .............................................................................................. 56
4.7.1. Global Transient Data .......................................................................... 56
4.7.2. Local Transient Data ............................................................................ 57
4.8. Personalization ............................................................................................. 59
4.9. Initialized Data ............................................................................................. 62
4.10. Files .............................................................................................................. 63
4.10.1. SFI in the Range 1 to 10 ...................................................................... 63
4.10.2. Transaction Log File ............................................................................ 64
4.10.3. Other Files ............................................................................................ 67
Note
Most of the persistent data objects are not duplicated: for those data objects, the same
value is used whatever the active interface. For example, the Application Life Cycle
Data is a common data object, used whatever the active interface.
4.3.1. Characteristics
Usage of interface specific data modifies the behavior of M/Chip Advance depending
on the interface currently active. The interface specific data always exist for the:
1. Contact instance
2. Contactless instance
The contact specific instances of these data are exclusively used when the contact
interface is active. Conversely, the contactless specific instances of these data are
exclusively used when the contactless interface is active.
All the interface specific data share the following characteristics:
1. The coding (format and semantics) of the data is identical for both interfaces
2. The data are persistent
3. The data can be personalized
4. When accessed through the GET DATA and PUT DATA commands, the tags
are different for the contact instance and the contactless instance
For example there are two instances of the Accumulator 1 Control as follows:
Accumulator 1 Control (Contact)
Accumulator 1 Control (Contactless)
These persistent data objects are stored in non-volatile memory and retain value
through consecutive transactions (transactions start when the application goes to the
state selected).
The usage of the local transient data by command is given in the chapters specifying
the commands.
4.8. Personalization
The data objects listed in Table 4.5 can be personalized. When a range is given in the
"Length" column, the M/Chip Advance application must accept personalization values
with any size in this range, unless otherwise stated in this section.
Table 4.5—Personalization Data Objects
Data Object Length (in
bytes)
AC Master Key (Contact) 16
AC Master Key (Contactless) 16
AC Master Key (MAS4C) 16
AC Session Key Counter Limit (Contact) 2
AC Session Key Counter Limit (Contactless) 2
AC Session Key Counter Limit (MAS4C) 2
Accumulator 1 Control (Contact) 1
Accumulator 1 Control (Contactless) 1
Accumulator 1 Currency Code 2
Accumulator 1 Currency Conversion Table 25
Accumulator 1 CVR Dependency Data (Contact) 3
Accumulator 1 CVR Dependency Data (Contactless) 3
Accumulator 1 Lower Limit 6
Accumulator 1 Upper Limit 6
Accumulator 2 Control (Contact) 1
Accumulator 2 Control (Contactless) 1
Accumulator 2 Currency Code 2
Accumulator 2 Currency Conversion Table 25
Accumulator 2 CVR Dependency Data (Contact) 3
Accumulator 2 CVR Dependency Data (Contactless) 3
Accumulator 2 Lower Limit 6
Accumulator 2 Upper Limit 6
Additional Check Table 18
AID Variable, 5–16
Application Control (Contact) 6
Application Control (Contactless) 6
Application File Locator (Contact) Variable
Application File Locator (Contactless) Variable
Application Interchange Profile (Contact) 2
Application Interchange Profile (Contactless) 2
Application Life Cycle Data 48, see below
Application Transaction Counter Limit 2
Card Issuer Action Code (Contact) – Decline 3
Card Issuer Action Code (Contact) – Default 3
Card Issuer Action Code (Contact) – Online 3
Card Issuer Action Code (Contactless) – Decline 3
Card Issuer Action Code (Contactless) – Default 3
Card Issuer Action Code (Contactless) – Online 3
Only parts of the Application Life Cycle Data are personalized. The personalization
requirements are as follows:
Table 4.6—Application Life Cycle Data Personalization Requirements
Field Personalizable
'Version Number' Optional
'Type Approval ID' Optional
'Application Issuer ID' Mandatory
'Application Code ID' Not allowed
4.10. Files
When the card is issued, an area of memory is reserved for each record. The reserved
length for a record represents the size allocated to a record and is greater than or equal
to the size needed for personalization of the record. The reserved length for a record
may vary between records. The reserved length for each record is a record attribute
that is not modified by the UPDATE RECORD command. The memory allocated to a
record remains available to store a new value using the UPDATE RECORD
command. The method for reserving the length for a record is beyond the scope of
this specification and is left to the implementation.
If the length of the new value for a record is less than or equal to the reserved length
for a record, the UPDATE RECORD replaces the current record with a new record,
even if the actual size of those records differ. Partial update of a record is not
supported. The length of the record data is updated with the length of the new data,
but the reserved length for the record has not changed. The new record value is the
value that would be returned in response to the READ RECORD command.
Since the application does not interpret the value of records, it is the responsibility of
the issuer to correctly format the record values:
At personalization
When generating the data for the UPDATE RECORD command
It is an issuer option to store the EMV records in any file with an SFI between
1 and 10 (for example, records may be stored in SFI 1 and 2; or in SFI 1, 3,
and 4; or in SFI 5, 6, 8, 9).
At a minimum, M/Chip Advance must support up to a total of 16 records for
EMV data.
It is an issuer option to place up to 16 records in any file with SFI between 1
and 10.
The records in the Transaction Log File can be retrieved by a terminal using the
READ RECORD command.
The fixed part of the Transaction Log Record is the concatenation of the data objects
listed in Table 4.8.
Table 4.8—Fixed Part of Transaction Log Record
Data Object Length
Cryptogram Information Data 1
Amount, Authorized (Numeric) 6
Transaction Currency Code 2
Transaction Date 3
Application Transaction Counter 2
Card Verification Results 6
Interface Identifier 1
Transaction Time 3
Merchant Custom Data 20
M/Chip Advance allows the Transaction Log Record to be extended by means of the
Log Data Table. The Log Data Table provides information to extend the Transaction
Log Record with terminal sourced data provided to the card in the first GENERATE
AC command data.
The Log Data Table is the concatenation (without TLV coding) of the data objects
identified in Table 4.9.
The maximum number of data entries (n) is 4. The total length of the additional
transaction log data must be less than or equal to 32 bytes.
The additional data is stored at the end of the fixed part of the Transaction Log
Record as shown in Table 4.10.
Table 4.10—Transaction Log Record with Additional Info
Data Object Length
Cryptogram Information Data 1
Amount, Authorized (Numeric) 6
Transaction Currency Code 2
Transaction Date 3
Application Transaction Counter 2
Card Verification Results 6
Interface Identifier 1
Transaction Time 3
Merchant Custom Data 20
Additional info Var.
No padding is allowed in a Transaction Log Record and the size of the additional info
retrieved when reading the record corresponds to the data written by the
AddAdditionalLogInfo( ) subroutine.
The Log Data Table, the Log Format and the Transaction Log File are common for
the contact and contactless interface. Therefore, the records in the Transaction Log
File generated by contact transactions have the same length and content as records
generated during contactless transactions.
Table 4.11 provides the relationship between the Record Number in P1 of the READ
RECORD command and the Transaction Log Record in the response to the READ
RECORD command.
Table 4.11—Correspondence between Record Number and Transaction Log
Record
Record Number Transaction Log
1 Last Transaction Log Record
2 Last but one Transaction Log Record
3 Last but two Transaction Log Record
… …
If in its lifetime M/Chip Advance has not logged at least one transaction for each record in the
Transaction Log File, some of the entries in the Transaction Log File do not represent
transactions, but are empty. These empty entries are not retrievable with the READ
RECORD command. The actual implementation approach is the decision of the card
application developer. This requirement is also applicable to logs with more than ten
entries.
A Transaction Log Record may be written in the Transaction Log File during the 1st
and 2nd GENERATE AC commands. The conditions whether to log a transaction, are
defined by the personalization of the Application Control (Contact) and Application
Control (Contactless).
During the 1st GENERATE AC command a new Transaction Log Record is added to
the Transaction Log File when the 1st GENERATE AC command completes with a
TC and 'TC Logging' in Application Control is set or the 1st GENERATE AC
command completes with an AAC and 'AAC Logging' in Application Control is set.
If the 'ARQC Pre-logging' in Application Control is set, then a Transaction Log
Record is added also to the Transaction Log File in case of an ARQC.
If all entries in the Transaction Log File are occupied, M/Chip Advance overwrites the
oldest entry. The method for achieving this is left to the implementation.
During the 2nd GENERATE AC command a transaction is logged when the 2nd
GENERATE AC command completes with a TC and 'TC Logging' in Application
Control is set or the 2nd GENERATE AC command completes with an AAC and
'AAC Logging' in Application Control is set.
When a transaction is logged during the 2nd GENERATE AC command, a new
Transaction Log Record is added to the Transaction Log File when the 'ARQC Pre-
logging' in Application Control is not set. If the 'ARQC Pre-logging' in Application
Control is set, then the most recent Transaction Log Record is overwritten (this is the
record written during the 1st GENERATE AC command).
The method for achieving this is left to the implementation.
5. Application Block
5.1. Application Block Command Message ....................................................... 69
5.2. Local Transient Data .................................................................................... 69
5.3. Application Block Processing ...................................................................... 70
AB
APPLICATION BLOCK
2 3
Build response
P1-P2 NOK
SW12 = '6A86'
OK
4 5
Build response
Lc NOK
SW12 = '6700'
OK
6
7
Script Failed Flag Yes
Build response
set? SW12 = '6982'
No
8
Set Script Received in
PTH
AB
9 11
Set SMI Session Key Counter
CTRSMI < LIMSMI No Limit Exceeded in Security
Limits Status
12
Yes
Retrieve MAC
13
14
2 Build response
SW12 = '6985'
15
AB
16
Session Key
EMV CSK MasterCard Proprietary
Derivation
method
17
SMI CSK
No
key present?
19 22
18 20 23
Derive SMI Session
New SMI Key Flag = 0 Derive SMI Session
Key (MasterCard
Key (EMV CSK)
Proprietary SKD)
21 24
SMI CSK Key Present SMI CSK Key Present
Flag = 1 Flag = 0
New SMI Key Flag = 1 New SMI Key Flag = 1
AB
27
25
Verify NOK
Set Script Failed in
MAC PTH
OK 28
31 30
Commit persistent
Decrement CTRSMI data
32
Set Application
Blocked in PTH
33
Increment Script
Counter
AB
34
Increment Rand
35
Build response
SW12 = '9000'
36
Commit persistent
data
AB.1
'Challenge Availability' in Get Challenge Flag := 'Successful Get Challenge' in Get
Challenge Flag
Clear 'Successful Get Challenge' in Get Challenge Flag
AB.2
IF P1|P2 = '0000'
THEN
GOTO AB.4
ELSE
GOTO AB.3
ENDIF
AB.3
Build R-APDU consisting of SW12 equal to '6A86'.
AB.4
IF Lc = '08'
THEN
GOTO AB.6
ELSE
GOTO AB.5
ENDIF
AB.5
Build R-APDU consisting of SW12 equal to '6700'.
AB.6
IF Script Failed Flag is set
THEN
GOTO AB.7
ELSE
GOTO AB.8
ENDIF
AB.7
Build R-APDU consisting of SW12 equal to '6982'.
AB.8
Set 'Script Received' in Previous Transaction History (do not commit)
AB.9
IF SMI Session Key Counter < SMI Session Key Counter Limit
THEN
GOTO AB.10
ELSE
GOTO AB.11
ENDIF
AB.10
Retrieve MAC from the APPLICATION BLOCK command message.
AB.11
Set 'SMI Session Key Counter Limit Exceeded' in Security Limits Status
AB.12
Set 'Script Failed' in Previous Transaction History (do not commit)
AB.13
Set Script Failed Flag
AB.14
Build R-APDU consisting of SW12 equal to '6985'.
AB.15
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
AB.16
IF 'Session Key Derivation' in Application Control = EMV CSK
THEN
GOTO AB.17
ELSE
GOTO AB.22
ENDIF
AB.17
IF SMI CSK Key Present Flag is set
THEN
GOTO AB.18
ELSE
GOTO AB.19
ENDIF
AB.18
Clear New SMI Key Flag
AB.19
SMI Session Key Counter := SMI Session Key Counter + 1
AB.20
Derive new SMI Session Key according to the EMV CSK method.
Refer to [SECURITY] for details.
AB.21
Set SMI CSK Key Present Flag
Set New SMI Key Flag
AB.22
SMI Session Key Counter := SMI Session Key Counter + 1
AB.23
Derive new SMI Session Key according to the MasterCard Proprietary SKD method.
Refer to [SECURITY] for details.
AB.24
Clear SMI CSK Key Present Flag
Set New SMI Key Flag
AB.25
Verify MAC on the APPLICATION BLOCK command.
Refer to [SECURITY] for details.
IF MAC is correct
THEN
GOTO AB.26
ELSE
GOTO AB.27
ENDIF
AB.26
IF New SMI Key Flag is set
THEN
GOTO AB.31
ELSE
GOTO AB.32
ENDIF
AB.27
Set 'Script Failed' in Previous Transaction History (do not commit)
AB.28
Set Script Failed Flag
AB.29
Build R-APDU consisting of SW12 equal to '6982'.
AB.30
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
AB.31
SMI Session Key Counter := SMI Session Key Counter – 1
AB.32
Set 'Application Blocked' in Previous Transaction History (do not commit)
AB.33
IF 'Script Counter' in Script Counter = 'F'
THEN
'Script Counter' in Script Counter := '0' (do not commit)
ELSE
'Script Counter' in Script Counter := 'Script Counter' in Script Counter + 1 (do not
commit)
ENDIF
AB.34
IF Rand = 'FFFFFFFFFFFFFFFF'
THEN
Rand := '0000000000000000'
ELSE
Rand := Rand + 1
ENDIF
Rand is used for the verification of the MAC. In preparation of the next script
command (if any), Rand is incremented at this stage.
AB.35
Build R-APDU consisting of SW12 equal to '9000'.
AB.36
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
6. Application Unblock
6.1. Application Unblock Command Message ................................................... 80
6.2. Local Transient Data .................................................................................... 80
6.3. Application Unblock Processing.................................................................. 81
AU
APPLICATION UNBLOCK
2 3
Build response
P1-P2 NOK
SW12 = '6A86'
OK
4 5
Build response
Lc NOK
SW12 = '6700'
OK
6
7
Script Failed Flag Yes
Build response
set? SW12 = '6982'
No
8
Set Script Received in
PTH
AU
9 11
Set SMI Session Key Counter
CTRSMI < LIMSMI No Limit Exceeded in Security
Limits Status
12
Yes
Retrieve MAC
13
14
2 Build response
SW12 = '6985'
15
AU
16
Session Key
EMV CSK MasterCard Proprietary
Derivation
method
17
SMI CSK
No
key present?
19 22
18 20 23
Derive SMI Session
New SMI Key Flag = 0 Derive SMI Session
Key (MasterCard
Key (EMV CSK)
Proprietary SKD)
21 24
SMI CSK Key Present SMI CSK Key Present
Flag = 1 Flag = 0
New SMI Key Flag = 1 New SMI Key Flag = 1
AU
27
25
Verify NOK
Set Script Failed in
MAC PTH
OK 28
31 30
Commit persistent
Decrement CTRSMI data
32
Clear Application
Blocked in PTH
33
Increment Script
Counter
AU
34
Increment Rand
35
Build response
SW12 = '9000'
36
Commit persistent
data
AU.1
'Challenge Availability' in Get Challenge Flag := 'Successful Get Challenge' in Get
Challenge Flag
Clear 'Successful Get Challenge' in Get Challenge Flag
AU.2
IF P1|P2 = '0000'
THEN
GOTO AU.4
ELSE
GOTO AU.3
ENDIF
AU.3
Build R-APDU consisting of SW12 equal to '6A86'.
AU.4
IF Lc = '08'
THEN
GOTO AU.6
ELSE
GOTO AU.5
ENDIF
AU.5
Build R-APDU consisting of SW12 equal to '6700'.
AU.6
IF Script Failed Flag is set
THEN
GOTO AU.7
ELSE
GOTO AU.8
ENDIF
AU.7
Build R-APDU consisting of SW12 equal to '6982'.
AU.8
Set 'Script Received' in Previous Transaction History (do not commit)
AU.9
IF SMI Session Key Counter < SMI Session Key Counter Limit
THEN
GOTO AU.10
ELSE
GOTO AU.11
ENDIF
AU.10
Retrieve MAC from the APPLICATION UNBLOCK command message.
AU.11
Set 'SMI Session Key Counter Limit Exceeded' in Security Limits Status
AU.12
Set 'Script Failed' in Previous Transaction History (do not commit)
AU.13
Set Script Failed Flag
AU.14
Build R-APDU consisting of SW12 equal to '6985'.
AU.15
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
AU.16
IF 'Session Key Derivation' in Application Control = EMV CSK
THEN
GOTO AU.17
ELSE
GOTO AU.22
ENDIF
AU.17
IF SMI CSK Key Present Flag is set
THEN
GOTO AU.18
ELSE
GOTO AU.19
ENDIF
AU.18
Clear New SMI Key Flag
AU.19
SMI Session Key Counter := SMI Session Key Counter + 1
AU.20
Derive new SMI Session Key according to the EMV CSK method.
Refer to [SECURITY] for details.
AU.21
Set SMI CSK Key Present Flag
Set New SMI Key Flag
AU.22
SMI Session Key Counter := SMI Session Key Counter + 1
AU.23
Derive new SMI Session Key according to the MasterCard Proprietary SKD method.
Refer to [SECURITY] for details.
AU.24
Clear SMI CSK Key Present Flag
Set New SMI Key Flag
AU.25
Verify MAC on the APPLICATION UNBLOCK command.
Refer to [SECURITY] for details.
IF MAC is correct
THEN
GOTO AU.26
ELSE
GOTO AU.27
ENDIF
AU.26
IF New SMI Key Flag is set
THEN
GOTO AU.31
ELSE
GOTO AU.32
ENDIF
AU.27
Set 'Script Failed' in Previous Transaction History (do not commit)
AU.28
Set Script Failed Flag
AU.29
Build R-APDU consisting of SW12 equal to '6982'.
AU.30
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
AU.31
SMI Session Key Counter := SMI Session Key Counter – 1
AU.32
Clear 'Application Blocked' in Previous Transaction History (do not commit)
AU.33
IF 'Script Counter' in Script Counter = 'F'
THEN
'Script Counter' in Script Counter := '0' (do not commit)
ELSE
'Script Counter' in Script Counter := 'Script Counter' in Script Counter + 1 (do not
commit)
ENDIF
AU.34
IF Rand = 'FFFFFFFFFFFFFFFF'
THEN
Rand := '0000000000000000'
ELSE
Rand := Rand + 1
ENDIF
Rand is used for the verification of the MAC. In preparation of the next script
command (if any), Rand is incremented at this stage.
AU.35
Build R-APDU consisting of SW12 equal to '9000'.
AU.36
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
7. Compute Cryptographic
Checksum
7.1. Compute Cryptographic Checksum Command Message ............................ 91
7.2. Local Transient Data .................................................................................... 91
7.3. Compute Cryptographic Checksum Processing........................................... 92
CCC
COMPUTE CRYPTOGRAPHIC
CHECKSUM
2 3
Build response
P1-P2 NOK
SW12 = '6A86'
OK
4
5
Build response
Lc = 4? NOK
SW12 = '6700'
OK
6 7
Build response
Blocked? Yes
SW12 = '6985'
No
CCC
8 9
CCC command No
Build response
supported? SW12 = '6985'
Yes
10
Generate
CVC3(track 1)
11
Generate
CVC3(track 2)
12
Build response
SW12 = '9000'
CCC.1
'Challenge Availability' in Get Challenge Flag := 'Successful Get Challenge' in Get
Challenge Flag
Clear 'Successful Get Challenge' in Get Challenge Flag
CCC.2
IF P1|P2 = '8E80'
THEN
GOTO CCC.4
ELSE
GOTO CCC.3
ENDIF
CCC.3
Build R-APDU consisting of SW12 equal to '6A86'.
CCC.4
IF Lc = '04'
THEN
GOTO CCC.6
ELSE
GOTO CCC.5
ENDIF
CCC.5
Build R-APDU consisting of SW12 equal to '6700'.
CCC.6
IF 'Application Blocked' in Previous Transaction History is set
THEN
GOTO CCC.7
ELSE
GOTO CCC.8
ENDIF
CCC.7
Build R-APDU consisting of SW12 equal to '6985'.
CCC.8
IF 'Compute Cryptographic Checksum' in Application Control = Compute
Cryptographic Checksum Supported
THEN
GOTO CCC.10
ELSE
GOTO CCC.9
ENDIF
CCC.9
Build R-APDU consisting of SW12 equal to '6985'.
CCC.10
Generate CVC3(Track1) using the input data listed in Table 7.3.
Refer to [SECURITY] for details.
Table 7.3—Input Data for CVC3(Track1) Generation
Data Object Length
IVCVC3(Track1) 2 bytes
Unpredictable Number (Numeric) 4 bytes
Application Transaction Counter 2 bytes
CCC.11
Generate CVC3(Track2) using the input data listed in Table 7.4.
Refer to [SECURITY] for details.
Table 7.4—Input Data for CVC3(Track2) Generation
Data Object Length
IVCVC3(Track2) 2 bytes
Unpredictable Number (Numeric) 4 bytes
Application Transaction Counter 2 bytes
CCC.12
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 7.5 followed by SW12
equal to '9000'.
Table 7.5—Compute Cryptographic Checksum Response Message Template
Tag Length Value
'9F61' 2 CVC3(Track2)
'9F60' 2 CVC3(Track1)
'9F36' 2 Application Transaction Counter
RRP
EXCHANGE RELAY
RESISTANCE DATA
1
Update Get Challenge
Flag
2 5
Build response
P1-P2 = '0000' No
SW12 = '6A86'
Yes
3 6
Build response
Lc = '04' No
SW12 = '6700'
Yes
performed?
7
Build response
No SW12 = '6985'
RRP
RRP Counter :=
RRP Counter + 1
10
11
Build response
SW12 = '9000'
RRP.1
'Challenge Availability' in Get Challenge Flag := 'Successful Get Challenge' in Get
Challenge Flag
Clear 'Successful Get Challenge' in Get Challenge Flag
RRP.2
IF P1|P2 = '0000'
THEN
GOTO RRP.3
ELSE
GOTO RRP.5
ENDIF
RRP.3
IF Lc = '04'
THEN
GOTO RRP.4
ELSE
GOTO RRP.6
ENDIF
RRP.4
IF RRP Counter ≥ '03' OR Internal Authentication Performed Flag is set
THEN
GOTO RRP.7
ELSE
GOTO RRP.8
ENDIF
RRP.5
Build R-APDU consisting of SW12 equal to '6A86'.
RRP.6
Build R-APDU consisting of SW12 equal to '6700'.
RRP.7
Build R-APDU consisting of SW12 equal to '6985'.
RRP.8
Retrieve and save the following information from the EXCHANGE RELAY
RESISTANCE DATA command message:
Terminal Relay Resistance Entropy := Relay Resistance Related Data
RRP.9
RRP Counter := RRP Counter + 1
RRP.10
Copy 4 bytes of the ICC Dynamic Number into Device Relay Resistance Entropy:
Device Relay Resistance Entropy := ICC Dynamic Number[(4xRRP Counter)-3 :
4xRRP Counter]
RRP.11
Build the response.
The data object returned in the response message is a primitive data object with tag
'80' and length '0A' followed by SW12 equal to '9000'. The value field consists of the
concatenation without delimiters (tag and length) of the value fields of the data
objects specified in Table 8.3.
Table 8.3—Exchange Relay Resistance Data Response
Byte Value
1-4 Device Relay Resistance Entropy
5-6 Min Time For Processing Relay Resistance APDU
7-8 Max Time For Processing Relay Resistance APDU
9-10 Transmission Time For Relay Resistance R-APDU
9. First Generate AC
9.1. First Generate AC Command Message...................................................... 103
9.2. Local Transient Data .................................................................................. 103
9.3. First Generate AC Processing .................................................................... 105
9.3.1. Start .................................................................................................... 105
9.3.2. ARQC Requested ............................................................................... 127
9.3.3. TC Requested ..................................................................................... 132
9.3.4. AAC Decided ..................................................................................... 138
9.3.5. TC Decided ........................................................................................ 143
9.3.6. ARQC Decided .................................................................................. 148
9.3.7. No CDA – No Host Backwards Compatibility .................................. 153
9.3.8. No CDA – V1.1/V1.3 Host Backwards Compatibility ...................... 161
9.3.9. No CDA - V2.1/V2.2 Host Backwards Compatibility ...................... 168
9.3.10. No CDA – V2.05 Host Backwards Compatibility ............................. 171
9.3.11. MAS4C .............................................................................................. 174
9.3.12. CDA – No Host Backwards Compatibility........................................ 183
9.3.13. CDA – V1.1/V1.3 Host Backwards Compatibility ............................ 194
9.3.14. CDA – V2.1/V2.2 Host Backwards Compatibility ............................ 204
9.3.15. CDA – V2.05 Host Backwards Compatibility................................... 211
9.3.1. Start
Symbols in this diagram are labeled 1G.1.x.
1G.1
1st GENERATE AC
3 2
Build response NOK P1-P2
SW12 = '6A86'
OK
5
4
Build response NOK Lc
SW12 = '6700'
OK
6
Retreive transaction
related data from C-
APDU
1G.1
1
14
No MAS4C?
Yes
15
Term
No Type = '34' AND
ATeC = '0000' ?
7
Yes
CTRAC ≥ Yes
LIMAC ?
No
8 10
Set AC Session Key Counter
Error Limit Exceeded in Increment CTRAC
Security Limits Status
9
Build response
SW12 = '6985'
2 MAS4C
1G.1
2
11
Session Key
Derivation
MasterCard Proprietary EMV CSK
12 13
Derive AC Session
Derive AC Session
Key (MasterCard
Key (EMV CSK)
Proprietary SKD)
16
Acc 1 Temp = Acc 1
Acc 2 Temp = Acc 2
Cntr 1 Ttemp = Cntr 1
Cntr 2 Temp = Cntr 2
17
Amount Authorized 1 =
Amount Authorized
Amount Other 1 = Amount Other
1G.1
18
Copy PIN
information to CVR
19
Copy Script Counter to
CVR
20
Copy PIN Try Counter
to CVR
21 22
OK
1G.1
4
23 24
Set PTL Exceeded in
PTC = 0 ? Yes
CVR
No
25
Domestic or Domestic
International?
international
27 26
Set International Set Domestic
Transaction in CVR Transaction in CVR
28
Copy Go Online On
Next Transaction from
PTH to CVR
29
Copy Issuer
Authentication Failed
from PTH to CVR
30
Copy Script Received
from PTH to CVR
1G.1
5
31
Copy Script Failed from
PTH to CVR
32
Copy Last Online
Transaction Not Completed
from PTH to CVR
33
34
Additional
Check Table is No
active?
Yes
35
36
Check limits against all
Temp Accs and Cntrs
Set bits in CVR
1G.1
6
37
No MTA Activated?
Yes
38
MTA
No Currency Code = Txn Currency
Code?
Yes
39
Check for CVM
transaction
40
Yes
CVM No
transaction?
41 42
Amount Amount
No Authorized > Authroized >
No
MTA CVM? MTA NoCVM?
Yes
Yes
43
Set MTA Limit Exceeded
in CVR
1G.1
44
Max number
No of days offline
activated?
Yes
45
Check format of
Transaction Date
46
Format of NOK
Transaction Date
OK 47
Convert date in to
number of days
48 49
Current Date
Set Date Check Failed
+1 >= Last Online Txn No
in CVR
Date ?
Yes
50 51
Current Date
Set Number Of Days
– Last Online Txn Date Yes Offline Limit Exceeded
> Number Of Days
in CVR
Offline Limit?
No
1G.1
8
52 53
Internal Auth. Yes
Set DDA Returned
Performed? in CVR
No
70
RRP Yes
Performed?
71
Unpredictable
Number = Terminal No
No Relay Resistance
Entropy
Yes
72
Relay
resistance is performed No
in Terminal Verification
Results?
Yes
73
Decline if
RRP performed
Do not decline
and Combined DDA/AC
not requested
Decline
AAC
9 dec
1G.1
54
Application Yes
blocked ?
No
55
No
Offline PIN Yes
successful?
11 10 AAC
dec
1G.1
10
58
56 57
Clear Upper and Lower
Offline PIN Clear Acc 1 and
Yes Cumulative Acc 1 Limit
reset Acc 1? Acc 1 Temp
Exceeded in CVR
No
61
59 60
Clear Upper and Lower
Offline PIN Clear Acc 2 and
Yes Cumulative Acc 2 Limit
reset Acc 2? Acc 2 Temp
Exceeded in CVR
No
64
62 63
Clear Upper and Lower
Offline PIN Clear Cntr 1 and
Yes Consecutive Cntr 1
reset Cntr 1? Cntr 1 Temp
Limit Exceeded in CVR
No
66 67
65
Clear Upper and Lower
Offline PIN Clear Cntr 2 and
Yes Consecutive Cntr 2
reset Cntr 2? Cntr 2 Temp
Limit Exceeded in CVR
No
11
1G.1
11
68
AAC
Cryptogram TC
requested
ARQC
AAC ARQC TC
dec req req
1G.1.1
'Challenge Availability' in Get Challenge Flag := 'Successful Get Challenge' in Get
Challenge Flag
Clear 'Successful Get Challenge' in Get Challenge Flag
1G.1.2
IF 'Cryptogram Type' in Reference Control Parameter = RFU OR P2 ≠ '00'
THEN
GOTO 1G.1.3
ELSE
GOTO 1G.1.4
ENDIF
1G.1.3
Build R-APDU consisting of SW12 equal to '6A86'.
1G.1.4
IF 'Use M/Chip 4 CDOL1' in Application Control is not set
THEN
IF (Lc >= 66) AND (Lc = CDOL1 Related Data Length)
THEN
GOTO 1G.1.6
ELSE
GOTO 1G.1.5
ENDIF
ELSE
IF (Lc >= 43) AND (Lc = CDOL1 Related Data Length)
THEN
GOTO 1G.1.6
ELSE
GOTO 1G.1.5
ENDIF
ENDIF
1G.1.5
Build R-APDU consisting of SW12 equal to '6700'.
1G.1.6
The transaction-related transient data objects are filled with the values given in the
Transaction Related Data:
CDOL1 Related Data := Transaction Related Data[1 : CDOL1 Related data Length]
Amount, Authorized (Numeric) := Transaction Related Data[1 : 6]
Amount, Other (Numeric) := Transaction Related Data[7 : 12]
Terminal Country Code := Transaction Related Data[13 : 14]
Terminal Verification Results := Transaction Related Data[15 : 19]
Transaction Currency Code := Transaction Related Data[20 : 21]
Transaction Date := Transaction Related Data[22 : 24]
Transaction Type := Transaction Related Data[25]
Unpredictable Number := Transaction Related Data[26 : 29]
Terminal Type := Transaction Related Data[30]
1G.1.14
IF 'MAS4C Processing Flow' in Application Control is set
THEN
GOTO 1G.1.15
ELSE
GOTO 1G.1.7
ENDIF
1G.1.15
IF Terminal Type = '34' AND ATeC = '0000'
THEN
GOTO 1G.11.13 (MAS4C)
ELSE
GOTO 1G.1.7
ENDIF
1G.1.7
IF AC Session Key Counter ≥ AC Session Key Counter Limit
THEN
GOTO 1G.1.8
ELSE
GOTO 1G.1.10
ENDIF
1G.1.8
Set 'AC Session Key Counter Limit Exceeded' in Security Limits Status
1G.1.9
Build R-APDU consisting of SW12 equal to '6985'.
1G.1.10
AC Session Key Counter := AC Session Key Counter + 1
1G.1.11
IF 'Session Key Derivation' in Application Control = EMV CSK
THEN
GOTO 1G.1.13
ELSE
GOTO 1G.1.12
ENDIF
1G.1.12
Derive AC Session Key using the MasterCard Proprietary SKD method.
Refer to [SECURITY] for details.
1G.1.13
Derive AC Session Key using the EMV CSK method.
Refer to [SECURITY] for details.
1G.1.16
Accumulator 1 Amount Temp := Accumulator 1 Amount
Accumulator 2 Amount Temp := Accumulator 2 Amount
Counter 1 Number Temp := Counter 1 Number
Counter 2 Number Temp := Counter 2 Number
1G.1.17
Amount, Authorized 1 := Amount, Authorized (Numeric)
Amount, Other 1 := Amount, Other (Numeric)
1G.1.18
'Offline PIN Verification Performed' in Card Verification Results := 'Offline PIN
Verification Performed' in PIN Verification Status
'Offline PIN Verification Not Performed' in Card Verification Results := NOT 'Offline
PIN Verification Performed' in PIN Verification Status
'Offline PIN Verification Failed' in Card Verification Results := (NOT 'Offline PIN
Verification Successful' in PIN Verification Status) AND 'Offline PIN Verification
Performed' in PIN Verification Status
'Offline Change PIN Result' in Card Verification Results := 'Offline Change PIN
Successful' in Offline Change PIN Status
1G.1.19
'Low Order Nibble Of Script Counter' in Card Verification Results := 'Script Counter'
in Script Counter
1G.1.20
'Low Order Nibble Of PIN Try Counter' in Card Verification Results := 'Low Order
Nibble Of PIN Try Counter' in PIN Try Counter
1G.1.21
IF (((CVM Results [1][6 : 1] = 000001b OR CVM Results [1][6 : 1] = 000100b)
AND CVM Results [3] = '02')
OR ((CVM Results [1][6 : 1] = 000011b OR CVM Results [1][6 : 1] = 000101b)
AND CVM Results [3] = '00'))
AND 'Offline PIN Verification Successful' in PIN Verification Status is clear
THEN
GOTO 1G.1.22
ELSE
GOTO 1G.1.23
ENDIF
1G.1.22
Set 'Terminal Erroneously Considers Offline PIN OK' in Card Verification Results
1G.1.23
IF 'Low Order Nibble Of PIN Try Counter' in PIN Try Counter = 0000b
THEN
GOTO 1G.1.24
ELSE
GOTO 1G.1.25
ENDIF
1G.1.24
Set 'PTL Exceeded' in Card Verification Results
1G.1.25
IF Terminal Country Code = CRM Country Code
THEN
GOTO 1G.1.26
ELSE
GOTO 1G.1.27
ENDIF
1G.1.26
Set 'Domestic Transaction' in Card Verification Results
1G.1.27
Set 'International Transaction' in Card Verification Results
1G.1.28
'Go Online On Next Transaction Was Set' in Card Verification Results := 'Go Online
On Next Transaction' in Previous Transaction History
1G.1.29
'Issuer Authentication Failed' in Card Verification Results := 'Issuer Authentication
Failed' in Previous Transaction History
1G.1.30
'Script Received' in Card Verification Results := 'Script Received' in Previous
Transaction History
1G.1.31
'Script Failed' in Card Verification Results := 'Script Failed' in Previous Transaction
History
1G.1.32
'Last Online Transaction Not Completed' in Card Verification Results := 'Last Online
Transaction Not Completed' in Previous Transaction History
1G.1.33
'Issuer Discretionary' in Card Verification Results := 'Issuer Discretionary' in CVR
Issuer Discretionary Data
1G.1.34
IF 'Additional Check Table' in Application Control is set
THEN
GOTO 1G.1.35
ELSE
GOTO 1G.1.36
ENDIF
1G.1.35
CALL ProcessAddCheckTable( )
1G.1.36
CALL CheckAccsCntrsLimitsSetCVR( )
1G.1.37
IF 'MTA Check' in Application Control is set
THEN
GOTO 1G.1.38
ELSE
GOTO 1G.1.44
ENDIF
1G.1.38
IF MTA Currency Code = Transaction Currency Code
THEN
GOTO 1G.1.39
ELSE
GOTO 1G.1.44
ENDIF
1G.1.39
Return Value := CALL CheckCVMTransaction( )
1G.1.40
IF Return Value
THEN
GOTO 1G.1.41
ELSE
GOTO 1G.1.42
ENDIF
1G.1.41
IF Amount, Authorized (Numeric) > MTA CVM
THEN
GOTO 1G.1.43
ELSE
GOTO 1G.1.44
ENDIF
1G.1.42
IF Amount, Authorized (Numeric) > MTA NoCVM
THEN
GOTO 1G.1.43
ELSE
GOTO 1G.1.44
ENDIF
1G.1.43
Set 'MTA Limit Exceeded' in Card Verification Results
1G.1.44
IF 'Maximum Number Of Days Offline Check' in Application Control is set
THEN
GOTO 1G.1.45
ELSE
GOTO 1G.1.52
ENDIF
1G.1.45
Return Value := CALL CheckFormatOfDate( )
1G.1.46
IF Return Value
THEN
GOTO 1G.1.47
ELSE
GOTO 1G.1.49
ENDIF
1G.1.47
DaysElapsedPerMonth[1] := 0
DaysElapsedPerMonth[2] := 31
DaysElapsedPerMonth[3] := 59
DaysElapsedPerMonth[4] := 90
DaysElapsedPerMonth[5] := 120
DaysElapsedPerMonth[6] := 151
DaysElapsedPerMonth[7] := 181
DaysElapsedPerMonth[8] := 212
DaysElapsedPerMonth[9] := 243
DaysElapsedPerMonth[10] := 273
DaysElapsedPerMonth[11] := 304
DaysElapsedPerMonth[12] := 334
Note
The division used in this symbol is the truncated integer division.
1G.1.48
IF Current Date In Days + 1 ≥ Last Online Transaction Date
THEN
GOTO 1G.1.50
ELSE
GOTO 1G.1.49
ENDIF
1G.1.49
Set 'Date Check Failed' in Card Verification Results
1G.1.50
IF Current Date In Days > Number Of Days Off Line Limit + Last Online Transaction
Date
THEN
GOTO 1G.1.51
ELSE
GOTO 1G.1.52
ENDIF
1G.1.51
Set 'Number Of Days Offline Limit Exceeded' in Card Verification Results
1G.1.52
IF Internal Authentication Performed Flag is set
THEN
GOTO 1G.1.53
ELSE
GOTO 1G.1.70
ENDIF
1G.1.53
Set 'DDA Returned' in Card Verification Results
1G.1.70
IF RRP Counter ≠ 0
THEN
GOTO 1G.1.71
ELSE
GOTO 1G.1.54
ENDIF
1G.1.71
IF Unpredictable Number = Terminal Relay Resistance Entropy
THEN
GOTO 1G.1.72
ELSE
GOTO 1G.4.1 (AAC Decided)
ENDIF
1G.1.72
IF 'Relay resistance performed' in Terminal Verification Results = RRP Performed
THEN
GOTO 1G.1.73
ELSE
GOTO 1G.4.1 (AAC Decided)
ENDIF
1G.1.73
IF 'Combined DDA/AC Generation Requested' in Reference Control Parameter is
not set AND 'Decline If CDA Not Requested And RRP Performed' in Application
Control is set
THEN
GOTO 1G.4.1 (AAC Decided)
ELSE
GOTO 1G.1.54
ENDIF
1G.1.54
IF 'Application Blocked' in Previous Transaction History is set
THEN
GOTO 1G.4.1 (AAC Decided)
ELSE
GOTO 1G.1.55
ENDIF
1G.1.55
IF 'Offline PIN Verification Successful' in PIN Verification Status is set
THEN
GOTO 1G.1.56
ELSE
GOTO 1G.1.68
ENDIF
1G.1.56
IF 'Offline PIN Reset' in Accumulator 1 Control is set
THEN
GOTO 1G.1.57
ELSE
GOTO 1G.1.59
ENDIF
1G.1.57
Accumulator 1 Amount := '000000000000'
Accumulator 1 Amount Temp := '000000000000'
1G.1.58
Clear 'Lower Cumulative Accumulator 1 Limit Exceeded' in Card Verification Results
Clear 'Upper Cumulative Accumulator 1 Limit Exceeded' in Card Verification Results
1G.1.59
IF 'Offline PIN Reset' in Accumulator 2 Control is set
THEN
GOTO 1G.1.60
ELSE
GOTO 1G.1.62
ENDIF
1G.1.60
Accumulator 2 Amount := '000000000000'
Accumulator 2 Amount Temp := '000000000000'
1G.1.61
Clear 'Lower Cumulative Accumulator 2 Limit Exceeded' in Card Verification Results
Clear 'Upper Cumulative Accumulator 2 Limit Exceeded' in Card Verification Results
1G.1.62
IF 'Offline PIN Reset' in Counter 1 Control is set
THEN
GOTO 1G.1.63
ELSE
GOTO 1G.1.65
ENDIF
1G.1.63
Counter 1 Number := '00'
Counter 1 Number Temp := '00'
1G.1.64
Clear 'Lower Consecutive Counter 1 Limit Exceeded' in Card Verification Results
Clear 'Upper Consecutive Counter 1 Limit Exceeded' in Card Verification Results
1G.1.65
IF 'Offline PIN Reset' in Counter 2 Control is set
THEN
GOTO 1G.1.66
ELSE
GOTO 1G.1.68
ENDIF
1G.1.66
Counter 2 Number := '00'
Counter 2 Number Temp := '00'
1G.1.67
Clear 'Lower Consecutive Counter 2 Limit Exceeded' in Card Verification Results
Clear 'Upper Consecutive Counter 2 Limit Exceeded' in Card Verification Results
1G.1.68
IF 'Cryptogram Type' in Reference Control Parameter = AAC
THEN
GOTO 1G.4.1 (AAC Decided)
ELSE
IF 'Cryptogram Type' in Reference Control Parameter = ARQC
THEN
GOTO 1G.2.1 (ARQC Requested)
ELSE
GOTO 1G.3.1 (TC Requested)
ENDIF
ENDIF
1G.2
ARQC
req
1
Determine Acc 1
Active Flag
2
Determine Acc 2
Active Flag
3
Determine Cntr 1
Active Flag
4
Determine Cntr 2
Active Flag
1 AAC
dec
1G.2
6
Include
No transaction on ARQC
request
Yes
7
Update temp
accumulators and
counters
8
Check limits against all
temp Accs and Cntrs
Set bits in CVR
9
Use CIAC Online
No
to decide on ARQC
request
Yes
10
CVR & Online
CIAC Online
Decline
AAC 2
dec
1G.2
11
Save Accs
No and Cntrs on ARQC
Response
Yes
12
Save active Accs
and Cntrs
ARQC
dec
1G.2.1
CALL DetermineAccActiveFlag( 1 )
1G.2.2
CALL DetermineAccActiveFlag( 2 )
1G.2.3
CALL DetermineCntrActiveFlag( 1 )
1G.2.4
CALL DetermineCntrActiveFlag( 2 )
1G.2.5
IF ('CVR Decisional Part' in Card Verification Results AND Card Issuer Action Code –
Decline) = '000000'
THEN
GOTO 1G.2.6
ELSE
GOTO 1G.4.1 (AAC Decided)
ENDIF
1G.2.6
IF 'Include Transaction In CRM If ARQC Is Requested' in Application Control is set
THEN
GOTO 1G.2.7
ELSE
GOTO 1G.2.9
ENDIF
1G.2.7
CALL UpdateTempAccsCntrs( )
1G.2.8
CALL CheckAccsCntrsLimitsSetCVR( )
1G.2.9
IF 'Use CIAC-online To Decide On ARQC Request' in Application Control is set
THEN
GOTO 1G.2.10
ELSE
GOTO 1G.2.11
ENDIF
1G.2.10
IF ('CVR Decisional Part' in Card Verification Results AND Card Issuer Action Code –
Online) = '000000'
THEN
GOTO 1G.2.11
ELSE
GOTO 1G.4.1 (AAC Decided)
ENDIF
1G.2.11
IF 'Save Accumulators And Counters on ARQC Response' in Application Control is
set
THEN
GOTO 1G.2.12
ELSE
GOTO 1G.6.1 (ARQC Decided)
ENDIF
1G.2.12
CALL SaveActiveAccsCntrs( )
GOTO 1G.6.1 (ARQC Decided)
9.3.3. TC Requested
Symbols in this diagram are labeled 1G.3.x.
1G.3
TC
req
1
Determine Acc 1
Active Flag
2
Determine Acc 2
Active Flag
3
Determine Cntr 1
Active Flag
4
Determine Cntr 2
Active Flag
5
CVR & Decline
CIACS Decline
Do Not Decline
6
Update temp
accumulators and
counters
1 AAC
dec
1G.3
7
Check limits against all
temp Accs and Cntrs
Set bits in CVR
No
No
Offline only Yes
terminal
9.1
RRP not
performed and
No
Decline if RRP
not performed
Yes
2 3 AAC
dec
1G.3
2 3
13.1 10
RRP not CAT3 and
performed and Yes skip CRM for
Yes
Go online if RRP CAT3?
not performed
11
Set Skipped on CAT3 No
No in CVR
13 12
CVR & CVR &
Offline Offline
CIAC Online CIAC Default
Online 14 Decline
Save active Accs
and Cntrs
15
Save Accs
No and Cntrs on ARQC
Response
Yes
16
Save active Accs
and Cntrs
ARQC TC AAC
dec dec dec
1G.3.1
CALL DetermineAccActiveFlag( 1 )
1G.3.2
CALL DetermineAccActiveFlag( 2 )
1G.3.3
CALL DetermineCntrActiveFlag( 1 )
1G.3.4
CALL DetermineCntrActiveFlag( 2 )
1G.3.5
IF ('CVR Decisional Part' in Card Verification Results AND Card Issuer Action Code
– Decline) = '000000'
THEN
GOTO 1G.3.6
ELSE
GOTO 1G.4.1 (AAC Decided)
ENDIF
1G.3.6
CALL UpdateTempAccsCntrs( )
1G.3.7
CALL CheckAccsCntrsLimitsSetCVR( )
1G.3.8
IF 'Generate Only TC Or AAC On TC Request' in Application Control is set
THEN
GOTO 1G.3.10
ELSE
GOTO 1G.3.9
ENDIF
1G.3.9
IF Terminal Type = '23' OR Terminal Type = '26' OR Terminal Type = '36' OR
Terminal Type = '13' OR Terminal Type = '16'
THEN
GOTO 1G.3.9.1
ELSE
GOTO 1G.3.13.1
ENDIF
1G.3.9.1
IF RRP Counter = 0 AND
'Decline If Unable To Go Online And RRP Not Performed' in Application
Control is set
THEN
GOTO 1G.4.1 (AAC Decided)
ELSE
GOTO 1G.3.10
ENDIF
1G.3.10
IF Terminal Type = '26' AND
'Skip CIAC-Default On CAT3' in Application Control is set
THEN
GOTO 1G.3.11
ELSE
GOTO 1G.3.12
ENDIF
1G.3.11
Set 'CIAC-Default Skipped On CAT3' in Card Verification Results
1G.3.12
IF ('CVR Decisional Part' in Card Verification Results
AND Card Issuer Action Code – Default) = '000000'
THEN
GOTO 1G.3.14
ELSE
GOTO 1G.4.1 (AAC Decided)
ENDIF
1G.3.13.1
IF RRP Counter = 0 AND
'Go Online If RRP Not Performed' in Application Control is set
THEN
GOTO 1G.3.15
ELSE
GOTO 1G.3.13
ENDIF
1G.3.13
IF ('CVR Decisional Part' in Card Verification Results AND Card Issuer Action Code
– Online) = '000000'
THEN
GOTO 1G.3.14
ELSE
GOTO 1G.3.15
ENDIF
1G.3.14
CALL SaveActiveAccsCntrs( )
GOTO 1G.5.1 (TC Decided)
1G.3.15
IF 'Save Accumulators And Counters on ARQC Response' in Application Control is
set
THEN
GOTO 1G.3.16
ELSE
GOTO 1G.6.1 (ARQC Decided)
ENDIF
1G.3.16
CALL SaveActiveAccsCntrs( )
GOTO 1G.6.1 (ARQC Decided)
1G.4
AAC
dec
1
Set AAC decided in
CVR
1a
Combined
Yes
DDA/AC? 1b
Set CDA returned in
No
CVR
2
Set AAC decided in
CID
Write log
No
5
Enable
alternate Yes
interface? 6
Enable interface
No
1G.4
7
No
Combined
DDA/AC
Yes
8
Other
Cryptogram
requested
AAC
9 11
Host Host
compatibility compatibility
1G.4.1
'AC Returned In First Generate AC' in Card Verification Results := AAC Returned In
First Generate AC
'AC Returned In Second Generate AC' in Card Verification Results := AC Not
Requested In Second Generate AC
1G.4.1a
IF 'Combined DDA/AC Generation Requested' in Reference Control Parameter is
set AND 'Cryptogram Type' in Reference Control Parameter = AAC
THEN
GOTO 1G.4.1b
ELSE
GOTO 1G.4.2
ENDIF
1G.4.1b
Set 'Combined DDA/AC Generation Returned In First Generate AC' in Card
Verification Results
1G.4.2
'Type Of Cryptogram' in Cryptogram Information Data := AAC
1G.4.3
IF 'AAC Logging' in Application Control is set
THEN
GOTO 1G.4.4
ELSE
GOTO 1G.4.5
ENDIF
1G.4.4
Create Temp Transaction Log Record as defined in Table 9.4.
Table 9.4—Temp Transaction Log Record
Data Object Length
Cryptogram Information Data 1
Amount, Authorized (Numeric) 6
Transaction Currency Code 2
Transaction Date 3
Application Transaction Counter 2
Card Verification Results 6
Interface Identifier 1
Transaction Time 3
Merchant Custom Data 20
The data objects defined by the Log Data Table are appended to the Temp
Transaction Log Record:
CALL AddAdditionalLogInfo( )
The Temp Transaction Log Record is added to the Transaction Log File (do not
commit)
1G.4.5
IF 'Enable Alternate Interface After First Gen AC' in Application Control is set
OR
('Enable Alternate Interface After Successful Verify' in Application Control is set
AND 'Offline PIN Verification Successful' in PIN Verification Status is set)
THEN
GOTO 1G.4.6
ELSE
GOTO 1G.4.7
ENDIF
1G.4.6
'Interfaces Status' in Interface Enabling Switch := Contact And Contactless Interfaces
Enabled
1G.4.7
IF 'Combined DDA/AC Generation Requested' in Reference Control Parameter is set
THEN
GOTO 1G.4.8
ELSE
GOTO 1G.4.9
ENDIF
1G.4.8
IF 'Cryptogram Type' in Reference Control Parameter = AAC
THEN
GOTO 1G.4.11
ELSE
GOTO 1G.4.9
ENDIF
1G.4.9
IF 'Issuer Host Backwards Compatibility' in Application Control = V2.1/V2.2 Host
Backwards Compatibility
THEN
GOTO 1G.9.1 (No CDA - V2.1/V2.2 host backwards compatibility)
ELSE
IF 'Issuer Host Backwards Compatibility' in Application Control = V2.05 Host
Backwards Compatibility
THEN
GOTO 1G.10.1 (No CDA - V2.05 host backwards compatibility)
ELSE
IF 'Issuer Host Backwards Compatibility' in Application Control =
V1.1/V1.3 Host Backwards Compatibility
THEN
GOTO 1G.8.1 (No CDA – V1.1/V1.3 host backwards compatibility)
ELSE
GOTO 1G.7.1 (No CDA – no host backwards compatibility)
ENDIF
ENDIF
ENDIF
1G.4.11
IF 'Issuer Host Backwards Compatibility' in Application Control = V2.1/V2.2 Host
Backwards Compatibility
THEN
GOTO 1G.14.1 (CDA – V2.1/V2.2 host backwards compatibility)
ELSE
IF 'Issuer Host Backwards Compatibility' in Application Control = V2.05 Host
Backwards Compatibility
THEN
GOTO 1G.15.1 (CDA – V2.05 host backwards compatibility)
ELSE
IF 'Issuer Host Backwards Compatibility' in Application Control =
V1.1/V1.3 Host Backwards Compatibility
THEN
GOTO 1G.13.1 (CDA – V1.1/V1.3 host backwards compatibility)
ELSE
GOTO 1G.12.1 (CDA – no host backwards compatibility)
ENDIF
ENDIF
ENDIF
9.3.5. TC Decided
Symbols in this diagram are labeled 1G.5.x.
1G.5
TC
dec
1
Set TC decided in
CVR
1a
Combined
Yes
DDA/AC? 1b
Set CDA returned in
CVR
No
TC Logging? Yes
4
Write log
No
5
Enable
alternate Yes
interface? 6
Enable interface
No
1G.5
No
Combined
DDA/AC
Yes
8 10
Host Host
compatibility compatibility
1G.5.1
'AC Returned In First Generate AC' in Card Verification Results := TC Returned In
First Generate AC
'AC Returned In Second Generate AC' in Card Verification Results := AC Not
Requested In Second Generate AC
1G.5.1a
IF 'Combined DDA/AC Generation Requested' in Reference Control Parameter is set
THEN
GOTO 1G.5.1b
ELSE
GOTO 1G.5.2
ENDIF
1G.5.1b
Set 'Combined DDA/AC Generation Returned In First Generate AC' in
CardVerification Results
1G.5.2
'Type Of Cryptogram' in Cryptogram Information Data := TC
1G.5.3
IF 'TC Logging' in Application Control is set
THEN
GOTO 1G.5.4
ELSE
GOTO 1G.5.5
ENDIF
1G.5.4
Create Temp Transaction Log Record as defined in Table 9.5.
Table 9.5—Temp Transaction Log Record
Data Object Length
Cryptogram Information Data 1
Amount, Authorized (Numeric) 6
Transaction Currency Code 2
Transaction Date 3
Application Transaction Counter 2
Card Verification Results 6
Interface Identifier 1
Transaction Time 3
Merchant Custom Data 20
The data objects defined by the Log Data Table are appended to the Temp
Transaction Log Record:
CALL AddAdditionalLogInfo( )
The Temp Transaction Log Record is added to the Transaction Log File (do not
commit)
1G.5.5
IF 'Enable Alternate Interface After First Gen AC' in Application Control is set
OR
('Enable Alternate Interface After Successful Verify' in Application Control is set
AND 'Offline PIN Verification Successful' in PIN Verification Status is set)
OR
'Enable Alternate Interface After TC Generated' in Application Control is set
THEN
GOTO 1G.5.6
ELSE
GOTO 1G.5.7
ENDIF
1G.5.6
'Interfaces Status' in Interface Enabling Switch := Contact And Contactless Interfaces
Enabled
1G.5.7
IF 'Combined DDA/AC Generation Requested' in Reference Control Parameter is set
THEN
GOTO 1G.5.10
ELSE
GOTO 1G.5.8
ENDIF
1G.5.8
IF 'Issuer Host Backwards Compatibility' in Application Control = V2.1/V2.2 Host
Backwards Compatibility
THEN
GOTO 1G.9.1 (No CDA - V2.1/V2.2 host backwards compatibility)
ELSE
IF 'Issuer Host Backwards Compatibility' in Application Control = V2.05 Host
Backwards Compatibility
THEN
GOTO 1G.10.1 (No CDA - V2.05 host backwards compatibility)
ELSE
IF 'Issuer Host Backwards Compatibility' in Application Control =
V1.1/V1.3 Host Backwards Compatibility
THEN
GOTO 1G.8.1 (No CDA – V1.1/V1.3 host backwards compatibility)
ELSE
GOTO 1G.7.1 (No CDA – no host backwards compatibility)
ENDIF
ENDIF
ENDIF
1G.5.10
IF 'Issuer Host Backwards Compatibility' in Application Control = V2.1/V2.2 Host
Backwards Compatibility
THEN
GOTO 1G.14.1 (CDA – V2.1/V2.2 host backwards compatibility)
ELSE
IF 'Issuer Host Backwards Compatibility' in Application Control = V2.05 Host
Backwards Compatibility
THEN
GOTO 1G.15.1 (CDA – V2.05 host backwards compatibility)
ELSE
IF 'Issuer Host Backwards Compatibility' in Application Control =
V1.1/V1.3 Host Backwards Compatibility
THEN
GOTO 1G.13.1 (CDA – V1.1/V1.3 host backwards compatibility)
ELSE
GOTO 1G.12.1 (CDA – no host backwards compatibility)
ENDIF
ENDIF
ENDIF
1G.6
ARQC
dec
1
Set ARQC decided
in CVR
1a
Combined
Yes
DDA/AC? 1b
Set CDA returned in
CVR
No
2
Set ARQC decided in
CID
3
Pre-logging
Yes
enabled? 4
Write log
No
5
Enable
alternate Yes
interface? 6
Enable interface
No
1G.6
7
Set Last Online
Transaction Not
Completed in PTH
No
Combined
DDA/AC
Yes
9 11
Host Host
compatibility compatibility
1G.6.1
'AC Returned In First Generate AC' in Card Verification Results := ARQC Returned
In First Generate AC
'AC Returned In Second Generate AC' in Card Verification Results := AC Not
Requested In Second Generate AC
1G.6.1a
IF 'Combined DDA/AC Generation Requested' in Reference Control Parameter is set
THEN
GOTO 1G.6.1b
ELSE
GOTO 1G.6.2
ENDIF
1G.6.1b
Set 'Combined DDA/AC Generation Returned In First Generate AC' in Card
Verification Results
1G.6.2
'Type Of Cryptogram' in Cryptogram Information Data := ARQC
1G.6.3
IF 'ARQC Pre-logging' in Application Control is set
THEN
GOTO 1G.6.4
ELSE
GOTO 1G.6.5
ENDIF
1G.6.4
Create Temp Transaction Log Record as defined in Table 9.6.
Table 9.6—Temp Transaction Log Record
Data Object Length
Cryptogram Information Data 1
Amount, Authorized (Numeric) 6
Transaction Currency Code 2
Transaction Date 3
Application Transaction Counter 2
Card Verification Results 6
Interface Identifier 1
Transaction Time 3
Merchant Custom Data 20
The data objects defined by the Log Data Table are appended to the Temp
Transaction Log Record:
CALL AddAdditionalLogInfo( )
The Temp Transaction Log Record is added to the Transaction Log File (do not
commit)
1G.6.5
IF 'Enable Alternate Interface After First Gen AC' in Application Control is set
OR
('Enable Alternate Interface After Successful Verify' in Application Control is set
AND 'Offline PIN Verification Successful' in PIN Verification Status is set)
THEN
GOTO 1G.6.6
ELSE
GOTO 1G.6.7
ENDIF
1G.6.6
'Interfaces Status' in Interface Enabling Switch := Contact And Contactless Interfaces
Enabled
1G.6.7
Set 'Last Online Transaction Not Completed' in Previous Transaction History
1G.6.8
IF 'Combined DDA/AC Generation Requested' in Reference Control Parameter is set
THEN
GOTO 1G.6.11
ELSE
GOTO 1G.6.9
ENDIF
1G.6.9
IF 'Issuer Host Backwards Compatibility' in Application Control = V2.1/V2.2 Host
Backwards Compatibility
THEN
GOTO 1G.9.1 (No CDA - V2.1/V2.2 host backwards compatibility)
ELSE
IF 'Issuer Host Backwards Compatibility' in Application Control = V2.05 Host
Backwards Compatibility
THEN
GOTO 1G.10.1 (No CDA - V2.05 host backwards compatibility)
ELSE
IF 'Issuer Host Backwards Compatibility' in Application Control =
V1.1/V1.3 Host Backwards Compatibility
THEN
GOTO 1G.8.1 (No CDA – V1.1/V1.3 host backwards compatibility)
ELSE
GOTO 1G.7.1 (No CDA – no host backwards compatibility)
ENDIF
ENDIF
ENDIF
1G.6.11
IF 'Issuer Host Backwards Compatibility' in Application Control = V2.1/V2.2 Host
Backwards Compatibility
THEN
GOTO 1G.14.1 (CDA – V2.1/V2.2 host backwards compatibility)
ELSE
IF 'Issuer Host Backwards Compatibility' in Application Control = V2.05 Host
Backwards Compatibility
THEN
GOTO 1G.15.1 (CDA – V2.05 host backwards compatibility)
ELSE
IF 'Issuer Host Backwards Compatibility' in Application Control =
V1.1/V1.3 Host Backwards Compatibility
THEN
GOTO 1G.13.1 (CDA – V1.1/V1.3 host backwards compatibility)
ELSE
GOTO 1G.12.1 (CDA – no host backwards compatibility)
ENDIF
ENDIF
ENDIF
1G.7
M4R2
AC
2 3
No 4
Encrypt field
No
Include Yes
counters?
6
Include Last
9 No
Online ATC?
Yes
Build input to AC
without counters
7 8
Build input to AC Build input to AC
with counters with counters and
Last Online ATC
10
Compute AC
11
CVN = '10'
1G.7
12
EMV CSK
Session Key MasterCard Proprietary
Derivation
13 14
Set MasterCard
Set EMV CSK in CVN
Proprietary SKD in CVN
15
Yes
Include
counters?
16
No
Set Counters Included In
AC Computation in CVN
17
1G.7
2
18
Include
Yes Last Online ATC No
in IAD?
19 20
21
Build response
SW12 = '9000'
22
Recover Torn
Yes
Transactions
Enabled?
23
No
Update recovery data
24
Commit persistent
data
1G.7.1
CALL BuildCountersField( )
1G.7.2
IF 'Encrypt Offline Counters' in Application Control is set
THEN
GOTO 1G.7.3
ELSE
GOTO 1G.7.5
ENDIF
1G.7.3
Compute variant session key for Plaintext/Encrypted Counters encryption.
Refer to [SECURITY] for details.
1G.7.4
Plaintext/Encrypted Counters := Encrypt (Plaintext/Encrypted Counters)
Refer to [SECURITY] for details.
1G.7.5
IF 'Include Counters In AC' in Application Control is set
THEN
GOTO 1G.7.6
ELSE
GOTO 1G.7.9
ENDIF
1G.7.6
IF 'Include Last Online ATC in IAD' in Application Control is set
THEN
GOTO 1G.7.8
ELSE
GOTO 1G.7.7
ENDIF
1G.7.7
Build the input for Application Cryptogram generation as defined in Table 9.7.
Table 9.7—Input for Application Cryptogram with Counters
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
Card Verification Results 6
Plaintext/Encrypted Counters 8 or 16
1G.7.8
Build the input for Application Cryptogram generation as defined in Table 9.8.
Table 9.8—Input for Application Cryptogram with Counters and Last Online
ATC
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
Card Verification Results 6
Plaintext/Encrypted Counters 8 or 16
Last Online ATC 2
1G.7.9
Build the input for Application Cryptogram generation as defined in Table 9.9.
Table 9.9—Input for Application Cryptogram without Counters or Last Online
ATC
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
Card Verification Results 6
1G.7.10
Compute Application Cryptogram
Refer to [SECURITY] for details.
1G.7.11
Cryptogram Version Number := '10'
1G.7.12
IF 'Session Key Derivation' in Application Control = EMV CSK
THEN
GOTO 1G.7.13
ELSE
GOTO 1G.7.14
ENDIF
1G.7.13
'Session Key Used For AC Computation' in Cryptogram Version Number := EMV
CSK Session Key
1G.7.14
'Session Key Used For AC Computation' in Cryptogram Version Number :=
MasterCard Proprietary SKD Session Key
1G.7.15
IF 'Include Counters In AC' in Application Control is set
THEN
GOTO 1G.7.16
ELSE
GOTO 1G.7.17
ENDIF
1G.7.16
Set 'Counters Included In AC Computation' in Cryptogram Version Number
1G.7.17
IF ICC Dynamic Number (Terminal) = '0000000000000000'
THEN
DAC/ICC Dyn Nr := Data Authentication Code
ELSE
DAC/ICC Dyn Nr := ICC Dynamic Number (Terminal)[1 : 2]
ENDIF
1G.7.18
IF 'Include Last Online ATC in IAD' in Application Control is set
THEN
GOTO 1G.7.19
ELSE
GOTO 1G.7.20
ENDIF
1G.7.19
Build Issuer Application Data as defined in Table 9.10.
Table 9.10—Issuer Application Data with Last Online ATC
Data Object Length
Key Derivation Index 1
Cryptogram Version Number 1
Card Verification Results 6
DAC/ICC Dyn Nr 2
Plaintext/Encrypted Counters 8 or 16
Last Online ATC 2
1G.7.20
Build Issuer Application Data as defined in Table 9.11.
Table 9.11—Issuer Application Data without Last Online ATC
Data Object Length
Key Derivation Index 1
Cryptogram Version Number 1
Card Verification Results 6
DAC/ICC Dyn Nr 2
Plaintext/Encrypted Counters 8 or 16
1G.7.21
Build the response.
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 9.12 followed by SW12
equal to '9000'.
Table 9.12—Response
Tag Length Description
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F26' 8 Application Cryptogram
'9F10' 18, 20, 26 or 28 Issuer Application Data
1G.7.22
IF 'Torn Transaction Recovery' in Application Control is set
THEN
GOTO 1G.7.23
ELSE
GOTO 1G.7.24
ENDIF
1G.7.23
Clear CDA Transaction Flag (Recovery) (do not commit)
Clear RRP Performed Flag (Recovery) (do not commit)
Application Cryptogram (Recovery) := Application Cryptogram (do not commit)
Application Transaction Counter (Recovery) := Application Transaction Counter (do
not commit)
Issuer Application Data (Recovery) := Issuer Application Data (do not commit)
Cryptogram Information Data (Recovery) := Cryptogram Information Data (do not
commit)
Unpredictable Number (Recovery) := Unpredictable Number (do not commit)
1G.7.24
Commit all the persistent data objects that have a new value assigned but that have
not yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
1G.8
1.1/1.3
AC
Compute 1.1/1.3 1
CVR
2
Build counters field
3
4
Encrypt? Yes Compute variant key
No 5
Encrypt field
6
Include Build input to AC 7
Yes
counters? with counters
No
Build input to AC 8
without counters
9
Compute AC
1G.8
1
10
CVN = '10'
11
Session Key MasterCard Proprietary
EMV CSK
Derivation
12 13
Set MasterCard
Set EMV CSK in CVN
Proprietary SKD in CVN
14
Yes
Include
counters?
15
Set Counters Included In
AC Computation in CVN
No
Build Issuer 16
Application Data
Build response 17
SW12 = '9000'
1G.8
18
Recover Torn
Yes Transactions
Enabled?
19
Commit persistent 20
data
1G.8.1
CALL Compute41.1CVR( )
1G.8.2
CALL BuildCountersField( )
1G.8.3
IF 'Encrypt Offline Counters' in Application Control is set
THEN
GOTO 1G.8.4
ELSE
GOTO 1G.8.6
ENDIF
1G.8.4
Compute variant session key for Plaintext/Encrypted Counters encryption.
Refer to [SECURITY] for details.
1G.8.5
Plaintext/Encrypted Counters := Encrypt (Plaintext/Encrypted Counters)
Refer to [SECURITY] for details.
1G.8.6
IF 'Include Counters In AC' in Application Control is set
THEN
GOTO 1G.8.7
ELSE
GOTO 1G.8.8
ENDIF
1G.8.7
Build the input for Application Cryptogram generation as defined in Table 9.13.
Table 9.13—Input for Application Cryptogram with Counters (V1.1/V1.3 Host
Backwards Compatibility)
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
CVR V1.1/V1.3 6
Plaintext/Encrypted Counters 8 or 16
1G.8.8
Build the input for Application Cryptogram generation as defined in Table 9.14.
Table 9.14—Input for Application Cryptogram without Counters (V1.1/V1.3 Host
Backwards Compatibility)
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
CVR V1.1/V1.3 6
1G.8.9
Compute Application Cryptogram
Refer to [SECURITY] for details.
1G.8.10
Cryptogram Version Number := '10'
1G.8.11
IF 'Session Key Derivation' in Application Control = EMV CSK
THEN
GOTO 1G.8.12
ELSE
GOTO 1G.8.13
ENDIF
1G.8.12
'Session Key Used For AC Computation' in Cryptogram Version Number :=EMV
CSK Session Key
1G.8.13
'Session Key Used For AC Computation' in Cryptogram Version Number :=
MasterCard Proprietary SKD Session Key
1G.8.14
IF 'Include Counters In AC' in Application Control is set
THEN
GOTO 1G.8.15
ELSE
GOTO 1G.8.16
ENDIF
1G.8.15
Set 'Counters Included In AC Computation' in Cryptogram Version Number
1G.8.16
IF ICC Dynamic Number (Terminal) = '0000000000000000'
THEN
DAC/ICC Dyn Nr := Data Authentication Code
ELSE
DAC/ICC Dyn Nr := ICC Dynamic Number (Terminal)[1 : 2]
ENDIF
1G.8.17
Build the response.
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 9.16 followed by SW12
equal to '9000'.
Table 9.16—Response (V1.1/V1.3 Host Backwards Compatibility)
Tag Length Description
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F26' 8 Application Cryptogram
'9F10' 18 or 26 Issuer Application Data
1G.8.18
IF 'Torn Transaction Recovery' in Application Control is set
THEN
GOTO 1G.8.19
ELSE
GOTO 1G.8.20
ENDIF
1G.8.19
Clear CDA Transaction Flag (Recovery) (do not commit)
Clear RRP Performed Flag (Recovery) (do not commit)
Application Cryptogram (Recovery) := Application Cryptogram (do not commit)
Application Transaction Counter (Recovery) := Application Transaction Counter (do
not commit)
Issuer Application Data (Recovery) := Issuer Application Data (do not commit)
Cryptogram Information Data (Recovery) := Cryptogram Information Data (do not
commit)
Unpredictable Number (Recovery) := Unpredictable Number (do not commit)
1G.8.20
Commit all the persistent data objects that have a new value assigned but that have
not yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
1G.9
2.1/2.2
AC
Compute 2.1/2.2 1
CVR
2
Adjust CID
3
Compute AC
Build response 5
SW12 = '9000'
6
Recover Torn
Yes
Transactions
Enabled?
Commit persistent 8
data
1G.9.1
CALL Compute2.2CVR( )
1G.9.2
IF PIN Try Counter = '00'
THEN
IF 'Type Of Cryptogram' in Cryptogram Information Data = AAC OR 'Type Of
Cryptogram' in Cryptogram Information Data = TC
THEN
Set 'Advice Required' in Cryptogram Information Data
ENDIF
'Reason/Advice code' in Cryptogram Information Data := PIN Try Limit
Exceeded
ENDIF
1G.9.3
Build the input for Application Cryptogram generation as defined in Table 9.17.
Table 9.17—Input for Application Cryptogram (V2.1/V2.2 Host Backwards
Compatibility)
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
CVR V2.1/V2.2 4
1G.9.4
IF ICC Dynamic Number (Terminal) = '0000000000000000'
THEN
DAC/ICC Dyn Nr := Data Authentication Code
ELSE
DAC/ICC Dyn Nr := ICC Dynamic Number (Terminal)[1 : 2]
ENDIF
1G.9.5
Build the response.
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 9.19 followed by SW12
equal to '9000'.
Table 9.19—Response (V2.1/V2.2 Host Backwards Compatibility)
Tag Length Description
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F26' 8 Application Cryptogram
'9F10' 8 Issuer Application Data V2.1/V2.2
1G.9.6
IF 'Torn Transaction Recovery' in Application Control is set
THEN
GOTO 1G.9.7
ELSE
GOTO 1G.9.8
ENDIF
1G.9.7
Clear CDA Transaction Flag (Recovery) (do not commit)
Clear RRP Performed Flag (Recovery) (do not commit)
Application Cryptogram (Recovery) := Application Cryptogram (do not commit)
Application Transaction Counter (Recovery) := Application Transaction Counter (do
not commit)
Issuer Application Data (Recovery) := Issuer Application Data V2.1/V2.2 (do not
commit)
Cryptogram Information Data (Recovery) := Cryptogram Information Data (do not
commit)
Unpredictable Number (Recovery) := Unpredictable Number (do not commit)
1G.9.8
Commit all the persistent data objects that have a new value assigned but that have
not yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
1G.10
2.05
AC
Compute 2.05 1
CVR
2
Adjust CID
3
Compute AC
Build response 5
SW12 = '9000'
6
Recover Torn
Yes
Transactions
7 Enabled?
Commit persistent 8
data
1G.10.1
CALL Compute2.05CVR( )
1G.10.2
IFPIN Try Counter = '00' AND 'Type Of Cryptogram' in Cryptogram Information
Data = AAC
THEN
Set 'Advice Required' in Cryptogram Information Data
'Reason/Advice code' in Cryptogram Information Data := PIN Try Limit
Exceeded
ENDIF
1G.10.3
Build the input to AC as defined in Table 9.20.
Table 9.20—Input for Application Cryptogram (V2.05 Host Backwards
Compatibility)
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
CVR V2.05 4
1G.10.4
IF ICC Dynamic Number (Terminal) = '0000000000000000'
THEN
DAC/ICC Dyn Nr := Data Authentication Code
ELSE
DAC/ICC Dyn Nr := ICC Dynamic Number (Terminal)[1 : 2]
ENDIF
1G.10.5
Build the response.
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 9.22 followed by SW12
equal to '9000'.
Table 9.22—Response (V2.05 Host Backwards Compatibility)
Tag Length Description
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F26' 8 Application Cryptogram
'9F10' 9 Issuer Application Data V2.05
1G.10.6
IF 'Torn Transaction Recovery' in Application Control is set
THEN
GOTO 1G.10.7
ELSE
GOTO 1G.10.8
ENDIF
1G.10.7
Clear CDA Transaction Flag (Recovery) (do not commit)
Clear RRP Performed Flag (Recovery) (do not commit)
Application Cryptogram (Recovery) := Application Cryptogram (do not commit)
Application Transaction Counter (Recovery) := Application Transaction Counter (do
not commit)
Issuer Application Data (Recovery) := Issuer Application Data V2.05 (do not commit)
Cryptogram Information Data (Recovery) := Cryptogram Information Data (do not
commit)
Unpredictable Number (Recovery) := Unpredictable Number (do not commit)
1G.10.8
Commit all the persistent data objects that have a new value assigned but that have
not yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
9.3.11. MAS4C
Symbols in this diagram are labeled 1G.11.x.
1G.11
MAS4C
13
Use
Yes MAS4C
Key?
No
14
CTRAC ≥
Yes
LIMAC ? 15
Set AC Session Key Counter
Error Limit Exceeded in
No Security Limits Status
17
16
Increment CTRAC
Build response
SW12 = '6985'
18
Session Key EMV CSK
Derivation
MasterCard Proprietary
19 20
Derive AC Session Key Derive AC Session
(MasterCard Proprietary Key (EMV CSK) from
SKD) from AC Master Key AC Master Key
1 2
1G.11
21
CTRAC (MAS4C)
Yes
≥ LIMAC (MAS4C) ?
22
Set AC Session Key Counter
(MAS4C) Error Limit Exceeded
in Security Limits Status
No Common
24
Increment 23
CTRAC (MAS4C) Build response
SW12 = '6985'
25
Session Key EMV CSK
Derivation
MasterCard Proprietary
26 27
1G.11
2
28
AAC
2 29
2.1 30
1G.11
Build input to AC
7
EMV CSK
Session Key MasterCard Proprietary
Derivation
8 9
Set CVN for MasterCard
Set CVN for EMV CSK
Proprietary SKD
10
Compute AC
11
Build Issuer Application
Data
12
Build response
SW12 = '9000'
1G.11.13
IF 'Key for MAS4C Processing Flow' in Application Control = AC Master Key
(MAS4C)
THEN
GOTO 1G.11.21
ELSE
GOTO 1G.11.14
ENDIF
1G.11.14
IF AC Session Key Counter ≥ AC Session Key Counter Limit
THEN
GOTO 1G.11.15
ELSE
GOTO 1G.11.17
ENDIF
1G.11.15
Set 'AC Session Key Counter Limit Exceeded' in Security Limits Status
1G.11.16
Build R-APDU consisting of SW12 equal to '6985'.
1G.11.17
AC Session Key Counter := AC Session Key Counter + 1
1G.11.18
IF 'Session Key Derivation' in Application Control = EMV CSK
THEN
GOTO 1G.11.20
ELSE
GOTO 1G.11.19
ENDIF
1G.11.19
Derive AC Session Key from AC Master Key using the MasterCard Proprietary SKD
method.
Refer to [SECURITY] for details.
1G.11.20
Derive AC Session Key from AC Master Key using the EMV CSK method.
Refer to [SECURITY] for details.
1G.11.21
IF AC Session Key Counter (MAS4C) ≥ AC Session Key Counter Limit (MAS4C)
THEN
GOTO 1G.11.22
ELSE
GOTO 1G.11.24
ENDIF
1G.11.22
Set 'AC Session Key Counter Limit (MAS4C) Exceeded' in Security Limits Status
Common
1G.11.23
Build R-APDU consisting of SW12 equal to '6985'.
1G.11.24
AC Session Key Counter (MAS4C) := AC Session Key Counter (MAS4C) + 1
1G.11.25
IF 'Session Key Derivation' in Application Control = EMV CSK
THEN
GOTO 1G.11.27
ELSE
GOTO 1G.11.26
ENDIF
1G.11.26
Derive AC Session Key from AC Master Key (MAS4C) using the MasterCard
Proprietary SKD method.
Refer to [SECURITY] for details.
1G.11.27
Derive AC Session Key from AC Master Key (MAS4C) using the EMV CSK method.
Refer to [SECURITY] for details.
1G.11.1
Set 'AC Returned In Second Generate AC' in Card Verification Results to AC Not
Requested In Second Generate AC
1G.11.28
IF 'AC for MAS4C' in Application Control = AAC
THEN
GOTO 1G.11.2
ELSE
GOTO 1G.11.29
ENDIF
1G.11.2
Set 'AC Returned In First Generate AC' in Card Verification Results to AAC
Returned In First Generate AC
1G.11.2.1
'Type Of Cryptogram' in Cryptogram Information Data := AAC
1G.11.29
Set 'AC Returned In First Generate AC' in Card Verification Results to ARQC
Returned In First Generate AC
1G.11.30
'Type Of Cryptogram' in Cryptogram Information Data := ARQC
1G.11.3
Set 'Offline PIN Verification Performed' in Card Verification Results to 'Offline PIN
Verification Performed' in PIN Verification Status
Set 'Offline PIN Verification Successful' in Card Verification Results to 'Offline PIN
Verification Successful' in PIN Verification Status
Set 'Offline PIN Verification Not Performed' in Card Verification Results to NOT
'Offline PIN Verification Performed' in PIN Verification Status
Set 'Offline PIN Verification Failed' in Card Verification Results to (NOT 'Offline PIN
Verification Successful' in PIN Verification Status) AND 'Offline PIN Verification
Performed' in PIN Verification Status
1G.11.4
Set 'Offline Change PIN Result' in Card Verification Results to 'Offline Change PIN
Successful' in Offline Change PIN Status
1G.11.5
IF
(
('Include In Issuer Application Data' in Accumulator 1 Control = Include
Accumulator As Value OR 'Include In Issuer Application Data' in Accumulator
1 Control = Include As Balance)
AND
('Include In Issuer Application Data' in Accumulator 2 Control = Include
Accumulator As Value OR 'Include In Issuer Application Data' in Accumulator
2 Control = Include As Balance)
)
OR
(
('Include In Issuer Application Data' in Accumulator 1 Control = Include
Accumulator As Value OR 'Include In Issuer Application Data' in Accumulator
1 Control = Include As Balance OR 'Include In Issuer Application Data' in
Accumulator 2 Control = Include Accumulator As Value OR 'Include In Issuer
Application Data' in Accumulator 2 Control = Include As Balance)
AND
(('Include In Issuer Application Data' in Counter 1 Control = Include Counter
As Value OR 'Include In Issuer Application Data' in Counter 1 Control =
Include As Balance) AND ('Include In Issuer Application Data' in Counter 2
Control = Include Counter As Value OR 'Include In Issuer Application Data' in
Counter 2 Control = Include As Balance))
)
THEN
Plaintext/Encrypted Counters := '00000000000000000000000000000000'
ELSE
Plaintext/Encrypted Counters := '0000000000000000'
ENDIF
1G.11.6
Build the input for Application Cryptogram generation as defined in Table 9.23.
Table 9.23—Input for Application Cryptogram (MAS4C)
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
Card Verification Results 6
1G.11.7
IF 'Session Key Derivation' in Application Control = EMV CSK
THEN
GOTO 1G.11.8
ELSE
GOTO 1G.11.9
ENDIF
1G.11.8
'Cryptogram Version' in Cryptogram Version Number := 0001b
'Session Key Used For AC Computation' in Cryptogram Version Number := EMV
CSK Session Key
1G.11.9
'Cryptogram Version' in Cryptogram Version Number := 0001b
'Session Key Used For AC Computation' in Cryptogram Version Number :=
MasterCard Proprietary SKD Session Key
1G.11.10
Compute Application Cryptogram
Refer to [SECURITY] for details.
1G.11.11
IF ICC Dynamic Number (Terminal) = '0000000000000000'
THEN
DAC/ICC Dyn Nr := Data Authentication Code
ELSE
DAC/ICC Dyn Nr := ICC Dynamic Number (Terminal)[1 : 2]
ENDIF
ELSE
Build Issuer Application Data as defined in Table 9.25.
Table 9.25—Issuer Application Data (MAS4C)
Data Object Length
Key Derivation Index 1
Cryptogram Version Number 1
Card Verification Results 6
DAC/ICC Dyn Nr 2
Plaintext/Encrypted Counters 8 or 16
ENDIF
1G.11.12
Build the response.
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 9.26 followed by SW12
equal to '9000'.
Table 9.26—Response (MAS4C)
Tag Length Description
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F26' 8 Application Cryptogram
'9F10' 18 or 26 Issuer Application Data
1G.12
M4R2
CDA
2 3
4
No
Encrypt field
No
Include Yes
counters?
9 6
Include Last
Build input to AC No
Online ATC? Yes
without counters
7 8
Build input to AC Build input to AC
with counters with counters and
Last Online ATC
10
Compute AC
1G.12
1
11
CVN = '10'
12
EMV CSK
Session Key MasterCard Proprietary
Derivation
13 14
Set MasterCard
Set EMV CSK in CVN
Proprietary SKD in CVN
15
Yes
Include
counters?
16
Set Counters Included In
AC Computation in CVN
No
17
1G.12
18
Include
Yes Last Online ATC No
in IAD?
19 20
21
Compute Hash
Result
21.1
No
RRP Yes
Performed?
22 22.1
Build ICC Dynamic Build ICC Dynamic
Data (No RRP) Data (RRP)
1G.12
23
Compute Hash on
Dynamic Application
Data to be Signed
24
Compute RSA
Signature
25
Build response
SW12 = '9000'
26
Recover Torn
Yes
Transactions
Enabled?
27
28
Commit persistent
data
1G.12.1
CALL BuildCountersField( )
1G.12.2
IF 'Encrypt Offline Counters' in Application Control is set
THEN
GOTO 1G.12.3
ELSE
GOTO 1G.12.5
ENDIF
1G.12.3
Compute variant session key for Plaintext/Encrypted Counters encryption.
Refer to [SECURITY] for details.
1G.12.4
Plaintext/Encrypted Counters := Encrypt (Plaintext/Encrypted Counters)
Refer to [SECURITY] for details.
1G.12.5
IF 'Include Counters In AC' in Application Control is set
THEN
GOTO 1G.12.6
ELSE
GOTO 1G.12.9
ENDIF
1G.12.6
IF 'Include Last Online ATC in IAD' in Application Control is set
THEN
GOTO 1G.12.8
ELSE
GOTO 1G.12.7
ENDIF
1G.12.7
Build the input for Application Cryptogram generation as defined in Table 9.27.
Table 9.27—Input for Application Cryptogram with Counters
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
Card Verification Results 6
Plaintext/Encrypted Counters 8 or 16
1G.12.8
Build the input for Application Cryptogram generation as defined in Table 9.28.
Table 9.28—Input for Application Cryptogram with Counters and with Last
Online ATC
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
Card Verification Results 6
Plaintext/Encrypted Counters 8 or 16
Last Online ATC 2
1G.12.9
Build the input for Application Cryptogram generation as defined in Table 9.29.
Table 9.29—Input for Application Cryptogram without Counters and without
Last Online ATC
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
Card Verification Results 6
1G.12.10
Compute Application Cryptogram.
Refer to [SECURITY] for details.
1G.12.11
Cryptogram Version Number := '10'
1G.12.12
IF 'Session Key Derivation' in Application Control = EMV CSK
THEN
GOTO 1G.12.13
ELSE
GOTO 1G.12.14
ENDIF
1G.12.13
'Session Key Used For AC Computation' in Cryptogram Version Number := EMV
CSK Session Key
1G.12.14
'Session Key Used For AC Computation' in Cryptogram Version Number :=
MasterCard Proprietary SKD Session Key
1G.12.15
IF 'Include Counters In AC' in Application Control is set
THEN
GOTO 1G.12.16
ELSE
GOTO 1G.12.17
ENDIF
1G.12.16
Set 'Counters Included In AC Computation' in Cryptogram Version Number
1G.12.17
IF ICC Dynamic Number (Terminal) = '0000000000000000'
THEN
DAC/ICC Dyn Nr := Data Authentication Code
ELSE
DAC/ICC Dyn Nr := ICC Dynamic Number (Terminal)[1 : 2]
ENDIF
1G.12.18
IF 'Include Last Online ATC in IAD' in Application Control is set
THEN
GOTO 1G.12.19
ELSE
GOTO 1G.12.20
ENDIF
1G.12.19
Build Issuer Application Data as defined in Table 9.30.
Table 9.30—Issuer Application Data with Last Online ATC
Data Object Length
Key Derivation Index 1
Cryptogram Version Number 1
Card Verification Results 6
DAC/ICC Dyn Nr 2
Plaintext/Encrypted Counters 8 or 16
Last Online ATC 2
1G.12.20
Build Issuer Application Data as defined in Table 9.31.
Table 9.31—Issuer Application Data without Last Online ATC
Data Object Length
Key Derivation Index 1
Cryptogram Version Number 1
Card Verification Results 6
DAC/ICC Dyn Nr 2
Plaintext/Encrypted Counters 8 or 16
1G.12.21
Build the input for the computation of Hash Result as defined in Table 9.32.
Table 9.32—Input for Computation of Hash Result
Tag Length Value
– – PDOL values
– – CDOL1 Related Data
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F10' 18, 20, 26 or 28 Issuer Application Data
1G.12.21.1
IF RRP Counter = 0
GOTO 1G.12.22
ELSE
GOTO 1G.12.22.1
ENDIF
1G.12.22
Build ICC Dynamic Data as defined in Table 9.33
1G.12.22.1
Build ICC Dynamic Data as defined in Table 9.34.
Table 9.34—ICC Dynamic Data (RRP)
Data Object Length
'08' (length of ICC Dynamic Number[9 : 16]) 1
ICC Dynamic Number[9 : 16] 8
Cryptogram Information Data 1
Application Cryptogram 8
Hash Result 20
Terminal Relay Resistance Entropy 4
Device Relay Resistance Entropy 4
Min Time For Processing Relay Resistance APDU 2
Max Time For Processing Relay Resistance APDU 2
Transmission Time For Relay Resistance R-APDU 2
1G.12.23
Build Dynamic Application Data To Be Signed as defined in Table 9.35.
Table 9.35—Dynamic Application Data To Be Signed
Data Object Length
'05' (signed data format) 1
'01'(hash algorithm indicator) 1
'26' or '34' (length of ICC Dynamic 1
Data)
ICC Dynamic Data 38 or 52
Padding bytes 'BB' Length Of ICC Public Key Modulus – 63 or
Length Of ICC Public Key Modulus – 77
Unpredictable Number 4
1G.12.24
Compute the Signed Dynamic Application Data.
Refer to [SECURITY] for details.
1G.12.25
Build the response.
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 9.36 followed by SW12
equal to '9000'.
Table 9.36—Response
Tag Length Value
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F4B' Length Of ICC Public Key Signed Dynamic Application Data
Modulus
'9F10' 18, 20, 26 or 28 Issuer Application Data
1G.12.26
IF 'Torn Transaction Recovery' in Application Control is set
THEN
GOTO 1G.12.27
ELSE
GOTO 1G.12.28
ENDIF
1G.12.27
Set CDA Transaction Flag (Recovery) (do not commit)
Application Cryptogram (Recovery) := Application Cryptogram (do not commit)
Application Transaction Counter (Recovery) := Application Transaction Counter (do
not commit)
Issuer Application Data (Recovery) := Issuer Application Data (do not commit)
Cryptogram Information Data (Recovery) := Cryptogram Information Data (do not
commit)
Unpredictable Number (Recovery) := Unpredictable Number (do not commit)
Hash Result (Recovery) := Hash Result (do not commit)
IF RRP Counter ≠ 0
THEN
SetRRP Performed Flag (Recovery) (do not commit)
Terminal Relay Resistance Entropy (Recovery) := Terminal Relay Resistance
Entropy (do not commit)
Device Relay Resistance Entropy (Recovery) := Device Relay Resistance Entropy
(do not commit)
ELSE
Clear RRP Performed Flag (Recovery) (do not commit)
(The value of Terminal Relay Resistance Entropy (Recovery) and Device Relay
Resistance Entropy (Recovery) is not relevant)
ENDIF
1G.12.28
Commit all the persistent data objects that have a new value assigned but that have
not yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
1G.13 1.1/1.3
CDA
1
Compute 1.1/1.3
CVR
Encrypt? Yes
No
5
Encrypt field
6
Include Yes
counters?
No
8 7
Build input to AC Build input to AC
without counters with counters
1G.13
Compute AC
10
CVN = '10'
11
EMV CSK
Session Key MasterCard Proprietary
Derivation
12 13
Set MasterCard
Set EMV CSK in CVN
Proprietary SKD in CVN
14
Yes
Include
counters?
15
Set Counters Included In No
AC Computation in CVN
1G.13
16
Build Issuer
Application Data
17
Compute Hash
Result
17.1
No
RRP Yes
Performed?
18 18.1
Build ICC Dynamic Build ICC Dynamic
Data (No RRP) Data (RRP)
19
Compute Hash on
Dynamic Application
Data to be Signed
20
Compute RSA
Signature
1G.13
21
Build response
SW12 = '9000'
22
Recover Torn
Yes Transactions
Enabled?
23
No
Update recovery data
24
Commit persistent
data
1G.13.1
CALL Compute41.1CVR( )
1G.13.2
CALL BuildCountersField( )
1G.13.3
IF 'Encrypt Offline Counters' in Application Control is set
THEN
GOTO 1G.13.4
ELSE
GOTO 1G.13.6
ENDIF
1G.13.4
Compute variant session key for Plaintext/Encrypted Counters encryption.
Refer to [SECURITY] for details.
1G.13.5
Plaintext/Encrypted Counters := Encrypt (Plaintext/Encrypted Counters)
Refer to [SECURITY] for details.
1G.13.6
IF 'Include Counters In AC' in Application Control is set
THEN
GOTO 1G.13.7
ELSE
GOTO 1G.13.8
ENDIF
1G.13.7
Build the input for Application Cryptogram generation as defined in Table 9.37.
Table 9.37—Input for Application Cryptogram with Counters (V1.1/V1.3 Host
Backwards Compatibility)
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
CVR V1.1/V1.3 6
Plaintext/Encrypted Counters 8 or 16
1G.13.8
Build the input for Application Cryptogram generation as defined in Table 9.38.
Table 9.38—Input for Application Cryptogram without Counters (V1.1/V1.3 Host
Backwards Compatibility)
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
CVR V1.1/V1.3 6
1G.13.9
Compute Application Cryptogram
Refer to [SECURITY] for details.
1G.13.10
Cryptogram Version Number := '10'
1G.13.11
IF 'Session Key Derivation' in Application Control = EMV CSK
THEN
GOTO 1G.13.12
ELSE
GOTO 1G.13.13
ENDIF
1G.13.12
Set EMV CSK Session Key in Cryptogram Version Number
1G.13.13
Set MasterCard Proprietary SKD Session Key in Cryptogram Version Number
1G.13.14
IF 'Include Counters In AC' in Application Control is set
THEN
GOTO 1G.13.15
ELSE
GOTO 1G.13.16
ENDIF
1G.13.15
Set 'Counters Included In AC Computation' in Cryptogram Version Number
1G.13.16
IF ICC Dynamic Number (Terminal) = '0000000000000000'
THEN
DAC/ICC Dyn Nr := Data Authentication Code
ELSE
DAC/ICC Dyn Nr := ICC Dynamic Number (Terminal)[1 : 2]
ENDIF
1G.13.17
Build the input for the computation of Hash Result as defined in Table 9.40.
Table 9.40—Input for Computation of Hash Result
Tag Length Value
– – PDOL Values
– – CDOL1 Related Data
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F10' 18 or 26 Issuer Application Data
1G.13.17.1
IF RRP Counter = 0
GOTO 1G.13.18
ELSE
GOTO 1G.13.18.1
ENDIF
1G.13.18
Build ICC Dynamic Data as defined in Table 9.41.
Table 9.41—ICC Dynamic Data (No RRP)
Data Object Length
'08' (length of ICC Dynamic Number[9 : 16]) 1
ICC Dynamic Number[9 : 16] 8
Cryptogram Information Data 1
Application Cryptogram 8
Hash Result 20
1G.13.18.1
Build ICC Dynamic Data as defined in Table 9.42.
Table 9.42—ICC Dynamic Data (RRP)
Data Object Length
'08' (length of ICC Dynamic Number[9 : 16]) 1
ICC Dynamic Number[9 : 16] 8
Cryptogram Information Data 1
Application Cryptogram 8
Hash Result 20
Terminal Relay Resistance Entropy 4
Device Relay Resistance Entropy 4
Min Time For Processing Relay Resistance APDU 2
Max Time For Processing Relay Resistance APDU 2
Transmission Time For Relay Resistance R-APDU 2
1G.13.19
Build Dynamic Application Data To Be Signed as defined in Table 9.43.
Table 9.43—Dynamic Application Data To Be Signed
Data Object Length
'05' (signed data format) 1
'01'(hash algorithm indicator) 1
'26' or '34' (length of ICC Dynamic 1
Data)
ICC Dynamic Data 38 or 52
Padding bytes 'BB' Length Of ICC Public Key Modulus – 63 or
Length Of ICC Public Key Modulus – 77
Unpredictable Number 4
1G.13.20
Compute the Signed Dynamic Application Data.
Refer to [SECURITY] for details.
1G.13.21
Build the response.
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 9.44 followed by SW12
equal to '9000'.
Table 9.44—Response (V1.1/V1.3 Host Backwards Compatibility)
Tag Length Value
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F4B' Length Of ICC Public Signed Dynamic Application Data
Key Modulus
'9F10' 18 or 26 Issuer Application Data
1G.13.22
IF 'Torn Transaction Recovery' in Application Control is set
THEN
GOTO 1G.13.23
ELSE
GOTO 1G.13.24
ENDIF
1G.13.23
Set CDA Transaction Flag (Recovery) (do not commit)
Application Cryptogram (Recovery) := Application Cryptogram (do not commit)
Application Transaction Counter (Recovery) := Application Transaction Counter (do
not commit)
Issuer Application Data (Recovery) := Issuer Application Data (do not commit)
Cryptogram Information Data (Recovery) := Cryptogram Information Data (do not
commit)
Unpredictable Number (Recovery) := Unpredictable Number (do not commit)
Hash Result (Recovery) := Hash Result (do not commit)
IF RRP Counter ≠ 0
THEN
SetRRP Performed Flag (Recovery) (do not commit)
Terminal Relay Resistance Entropy (Recovery) := Terminal Relay Resistance
Entropy (do not commit)
Device Relay Resistance Entropy (Recovery) := Device Relay Resistance Entropy
(do not commit)
ELSE
Clear RRP Performed Flag (Recovery) (do not commit)
(The value of Terminal Relay Resistance Entropy (Recovery) and Device Relay
Resistance Entropy (Recovery) is not relevant)
ENDIF
1G.13.24
Commit all the persistent data objects that have a new value assigned but that have
not yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
1G.14
2.1/2.2
CDA
1
Compute 2.1/2.2
CVR
Adjust CID
Compute AC
4
Build 2.1/2.2 Issuer
Application Data
5
Compute Hash
Result
5.1
No
RRP Yes
Performed?
6 6.1
Build ICC Dynamic Build ICC Dynamic
Data (No RRP) Data (RRP)
1G.14
1
7
Compute Hash on
Dynamic Application
Data to be Signed
8
Compute RSA
Signature
9
Build response
SW12 = '9000'
10
Recover Torn
Yes
Transactions
Enabled?
11
12
Commit persistent
data
1G.14.1
CALL Compute2.2CVR( )
1G.14.2
IF PIN Try Counter = '00'
THEN
IF 'Type Of Cryptogram' in Cryptogram Information Data = AAC OR 'Type Of
Cryptogram' in Cryptogram Information Data = TC
THEN
Set 'Advice Required' in Cryptogram Information Data
ENDIF
'Reason/Advice code' in Cryptogram Information Data := PIN Try Limit
Exceeded
ENDIF
1G.14.3
Build the input for Application Cryptogram generation as defined in Table 9.45.
Table 9.45—Input for Application Cryptogram (V2.1/V2.2 Host Backwards
Compatibility)
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
CVR V2.1/V2.2 4
1G.14.4
IF ICC Dynamic Number (Terminal) = '0000000000000000'
THEN
DAC/ICC Dyn Nr := Data Authentication Code
ELSE
DAC/ICC Dyn Nr := ICC Dynamic Number (Terminal)[1 : 2]
ENDIF
1G.14.5
Build the input for the computation of Hash Result as defined in Table 9.47.
Table 9.47—Input for Computation of Hash Result
Tag Length Value
– – PDOL Values
– – CDOL1 Related Data
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F10' 8 Issuer Application Data V2.1/V2.2
1G.14.5.1
IF RRP Counter = 0
GOTO 1G.14.6
ELSE
GOTO 1G.14.6.1
ENDIF
1G.14.6
Build ICC Dynamic Data as defined in Table 9.48.
Table 9.48—ICC Dynamic Data (No RRP)
Data Object Length
'08' (length of ICC Dynamic Number[9 : 16]) 1
ICC Dynamic Number[9 : 16] 8
Cryptogram Information Data 1
Application Cryptogram 8
Hash Result 20
1G.14.6.1
Build ICC Dynamic Data as defined in Table 9.49.
Table 9.49—ICC Dynamic Data (RRP)
Data Object Length
'08' (length of ICC Dynamic Number[9 : 16]) 1
ICC Dynamic Number[9 : 16] 8
Cryptogram Information Data 1
Application Cryptogram 8
Hash Result 20
Terminal Relay Resistance Entropy 4
Device Relay Resistance Entropy 4
Min Time For Processing Relay Resistance APDU 2
Max Time For Processing Relay Resistance APDU 2
Transmission Time For Relay Resistance R-APDU 2
1G.14.7
Build Dynamic Application Data To Be Signed as defined in Table 9.50.
Table 9.50—Dynamic Application Data To Be Signed
Data Object Length
'05' (signed data format) 1
'01'(hash algorithm indicator) 1
'26' or '34' (length of ICC Dynamic 1
Data)
ICC Dynamic Data 38 or 52
Padding bytes 'BB' Length Of ICC Public Key Modulus – 63 or
Length Of ICC Public Key Modulus – 77
Unpredictable Number 4
1G.14.8
Compute the Signed Dynamic Application Data.
Refer to [SECURITY] for details.
1G.14.9
Build the response.
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 9.51 followed by SW12
equal to '9000'.
Table 9.51—Response (V2.1/V2.2 Host Backwards Compatibility)
Tag Length Value
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F4B' Length Of ICC Public Signed Dynamic Application Data
Key Modulus
'9F10' 8 Issuer Application Data V2.1/V2.2
1G.14.10
IF 'Torn Transaction Recovery' in Application Control is set
THEN
GOTO 1G.14.11
ELSE
GOTO 1G.14.12
ENDIF
1G.14.11
Set CDA Transaction Flag (Recovery) (do not commit)
Application Cryptogram (Recovery) := Application Cryptogram (do not commit)
Application Transaction Counter (Recovery) := Application Transaction Counter (do
not commit)
Issuer Application Data (Recovery) := Issuer Application Data V2.1/V2.2 (do not
commit)
Cryptogram Information Data (Recovery) := Cryptogram Information Data (do not
commit)
Unpredictable Number (Recovery) := Unpredictable Number (do not commit)
Hash Result (Recovery) := Hash Result (do not commit)
IF RRP Counter ≠ 0
THEN
SetRRP Performed Flag (Recovery) (do not commit)
Terminal Relay Resistance Entropy (Recovery) := Terminal Relay Resistance
Entropy (do not commit)
Device Relay Resistance Entropy (Recovery) := Device Relay Resistance Entropy
(do not commit)
ELSE
Clear RRP Performed Flag (Recovery) (do not commit)
(The value of Terminal Relay Resistance Entropy (Recovery) and Device Relay
Resistance Entropy (Recovery) is not relevant)
ENDIF
1G.14.12
Commit all the persistent data objects that have a new value assigned but that have
not yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
1G.15
2.05
CDA
1
Compute 2.05
CVR
Adjust CID
Compute AC
4
Build 2.05 Issuer
Application Date
5
Compute Hash
Result
5.1
No
RRP Yes
Performed?
6 6.1
Build ICC Dynamic Build ICC Dynamic
Data (No RRP) Data (RRP)
1G.15
1
7
Compute Hash on
Dynamic Application
Data to be Signed
8
Compute RSA
Signature
9
Build response
SW12 = '9000'
10
Recover Torn
Yes
Transactions
Enabled?
11
No
Update recovery data
12
Commit persistent
data
1G.15.1
CALL Compute2.05CVR( )
1G.15.2
IFPIN Try Counter = '00' AND 'Type Of Cryptogram' in Cryptogram Information
Data = AAC
THEN
Set 'Advice Required' in Cryptogram Information Data
'Reason/Advice code' in Cryptogram Information Data := PIN Try Limit
Exceeded
ENDIF
1G.15.3
Build the input to AC as defined in Table 9.52.
Table 9.52—Input for Application Cryptogram (V2.05 Host Backwards
Compatibility)
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
CVR V2.05 4
1G.15.4
IF ICC Dynamic Number (Terminal) = '0000000000000000'
THEN
DAC/ICC Dyn Nr := Data Authentication Code
ELSE
DAC/ICC Dyn Nr := ICC Dynamic Number (Terminal)[1 : 2]
ENDIF
1G.15.5
Build the input for the computation of Hash Result as defined in Table 9.54.
Table 9.54—Input for Computation of Hash Result
Tag Length Value
– – PDOL Values
– – CDOL1 Related Data
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F10' 9 Issuer Application Data V2.05
1G.15.5.1
IF RRP Counter = 0
GOTO 1G.15.6
ELSE
GOTO 1G.15.6.1
ENDIF
1G.15.6
Build ICC Dynamic Data as defined in Table 9.55.
Table 9.55—ICC Dynamic Data
Data Object Length
'08' (length of ICC Dynamic Number[9 : 16]) 1
ICC Dynamic Number[9 : 16] 8
Cryptogram Information Data 1
Application Cryptogram 8
Hash Result 20
1G.15.6.1
Build ICC Dynamic Data as defined in Table 9.56.
Table 9.56—ICC Dynamic Data (RRP)
Data Object Length
'08' (length of ICC Dynamic Number[9 : 16]) 1
ICC Dynamic Number[9 : 16] 8
Cryptogram Information Data 1
Application Cryptogram 8
Hash Result 20
Terminal Relay Resistance Entropy 4
Device Relay Resistance Entropy 4
Min Time For Processing Relay Resistance APDU 2
Max Time For Processing Relay Resistance APDU 2
Transmission Time For Relay Resistance R-APDU 2
1G.15.7
Build Dynamic Application Data To Be Signed as defined in Table 9.57.
Table 9.57—ICC Dynamic Data
Data Object Length
'05' (signed data format) 1
'01'(hash algorithm indicator) 1
'26' or '34' (length of ICC Dynamic 1
Data)
ICC Dynamic Data 38 or 52
Padding bytes 'BB' Length Of ICC Public Key Modulus – 63 or
Length Of ICC Public Key Modulus – 77
Unpredictable Number 4
1G.15.8
Compute the Signed Dynamic Application Data.
Refer to [SECURITY] for details.
1G.15.9
Build the response.
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 9.58 followed by SW12
equal to '9000'.
Table 9.58—Response (V2.05 Host Backwards Compatibility)
Tag Length Value
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F4B' Length Of ICC Public Key Signed Dynamic Application Data
Modulus
'9F10' 9 Issuer Application Data V2.05
1G.15.10
IF 'Torn Transaction Recovery' in Application Control is set
THEN
GOTO 1G.15.11
ELSE
GOTO 1G.15.12
ENDIF
1G.15.11
Set CDA Transaction Flag (Recovery) (do not commit)
Application Cryptogram (Recovery) := Application Cryptogram (do not commit)
Application Transaction Counter (Recovery) := Application Transaction Counter (do
not commit)
Issuer Application Data (Recovery) := Issuer Application Data V2.05 (do not commit)
Cryptogram Information Data (Recovery) := Cryptogram Information Data (do not
commit)
Unpredictable Number (Recovery) := Unpredictable Number (do not commit)
Hash Result (Recovery) := Hash Result (do not commit)
IF RRP Counter ≠ 0
THEN
SetRRP Performed Flag (Recovery) (do not commit)
Terminal Relay Resistance Entropy (Recovery) := Terminal Relay Resistance
Entropy (do not commit)
Device Relay Resistance Entropy (Recovery) := Device Relay Resistance Entropy
(do not commit)
ELSE
Clear RRP Performed Flag (Recovery) (do not commit)
(The value of Terminal Relay Resistance Entropy (Recovery) and Device Relay
Resistance Entropy (Recovery) is not relevant)
ENDIF
1G.15.12
Commit all the persistent data objects that have a new value assigned but that have
not yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
10.3.1. Start
Symbols in this diagram are labeled 2G.1.x.
2G.1
2nd GENERATE AC
1
Update Get Challenge
Flag
3
2
Build response
P1-P2 NOK
SW12 = '6A86'
OK
4
Partial
No authorization Yes
support
5 9
OK
7 6
OK
Retrieve transaction Build response
related data without SW12 = '6700' 10
Amount Authorized
Retrieve transaction
8 related data with
Amount Authorized
Amount Authorized =
Amount Authorized 1
Amount Other =
Amount Other 1
2G.1
1
11
12
13
No PTC = 0 Yes
15 14
16
Copy Script Counter to
CVR
17
Copy Script Received from
PTH to CVR
18
Copy Script Failed from
PTH to CVR
2G.1
2
19
No MTA activated
Yes
20
Trans
Currency Code
No
= MTA Currency
Code
Yes
21
Clear MTA exceeded in
CVR
22
Check for CVM
transaction
23
24 26 25
Amount Amount
Set MTA Exceeded
Authorized > Yes Yes Authorized >
in CVR
MTA NoCVM MTA CVM
No No
2G.1
3
27
Partial
No authorization Yes
support
28
Yes
Amount Authorized <=
Amount Authorized 1
No
29
Yes
30
No
31
Auth. Resp.
Yes
Code
is Y3 or Z3
No
32
Issuer
No Authentication Yes
Data present
2G.1.1
'Challenge Availability' in Get Challenge Flag := 'Successful Get Challenge' in Get
Challenge Flag
Clear 'Successful Get Challenge' in Get Challenge Flag
2G.1.2
IF ('Cryptogram Type' in Reference Control Parameter ≠ AAC AND
'Cryptogram Type' in Reference Control Parameter ≠ TC)
OR P2 ≠ '00'
THEN
GOTO 2G.1.3
ELSE
GOTO 2G.1.4
ENDIF
2G.1.3
Build R-APDU consisting of SW12 equal to '6A86'.
2G.1.4
IF 'Partial Authorization' in Application Control is set
THEN
GOTO 2G.1.9
ELSE
GOTO 2G.1.5
ENDIF
2G.1.5
IF Lc ≠ 29
THEN
GOTO 2G.1.6
ELSE
GOTO 2G.1.7
ENDIF
2G.1.6
Build R-APDU consisting of SW12 equal to '6700'.
2G.1.7
The transaction-related transient data objects are filled with the values given in the
Transaction Related Data:
2G.1.8
Amount, Authorized (Numeric) := Amount, Authorized 1
Amount, Other (Numeric) := Amount, Other 1
2G.1.9
IF Lc ≠ 41
THEN
GOTO 2G.1.6
ELSE
GOTO 2G.1.10
ENDIF
2G.1.10
The transaction-related transient data objects are filled with the values given in the
Transaction Related Data:
2G.1.11
Accumulator 1 Amount Temp := Accumulator 1 Amount
Accumulator 2 Amount Temp := Accumulator 2 Amount
Counter 1 Number Temp := Counter 1 Number
Counter 2 Number Temp := Counter 2 Number
2G.1.12
'Low Order Nibble Of PIN Try Counter' in Card Verification Results := 'Low Order
Nibble Of PIN Try Counter' in PIN Try Counter
2G.1.13
IF 'Low Order Nibble Of PIN Try Counter' in PIN Try Counter = 0000b
THEN
GOTO 2G.1.14
ELSE
GOTO 2G.1.15
ENDIF
2G.1.14
Set 'PTL Exceeded' in Card Verification Results
2G.1.15
Clear 'PTL Exceeded' in Card Verification Results
2G.1.16
'Low Order Nibble Of Script Counter' in Card Verification Results := 'Script Counter'
in Script Counter
2G.1.17
'Script Received' in Card Verification Results := 'Script Received' in Previous
Transaction History
2G.1.18
'Script Failed' in Card Verification Results := 'Script Failed' in Previous Transaction
History
2G.1.19
IF 'MTA Check' in Application Control is set
THEN
GOTO 2G.1.20
ELSE
GOTO 2G.1.27
ENDIF
2G.1.20
IF Transaction Currency Code = MTA Currency Code
THEN
GOTO 2G.1.21
ELSE
GOTO 2G.1.27
ENDIF
2G.1.21
Clear 'MTA Limit Exceeded' in Card Verification Results
2G.1.22
Return Value := CALL CheckCVMTransaction( )
2G.1.23
IF Return Value
THEN
GOTO 2G.1.25
ELSE
GOTO 2G.1.24
ENDIF
2G.1.24
IF Amount, Authorized (Numeric) > MTA NoCVM
THEN
GOTO 2G.1.26
ELSE
GOTO 2G.1.27
ENDIF
2G.1.25
IF Amount, Authorized (Numeric) > MTA CVM
THEN
GOTO 2G.1.26
ELSE
GOTO 2G.1.27
ENDIF
2G.1.26
Set 'MTA Limit Exceeded' in Card Verification Results
2G.1.27
IF 'Partial Authorization' in Application Control is set
THEN
GOTO 2G.1.28
ELSE
GOTO 2G.1.30
ENDIF
2G.1.28
IF Amount, Authorized (Numeric) Amount, Authorized 1
THEN
GOTO 2G.1.29
ELSE
GOTO 2G.5.1 (AAC Decided)
ENDIF
2G.1.29
IF Amount, Other (Numeric) Amount, Other 1
THEN
GOTO 2G.1.30
ELSE
GOTO 2G.5.1 (AAC Decided)
ENDIF
2G.1.30
IF 'Application Blocked' in Previous Transaction History is set
THEN
GOTO 2G.5.1 (AAC Decided)
ELSE
GOTO 2G.1.31
ENDIF
2G.1.31
IF Authorisation Response Code = Y3 OR Authorisation Response Code = Z3
THEN
GOTO 2G.2.1 (Unable to go online)
ELSE
GOTO 2G.1.32
ENDIF
2G.1.32
IF Issuer Authentication Data = '00000000000000000000'
THEN
Issuer Authentication Data is not present
GOTO 2G.4.1
ELSE
Issuer Authentication Data is present
GOTO 2G.3.1
ENDIF
2G.2 Unable to go
online
2
Last Online Transaction Not Completed in PTH :=
Last Online Transaction Not Completed in CVR
3
Auth. Resp.
No
Code is Y3 and
TC
Yes
9
Accs
Yes
and Cntrs are
saved in 1st GEN
AC
No
4
Update temporary
accumulators and
counters
5
Check accumulators and
counters limits and set
and reset CVR
1
AAC decided
2G.2
8
RRP not
performed and
Yes
Decline if RRP
not performed
No
2G.2.1
Set 'Unable To Go Online Indicated' in Card Verification Results
2G.2.2
'Last Online Transaction Not Completed' in Previous Transaction History := 'Last
Online Transaction Not Completed' in Card Verification Results (do not commit)
2G.2.3
IF Authorisation Response Code ≠ Y3 OR 'Cryptogram Type' in Reference Control
Parameter = AAC
THEN
GOTO 2G.5.1 (AAC Decided)
ELSE
GOTO 2G.2.9
ENDIF
2G.2.9
IF 'Save Accumulators And Counters on ARQC Response' in Application Control is
set
THEN
GOTO 2G.2.5
ELSE
GOTO 2G.2.4
ENDIF
2G.2.4
CALL UpdateTempAccsCntrs( )
2G.2.5
CALL CheckAccsCntrsLimitsSetResetCVR( )
2G.2.8
IF RRP Counter = 0 AND
'Decline If Unable To Go Online And RRP Not Performed' in Application
Control is set
THEN
GOTO 2G.5.1 (AAC Decided)
ELSE
GOTO 2G.2.6
ENDIF
2G.2.6
IF ('CVR Decisional Part' in Card Verification Results AND Card Issuer Action Code –
Default) = '000000'
THEN
GOTO 2G.2.7
ELSE
GOTO 2G.5.1 (AAC Decided)
ENDIF
2G.2.7
CALL SaveActiveAccsCntrs( )
GOTO 2G.6.1 (TC Decided)
2G.3
Issuer Authentication
Data Present
EMV CSK
Session Key MasterCard Proprietary
Derivation
3 4
5
ARPC NOK
Verification?
OK
7 6
Set Issuer Auth Failed in CVR
AC Session Key Counter = '0000' Set Issuer Auth Failed in PTH
Last Online Transaction Not
Completed in PTH := Last
8 Online Transaction Not
Clear Issuer Auth Failed in CVR and PTH Completed in CVR
Clear Last Online Transaction Not
Completed in PTH and CVR
1
AAC decided
2G.3
9
Reset Script
Counter with online Yes
response
10
Script Counter = '00'
No Script Counter in CVR = '0'
11
Max Number of
No days offline
activated?
Yes
12
Check format of
Transaction Date
13
Format of OK
Transaction Date
14
Last Online Txn Date =
Current Date In Days
NOK
2G.3
2
15
M/Chip 2 No
Yes
16
Clear Script Received in CVR and PTH 3
Clear Script Failed in CVR and PTH
17
No Terminal
requests TC
Yes
18
No
Issuer
requests TC
Yes
19
Acc 1 = '00 … 0'
Acc 2 = '00 … 0'
AAC decided
Cntr 1 = '00'
Cntr 2 = '00'
Acc 1 Temp = '00 … 0'
Acc 2 Temp = '00 … 0'
Cntr 1 Temp = '00'
Cntr 2 Temp = '00'
20
Check accumulators and
counters limits and set
and reset CVR
TC decided
2G.3
3
21
22
23 24
25
Yes Update PTC No
26
27
PTC = 0 No
Yes
28 29
Set PTL Exceeded in CVR Clear PTL Exceeded in CVR
2G.3
30
Issuer Updates Yes
Received?
No
No AAC decided
32
Clear Script Received in CVR and PTH
Clear Script Failed in CVR and PTH
33
Update
Accs/Cntrs
Set accs/cntrs to upper limits Reset accs/cntrs to zero Add transaction to Accs/Cntrs Do not update
5 6 7 8
2G.3
Set accs/cntrs to
upper limits 5
34
36
38
40
2G.3
Reset accs/cntrs
to zero 6
42
44
46
48
50
Acc 1 eligible No 51
52
Acc 2 eligible No 53
54
Cntr 1 eligible No 55
56
Cntr 2 Eligible No 57
58
Update temporary
accumulators and counters
59
Save active accumulators
and counters
2G.3
8
60
Check accumulators and
counters limits and set
and reset CVR
61
Terminal
No
requests TC
Yes
62
Issuer
No Yes
requests TC
2G.3
63
Terminal and Issuer No
both request TC or AAC
Yes
64
66
2G.3
67
68
Check temp accumulators
and temp counters limits and
set and reset CVR
69
Issuer requests TC No
Yes
2G.3.1
Set 'Issuer Authentication Performed' in Card Verification Results.
2G.3.2
IF 'Session Key Derivation' in Application Control = EMV CSK
THEN
GOTO 2G.3.3
ELSE
GOTO 2G.3.4
ENDIF
2G.3.3
Verify 'Authorization Response Cryptogram' with AC Session Key
Refer to [SECURITY] for details.
2G.3.4
Verify 'Authorization Response Cryptogram' with AC Master Key
Refer to [SECURITY] for details.
2G.3.5
IF 'Authorization Response Cryptogram' successfully verified
THEN
GOTO 2G.3.7
ELSE
GOTO 2G.3.6
ENDIF
2G.3.6
Set 'Issuer Authentication Failed' in Card Verification Results
Set 'Issuer Authentication Failed' in Previous Transaction History
'Last Online Transaction Not Completed' in Previous Transaction History := 'Last
Online Transaction Not Completed' in Card Verification Results (do not commit)
GOTO 2G.5.1(AAC Decided)
2G.3.7
AC Session Key Counter := '0000'
2G.3.8
Clear 'Issuer Authentication Failed' in Card Verification Results
Clear 'Issuer Authentication Failed' in Previous Transaction History (do not commit)
Clear 'Last Online Transaction Not Completed' in Previous Transaction History (do
not commit)
Clear 'Last Online Transaction Not Completed' in Card Verification Results
2G.3.9
IF 'Reset Script Counter With Online Response' in Application Control is set
THEN
GOTO 2G.3.10
ELSE
GOTO 2G.3.11
ENDIF
2G.3.10
Script Counter := '00' (do not commit)
Clear 'Low Order Nibble Of Script Counter' in Card Verification Results
2G.3.11
IF 'Maximum Number Of Days Offline Check' in Application Control is set
THEN
GOTO 2G.3.12
ELSE
GOTO 2G.3.15
ENDIF
2G.3.12
Return Value := CALL CheckFormatOfDate( )
2G.3.13
IF Return Value
THEN
GOTO 2G.3.14
ELSE
GOTO 2G.3.15
ENDIF
2G.3.14
Last Online Transaction Date := Current Date In Days (do not commit)
2G.3.15
IF 'Issuer Host Backwards Compatibility' in Application Control = V2.1/V2.2 Host
Backwards Compatibility OR 'Issuer Host Backwards Compatibility' in
Application Control = V2.05 Host Backwards Compatibility
THEN
GOTO 2G.3.16
ELSE
GOTO 2G.3.21
ENDIF
2G.3.16
Clear 'Script Received' in Card Verification Results
Clear 'Script Failed' in Card Verification Results
Clear 'Script Received' in Previous Transaction History (do not commit)
Clear 'Script Failed' in Previous Transaction History (do not commit)
2G.3.17
IF 'Cryptogram Type' in Reference Control Parameter = TC
THEN
GOTO 2G.3.18
ELSE
GOTO 2G.5.1 (AAC Decided)
ENDIF
2G.3.18
IF 'ARPC Response Code' in Issuer Authentication Data is '3030' OR 'ARPC Response
Code' in Issuer Authentication Data is '3031' OR 'ARPC Response Code' in Issuer
Authentication Data is '3038'
THEN
GOTO 2G.3.19
ELSE
GOTO 2G.5.1 (AAC Decided)
ENDIF
2G.3.19
Accumulator 1 Amount := '000000000000' (do not commit)
Accumulator 2 Amount := '000000000000' (do not commit)
Counter 1 Number := '00' (do not commit)
Counter 2 Number := '00' (do not commit)
Accumulator 1 Amount Temp := '000000000000'
Accumulator 2 Amount Temp := '000000000000'
Counter 1 Number Temp := '00'
Counter 2 Number Temp := '00'
2G.3.20
CALL CheckAccsCntrsLimitsSetResetCVR( )
GOTO 2G.6.1 (TC Decided)
2G.3.21
Last Online ATC := Application Transaction Counter (do not commit)
2G.3.22
IF 'Set Go Online On Next Transaction' in ARPC Response Code is set
THEN
GOTO 2G.3.23
ELSE
GOTO 2G.3.24
ENDIF
2G.3.23
Set 'Go Online On Next Transaction Was Set' in Card Verification Results
Set 'Go Online On Next Transaction' in Previous Transaction History (do not commit)
2G.3.24
Clear 'Go Online On Next Transaction Was Set' in Card Verification Results
Clear 'Go Online On Next Transaction' in Previous Transaction History (do not
commit)
2G.3.25
IF 'Update PIN Try Counter' in ARPC Response Code is set
THEN
GOTO 2G.3.26
ELSE
GOTO 2G.3.30
ENDIF
2G.3.26
'Low Order Nibble Of PIN Try Counter' in PIN Try Counter := 'PIN Try Counter' in
ARPC Response Code (do not commit)
'Low Order Nibble Of PIN Try Counter' in Card Verification Results := 'Low Order
Nibble Of PIN Try Counter' in PIN Try Counter
2G.3.27
IF PIN Try Counter = '00'
THEN
GOTO 2G.3.28
ELSE
GOTO 2G.3.29
ENDIF
2G.3.28
Set 'PTL Exceeded' in Card Verification Results
2G.3.29
Clear 'PTL Exceeded' in Card Verification Results
2G.3.30
IF Issuer Updates Received Flag is set
THEN
GOTO 2G.3.63
ELSE
GOTO 2G.3.31
ENDIF
2G.3.31
IF 'Decline If Issuer Updates Not Received' in ARPC Response Code is set
THEN
GOTO 2G.5.1 (AAC Decided)
ELSE
GOTO 2G.3.32
ENDIF
2G.3.32
Clear 'Script Received' in Card Verification Results
Clear 'Script Failed' in Card Verification Results
Clear 'Script Received' in Previous Transaction History (do not commit)
Clear 'Script Failed' in Previous Transaction History (do not commit)
2G.3.33
IF 'Update Accumulators/Counters' in ARPC Response Code = Do Not Update
Accumulators/Counters
THEN
GOTO 2G.3.60
in ARPC Response Code = Set
ELSE IF 'Update Accumulators/Counters'
Accumulators/Counters To Upper Offline Limits
THEN
GOTO 2G.3.34
ELSE IF 'Update Accumulators/Counters' in ARPC Response Code = Reset
Accumulators/Counters To Zero
THEN
GOTO 2G.3.42
ELSE
GOTO 2G.3.50
ENDIF
ENDIF
ENDIF
2G.3.34
IF 'Accumulator 1 Not Eligible' in ARPC Response Code is set
THEN
GOTO 2G.3.36
ELSE
GOTO 2G.3.35
ENDIF
2G.3.35
Accumulator 1 Amount := Accumulator 1 Upper Limit (do not commit)
Accumulator 1 Amount Temp := Accumulator 1 Upper Limit
2G.3.36
IF 'Accumulator 2 Not Eligible' in ARPC Response Code is set
THEN
GOTO 2G.3.38
ELSE
GOTO 2G.3.37
ENDIF
2G.3.37
Accumulator 2 Amount := Accumulator 2 Upper Limit (do not commit)
Accumulator 2 Amount Temp := Accumulator 2 Upper Limit
2G.3.38
IF 'Counter 1 Not Eligible' in ARPC Response Code is set
THEN
GOTO 2G.3.40
ELSE
GOTO 2G.3.39
ENDIF
2G.3.39
Counter 1 Number := Counter 1 Upper Limit (do not commit)
Counter 1 Number Temp := Counter 1 Upper Limit
2G.3.40
IF 'Counter 2 Not Eligible' in ARPC Response Code is set
THEN
GOTO 2G.3.60
ELSE
GOTO 2G.3.41
ENDIF
2G.3.41
Counter 2 Number := Counter 2 Upper Limit (do not commit)
Counter 2 Number Temp := Counter 2 Upper Limit
2G.3.42
IF 'Accumulator 1 Not Eligible' in ARPC Response Code is set
THEN
GOTO 2G.3.44
ELSE
GOTO 2G.3.43
ENDIF
2G.3.43
Accumulator 1 Amount := '000000000000' (do not commit)
Accumulator 1 Amount Temp := '000000000000'
2G.3.44
IF 'Accumulator 2 Not Eligible' in ARPC Response Code is set
THEN
GOTO 2G.3.46
ELSE
GOTO 2G.3.45
ENDIF
2G.3.45
Accumulator 2 Amount := '000000000000' (do not commit)
Accumulator 2 Amount Temp := '000000000000'
2G.3.46
IF 'Counter 1 Not Eligible' in ARPC Response Code is set
THEN
GOTO 2G.3.48
ELSE
GOTO 2G.3.47
ENDIF
2G.3.47
Counter 1 Number := '00' (do not commit)
Counter 1 Number Temp := '00'
2G.3.48
IF 'Counter 2 Not Eligible' in ARPC Response Code is set
THEN
GOTO 2G.3.60
ELSE
GOTO 2G.3.49
ENDIF
2G.3.49
Counter 2 Number := '00' (do not commit)
Counter 2 Number Temp := '00'
2G.3.50
IF 'Accumulator 1 Not Eligible' in ARPC Response Code is set
THEN
GOTO 2G.3.51
ELSE
GOTO 2G.3.52
ENDIF
2G.3.51
Clear Accumulator 1 Active Flag
2G.3.52
IF 'Accumulator 2 Not Eligible' in ARPC Response Code is set
THEN
GOTO 2G.3.53
ELSE
GOTO 2G.3.54
ENDIF
2G.3.53
Clear Accumulator 2 Active Flag
2G.3.54
IF 'Counter 1 Not Eligible' in ARPC Response Code is set
THEN
GOTO 2G.3.55
ELSE
GOTO 2G.3.56
ENDIF
2G.3.55
Clear Counter 1 Active Flag
2G.3.56
IF 'Counter 2 Not Eligible' in ARPC Response Code is set
THEN
GOTO 2G.3.57
ELSE
GOTO 2G.3.58
ENDIF
2G.3.57
Clear Counter 2 Active Flag
2G.3.58
CALL UpdateTempAccsCntrs( )
2G.3.59
CALL SaveActiveAccsCntrs( )
2G.3.60
CALL CheckAccsCntrsLimitsSetResetCVR( )
2G.3.61
IF 'Cryptogram Type' in Reference Control Parameter = TC
THEN
GOTO 2G.3.62
ELSE
GOTO 2G.5.1 (AAC Decided)
ENDIF
2G.3.62
IF 'Approve Online Transaction' in ARPC Response Code is set
THEN
GOTO 2G.6.1 (TC Decided)
ELSE
GOTO 2G.5.1 (AAC Decided)
ENDIF
2G.3.63
IF ('Cryptogram Type' in Reference Control Parameter = TC AND 'Approve Online
Transaction' in ARPC Response Code is set) OR ('Cryptogram Type' in Reference
Control Parameter = AAC AND 'Approve Online Transaction' in ARPC Response
Code is not set)
THEN
GOTO 2G.3.64
ELSE
GOTO 2G.5.1 (AAC Decided)
ENDIF
2G.3.64
Clear 'Script Failed' in Card Verification Results
Clear 'Script Failed' in Previous Transaction History (do not commit)
Clear Script Failed Flag
2G.3.65
IF 'Script Counter' in Script Counter = 'F'
THEN
'Script Counter' in Script Counter := '0' (do not commit)
ELSE
'Script Counter' in Script Counter := 'Script Counter' in Script Counter + 1 (do not
commit)
ENDIF
2G.3.66
'Low Order Nibble Of Script Counter' in Card Verification Results := 'Script Counter'
in Script Counter
2G.3.67
CALL ProcessIssuerUpdates( )
2G.3.68
CALL CheckTempAccsCntrsLimitsSetResetCVR( )
2G.3.69
IF 'Approve Online Transaction' in ARPC Response Code is set
THEN
GOTO 2G.6.1 (TC Decided)
ELSE
GOTO 2G.5.1 (AAC Decided)
ENDIF
2G.4
Issuer Authentication
Data Not Present
1
Accept without No
ARPC
2
Yes
Last Online Transaction Not
3
Completed in PTH := Last
Clear Last Online Transaction Not Online Transaction Not
Completed in PTH and CVR Completed in CVR
4
Terminal
No
requests TC
Yes
5
AAC decided
Clear Issuer Auth Failed in CVR and PTH
Clear Script Received in CVR and PTH
Clear Script Failed in CVR and PTH
6
Reset Script
Counter with online Yes
response
7
Script Counter = '00'
No Script Counter in CVR = '0'
2G.4
Max Number of
No days offline
activated?
Yes
9
Check format of
Transaction Data
10
Format of OK
Transaction Date
11
Last Online Txn Date =
NOK Current Date In Days
12
Update
Accs/Cntrs
Set accs/cntrs to upper limits Reset accs/cntrs to zero Add transaction to Accs/Cntrs Do not update
2 3 4 5
2G.4
Set accs/cntrs to
upper limits 2
13
15
17
Cntr 1 eligible Yes
18
Cntr 1 = Cntr 1 Upper Limit
No
Cntr 1 Temp = Cntr 1 Upper Limit
19
2G.4
Reset accs/cntrs
to zero 3
21
23
25
27
29
Acc 1 eligible No 30
31
Acc 2 eligible No 32
33
Cntr 1 eligible No 34
35
Cntr 2 Eligible No
36
37
Update temporary
accumulators and counters
38
Save active accumulators
and counters
2G.4
5
39
Check accumulators and
counters limits and set and
reset CVR
40
Yes Set Go Online No
41 42
43
44
Issuer Yes
No
requests TC
2G.4.1
IF 'Accept Online Transactions Without ARPC' in Application Control is set
THEN
GOTO 2G.4.3
ELSE
GOTO 2G.4.2
ENDIF
2G.4.2
'Last Online Transaction Not Completed' in Previous Transaction History := 'Last
Online Transaction Not Completed' in Card Verification Results (do not commit)
GOTO 2G.5.1 (AAC Decided)
2G.4.3
Clear 'Last Online Transaction Not Completed' in Previous Transaction History (do
not commit)
Clear 'Last Online Transaction Not Completed' in Card Verification Results
2G.4.4
IF 'Cryptogram Type' in Reference Control Parameter = TC
THEN
GOTO 2G.4.5
ELSE
GOTO 2G.5.1 (AAC Decided)
ENDIF
2G.4.5
Clear 'Issuer Authentication Failed' in Card Verification Results
Clear 'Script Received' in Card Verification Results
Clear 'Script Failed' in Card Verification Results
Clear 'Issuer Authentication Failed' in Previous Transaction History (do not commit)
Clear 'Script Received' in Previous Transaction History (do not commit)
Clear 'Script Failed' in Previous Transaction History (do not commit)
2G.4.6
IF 'Reset Script Counter With Online Response' in Application Control is set
THEN
GOTO 2G.4.7
ELSE
GOTO 2G.4.8
ENDIF
2G.4.7
Script Counter := '00' (do not commit)
Clear 'Low Order Nibble Of Script Counter' in Card Verification Results
2G.4.8
IF 'Maximum Number Of Days Offline Check' in Application Control is set
THEN
GOTO 2G.4.9
ELSE
GOTO 2G.4.12
ENDIF
2G.4.9
Return Value := CALL CheckFormatOfDate( )
2G.4.10
IF Return Value
THEN
GOTO 2G.4.11
ELSE
GOTO 2G.4.12
ENDIF
2G.4.11
Last Online Transaction Date := Current Date In Days (do not commit)
2G.4.12
IF 'Update Accumulators/Counters' in Default ARPC Response Code = Do Not Update
Accumulators/Counters
THEN
GOTO 2G.4.39
in Default ARPC Response Code = Set
ELSE IF 'Update Accumulators/Counters'
Accumulators/Counters To Upper Offline Limits
THEN
GOTO 2G.4.13
ELSE IF 'Update Accumulators/Counters' in Default ARPC Response Code = Reset
Accumulators/Counters To Zero
THEN
GOTO 2G.4.21
ELSE
GOTO 2G.4.29
ENDIF
ENDIF
ENDIF
2G.4.13
IF 'Accumulator 1 Not Eligible' in Default ARPC Response Code is set
THEN
GOTO 2G.4.15
ELSE
GOTO 2G.4.14
ENDIF
2G.4.14
Accumulator 1 Amount := Accumulator 1 Upper Limit (do not commit)
Accumulator 1 Amount Temp := Accumulator 1 Upper Limit
2G.4.15
IF 'Accumulator 2 Not Eligible' in Default ARPC Response Code is set
THEN
GOTO 2G.4.17
ELSE
GOTO 2G.4.16
ENDIF
2G.4.16
Accumulator 2 Amount := Accumulator 2 Upper Limit (do not commit)
Accumulator 2 Amount Temp := Accumulator 2 Upper Limit
2G.4.17
IF 'Counter 1 Not Eligible' in Default ARPC Response Code is set
THEN
GOTO 2G.4.19
ELSE
GOTO 2G.4.18
ENDIF
2G.4.18
Counter 1 Number := Counter 1 Upper Limit (do not commit)
Counter 1 Number Temp := Counter 1 Upper Limit
2G.4.19
IF 'Counter 2 Not Eligible' in Default ARPC Response Code is set
THEN
GOTO 2G.4.39
ELSE
GOTO 2G.4.20
ENDIF
2G.4.20
Counter 2 Number := Counter 2 Upper Limit (do not commit)
Counter 2 Number Temp := Counter 2 Upper Limit
2G.4.21
IF 'Accumulator 1 Not Eligible' in Default ARPC Response Code is set
THEN
GOTO 2G.4.23
ELSE
GOTO 2G.4.22
ENDIF
2G.4.22
Accumulator 1 Amount := '000000000000' (do not commit)
Accumulator 1 Amount Temp := '000000000000'
2G.4.23
IF 'Accumulator 2 Not Eligible' in Default ARPC Response Code is set
THEN
GOTO 2G.4.25
ELSE
GOTO 2G.4.24
ENDIF
2G.4.24
Accumulator 2 Amount := '000000000000' (do not commit)
Accumulator 2 Amount Temp := '000000000000'
2G.4.25
IF 'Counter 1 Not Eligible' in Default ARPC Response Code is set
THEN
GOTO 2G.4.27
ELSE
GOTO 2G.4.26
ENDIF
2G.4.26
Counter 1 Number := '00' (do not commit)
Counter 1 Number Temp := '00'
2G.4.27
IF 'Counter 2 Not Eligible' in Default ARPC Response Code is set
THEN
GOTO 2G.4.39
ELSE
GOTO 2G.4.28
ENDIF
2G.4.28
Counter 2 Number := '00' (do not commit)
Counter 2 Number Temp := '00'
2G.4.29
IF 'Accumulator 1 Not Eligible' in Default ARPC Response Code is set
THEN
GOTO 2G.4.30
ELSE
GOTO 2G.4.31
ENDIF
2G.4.30
Clear Accumulator 1 Active Flag
2G.4.31
IF 'Accumulator 2 Not Eligible' in Default ARPC Response Code is set
THEN
GOTO 2G.4.32
ELSE
GOTO 2G.4.33
ENDIF
2G.4.32
Clear Accumulator 2 Active Flag
2G.4.33
IF 'Counter 1 Not Eligible' in Default ARPC Response Code is set
THEN
GOTO 2G.4.34
ELSE
GOTO 2G.4.35
ENDIF
2G.4.34
Clear Counter 1 Active Flag
2G.4.35
IF 'Counter 2 Not Eligible' in Default ARPC Response Code is set
THEN
GOTO 2G.4.36
ELSE
GOTO 2G.4.37
ENDIF
2G.4.36
Clear Counter 2 Active Flag
2G.4.37
CALL UpdateTempAccsCntrs( )
2G.4.38
CALL SaveActiveAccsCntrs( )
2G.4.39
CALL CheckAccsCntrsLimitsSetResetCVR( )
2G.4.40
IF 'Set Go Online On Next Transaction' in Default ARPC Response Code is set
THEN
GOTO 2G.4.41
ELSE
GOTO 2G.4.42
ENDIF
2G.4.41
Set 'Go Online On Next Transaction Was Set' in Card Verification Results
Set 'Go Online On Next Transaction' in Previous Transaction History (do not commit)
2G.4.42
Clear 'Go Online On Next Transaction Was Set' in Card Verification Results
Clear 'Go Online On Next Transaction' in Previous Transaction History (do not
commit)
2G.4.43
Last Online ATC := Application Transaction Counter (do not commit)
2G.4.44
IF 'Approve Online Transaction' in Default ARPC Response Code is set
THEN
GOTO 2G.6.1 (TC Decided)
ELSE
GOTO 2G.5.1 (AAC Decided)
ENDIF
2G.5
AAC
dec
1
Set AAC decided in
CVR
1a 1b
Combined Set CDA returned in
Yes
DDA/AC? CVR
No
2
Set AAC decided in
CID
No AAC Logging?
Yes
4
Create Current
Transaction Log
Record
Pre-logging? Yes
6
No 7 Overwrite last record in
Add Current Transaction Transaction Log File with
Log Record to Current Transaction Log
Transaction Log File Record
2G.5
1
8
Combined
No
DDA/AC
Yes
9
Terminal
No requests
AAC?
Yes
11
Host
compatibility
2G.5.1
'AC Returned In Second Generate AC' in Card Verification Results := AAC Returned
In Second Generate AC
2G.5.1a
IF 'Combined DDA/AC Generation Requested' in Reference Control Parameter is set
AND 'Cryptogram Type' in Reference Control Parameter = AAC
THEN
GOTO 2G.5.1b
ELSE
GOTO 2G.5.2
ENDIF
2G.5.1b
Set 'Combined DDA/AC Generation Returned In Second Generate AC' in Card
Verification Results
2G.5.2
'Type Of Cryptogram' in Cryptogram Information Data := AAC
2G.5.3
IF 'AAC Logging' in Application Control is set
THEN
GOTO 2G.5.4
ELSE
GOTO 2G.5.8
ENDIF
2G.5.4
Create Temp Transaction Log Record as defined in Table 10.4.
Table 10.4—Temp Transaction Log Record
Data Object Length
Cryptogram Information Data 1
Amount, Authorized (Numeric) 6
Transaction Currency Code 2
Transaction Date 3
Application Transaction Counter 2
Card Verification Results 6
Interface Identifier 1
Transaction Time 3
Merchant Custom Data 20
The data objects defined by the Log Data Table are appended to the Temp
Transaction Log Record:
CALL AddAdditionalLogInfo( )
2G.5.5
IF 'ARQC Pre-logging' in Application Control is set
THEN
GOTO 2G.5.6
ELSE
GOTO 2G.5.7
ENDIF
2G.5.6
The most recent record in the Transaction Log File is overwritten with the Temp
Transaction Log Record (do not commit).
2G.5.7
The Temp Transaction Log Record is added to the Transaction Log File (do not
commit).
2G.5.8
IF 'Combined DDA/AC Generation Requested' in Reference Control Parameter is set
THEN
GOTO 2G.5.9
ELSE
GOTO 2G.5.12
ENDIF
2G.5.9
IF 'Cryptogram Type' in Reference Control Parameter = AAC
THEN
GOTO 2G.5.11
ELSE
GOTO 2G.5.12
ENDIF
2G.5.11
IF 'Issuer Host Backwards Compatibility' in Application Control = V2.1/V2.2 Host
Backwards Compatibility
THEN
GOTO 2G.13.1 (CDA – V2.1/V2.2 host backwards compatibility)
ELSE
IF 'Issuer Host Backwards Compatibility' in Application Control = V2.05 Host
Backwards Compatibility
THEN
GOTO 2G.14.1 (CDA – V2.05 host backwards compatibility)
ELSE
IF 'Issuer Host Backwards Compatibility' in Application Control =
V1.1/V1.3 Host Backwards Compatibility
THEN
GOTO 2G.12.1 (CDA – V1.1/V1.3 host backwards compatibility)
ELSE
GOTO 2G.11.1 (CDA – no host backwards compatibility)
ENDIF
ENDIF
ENDIF
2G.5.12
IF 'Issuer Host Backwards Compatibility' in Application Control = V2.1/V2.2 Host
Backwards Compatibility
THEN
GOTO 2G.9.1 (No CDA – V2.1/V2.2 host backwards compatibility)
ELSE
IF 'Issuer Host Backwards Compatibility' in Application Control = V2.05 Host
Backwards Compatibility
THEN
GOTO 2G.10.1 (No CDA – V2.05 host backwards compatibility)
ELSE
IF 'Issuer Host Backwards Compatibility' in Application Control =
V1.1/V1.3 Host Backwards Compatibility
THEN
GOTO 2G.8.1 (No CDA – V1.1/V1.3 host backwards compatibility)
ELSE
GOTO 2G.7.1 (No CDA – no host backwards compatibility)
ENDIF
ENDIF
ENDIF
10.3.6. Decision TC
Symbols in this diagram are labeled 2G.6.x.
2G.6 TC
dec
1
Set TC decided in
CVR
1a 1b
Combined Set CDA returned in
Yes
DDA/AC? CVR
No
No TC Logging?
Yes
4
Create Current
Transaction Log
Record
Pre-logging? Yes
6
No
7 Overwrite last record in
Add Current Transaction Transaction Log File with
Log Record to Current Transaction Log
Transaction Log File Record
2G.6
1
12
Enable
alternate Yes
interface? 13
Enable interface
No
No
Combined
DDA/AC
Yes
10
Host
compatibility
11
Host
compatibility
2G.6.1
'AC Returned In Second Generate AC' in Card Verification Results := TC Returned In
Second Generate AC
2G.6.1a
IF 'Combined DDA/AC Generation Requested' in Reference Control Parameter is set
THEN
GOTO 2G.6.1b
ELSE
GOTO 2G.6.2
ENDIF
2G.6.1b
Set 'Combined DDA/AC Generation Returned In Second Generate AC' in Card
Verification Results
2G.6.2
'Type Of Cryptogram' in Cryptogram Information Data := TC
2G.6.3
IF 'TC Logging' in Application Control is set
THEN
GOTO 2G.6.4
ELSE
GOTO 2G.6.12
ENDIF
2G.6.4
Create Temp Transaction Log Record as defined in Table 10.5.
Table 10.5—Temp Transaction Log Record
Data Object Length
Cryptogram Information Data 1
Amount, Authorized (Numeric) 6
Transaction Currency Code 2
Transaction Date 3
Application Transaction Counter 2
Card Verification Results 6
Interface Identifier 1
Transaction Time 3
Merchant Custom Data 20
The data objects defined by the Log Data Table are appended to the Temp
Transaction Log Record:
CALL AddAdditionalLogInfo( )
2G.6.5
IF 'ARQC Pre-logging' in Application Control is set
THEN
GOTO 2G.6.6
ELSE
GOTO 2G.6.7
ENDIF
2G.6.6
The most recent record in the Transaction Log File is overwritten with the Temp
Transaction Log Record (do not commit).
2G.6.7
The Temp Transaction Log Record is added to the Transaction Log File (do not
commit).
2G.6.12
IF 'Enable Alternate Interface After TC Generated' in Application Control is set
THEN
GOTO 2G.6.13
ELSE
GOTO 2G.6.8
ENDIF
2G.6.13
'Interfaces Status' in Interface Enabling Switch := Contact And Contactless Interfaces
Enabled
2G.6.8
IF 'Combined DDA/AC Generation Requested' in Reference Control Parameter is set
THEN
GOTO 2G.6.10
ELSE
GOTO 2G.6.11
ENDIF
2G.6.10
IF 'Issuer Host Backwards Compatibility' in Application Control = V2.1/V2.2 Host
Backwards Compatibility
THEN
GOTO 2G.13.1 (CDA – V2.1/V2.2 host backwards compatibility)
ELSE
IF 'Issuer Host Backwards Compatibility' in Application Control = V2.05 Host
Backwards Compatibility
THEN
GOTO 2G.14.1 (CDA – V2.05 host backwards compatibility)
ELSE
IF 'Issuer Host Backwards Compatibility' in Application Control =
V1.1/V1.3 Host Backwards Compatibility
THEN
GOTO 2G.12.1 (CDA – V1.1/V1.3 host backwards compatibility)
ELSE
GOTO 2G.11.1 (CDA – no host backwards compatibility)
ENDIF
ENDIF
ENDIF
2G.6.11
IF 'Issuer Host Backwards Compatibility' in Application Control = V2.1/V2.2 Host
Backwards Compatibility
THEN
GOTO 2G.9.1 (No CDA – V2.1/V2.2 host backwards compatibility)
ELSE
IF 'Issuer Host Backwards Compatibility' in Application Control = V2.05 Host
Backwards Compatibility
THEN
GOTO 2G.10.1 (No CDA – V2.05 host backwards compatibility)
ELSE
IF 'Issuer Host Backwards Compatibility' in Application Control =
V1.1/V1.3 Host Backwards Compatibility
THEN
GOTO 2G.8.1 (No CDA – V1.1/V1.3 host backwards compatibility)
ELSE
GOTO 2G.7.1 (No CDA – no host backwards compatibility)
ENDIF
ENDIF
ENDIF
2G.7
M4R2
AC
2
Session Key
Derivation
4
No
Set AC Session Key
6
Counter Error Limit
Increment CTRAC Exceeded in Security
Limits Status
7 5
Derive AC Session Build response
Key (MasterCard SW12 = '6985'
Proprietary)
2G.7
1
8 9
10
No
Encrypt field
11
No
Include Yes
counters?
12
Include Last
15 No Online ATC? Yes
Build input to AC
without counters
13 14
Build input to AC Build input to AC
with counters with counters and
Last Online ATC
16
Compute AC
17
CVN = '10'
2G.7
2
18
EMV CSK
Session Key MasterCard Proprietary
Derivation
19 20
Set MasterCard
Set EMV CSK in CVN
Proprietary SKD in CVN
21
Yes
Include
counters?
22
Set Counters Included In
AC Computation in CVN
No
23
2G.7
24
Include
Yes Last Online ATC No
in IAD?
25 26
27
Build response
SW12 = '9000'
28
Recover Torn
Yes Transactions
Enabled?
29
No
30
Commit persistent
data
2G.7.1
CALL BuildCountersField( )
2G.7.2
IF 'Session Key Derivation' in Application Control = MasterCard Proprietary SKD
THEN
GOTO 2G.7.3
ELSE
GOTO 2G.7.8
ENDIF
2G.7.3
IF AC Session Key Counter ≥ AC Session Key Counter Limit
THEN
GOTO 2G.7.4
ELSE
GOTO 2G.7.6
ENDIF
2G.7.4
Set 'AC Session Key Counter Limit Exceeded' in Security Limits Status
2G.7.5
Build R-APDU consisting of SW12 equal to '6985'.
2G.7.6
AC Session Key Counter := AC Session Key Counter + 1
2G.7.7
Derive AC Session Key using the MasterCard Proprietary method
Refer to [SECURITY] for details.
2G.7.8
IF 'Encrypt Offline Counters' in Application Control is set
THEN
GOTO 2G.7.9
ELSE
GOTO 2G.7.11
ENDIF
2G.7.9
Compute variant session key for Plaintext/Encrypted Counters encryption.
Refer to [SECURITY] for details.
2G.7.10
Plaintext/Encrypted Counters := Encrypt (Plaintext/Encrypted Counters)
Refer to [SECURITY] for details.
2G.7.11
IF 'Include Counters In AC' in Application Control is set
THEN
GOTO 2G.7.12
ELSE
GOTO 2G.7.15
ENDIF
2G.7.12
IF 'Include Last Online ATC in IAD' in Application Control is set
THEN
GOTO 2G.7.14
ELSE
GOTO 2G.7.13
ENDIF
2G.7.13
Build the input for Application Cryptogram generation as defined in Table 10.6.
Table 10.6—Input for Application Cryptogram with Counters
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
Card Verification Results 6
Plaintext/Encrypted Counters 8 or 16
2G.7.14
Build the input for Application Cryptogram generation as defined in Table 10.7.
Table 10.7—Input for Application Cryptogram with Counters and Last Online
ATC
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
Card Verification Results 6
Plaintext/Encrypted Counters 8 or 16
Last Online ATC 2
2G.7.15
Build the input for Application Cryptogram generation as defined in Table 10.8.
Table 10.8—Input for Application Cryptogram without Counters and Last
Online ATC
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
Card Verification Results 6
2G.7.16
Compute Application Cryptogram
Refer to [SECURITY] for details.
2G.7.17
Cryptogram Version Number := '10'
2G.7.18
IF 'Session Key Derivation' in Application Control = EMV CSK
THEN
GOTO 2G.7.19
ELSE
GOTO 2G.7.20
ENDIF
2G.7.19
'Session Key Used For AC Computation' in Cryptogram Version Number := EMV
CSK Session Key
2G.7.20
'Session Key Used For AC Computation' in Cryptogram Version Number :=
MasterCard Proprietary SKD Session Key
2G.7.21
IF 'Include Counters In AC' in Application Control is set
THEN
GOTO 2G.7.22
ELSE
GOTO 2G.7.23
ENDIF
2G.7.22
Set 'Counters Included In AC Computation' in Cryptogram Version Number
2G.7.23
IF ICC Dynamic Number (Terminal) = '0000000000000000'
THEN
DAC/ICC Dyn Nr := Data Authentication Code
ELSE
DAC/ICC Dyn Nr := ICC Dynamic Number (Terminal)[1 : 2]
ENDIF
2G.7.24
IF 'Include Last Online ATC in IAD' in Application Control is set
THEN
GOTO 2G.7.25
ELSE
GOTO 2G.7.26
ENDIF
2G.7.25
Build Issuer Application Data as defined in Table 10.9.
Table 10.9—Issuer Application Data with Last Online ATC
Data Object Length
Key Derivation Index 1
Cryptogram Version Number 1
Card Verification Results 6
DAC/ICC Dyn Nr 2
Plaintext/Encrypted Counters 8 or 16
Last Online ATC 2
2G.7.26
Build Issuer Application Data as defined in Table 10.10.
Table 10.10—Issuer Application Data without Last Online ATC
Data Object Length
Key Derivation Index 1
Cryptogram Version Number 1
Card Verification Results 6
DAC/ICC Dyn Nr 2
Plaintext/Encrypted Counters 8 or 16
2G.7.27
Build the response.
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 10.11 followed by
SW12 equal to '9000'.
Table 10.11—Response
Tag Length Value
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F26' 8 Application Cryptogram
'9F10' 18, 20, 26 or 28 Issuer Application Data
2G.7.28
IF 'Torn Transaction Recovery' in Application Control is set
THEN
GOTO 2G.7.29
ELSE
GOTO 2G.7.30
ENDIF
2G.7.29
Clear CDA Transaction Flag (Recovery) (do not commit)
Application Cryptogram (Recovery) := Application Cryptogram (do not commit)
Application Transaction Counter (Recovery) := Application Transaction Counter (do
not commit)
Issuer Application Data (Recovery) := Issuer Application Data (do not commit)
Cryptogram Information Data (Recovery) := Cryptogram Information Data (do not
commit)
Unpredictable Number (Recovery) := Unpredictable Number (do not commit)
2G.7.30
Commit all the persistent data objects, that have a new value assigned but that have
not yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
2G.8
1.1/1.3
AC
1
Compute 1.1/1.3
CVR
3
Session Key
EMV CSK
Derivation
MasterCard Proprietary
5
No Set AC Session Key
7 Counter Error Limit
Exceeded in Security
Increment CTRAC Limits Status
8 6
Derive AC Session Build response
Key (MasterCard SW12 = '6985'
Proprietary)
2G.8
1
9 10
11
No
Encrypt field
12
Include Yes
counters?
No
14 13
Build input to AC Build input to AC
without counters with counters
15
Compute AC
16
CVN = '10'
2G.8
2
17
EMV CSK
Session Key MasterCard Proprietary
Derivation
18 19
Set MasterCard
Set EMV CSK in CVN
Proprietary SKD in CVN
20
Yes
Include
counters?
21
Set Counters Included In
AC Computation in CVN
No
22
Build Issuer
Application Data
23
Build response
SW12 = '9000'
2G.8
24
Recover Torn
Yes Transactions
Enabled?
25
No
26
Commit persistent
data
2G.8.1
CALL Compute41.1CVR( )
2G.8.2
CALL BuildCountersField( )
2G.8.3
IF 'Session Key Derivation' in Application Control = MasterCard Proprietary SKD
THEN
GOTO 2G.8.4
ELSE
GOTO 2G.8.9
ENDIF
2G.8.4
IF AC Session Key Counter ≥ AC Session Key Counter Limit
THEN
GOTO 2G.8.5
ELSE
GOTO 2G.8.7
ENDIF
2G.8.5
Set 'AC Session Key Counter Limit Exceeded' in Security Limits Status
2G.8.6
Build R-APDU consisting of SW12 equal to '6985'.
2G.8.7
AC Session Key Counter := AC Session Key Counter + 1
2G.8.8
Derive AC Session Key using the MasterCard Proprietary method
Refer to [SECURITY] for details.
2G.8.9
IF 'Encrypt Offline Counters' in Application Control is set
THEN
GOTO 2G.8.10
ELSE
GOTO 2G.8.12
ENDIF
2G.8.10
Compute variant session key for Plaintext/Encrypted Counters encryption.
Refer to [SECURITY] for details.
2G.8.11
Plaintext/Encrypted Counters := Encrypt (Plaintext/Encrypted Counters)
Refer to [SECURITY] for details.
2G.8.12
IF 'Include Counters In AC' in Application Control is set
THEN
GOTO 2G.8.13
ELSE
GOTO 2G.8.14
ENDIF
2G.8.13
Build the input for Application Cryptogram generation as defined in Table 10.12.
Table 10.12—Input for Application Cryptogram with Counters (V1.1/V1.3 Host
Backwards Compatibility)
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
CVR V1.1/V1.3 6
Plaintext/Encrypted Counters 8 or 16
2G.8.14
Build the input for Application Cryptogram generation as defined in Table 10.13.
Table 10.13—Input for Application Cryptogram without Counters (V1.1/V1.3
Host Backwards Compatibility)
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
CVR V1.1/V1.3 6
2G.8.15
Compute Application Cryptogram
2G.8.16
Cryptogram Version Number := '10'
2G.8.17
IF 'Session Key Derivation' in Application Control = EMV CSK
THEN
GOTO 2G.8.18
ELSE
GOTO 2G.8.19
ENDIF
2G.8.18
'Session Key Used For AC Computation' in Cryptogram Version Number := EMV
CSK Session Key
2G.8.19
'Session Key Used For AC Computation' in Cryptogram Version Number :=
MasterCard Proprietary SKD Session Key
2G.8.20
IF 'Include Counters In AC' in Application Control is set
THEN
GOTO 2G.8.21
ELSE
GOTO 2G.8.22
ENDIF
2G.8.21
Set 'Counters Included In AC Computation' in Cryptogram Version Number
2G.8.22
IF ICC Dynamic Number (Terminal) = '0000000000000000'
THEN
DAC/ICC Dyn Nr := Data Authentication Code
ELSE
DAC/ICC Dyn Nr := ICC Dynamic Number (Terminal)[1 : 2]
ENDIF
2G.8.23
Build the response.
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 10.15 followed by
SW12 equal to '9000'.
Table 10.15—Response (V1.1/V1.3 Host Backwards Compatibility)
Tag Length Value
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F26' 8 Application Cryptogram
'9F10' 18 or 26 Issuer Application Data
2G.8.24
IF 'Torn Transaction Recovery' in Application Control is set
THEN
GOTO 2G.8.25
ELSE
GOTO 2G.8.26
ENDIF
2G.8.25
Clear CDA Transaction Flag (Recovery) (do not commit)
Application Cryptogram (Recovery) := Application Cryptogram (do not commit)
Application Transaction Counter (Recovery) := Application Transaction Counter (do
not commit)
Issuer Application Data (Recovery) := Issuer Application Data (do not commit)
Cryptogram Information Data (Recovery) := Cryptogram Information Data (do not
commit)
Unpredictable Number (Recovery) := Unpredictable Number (do not commit)
2G.8.26
Commit all the persistent data objects, that have a new value assigned but that have
not yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
2G.9
2.1/2.2
AC
1
Compute 2.1/2.2
CVR
Adjust CID
3
Session Key
EMV CSK
Derivation
MasterCard Proprietary
5
No
7 Set AC Session Key
Counter Error Limit
Increment CTRAC Exceeded in Security
Limits Status
8 6
Derive AC Session Build response
Key (MasterCard SW12 = '6985'
Proprietary)
2G.9
Compute AC
10
Build 2.1/2.2 Issuer
Application Data
11
Build response
SW12 = '9000'
12
Recover Torn
Yes Transactions
Enabled?
13
No
14
Commit persistent
data
2G.9.1
CALL Compute2.2CVR( )
2G.9.2
IF PIN Try Counter = '00'
THEN
Set 'Advice Required' in Cryptogram Information Data
'Reason/Advice code' in Cryptogram Information Data := PIN Try Limit
Exceeded
ELSE IF 'Unable To Go Online Indicated' in Card Verification Results is not set
AND ('Issuer Authentication Performed' in Card Verification Results is not set OR
('Issuer Authentication Performed' in Card Verification Results is set AND 'Issuer
Authentication Failed' in Card Verification Results is set))
THEN
'Reason/Advice code' in Cryptogram Information Data := Issuer
Authentication Failed
ENDIF
ENDIF
2G.9.3
IF 'Session Key Derivation' in Application Control = MasterCard Proprietary SKD
THEN
GOTO 2G.9.4
ELSE
GOTO 2G.9.9
ENDIF
2G.9.4
IF AC Session Key Counter ≥ AC Session Key Counter Limit
THEN
GOTO 2G.9.5
ELSE
GOTO 2G.9.7
ENDIF
2G.9.5
Set 'AC Session Key Counter Limit Exceeded' in Security Limits Status
2G.9.6
Build R-APDU consisting of SW12 equal to '6985'.
2G.9.7
AC Session Key Counter := AC Session Key Counter + 1
2G.9.8
Derive AC Session Key using the MasterCard Proprietary method
Refer to [SECURITY] for details.
2G.9.9
Build the input for Application Cryptogram generation as defined in Table 10.16.
Table 10.16—Input for Application Cryptogram (V2.1/V2.2 Host Backwards
Compatibility)
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
CVR V2.1/V2.2 4
2G.9.10
IF ICC Dynamic Number (Terminal) = '0000000000000000'
THEN
DAC/ICC Dyn Nr := Data Authentication Code
ELSE
DAC/ICC Dyn Nr := ICC Dynamic Number (Terminal)[1 : 2]
ENDIF
2G.9.11
Build the response.
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 10.18 followed by
SW12 equal to '9000'.
2G.9.12
IF 'Torn Transaction Recovery' in Application Control is set
THEN
GOTO 2G.9.13
ELSE
GOTO 2G.9.14
ENDIF
2G.9.13
Clear CDA Transaction Flag (Recovery) (do not commit)
Application Cryptogram (Recovery) := Application Cryptogram (do not commit)
Application Transaction Counter (Recovery) := Application Transaction Counter (do
not commit)
Issuer Application Data (Recovery) := Issuer Application Data V2.1/V2.2 (do not
commit)
Cryptogram Information Data (Recovery) := Cryptogram Information Data (do not
commit)
Unpredictable Number (Recovery) := Unpredictable Number (do not commit)
2G.9.14
Commit all the persistent data objects, that have a new value assigned but that have
not yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
2G.10
2.05
AC
1
Compute 2.05
CVR
Adjust CID
3
Session Key
EMV CSK
Derivation
MasterCard Proprietary
5
No
7 Set AC Session Key
Counter Error Limit
Increment CTRAC Exceeded in Security
Limits Status
8
6
Derive AC Session
Key (MasterCard Build response
Proprietary) SW12 = '6985'
2G.10
Compute AC
10
Build 2.05 Issuer
Application Date
11
Build response
SW12 = '9000'
12
Recover Torn
Yes Transactions
Enabled?
13
14
Commit persistent
data
2G.10.1
CALL Compute2.05CVR( )
2G.10.2
IF'Cryptogram Type' in Reference Control Parameter = TC
AND 'Type Of Cryptogram' in Cryptogram Information Data = AAC
AND 'Unable To Go Online Indicated' in Card Verification Results is not set
AND ('Issuer Authentication Performed' in Card Verification Results is not set OR
('Issuer Authentication Performed' in Card Verification Results is set AND 'Issuer
Authentication Failed' in Card Verification Results is set))
THEN
'Reason/Advice code' in Cryptogram Information Data := Issuer Authentication
Failed
ENDIF
2G.10.3
IF 'Session Key Derivation' in Application Control = MasterCard Proprietary SKD
THEN
GOTO 2G.10.4
ELSE
GOTO 2G.10.9
ENDIF
2G.10.4
IF AC Session Key Counter ≥ AC Session Key Counter Limit
THEN
GOTO 2G.10.5
ELSE
GOTO 2G.10.7
ENDIF
2G.10.5
Set 'AC Session Key Counter Limit Exceeded' in Security Limits Status
2G.10.6
Build R-APDU consisting of SW12 equal to '6985'.
2G.10.7
AC Session Key Counter := AC Session Key Counter + 1
2G.10.8
Derive AC Session Key using the MasterCard Proprietary method
Refer to [SECURITY] for details.
2G.10.9
Build the input to AC as defined in Table 10.19.
Table 10.19—Input for Application Cryptogram (V2.05 Host Backwards
Compatibility)
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
CVR V2.05 4
2G.10.10
IF ICC Dynamic Number (Terminal) = '0000000000000000'
THEN
DAC/ICC Dyn Nr := Data Authentication Code
ELSE
DAC/ICC Dyn Nr := ICC Dynamic Number (Terminal)[1 : 2]
ENDIF
2G.10.11
Build the response.
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 10.21 followed by
SW12 equal to '9000'.
Table 10.21—Response (V2.05 Host Backwards Compatibility)
Tag Length Value
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F26' 8 Application Cryptogram
'9F10' 9 Issuer Application Data V2.05
2G.10.12
IF 'Torn Transaction Recovery' in Application Control is set
THEN
GOTO 2G.10.13
ELSE
GOTO 2G.10.14
ENDIF
2G.10.13
Clear CDA Transaction Flag (Recovery) (do not commit)
Application Cryptogram (Recovery) := Application Cryptogram (do not commit)
Application Transaction Counter (Recovery) := Application Transaction Counter (do
not commit)
Issuer Application Data (Recovery) := Issuer Application Data V2.05 (do not commit)
Cryptogram Information Data (Recovery) := Cryptogram Information Data (do not
commit)
Unpredictable Number (Recovery) := Unpredictable Number (do not commit)
2G.10.14
Commit all the persistent data objects, that have a new value assigned but that have
not yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
2G.11
M4R2
CDA
2
Session Key
Derivation
EMV CSK
MasterCard Proprietary
4
No
Set AC Session Key
6
Counter Error Limit
Increment CTRAC Exceeded in Security
Limits Status
7 5
Derive AC Session Build response
Key (MasterCard SW12 = '6985'
Proprietary)
2G.11
1
8 9
10
No
Encrypt field
11
No
Include Yes
counters?
12
Include Last
15 No Online ATC? Yes
Build input to AC
without counters
13 14
Build input to AC Build input to AC
with counters with counters and
Last Online ATC
16
Compute AC
17
CVN = '10'
2G.11
18
EMV CSK
Session Key MasterCard Proprietary
Derivation
19 20
Set MasterCard
Set EMV CSK in CVN
Proprietary SKD in CVN
21
Yes
Include
counters?
22
Set Counters Included In
AC Computation in CVN
No
23
2G.11
24
Include
Yes Last Online ATC No
in IAD?
25 26
27
Compute Hash
Result
28
Build ICC Dynamic
Data
29
Compute Hash on
Dynamic Application
Data to be Signed
30
Compute RSA
Signature
2G.11
4
31
Build response
SW12 = '9000'
32
Recover Torn
Yes Transactions
Enabled?
33
34
Commit persistent
data
2G.11.1
CALL BuildCountersField( )
2G.11.2
IF 'Session Key Derivation' in Application Control = MasterCard Proprietary SKD
THEN
GOTO 2G.11.3
ELSE
GOTO 2G.11.8
ENDIF
2G.11.3
IF AC Session Key Counter ≥ AC Session Key Counter Limit
THEN
GOTO 2G.11.4
ELSE
GOTO 2G.11.6
ENDIF
2G.11.4
Set 'AC Session Key Counter Limit Exceeded' in Security Limits Status
2G.11.5
Build R-APDU consisting of SW12 equal to '6985'.
2G.11.6
AC Session Key Counter := AC Session Key Counter + 1
2G.11.7
Derive AC Session Key using the MasterCard Proprietary method
Refer to [SECURITY] for details.
2G.11.8
IF 'Encrypt Offline Counters' in Application Control is set
THEN
GOTO 2G.11.9
ELSE
GOTO 2G.11.10
ENDIF
2G.11.9
Compute variant session key for Plaintext/Encrypted Counters encryption.
Refer to [SECURITY] for details.
2G.11.10
Plaintext/Encrypted Counters := Encrypt (Plaintext/Encrypted Counters)
Refer to [SECURITY] for details.
2G.11.11
IF 'Include Counters In AC' in Application Control is set
THEN
GOTO 2G.11.12
ELSE
GOTO 2G.11.15
ENDIF
2G.11.12
IF 'Include Last Online ATC in IAD' in Application Control is set
THEN
GOTO 2G.11.14
ELSE
GOTO 2G.11.13
ENDIF
2G.11.13
Build the input for Application Cryptogram generation as defined in Table 10.22.
Table 10.22—Input for Application Cryptogram with Counters
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
Card Verification Results 6
Plaintext/Encrypted Counters 8 or 16
2G.11.14
Build the input for Application Cryptogram generation as defined in Table 10.23.
Table 10.23—Input for Application Cryptogram with Counters and Last Online
ATC
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
Card Verification Results 6
Plaintext/Encrypted Counters 8 or 16
Last Online ATC 2
2G.11.15
Build the input for Application Cryptogram generation as defined in Table 10.24.
Table 10.24—Input for Application Cryptogram without Counters or Last Online
ATC
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
Card Verification Results 6
2G.11.16
Compute Application Cryptogram
Refer to [SECURITY] for details.
2G.11.17
Cryptogram Version Number := '10'
2G.11.18
IF 'Session Key Derivation' in Application Control = EMV CSK
THEN
GOTO 2G.11.19
ELSE
GOTO 2G.11.20
ENDIF
2G.11.19
'Session Key Used For AC Computation' in Cryptogram Version Number := EMV
CSK Session Key
2G.11.20
'Session Key Used For AC Computation' in Cryptogram Version Number :=
MasterCard Proprietary SKD Session Key
2G.11.21
IF 'Include Counters In AC' in Application Control is set
THEN
GOTO 2G.11.22
ELSE
GOTO 2G.11.23
ENDIF
2G.11.22
Set 'Counters Included In AC Computation' in Cryptogram Version Number
2G.11.23
IF ICC Dynamic Number (Terminal) = '0000000000000000'
THEN
DAC/ICC Dyn Nr := Data Authentication Code
ELSE
DAC/ICC Dyn Nr := ICC Dynamic Number (Terminal)[1 : 2]
ENDIF
2G.11.24
IF 'Include Last Online ATC in IAD' in Application Control is set
THEN
GOTO 2G.11.25
ELSE
GOTO 2G.11.26
ENDIF
2G.11.25
Build Issuer Application Data as defined in Table 10.25.
Table 10.25—Issuer Application Data with Last Online ATC
Data Object Length
Key Derivation Index 1
Cryptogram Version Number 1
Card Verification Results 6
DAC/ICC Dyn Nr 2
Plaintext/Encrypted Counters 8 or 16
Last Online ATC 2
2G.11.26
Build Issuer Application Data as defined in Table 10.26.
Table 10.26—Issuer Application Data without Last Online ATC
Data Object Length
Key Derivation Index 1
Cryptogram Version Number 1
Card Verification Results 6
DAC/ICC Dyn Nr 2
Plaintext/Encrypted Counters 8 or 16
2G.11.27
Build the input for the computation of Hash Result as defined in Table 10.27.
Table 10.27—Input for Computation of Hash Result
Tag Length Value
– – PDOL Values
– – CDOL1 Related Data
– – CDOL2 Related Data
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F10' 18, 20, 26 or 28 Issuer Application Data
2G.11.28
Build ICC Dynamic Data as defined in Table 10.28.
Table 10.28—ICC Dynamic Data
Data Object Length
'08' (length of ICC Dynamic Number[9 : 16]) 1
ICC Dynamic Number[9 : 16] 8
Cryptogram Information Data 1
Application Cryptogram 8
Hash Result 20
2G.11.29
Build Dynamic Application Data To Be Signed as defined in Table 10.29.
Table 10.29—Dynamic Application Data To Be Signed
Data Object Length
'05' (signed data format) 1
'01'(hash algorithm indicator) 1
'26' (length of ICC Dynamic Data) 1
ICC Dynamic Data 38
Padding bytes 'BB' Length Of ICC Public Key Modulus – 63
Unpredictable Number 4
2G.11.30
Compute the Signed Dynamic Application Data.
Refer to [SECURITY] for details.
2G.11.31
Build the response.
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 10.30 followed by
SW12 equal to '9000'.
Table 10.30—Response
Tag length Value
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F4B' Length Of ICC Public Key Signed Dynamic Application Data
Modulus
'9F10' 18, 20, 26 or 28 Issuer Application Data
2G.11.32
IF 'Torn Transaction Recovery' in Application Control is set
THEN
GOTO 2G.11.33
ELSE
GOTO 2G.11.34
ENDIF
2G.11.33
Set CDA Transaction Flag (Recovery) (do not commit)
Application Cryptogram (Recovery) := Application Cryptogram (do not commit)
Application Transaction Counter (Recovery) := Application Transaction Counter (do
not commit)
Issuer Application Data (Recovery) := Issuer Application Data (do not commit)
Cryptogram Information Data (Recovery) := Cryptogram Information Data (do not
commit)
Unpredictable Number (Recovery) := Unpredictable Number (do not commit)
Hash Result (Recovery) := Hash Result (do not commit)
2G.11.34
Commit all the persistent data objects, that have a new value assigned but that have
not yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
2G.12
1.1/1.3
CDA
1
Compute 1.1/1.3
CVR
3
Session Key
EMV CSK
Derivation
MasterCard Proprietary
5
No Set AC Session Key
7 Counter Error Limit
Exceeded in Security
Increment CTRAC
Limits Status
8
6
Derive AC Session
Key (MasterCard Build response
Proprietary) SW12 = '6985'
2G.12
9 10
11
No
Encrypt field
12 13
Include Yes
Build input to AC
counters? with counters
No
14
Build input to AC
without counters
15
Compute AC
16
CVN = '10'
2G.12
17
EMV CSK
Session Key MasterCard Proprietary
Derivation
18 19
Set MasterCard
Set EMV CSK in CVN
Proprietary SKD in CVN
20
Yes
Include
counters?
21
No
Set Counters Included In
AC Computation in CVN
22
Build Issuer
Application Data
23
Compute Hash
Result
2G.12
24
Build ICC Dynamic
Data
25
Compute Hash on
Dynamic Application
Data to be Signed
26
Compute RSA
Signature
27
Build response
SW12 = '9000'
28
Recover Torn
Yes Transactions
Enabled?
29
No
30
Commit persistent
data
2G.12.1
CALL Compute41.1CVR( )
2G.12.2
CALL BuildCountersField( )
2G.12.3
IF 'Session Key Derivation' in Application Control = MasterCard Proprietary SKD
THEN
GOTO 2G.12.4
ELSE
GOTO 2G.12.9
ENDIF
2G.12.4
IF AC Session Key Counter ≥ AC Session Key Counter Limit
THEN
GOTO 2G.12.5
ELSE
GOTO 2G.12.7
ENDIF
2G.12.5
Set 'AC Session Key Counter Limit Exceeded' in Security Limits Status
2G.12.6
Build R-APDU consisting of SW12 equal to '6985'.
2G.12.7
AC Session Key Counter := AC Session Key Counter + 1
2G.12.8
Derive AC Session Key using the MasterCard Proprietary method
Refer to [SECURITY] for details.
2G.12.9
IF 'Encrypt Offline Counters' in Application Control is set
THEN
GOTO 2G.12.10
ELSE
GOTO 2G.12.12
ENDIF
2G.12.10
Compute variant session key for Plaintext/Encrypted Counters encryption.
Refer to [SECURITY] for details.
2G.12.11
Plaintext/Encrypted Counters := Encrypt (Plaintext/Encrypted Counters)
Refer to [SECURITY] for details.
2G.12.12
IF 'Include Counters In AC' in Application Control is set
THEN
GOTO 2G.12.13
ELSE
GOTO 2G.12.14
ENDIF
2G.12.13
Build the input for Application Cryptogram generation as defined in Table 10.31.
Table 10.31—Input for Application Cryptogram with Counters (V1.1/V1.3 Host
Backwards Compatibility)
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
CVR V1.1/V1.3 6
Plaintext/Encrypted Counters 8 or 16
2G.12.14
Build the input for Application Cryptogram generation as defined in Table 10.32.
Table 10.32—Input for Application Cryptogram without Counters (V1.1/V1.3
Host Backwards Compatibility)
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
CVR V1.1/V1.3 6
2G.12.15
Compute Application Cryptogram
Refer to [SECURITY] for details.
2G.12.16
Cryptogram Version Number := '10'
2G.12.17
IF 'Session Key Derivation' in Application Control = EMV CSK
THEN
GOTO 2G.12.18
ELSE
GOTO 2G.12.19
ENDIF
2G.12.18
'Session Key Used For AC Computation' in Cryptogram Version Number := EMV
CSK Session Key
2G.12.19
'Session Key Used For AC Computation' in Cryptogram Version Number :=
MasterCard Proprietary SKD Session Key
2G.12.20
IF 'Include Counters In AC' in Application Control is set
THEN
GOTO 2G.12.21
ELSE
GOTO 2G.12.22
ENDIF
2G.12.21
Set 'Counters Included In AC Computation' in Cryptogram Version Number
2G.12.22
IF ICC Dynamic Number (Terminal) = '0000000000000000'
THEN
DAC/ICC Dyn Nr := Data Authentication Code
ELSE
DAC/ICC Dyn Nr := ICC Dynamic Number (Terminal)[1 : 2]
ENDIF
2G.12.23
Build the input for the computation of Hash Result as defined in Table 10.34.
Table 10.34—Input for Computation of Hash Result
Tag Length Value
– – PDOL Values
– – CDOL1 Related Data
– – CDOL2 Related Data
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F10' 18 or 26 Issuer Application Data
2G.12.24
Build ICC Dynamic Data as defined in Table 10.35.
Table 10.35—ICC Dynamic Data
Data Object Length
'08' (length of ICC Dynamic Number[9 : 16]) 1
ICC Dynamic Number[9 : 16] 8
Cryptogram Information Data 1
Application Cryptogram 8
Hash Result 20
2G.12.25
Build Dynamic Application Data To Be Signed as defined in Table 10.36.
Table 10.36—Dynamic Application Data To Be Signed
Data Object Length
'05' (signed data format) 1
'01'(hash algorithm indicator) 1
'26' (length of ICC Dynamic Data) 1
ICC Dynamic Data 38
Padding bytes 'BB' Length Of ICC Public Key Modulus – 63
Unpredictable Number 4
2G.12.26
Compute the Signed Dynamic Application Data.
Refer to [SECURITY] for details.
2G.12.27
Build the response.
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 10.37 followed by
SW12 equal to '9000'.
Table 10.37—Response (V1.1/V1.3 Host Backwards Compatibility)
Tag length Value
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F4B' Length Of ICC Public Signed Dynamic Application Data
Key Modulus
'9F10' 18 or 26 Issuer Application Data
2G.12.28
IF 'Torn Transaction Recovery' in Application Control is set
THEN
GOTO 2G.12.29
ELSE
GOTO 2G.12.30
ENDIF
2G.12.29
Set CDA Transaction Flag (Recovery) (do not commit)
Application Cryptogram (Recovery) := Application Cryptogram (do not commit)
Application Transaction Counter (Recovery) := Application Transaction Counter (do
not commit)
Issuer Application Data (Recovery) := Issuer Application Data (do not commit)
Cryptogram Information Data (Recovery) := Cryptogram Information Data (do not
commit)
Unpredictable Number (Recovery) := Unpredictable Number (do not commit)
Hash Result (Recovery) := Hash Result (do not commit)
2G.12.30
Commit all the persistent data objects, that have a new value assigned but that have
not yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
2G.13
2.1/2.2
CDA
1
Compute 2.1/2.2
CVR
Adjust CID
3
Session Key
EMV CSK
Derivation
MasterCard Proprietary
5
No Set AC Session Key
7
Counter Error Limit
Increment CTRAC Exceeded in Security
Limits Status
8
6
Derive AC Session
Build response
Key (MasterCard
SW12 = '6985'
Proprietary)
2G.13
Compute AC
10
Build 2.1/2.2 Issuer
Application Data
11
Compute Hash
Result
12
Build ICC Dynamic
Data
13
Compute Hash on
Dynamic Application
Data to be Signed
14
Compute RSA
Signature
2G.13
15
Build response
SW12 = '9000'
16
Recover Torn
Yes Transactions
Enabled?
17
No
Update recovery data
18
Commit persistent
data
2G.13.1
CALL Compute2.2CVR( )
2G.13.2
IF PINTry Counter = '00'
THEN
Set 'Advice Required' in Cryptogram Information Data
'Reason/Advice code' in Cryptogram Information Data := PIN Try Limit
Exceeded
ELSE IF 'Unable To Go Online Indicated' in Card Verification Results is not set
AND ('Issuer Authentication Performed' in Card Verification Results is not set OR
('Issuer Authentication Performed' in Card Verification Results is set AND 'Issuer
Authentication Failed' in Card Verification Results is set))
THEN
'Reason/Advice code' in Cryptogram Information Data := Issuer
Authentication Failed
ENDIF
ENDIF
2G.13.3
IF 'Session Key Derivation' in Application Control = MasterCard Proprietary SKD
THEN
GOTO 2G.13.4
ELSE
GOTO 2G.13.9
ENDIF
2G.13.4
IF AC Session Key Counter ≥ AC Session Key Counter Limit
THEN
GOTO 2G.13.5
ELSE
GOTO 2G.13.7
ENDIF
2G.13.5
Set 'AC Session Key Counter Limit Exceeded' in Security Limits Status
2G.13.6
Build R-APDU consisting of SW12 equal to '6985'.
2G.13.7
AC Session Key Counter := AC Session Key Counter + 1
2G.13.8
Derive AC Session Key using the MasterCard Proprietary method
Refer to [SECURITY] for details.
2G.13.9
Build the input for Application Cryptogram generation as defined in Table 10.38.
Table 10.38—Input for Application Cryptogram (V2.1/V2.2 Host Backwards
Compatibility)
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
CVR V2.1/V2.2 4
2G.13.10
IF ICC Dynamic Number (Terminal) = '0000000000000000'
THEN
DAC/ICC Dyn Nr := Data Authentication Code
ELSE
DAC/ICC Dyn Nr := ICC Dynamic Number (Terminal)[1 : 2]
ENDIF
2G.13.11
Build the input for the computation of Hash Result as defined in Table 10.40.
Table 10.40—Input for Computation of Hash Result
Tag Length Value
– – PDOL Values
– – CDOL1 Related Data
– – CDOL2 Related Data
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F10' 8 Issuer Application Data V2.1/V2.2
2G.13.12
Build ICC Dynamic Data as defined in Table 10.41.
Table 10.41—ICC Dynamic Data
Data Object Length
'08' (length of ICC Dynamic Number[9 : 16]) 1
ICC Dynamic Number[9 : 16] 8
Cryptogram Information Data 1
Application Cryptogram 8
Hash Result 20
2G.13.13
Build Dynamic Application Data To Be Signed as defined in Table 10.42.
Table 10.42—Dynamic Application Data To Be Signed
Data Object Length
'05' (signed data format) 1
'01'(hash algorithm indicator) 1
'26' (length of ICC Dynamic Data) 1
ICC Dynamic Data 38
Padding bytes 'BB' Length Of ICC Public Key Modulus – 63
Unpredictable Number 4
2G.13.14
Compute the Signed Dynamic Application Data.
Refer to [SECURITY] for details.
2G.13.15
Build the response.
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 10.43 followed by
SW12 equal to '9000'.
Table 10.43—Response (V2.1/V2.2 Host Backwards Compatibility)
Tag Length Value
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F4B' Length Of ICC Public Signed Dynamic Application Data
Key Modulus
'9F10' 8 Issuer Application Data V2.1/V2.2
2G.13.16
IF 'Torn Transaction Recovery' in Application Control is set
THEN
GOTO 2G.13.17
ELSE
GOTO 2G.13.18
ENDIF
2G.13.17
Set CDA Transaction Flag (Recovery) (do not commit)
Application Cryptogram (Recovery) := Application Cryptogram (do not commit)
Application Transaction Counter (Recovery) := Application Transaction Counter (do
not commit)
Issuer Application Data (Recovery) := Issuer Application Data V2.1/V2.2 (do not
commit)
Cryptogram Information Data (Recovery) := Cryptogram Information Data (do not
commit)
Unpredictable Number (Recovery) := Unpredictable Number (do not commit)
Hash Result (Recovery) := Hash Result (do not commit)
2G.13.18
Commit all the persistent data objects, that have a new value assigned but that have
not yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
2G.14
2.05
CDA
1
Compute 2.05
CVR
Adjust CID
3
Session Key
EMV CSK
Derivation
MasterCard Proprietary
5
No
7 Set AC Session Key
Counter Error Limit
Increment CTRAC Exceeded in Security
Limits Status
8
6
Derive AC Session
Key (MasterCard Build response
Proprietary) SW12 = '6985'
2G.14
Compute AC
10
Build 2.05 Issuer
Application Data
11
Compute Hash
Result
12
Build ICC Dynamic
Data
13
Compute Hash on
Dynamic Application
Data to be Signed
14
Compute RSA
Signature
2G.14
15
Build response
SW12 = '9000'
16
Recover Torn
Yes Transactions
Enabled?
17
18
Commit persistent
data
2G.14.1
CALL Compute2.05CVR( )
2G.14.2
IF'Cryptogram Type' in Reference Control Parameter = TC
AND 'Type Of Cryptogram' in Cryptogram Information Data = AAC
AND 'Unable To Go Online Indicated' in Card Verification Results is not set
AND ('Issuer Authentication Performed' in Card Verification Results is not set OR
('Issuer Authentication Performed' in Card Verification Results is set AND 'Issuer
Authentication Failed' in Card Verification Results is set))
THEN
'Reason/Advice code' in Cryptogram Information Data := Issuer Authentication
Failed
ENDIF
2G.14.3
IF 'Session Key Derivation' in Application Control = MasterCard Proprietary SKD
THEN
GOTO 2G.14.4
ELSE
GOTO 2G.14.9
ENDIF
2G.14.4
IF AC Session Key Counter ≥ AC Session Key Counter Limit
THEN
GOTO 2G.14.5
ELSE
GOTO 2G.14.7
ENDIF
2G.14.5
Set 'AC Session Key Counter Limit Exceeded' in Security Limits Status
2G.14.6
Build R-APDU consisting of SW12 equal to '6985'.
2G.14.7
AC Session Key Counter := AC Session Key Counter + 1
2G.14.8
Derive AC Session Key using the MasterCard Proprietary method
Refer to [SECURITY] for details.
2G.14.9
Build the input to AC as defined in Table 10.44.
Table 10.44—Input for Application Cryptogram (V2.05 Host Backwards
Compatibility)
Data Object Length
Amount, Authorized (Numeric) 6
Amount, Other (Numeric) 6
Terminal Country Code 2
Terminal Verification Results 5
Transaction Currency Code 2
Transaction Date 3
Transaction Type 1
Unpredictable Number 4
Application Interchange Profile 2
Application Transaction Counter 2
CVR V2.05 4
2G.14.10
IF ICC Dynamic Number (Terminal) = '0000000000000000'
THEN
DAC/ICC Dyn Nr := Data Authentication Code
ELSE
DAC/ICC Dyn Nr := ICC Dynamic Number (Terminal)[1 : 2]
ENDIF
2G.14.11
Build the input for the computation of Hash Result as defined in Table 10.46.
Table 10.46—Input for Computation of Hash Result
Tag Length Value
– – PDOL Values
– – CDOL1 Related Data
– – CDOL2 Related Data
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F10' 9 Issuer Application Data V2.05
2G.14.12
Build ICC Dynamic Data as defined in Table 10.47.
Table 10.47—ICC Dynamic Data
Data Object Length
'08' (length of ICC Dynamic Number[9 : 16]) 1
ICC Dynamic Number[9 : 16] 8
Cryptogram Information Data 1
Application Cryptogram 8
Hash Result 20
2G.14.13
Build Dynamic Application Data To Be Signed as defined in Table 10.48.
Table 10.48—Dynamic Application Data To Be Signed
Data Object Length
'05' (signed data format) 1
'01'(hash algorithm indicator) 1
'26' (length of ICC Dynamic Data) 1
ICC Dynamic Data 38
Padding bytes 'BB' Length Of ICC Public Key Modulus – 63
Unpredictable Number 4
2G.14.14
Compute the Signed Dynamic Application Data.
Refer to [SECURITY] for details.
2G.14.15
Build the response.
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 10.49 followed by
SW12 equal to '9000'.
Table 10.49—Response (V2.05 Host Backwards Compatibility)
Tag Length Value
'9F27' 1 Cryptogram Information Data
'9F36' 2 Application Transaction Counter
'9F4B' Length Of ICC Public Signed Dynamic Application Data
Key Modulus
'9F10' 9 Issuer Application Data V2.05
2G.14.16
IF 'Torn Transaction Recovery' in Application Control is set
THEN
GOTO 2G.14.17
ELSE
GOTO 2G.14.18
ENDIF
2G.14.17
Set CDA Transaction Flag (Recovery) (do not commit)
Application Cryptogram (Recovery) := Application Cryptogram (do not commit)
Application Transaction Counter (Recovery) := Application Transaction Counter (do
not commit)
Issuer Application Data (Recovery) := Issuer Application Data V2.05 (do not commit)
Cryptogram Information Data (Recovery) := Cryptogram Information Data (do not
commit)
Unpredictable Number (Recovery) := Unpredictable Number (do not commit)
Hash Result (Recovery) := Hash Result (do not commit)
2G.14.18
Commit all the persistent data objects, that have a new value assigned but that have
not yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
GC
GET CHALLENGE
1
Update Get Challenge
Flag
2
P1-P2 NOK
3
Build response
OK SW12 = '6A86'
4
Compute
challenge
5
Set Get Challenge
Flag
6
Build response
SW12 = '9000'
GC.1
'Challenge Availability' in Get Challenge Flag := 'Successful Get Challenge' in Get
Challenge Flag
Clear 'Successful Get Challenge' in Get Challenge Flag
GC.2
IF P1|P2 ≠ '0000'
THEN
GOTO GC.3
ELSE
GOTO GC.4
ENDIF
GC.3
Build R-APDU consisting of SW12 equal to '6A86'.
GC.4
Compute the ICC Unpredictable Number. The pseudo-random number generator
used for this computation is proprietary and left to the implementation provided it
passes MasterCard's security evaluation.
GC.5
Set 'Successful Get Challenge' in Get Challenge Flag
GC.6
Build the response.
The response message is the ICC Unpredictable Number as shown in Table 11.2,
followed by SW12 equal to '9000'.
Table 11.2—Get Challenge Response
Data Object Length
ICC Unpredictable Number 8
Single byte tags are preceded with a leading '00' byte to fill P1|P2.
Table 12.2 lists the tag values supported in the GET DATA command message
Table 12.2—Supported P1|P2 Values for Get Data Command
P1|P2 Data Length
'DF3B' Accumulator 1 Amount 6
'DF11' Accumulator 1 Control (Contact) 1
'DF12' Accumulator 1 Control (Contactless) 1
'00C9' Accumulator 1 Currency Code 2
'00D1' Accumulator 1 Currency Conversion Table 25
'DF28' Accumulator 1 CVR Dependency Data (Contact) 3
'DF29' Accumulator 1 CVR Dependency Data (Contactless) 3
'00CA' Accumulator 1 Lower Limit 6
'00CB' Accumulator 1 Upper Limit 6
'DF13' Accumulator 2 Amount 6
'DF14' Accumulator 2 Control (Contact) 1
'DF15' Accumulator 2 Control (Contactless) 1
'DF16' Accumulator 2 Currency Code 2
'DF17' Accumulator 2 Currency Conversion Table 25
'DF2A' Accumulator 2 CVR Dependency Data (Contact) 3
'DF2B' Accumulator 2 CVR Dependency Data (Contactless) 3
'DF18' Accumulator 2 Lower Limit 6
'DF19' Accumulator 2 Upper Limit 6
'00D3' Additional Check Table 18
'00D5' Application Control (Contact) 6
'00D7' Application Control (Contactless) 6
'0094' Application File Locator (Contact) Variable
'00D9' Application File Locator (Contactless) Variable
'0082' Application Interchange Profile (Contact) 2
'00D8' Application Interchange Profile (Contactless) 2
'9F7E' Application Life Cycle Data 48
'00C3' Card Issuer Action Code (Contact) – Decline 3
'00C4' Card Issuer Action Code (Contact) – Default 3
GD
GET DATA
1
Update Get Challenge
Flag
2
Acc 1 Yes
Amount
3
No Show? Yes
4
No
Acc 2 Yes
Amount
5
No
Show? Yes
6
No
Cntr 1 Yes
Number
7
Show? Yes
No
8 No
Cntr 2 Yes
Number
9
Show? Yes
No
No
10 11
Build response Build response
SW12 = '6985' SW12 = '9000'
GD
1
12
Balance? Yes
14
13
No Build response
allowed? No
SW12 = '6985'
Yes
15
Balance?
16 17
Compute Acc 1 Build response
Acc 1
balance SW12 = '9000'
18 19
Compute Acc 2 Build response
Acc 2
balance SW12 = '9000'
20 21
Compute Cntr 1 Build response
Cntr 1
balance SW12 = '9000'
22 23
Compute Cntr 2 Build response
2 Cntr 2
balance SW12 = '9000'
GD
2
24
OK P1-P2 NOK
26 25
Build response Build response
SW12 = '9000' SW12 = '6A88'
GD.1
'Challenge Availability' in Get Challenge Flag := 'Successful Get Challenge' in Get
Challenge Flag
Clear 'Successful Get Challenge' in Get Challenge Flag
GD.2
IF P1|P2 = 'DF3B'
THEN
GOTO GD.3
ELSE
GOTO GD.4
ENDIF
GD.3
IF 'Show' in Accumulator 1 Control is set
THEN
GOTO GD.11
ELSE
GOTO GD.10
ENDIF
GD.4
IF P1|P2 = 'DF13'
THEN
GOTO GD.5
ELSE
GOTO GD.6
ENDIF
GD.5
IF 'Show' in Accumulator 2 Control is set
THEN
GOTO GD.11
ELSE
GOTO GD.10
ENDIF
GD.6
IF P1|P2 = 'DF1C'
THEN
GOTO GD.7
ELSE
GOTO GD.8
ENDIF
GD.7
IF 'Show' in Counter 1 Control is set
THEN
GOTO GD.11
ELSE
GOTO GD.10
ENDIF
GD.8
IF P1|P2 = 'DF20'
THEN
GOTO GD.9
ELSE
GOTO GD.12
ENDIF
GD.9
IF 'Show' in Counter 2 Control is set
THEN
GOTO GD.11
ELSE
GOTO GD.10
ENDIF
GD.10
Build R-APDU consisting of SW12 equal to '6985'.
GD.11
Build the response message template containing the requested data object, TLV-
coded.
Build the R-APDU consisting of the response message template and SW12 equal to
'9000'.
GD.12
Check if the data object indicated in the command is the Offline Accumulator Balance
1, Offline Accumulator Balance 2, Offline Counter Balance 1 or Offline Counter
Balance 2.
GD.13
IF 'Allow Retrieval Of Balance' in Application Control is set
THEN
GOTO GD.15
ELSE
GOTO GD.14
ENDIF
GD.14
Build R-APDU consisting of SW12 equal to '6985'.
GD.15
IF P1|P2 = '9F50'
THEN
GOTO GD.16
ELSE IF P1|P2 = '9F58'
THEN
GOTO GD.18
ELSE IF P1|P2 = '9F7A'
THEN
GOTO GD.20
ELSE
GOTO GD.22
ENDIF
ENDIF
ENDIF
GD.16
IF Accumulator 1 Amount < Accumulator 1 Upper Limit
THEN
Offline Accumulator Balance 1 := Accumulator 1 Upper Limit – Accumulator 1
Amount
ELSE
Offline Accumulator Balance 1 := '000000000000'
ENDIF
GD.17
Build the response message template containing the Offline Accumulator Balance 1,
TLV-coded.
Build the R-APDU consisting of the response message template and SW12 equal to
'9000'.
GD.18
IF Accumulator 2 Amount < Accumulator 2 Upper Limit
THEN
Offline Accumulator Balance 2 := Accumulator 2 Upper Limit – Accumulator 2
Amount
ELSE
Offline Accumulator Balance 2 := '000000000000'
ENDIF
GD.19
Build the response message template containing the Offline Accumulator Balance 2,
TLV-coded.
Build the R-APDU consisting of the response message template and SW12 equal to
'9000'.
GD.20
IF Counter 1 Number < Counter 1 Upper Limit
THEN
Offline Counter Balance 1 := Counter 1 Upper Limit – Counter 1 Number
ELSE
Offline Counter Balance 1 := '00'
ENDIF
GD.21
Build the response message template containing the Offline Counter Balance 1, TLV-
coded.
Build the R-APDU consisting of the response message template and SW12 equal to
'9000'.
GD.22
IF Counter 2 Number < Counter 2 Upper Limit
THEN
Offline Counter Balance 2 := Counter 2 Upper Limit – Counter 2 Number
ELSE
Offline Counter Balance 2 := '00'
ENDIF
GD.23
Build the response message template containing the Offline Counter Balance 2, TLV-
coded.
Build the R-APDU consisting of the response message template and SW12 equal to
'9000'.
GD.24
IF P1|P2 is an accepted tag (as listed in Table 12.2)
THEN
GOTO GD.26
ELSE
GOTO GD.25
ENDIF
GD.25
Build R-APDU consisting of SW12 equal to '6A88'.
GD.26
Build the response message template containing the requested data object, TLV-
coded.
Build the R-APDU consisting of the response message template and SW12 equal to
'9000'.
Table 13.2 specifies the PDOL Related Data when the MAS4C Transaction Flow is
not activated.
Table 13.2—PDOL Related Data When MAS4C Transaction Flow is Not
Activated
Tag Length
'83' '00'
Table 13.3 specifies the PDOL Related Data when the MAS4C Transaction Flow is
activated.
Table 13.3—PDOL Related Data when MAS4C Transaction Flow is Activated
Tag Length Value
'83' '05' Value of '9F40' (Additional Terminal
Capabilities)
GPO
GET PROCESSING
OPTIONS
1
Update Get
Challenge Flag
3
2
Build response
P1-P2 NOK
SW12 = '6A86'
OK
4
5
Yes MAS4C No
6 7
Lc = 7? No No Lc = 2?
8
Build response
SW12 = '6700'
Yes Yes
1 2
GPO
1 2
9 10
Test PDOL NOK NOK Test PDOL
data data
OK OK
12 11 12a
Retrieve ATeC Build response
Set PDOL Values
Set PDOL Values SW12 = '6985'
OK
13 14
Build response
Test ATC NOK
SW12 = '6985'
OK
GPO
15
Increment Application
Transaction Counter
16
17
Build Response
SW12 = '9000'
GPO.1
'Challenge Availability' in Get Challenge Flag := 'Successful Get Challenge' in Get
Challenge Flag
Clear 'Successful Get Challenge' in Get Challenge Flag
GPO.2
IF P1|P2 ≠ '0000'
THEN
GOTO GPO.3
ELSE
GOTO GPO.4
ENDIF
GPO.3
Build R-APDU consisting of SW12 equal to '6A86'.
GPO.4
Clear the global transient data objects. The global transient data objects are listed in
chapter 4.
GPO.5
IF 'MAS4C Processing Flow' in Application Control is set
THEN
GOTO GPO.6
ELSE
GOTO GPO.7
ENDIF
GPO.6
IF Lc = 7
THEN
GOTO GPO.9
ELSE
GOTO GPO.8
ENDIF
GPO.7
IF Lc = 2
THEN
GOTO GPO.10
ELSE
GOTO GPO.8
ENDIF
GPO.8
Build R-APDU consisting of SW12 equal to '6700'.
GPO.9
IF PDOL Related Data[1 : 2] = '8305'
THEN
GOTO GPO.12
ELSE
GOTO GPO.11
ENDIF
GPO.10
IF PDOL Related Data = '8300'
THEN
GOTO GPO.12a
ELSE
GOTO GPO.11
ENDIF
GPO.11
Build R-APDU consisting of SW12 equal to '6985'.
GPO.12
ATeC := PDOL Related Data[3 : 4]
PDOL Values := PDOL Related Data[3 : 7]
GPO.12a
Store empty byte string in PDOL Values
GPO.13
IF Application Transaction Counter >= Application Transaction Counter Limit
THEN
GOTO GPO.14
ELSE
GOTO GPO.15
ENDIF
GPO.14
Build R-APDU consisting of SW12 equal to '6985'.
GPO.15
Application Transaction Counter := Application Transaction Counter + 1
GPO.16
Compute the ICC Dynamic Number using the ICC Dynamic Number Master Key as
follows:
ICC Dynamic Number := (IDNL | IDNR)
Where:
IDNL := DES3(MKIDN)[(ATC | 'FF' | '00' | '00' | '00' | '00' | '00')]
IDNR := DES3(MKIDN)[(ATC | '00' | '00' | '00' | '00' | '00' | '00')]
GPO.17
Build the response.
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 13.5 followed by SW12
equal to '9000'.
Table 13.5—Get Processing Options Response
Tag Length Description
'82' 2 Application Interchange Profile
'94' variable Application File Locator
IA
INTERNAL
AUTHENTICATE
1
Update Get Challenge
Flag
3
2
Build response
P1-P2 NOK
SW12 = '6A86'
OK
5
4
Build response
Lc NOK
SW12 = '6700'
6
7
Internal
Authentication Yes
Build response
Performed Flag SW12 = '6985'
set?
No
IA
8
Retrieve DDOL
Related Data
10
Build Dynamic
Application Data to
be Signed
11
Sign Dynamic
Application Data to
be Signed
12
Set Internal
Authentication
Performed Flag
13
Build response
SW12 = '9000'
IA.1
'Challenge Availability' in Get Challenge Flag := 'Successful Get Challenge' in Get
Challenge Flag
Clear 'Successful Get Challenge' in Get Challenge Flag
IA.2
IF P1|P2 ≠ '0000'
THEN
GOTO IA.3
ELSE
GOTO IA.4
ENDIF
IA.3
Build R-APDU consisting of SW12 equal to '6A86'.
IA.4
IF Lc ≠ '04'
THEN
GOTO IA.5
ELSE
GOTO IA.6
ENDIF
IA.5
Build R-APDU consisting of SW12 equal to '6700'.
IA.6
IF Internal Authentication Performed Flag is set
THEN
GOTO IA.7
ELSE
GOTO IA.8
ENDIF
IA.7
Build R-APDU consisting of SW12 equal to '6985'.
IA.8
Unpredictable Number := DDOL Related Data
IA.9
ICC Dynamic Data := '08' | ICC Dynamic Number[9 : 16]
IA.10
Build Dynamic Application Data To Be Signed as defined in Table 14.3.
Table 14.3—Dynamic Application Data To Be Signed
Data Object Length
'05' (signed data format) 1
'01'(hash algorithm indicator) 1
'09' (length of ICC Dynamic Data) 1
ICC Dynamic Data 9
Padding bytes 'BB' Length Of ICC Public Key Modulus – 34
Unpredictable Number 4
IA.11
The Dynamic Application Data To Be Signed is signed as specified in [SECURITY].
IA.12
Set Internal Authentication Performed Flag
IA.13
Build the response.
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 14.4 followed by SW12
equal to '9000'.
Table 14.4—Internal Authenticate Response
Tag Length Value
'9F4B' Length Of ICC Public Signed Dynamic Application Data
Key Modulus
IU
ISSUER UPDATES
1
Update Get Challenge
Flag
3
2
Build response
P1-P2 NOK
SW12 = '6A86'
OK
4 5
Build response
Lc NOK
SW12 = '6700'
OK
6 7
Script Failed Yes
Build response
Flag set? SW12 = '6982'
No
8
Set Script Failed
Flag
9
Set Script Failed in
PTH
IU
10
11 13
Set SMI Session Key
CTRSMI < LIMSMI No Counter Limit Exceeded in
Security Limits Status
14
Yes
Build response
12 SW12 = '6985'
Retrieve MAC and
Issuer Updates Data 15
Commit persistent
data
IU
16
Session Key
EMV CSK MasterCard Proprietary
Derivation
method
17
SMI CSK
No
key present?
19 22
18 20 23
Derive SMI Session
New SMI Key Flag = 0 Derive SMI Session
Key (MasterCard
Key (EMV CSK)
Proprietary SKD)
21 24
SMI CSK Key Present SMI CSK Key Present
Flag = 1 Flag = 0
New SMI Key Flag = 1 New SMI Key Flag = 1
IU
3
25
Verify NOK
MAC
OK
27
Build response
26 SW12 = '6982'
New SMI Key
Flag = 1? 28
Commit persistent
No
Yes data
29
Decrement CTRSMI
30
Check format of Issuer
Updates Data
31
Format of Issuer NOK 36
Updates Data
Build response
SW12 = '6985'
OK
32
37
Set Issuer Updates
Received Flag Commit persistent
data
IU
33
Increment Rand
34
Build response
SW12 = '9000'
35
Commit persistent
data
IU.1
'Challenge Availability' in Get Challenge Flag := 'Successful Get Challenge' in Get
Challenge Flag
Clear 'Successful Get Challenge' in Get Challenge Flag
IU.2
IF P1|P2 ≠ '0000'
THEN
GOTO IU.3
ELSE
GOTO IU.4
ENDIF
IU.3
Build R-APDU consisting of SW12 equal to '6A86'.
IU.4
IF Lc < 11
THEN
GOTO IU.5
ELSE
GOTO IU.6
ENDIF
IU.5
Build R-APDU consisting of SW12 equal to '6700'.
IU.6
IF Script Failed Flag is set
THEN
GOTO IU.7
ELSE
GOTO IU.8
ENDIF
IU.7
Build R-APDU consisting of SW12 equal to '6982'.
IU.8
Set Script Failed Flag
IU.9
Set 'Script Failed' in Previous Transaction History (do not commit)
IU.10
Set 'Script Received' in Previous Transaction History (do not commit)
IU.11
IF SMI Session Key Counter < SMI Session Key Counter Limit
THEN
GOTO IU.12
ELSE
GOTO IU.13
ENDIF
IU.12
Retrieve MAC and Issuer Updates Data from the ISSUER UPDATES command
message.
IU.13
Set 'SMI Session Key Counter Limit Exceeded' in Security Limits Status
IU.14
Build R-APDU consisting of SW12 equal to '6985'.
IU.15
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
IU.16
IF 'Session Key Derivation' in Application Control = EMV CSK
THEN
GOTO IU.17
ELSE
GOTO IU.22
ENDIF
IU.17
IF SMI CSK Key Present Flag is set
THEN
GOTO IU.18
ELSE
GOTO IU.19
ENDIF
IU.18
Clear New SMI Key Flag
IU.19
SMI Session Key Counter := SMI Session Key Counter + 1
IU.20
Derive new SMI Session Key according to the EMV CSK method.
Refer to [SECURITY] for details.
IU.21
Set SMI CSK Key Present Flag
Set New SMI Key Flag
IU.22
SMI Session Key Counter := SMI Session Key Counter + 1
IU.23
Derive new SMI Session Key according to the MasterCard Proprietary SKD method.
Refer to [SECURITY] for details.
IU.24
Clear SMI CSK Key Present Flag
Set New SMI Key Flag
IU.25
Verify the MAC on the ISSUER UPDATES command.
Refer to [SECURITY] for details.
IU.26
IF New SMI Key Flag is set
THEN
GOTO IU.29
ELSE
GOTO IU.30
ENDIF
IU.27
Build R-APDU consisting of SW12 equal to '6982'.
IU.28
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
IU.29
SMI Session Key Counter := SMI Session Key Counter – 1
IU.30
Return Value := CALL CheckIssuerUpdates( )
IU.31
IF Return Value
THEN
GOTO IU.32
ELSE
GOTO IU.36
ENDIF
IU.32
Set Issuer Updates Received Flag
IU.33
IF Rand = 'FFFFFFFFFFFFFFFF'
THEN
Rand := '0000000000000000'
ELSE
Rand := Rand + 1
ENDIF
Rand is used for the verification of the MAC. In preparation of the next script
command (if any), Rand is incremented at this stage.
IU.34
Build R-APDU consisting of SW12 equal to '9000'.
IU.35
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
IU.36
Build R-APDU consisting of SW12 equal to '6985'.
IU.37
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
PIN Related Data contains the PIN block in plaintext or encrypted form, constructed
according to [EMV BOOK 3]. If the command is accepted, the PIN is updated with a
new value.
16.3.1. Start
The symbols in this diagram are labeled OCP.1.x.
OCP.1
1
Update Get Challenge
Flag
2
P1 NOK
OK
3
'88' P2 NOK
4
Build response
SW12 = '6A86'
'80'
encrypted plaintext
OCP.1.1
'Challenge Availability' in Get Challenge Flag := 'Successful Get Challenge' in Get
Challenge Flag
Clear 'Successful Get Challenge' in Get Challenge Flag
OCP.1.2
IF P1 = '00'
THEN
GOTO OCP.1.3
ELSE
GOTO OCP.1.4
ENDIF
OCP.1.3
IF P2 = '80'
THEN
GOTO OCP.3.1 (Plaintext PIN)
ELSE IF P2 = '88'
THEN
GOTO OCP.2.1 (Encrypted PIN)
ELSE
GOTO OCP.1.4
ENDIF
ENDIF
OCP.1.4
Build R-APDU consisting of SW12 equal to '6A86'.
OCP.2
encrypted
1 2
Encrypted
Build response
Offline Change PIN No
SW12 = '6985'
activated?
Yes
3 4
Build response
PIN Status NOK
SW12 = '6985'
OK
5
DDA Key
DDA or Dedicated Dedicated
Key
6 8 7
Build response
Lc NOK NOK Lc
SW12 = '6700'
OK OK
1 2
OCP.2
1 2
9 11 10
Challenge Build response Challenge
No No
available? SW12 = '6985' available?
Yes Yes
12 13
PIN PIN
Decipherments Decipherments
Yes Yes
Error Cntr Limit Error Cntr Limit
reached? reached?
14
Set PIN Decipherments Error
Counter Limit Exceeded in No
16 15 18
Increment PIN Decipherments Build response Increment PIN Decipherments
Error Counter SW12 = '6984' Error Counter
17 19
OCP.2
20
Challenge NOK
OK
21 22
Build response
Format NOK
SW12 = '6985'
OK 23
Decrement PIN Decipherments
Error Counter
24 25
Build response
Format PIN NOK
SW12 = '6984'
OK 26
Update PIN
27
28
Build response
SW12 = '9000'
OCP.2.1
IF 'Encrypted Offline Change PIN' in Application Control is set
THEN
GOTO OCP.2.3
ELSE
GOTO OCP.2.2
ENDIF
OCP.2.2
Build R-APDU consisting of SW12 equal to '6985'.
OCP.2.3
IF 'Offline PIN Verification Successful' in PIN Verification Status is set AND
'Offline Change PIN Successful' in Offline Change PIN Status is not set
THEN
GOTO OCP.2.5
ELSE
GOTO OCP.2.4
ENDIF
OCP.2.4
Build R-APDU consisting of SW12 equal to '6985'.
OCP.2.5
IF 'Key For Offline Encrypted PIN Verification' in Application Control = DDA Key
THEN
GOTO OCP.2.6
ELSE
GOTO OCP.2.7
ENDIF
OCP.2.6
IF Lc = Length Of ICC Public Key Modulus
THEN
GOTO OCP.2.9
ELSE
GOTO OCP.2.8
ENDIF
OCP.2.7
IF Lc = Length Of ICC PIN Encipherment Public Key Modulus
THEN
GOTO OCP.2.10
ELSE
GOTO OCP.2.8
ENDIF
OCP.2.8
Build R-APDU consisting of SW12 equal to '6700'
OCP.2.9
IF 'Challenge Availability' in Get Challenge Flag is set
THEN
GOTO OCP.2.12
ELSE
GOTO OCP.2.11
ENDIF
OCP.2.10
IF 'Challenge Availability' in Get Challenge Flag is set
THEN
GOTO OCP.2.13
ELSE
GOTO OCP.2.11
ENDIF
OCP.2.11
Build R-APDU consisting of SW12 equal to '6985'.
OCP.2.12
IF PIN Decipherments Error Counter ≥ PIN Decipherments Error Counter Limit
THEN
GOTO OCP.2.14
ELSE
GOTO OCP.2.16
ENDIF
OCP.2.13
IF PIN Decipherments Error Counter ≥ PIN Decipherments Error Counter Limit
THEN
GOTO OCP.2.14
ELSE
GOTO OCP.2.18
ENDIF
OCP.2.14
Set 'PIN Decipherments Error Counter Limit Exceeded' in Security Limits Status
Common
OCP.2.15
Build R-APDU consisting of SW12 equal to '6984'.
OCP.2.16
PIN Decipherments Error Counter := PIN Decipherments Error Counter + 1
OCP.2.17
The PIN Related Data is decrypted with the ICC Private Key to obtain the Recovered
Data.
Refer to [SECURITY] for more details.
OCP.2.18
PIN Decipherments Error Counter := PIN Decipherments Error Counter + 1
OCP.2.19
The PIN Related Data is decrypted with the ICC PIN Encipherment Private Key to
obtain the Recovered Data.
Refer to [SECURITY] for more details.
OCP.2.20
IF Recovered Data[10 : 17] = ICC Unpredictable Number
THEN
GOTO OCP.2.21
ELSE
GOTO OCP.2.22
ENDIF
OCP.2.21
IF Recovered Data[1] = '7F'
THEN
GOTO OCP.2.23
ELSE
GOTO OCP.2.22
ENDIF
OCP.2.22
Build R-APDU consisting of SW12 equal to '6985'.
OCP.2.23
PIN Decipherments Error Counter := PIN Decipherments Error Counter – 1
OCP.2.24
IF (Recovered Data[2][8 : 5] = '2') AND
(Recovered Data[2][4 : 1] >= '4') AND
(Recovered Data[2][4 : 1] <= 'C') AND
(Recovered Data[9] = 'FF')
THEN
GOTO OCP.2.26
ELSE
GOTO OCP.2.25
ENDIF
OCP.2.25
Build R-APDU consisting of SW12 equal to '6984'.
OCP.2.26
Reference PIN := Recovered Data[2 : 9]
OCP.2.27
Set 'Offline Change PIN Successful' in Offline Change PIN Status
OCP.2.28
Build R-APDU consisting of SW12 equal to '9000'.
OCP.3
plaintext
1
2
Plaintext
Build response
Offline Change PIN No
SW12 = '6985'
activated?
Yes
3 4
Build response
Lc NOK
SW12 = '6700'
OK
5 6
Build response
PIN Status NOK
SW12 = '6985'
OK
7 8
Build response
Format NOK
SW12 = '6984'
OK
OCP.3
Update PIN
10
Set PIN Change
Status
11
Build response
SW12 = '9000'
OCP.3.1
IF 'Plaintext Offline Change PIN' in Application Control is set
THEN
GOTO OCP.3.3
ELSE
GOTO OCP.3.2
ENDIF
OCP.3.2
Build R-APDU consisting of SW12 equal to '6985'.
OCP.3.3
IF Lc = '08'
THEN
GOTO OCP.3.5
ELSE
GOTO OCP.3.4
ENDIF
OCP.3.4
Build R-APDU consisting of SW12 equal to '6700'.
OCP.3.5
'Offline PIN Verification Successful' in PIN Verification Status is set AND
IF
'Offline Change PIN Successful' in Offline Change PIN Status is not set
THEN
GOTO OCP.3.7
ELSE
GOTO OCP.3.6
ENDIF
OCP.3.6
Build R-APDU consisting of SW12 equal to '6985'.
OCP.3.7
IF (PIN Related Data [1][8 : 5] = '2') AND
(PIN Related Data [1][4 : 1] >= '4') AND
(PIN Related Data [1][4 : 1] <= 'C') AND
(PIN Related Data [8] = 'FF')
THEN
GOTO OCP.3.9
ELSE
GOTO OCP.3.8
ENDIF
OCP.3.8
Build R-APDU consisting of SW12 equal to '6984'.
OCP.3.9
Reference PIN := PIN Related Data
OCP.3.10
Set 'Offline Change PIN Successful' in Offline Change PIN Status
OCP.3.11
Build R-APDU consisting of SW12 equal to '9000'.
If P2 equals '00', the PIN Related Data only contains a MAC as shown in Table 17.2.
If the command is accepted, the PIN Try Counter is set to the PIN Try Limit and there
is no PIN update.
Table 17.2—PIN Related Data if P2 = '00'
Value Length
MAC 8
If P2 equals '02', the PIN Related Data contains the Enciphered New PIN Block and a
MAC as shown in Table 17.3.
If the command is accepted, the PIN is updated with a new PIN value and PIN Try
Counter is set to the PIN Try Limit.
Table 17.3—PIN Related Data if P2 = '02'
Value Length
Enciphered New PIN Block 8
MAC 8
17.3.1. Start
The symbols in this diagram are labeled PCU.1.x.
PCU.1
PIN CHANGE/UNBLOCK
1
Update Get Challenge
Flag
2
'0000' P1-P2 Other
3
Build response
'0002' SW12 = '6A86'
PCU.1.1
'Challenge Availability' in Get Challenge Flag := 'Successful Get Challenge' in Get
Challenge Flag
Clear 'Successful Get Challenge' in Get Challenge Flag
PCU.1.2
IF P1 = '00' AND P2 = '00'
THEN
GOTO PCU.2.1 (PIN Unblock)
ELSE IF P1 = '00' AND P2 = '02'
THEN
GOTO PCU.3.1 (PIN Change)
ELSE
GOTO PCU.1.3
ENDIF
ENDIF
PCU.1.3
Build R-APDU consisting of SW12 equal to '6A86'.
PCU.2
PIN UNBLOCK
2
1
Build response
Lc NOK
SW12 = '6700'
OK
3 4
Script Failed Yes
Build response
Flag set? SW12 = '6982'
No
5
Set Script Received
in PTH
PCU.2
6 7
Set SMI Session Key Counter
CTRSMI < LIMSMI No Limit Exceeded in Security
Limits Status
9
Yes
8 Set Script Failed in PTH
Retrieve MAC 10
11
Build response
SW12 = '6985'
2
12
Commit persistent
data
PCU.2
13
Session Key
EMV CSK MasterCard Proprietary
Derivation
method
14
SMI CSK
No
key present?
16 19
15 17 20
Derive SMI Session
New SMI Key Flag = 0 Derive SMI Session
Key (MasterCard
Key (EMV CSK)
Proprietary SKD)
18 21
SMI CSK Key Present SMI CSK Key Present
Flag = 1 Flag = 0
New SMI Key Flag = 1 New SMI Key Flag = 1
PCU.2
24
22
Verify NOK
Set Script Failed in
MAC PTH
OK 25
Decrement CTRSMI
27
Commit persistent
data
PCU.2
29
30
Increment script
counter
31
Increment Rand
32
Build response
SW12 = '9000'
33
Commit persistent
data
PCU.2.1
IF Lc = '08'
THEN
GOTO PCU.2.3
ELSE
GOTO PCU.2.2
ENDIF
PCU.2.2
Build R-APDU consisting of SW12 equal to '6700'.
PCU.2.3
IF Script Failed Flag is set
THEN
GOTO PCU.2.4
ELSE
GOTO PCU.2.5
ENDIF
PCU.2.4
Build R-APDU consisting of SW12 equal to '6982'.
PCU.2.5
Set 'Script Received' in Previous Transaction History (do not commit)
PCU.2.6
IF SMI Session Key Counter < SMI Session Key Counter Limit
THEN
GOTO PCU.2.8
ELSE
GOTO PCU.2.7
ENDIF
PCU.2.7
Set 'SMI Session Key Counter Limit Exceeded' in Security Limits Status
PCU.2.8
Retrieve MAC from the PIN CHANGE/UNBLOCK command message.
PCU.2.9
Set 'Script Failed' in Previous Transaction History (do not commit)
PCU.2.10
Set Script Failed Flag
PCU.2.11
Build R-APDU consisting of SW12 equal to '6985'.
PCU.12
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
PCU.2.13
IF 'Session Key Derivation' in Application Control = EMV CSK
THEN
GOTO PCU.2.14
ELSE
GOTO PCU.2.19
ENDIF
PCU.2.14
IF SMI CSK Key Present Flag is set
THEN
GOTO PCU.2.15
ELSE
GOTO PCU.2.16
ENDIF
PCU.2.15
Clear New SMI Key Flag
PCU.2.16
SMI Session Key Counter := SMI Session Key Counter + 1
PCU.2.17
Derive new SMI Session Key according to the EMV CSK method.
Refer to [SECURITY] for details.
PCU.2.18
Set SMI CSK Key Present Flag
Set New SMI Key Flag
PCU.2.19
SMI Session Key Counter := SMI Session Key Counter + 1
PCU.2.20
Derive new SMI Session Key according to the MasterCard Proprietary SKD method.
Refer to [SECURITY] for details.
PCU.2.21
Clear SMI CSK Key Present Flag
Set New SMI Key Flag
PCU.2.22
Verify MAC on the PIN CHANGE/UNBLOCK command.
Refer to [SECURITY] for details.
IF MAC is correct
THEN
GOTO PCU.2.23
ELSE
GOTO PCU.2.24
ENDIF
PCU.2.23
IF New SMI Key Flag is set
THEN
GOTO PCU.2.28
ELSE
GOTO PCU.2.29
ENDIF
PCU.2.24
Set 'Script Failed' in Previous Transaction History (do not commit)
PCU.2.25
Set Script Failed Flag
PCU.2.26
Build R-APDU consisting of SW12 equal to '6982'.
PCU.2.27
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
PCU.2.28
SMI Session Key Counter := SMI Session Key Counter – 1
PCU.2.29
PIN Try Counter := PIN Try Limit (do not commit)
PCU.2.30
IF 'Script Counter' in Script Counter = 'F'
THEN
'Script Counter' in Script Counter := '0' (do not commit)
ELSE
'Script Counter' in Script Counter := 'Script Counter' in Script Counter + 1 (do not
commit)
ENDIF
PCU.2.31
IF Rand = 'FFFFFFFFFFFFFFFF'
THEN
Rand := '0000000000000000'
ELSE
Rand := Rand + 1
ENDIF
Rand is used for the verification of the MAC. In preparation of the next script
command (if any), Rand is incremented at this stage.
PCU.2.32
Build R-APDU consisting of SW12 equal to '9000'.
PCU.2.33
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
PCU.3
PIN CHANGE
1 2
Build response
Lc NOK
SW12 = '6700'
OK
3 4
Script Failed Yes
Build response
Flag set? SW12 = '6982'
No
5
Set Script Received
in PTH
PCU.3
6 7
Set SMI Session Key Counter
CTRSMI < LIMSMI No Limit Exceeded in Security
Limits Status
9
Yes
8 Set Script Failed in PTH
11
Build response
2 SW12 = '6985'
12
Commit persistent
data
PCU.3
13
Session Key
EMV CSK MasterCard Proprietary
Derivation
method
14
SMI CSK
No
key present?
16 19
15 17 20
Derive SMI Session
New SMI Key Flag = 0 Derive SMI Session
Key (MasterCard
Key (EMV CSK)
Proprietary SKD)
18 21
SMI CSK Key Present SMI CSK Key Present
Flag = 1 Flag = 0
New SMI Key Flag = 1 New SMI Key Flag = 1
PCU.3
24
22
Verify NOK Set Script Failed in PTH
MAC
OK 25
PCU.3
29
Session Key
EMV CSK MCI
Derivation
method
30
SMC CSK
No
key present?
31 33
Derive SMC Session
Derive SMC Session
Key (MasterCard
Key (EMV CSK)
Proprietary SKD)
Yes
32 34
35
PCU.3
5
36
Format NOK
37
Update PIN
39
43 Build response
SW12 = '6988'
Increment script
counter
40
44 Commit persistent
data
Increment Rand
45
Build response
SW12 = '9000'
46
Commit persistent
data
PCU.3.1
IF Lc = '10'
THEN
GOTO PCU.3.3
ELSE
GOTO PCU.3.2
ENDIF
PCU.3.2
Build R-APDU consisting of SW12 equal to '6700'.
PCU.3.3
IF Script Failed Flag is set
THEN
GOTO PCU.3.4
ELSE
GOTO PCU.3.5
ENDIF
PCU.3.4
Build R-APDU consisting of SW12 equal to '6982'.
PCU.3.5
Set 'Script Received' in Previous Transaction History (do not commit)
PCU.3.6
IF SMI Session Key Counter < SMI Session Key Counter Limit
THEN
GOTO PCU.3.8
ELSE
GOTO PCU.3.7
ENDIF
PCU.3.7
Set 'SMI Session Key Counter Limit Exceeded' in Security Limits Status
PCU.3.8
Retrieve MAC (PIN Related Data[Lc-7 : Lc]) and Enciphered New PIN Block (PIN
Related Data[1 : Lc-8]).
PCU.3.9
Set 'Script Failed' in Previous Transaction History (do not commit)
PCU.3.10
Set Script Failed Flag
PCU.3.11
Build R-APDU consisting of SW12 equal to '6985'.
PCU.3.12
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
PCU.3.13
IF 'Session Key Derivation' in Application Control = EMV CSK
THEN
GOTO PCU.3.14
ELSE
GOTO PCU.3.19
ENDIF
PCU.3.14
IF SMI CSK Key Present Flag is set
THEN
GOTO PCU.3.15
ELSE
GOTO PCU.3.16
ENDIF
PCU.3.15
Clear New SMI Key Flag
PCU.3.16
SMI Session Key Counter := SMI Session Key Counter + 1
PCU.3.17
Derive new SMI Session Key according to the EMV CSK method.
Refer to [SECURITY] for details.
PCU.3.18
Set SMI CSK Key Present Flag
Set New SMI Key Flag
PCU.3.19
SMI Session Key Counter := SMI Session Key Counter + 1
PCU.3.20
Derive new SMI Session Key according to the MasterCard Proprietary SKD method.
Refer to [SECURITY] for details.
PCU.3.21
Clear SMI CSK Key Present Flag
Set New SMI Key Flag
PCU.3.22
Verify MAC on the PIN CHANGE/UNBLOCK command.
Refer to [SECURITY] for details.
IF MAC is correct
THEN
GOTO PCU.3.23
ELSE
GOTO PCU.3.24
ENDIF
PCU.3.23
IF New SMI Key Flag is set
THEN
GOTO PCU.3.28
ELSE
GOTO PCU.3.29
ENDIF
PCU.3.24
Set 'Script Failed' in Previous Transaction History (do not commit)
PCU.3.25
Set Script Failed Flag
PCU.3.26
Build R-APDU consisting of SW12 equal to '6982'.
PCU.3.27
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
PCU.3.28
SMI Session Key Counter := SMI Session Key Counter – 1
PCU.3.29
IF 'Session Key Derivation' in Application Control = EMV CSK
THEN
GOTO PCU.3.30
ELSE
GOTO PCU.3.33
ENDIF
PCU.3.30
IF SMC CSK Key Present Flag is set
THEN
GOTO PCU.3.35
ELSE
GOTO PCU.3.31
ENDIF
PCU.3.31
Derive new SMC Session Key according to the EMV CSK method.
Refer to [SECURITY] for details.
PCU.3.32
Set SMC CSK Key Present Flag
PCU.3.33
Derive new SMC Session Key according to the MasterCard Proprietary SKD method.
Refer to [SECURITY] for details.
PCU.3.34
Clear SMC CSK Key Present Flag
PCU.3.35
Decrypt Enciphered New PIN Block.
Refer to [SECURITY] for details
PCU.3.36
IF (New PIN Block[1][8 : 5] = '2') AND
(New PIN Block[1][4 : 1] >= '4') AND
(New PIN Block[1][4 : 1] <= 'C') AND
(New PIN Block[8] = 'FF')
THEN
GOTO PCU.3.41
ELSE
GOTO PCU.3.37
ENDIF
PCU.3.37
Set 'Script Failed' in Previous Transaction History (do not commit)
PCU.3.38
Set Script Failed Flag
PCU.3.39
Build R-APDU consisting of SW12 equal to '6988'.
PCU.3.40
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
PCU.3.41
PIN Try Counter := PIN Try Limit (do not commit)
PCU.3.42
Reference PIN := New PIN Block (do not commit)
PCU.3.43
IF 'Script Counter' in Script Counter = 'F'
THEN
'Script Counter' in Script Counter := '0' (do not commit)
ELSE
'Script Counter' in Script Counter := 'Script Counter' in Script Counter + 1 (do not
commit)
ENDIF
PCU.3.44
IF Rand = 'FFFFFFFFFFFFFFFF'
THEN
Rand := '0000000000000000'
ELSE
Rand := Rand + 1
ENDIF
Rand is used for the verification of the MAC. In preparation of the next script
command (if any), Rand is incremented at this stage.
PCU.3.45
Build R-APDU consisting of SW12 equal to '9000'.
PCU.3.46
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
Table 18.3 lists the tag values supported in the PUT DATA command and the
corresponding value of Lc. Single byte tags are preceded with a leading '00' byte to
fill P1|P2.
Table 18.3—P1|P2 Values Supported by PUT DATA Command
P1|P2 Data Length
'DF3A' AC Session Key Counter Limit (Contact) 2
'DF34' AC Session Key Counter Limit (Contactless) 2
'DF78' AC Session Key Counter Limit (MAS4C) 2
'DF3B' Accumulator 1 Amount 6
'DF11' Accumulator 1 Control (Contact) 1
'DF12' Accumulator 1 Control (Contactless) 1
'00C9' Accumulator 1 Currency Code 2
'00D1' Accumulator 1 Currency Conversion Table 25
'DF28' Accumulator 1 CVR Dependency Data (Contact) 3
'DF29' Accumulator 1 CVR Dependency Data (Contactless) 3
'00CA' Accumulator 1 Lower Limit 6
'00CB' Accumulator 1 Upper Limit 6
'DF13' Accumulator 2 Amount 6
'DF14' Accumulator 2 Control (Contact) 1
'DF15' Accumulator 2 Control (Contactless) 1
'DF16' Accumulator 2 Currency Code 2
'DF17' Accumulator 2 Currency Conversion Table 25
'DF2A' Accumulator 2 CVR Dependency Data (Contact) 3
'DF2B' Accumulator 2 CVR Dependency Data (Contactless) 3
'DF18' Accumulator 2 Lower Limit 6
'DF19' Accumulator 2 Upper Limit 6
PD
PUT DATA
1
Update Get Challenge
Flag
3
2
Build response
P1-P2 NOK
SW12 = '6A88'
OK
4 5
Build response
Lc NOK
SW12 = '6700'
OK
6 7
Script Failed Yes
Build response
Flag set? SW12 = '6982'
No
8
Set Script Received
in PTH
PD
9 11
Set SMI Session Key Counter
CTRSMI < LIMSMI No Limit Exceeded in Security
Limits Status
12
Yes
Set Script Failed in PTH
10
Retrieve MAC 13
14
Build response
SW12 = '6985'
2 15
Commit persistent
data
PD
16
Session Key
EMV CSK MasterCard Proprietary
Derivation
method
17
SMI CSK
No
key present?
19 22
18 20 23
Derive SMI Session
New SMI Key Flag = 0 Derive SMI Session
Key (MasterCard
Key (EMV CSK)
Proprietary SKD)
21 24
SMI CSK Key Present SMI CSK Key Present
Flag = 1 Flag = 0
New SMI Key Flag = 1 New SMI Key Flag = 1
PD
3
25 27
Verify NOK Set Script Failed in PTH
MAC
OK 28
Decrement CTRSMI 30
Commit persistent
data
32 33
Acc 1 Update Acc 1
Yes
balance ? balance
No
34 35
Acc 2 Update Acc 2
Yes
balance ? balance
No
4 5
PD
4
37 36
Update Cntr 1 Cntr 1
Yes
balance balance ?
No
39 38
Update Cntr 2 Cntr 2
Yes
balance balance ?
No
60
Linked
Application Yes
Data ?
No
40
PTL ? Yes
41
Value < 16 No
No
Yes
46
Update data
5 6 7
PD
7
61
62
Version
NOK
Number?
OK
63
Find Target
Application
64
Target
Application No
Found?
Yes
65
Target
Yes Data ID = '0000'
?
No
8 9 6
PD
8
66
Block Status =
Yes
Block ?
67
No
Block Target
Application
68
Block Status =
No
Unblock ?
Yes
69
Unblock Target
Application
6 5
PD
5 9 6
70
Target
Data ID = '00A5' No
?
Yes
71
47 42
Increment script
Set Script Failed in PTH
counter
48 43
49 44
Build response Build response
SW12 = '9000' SW12 = '6985'
50 45
Commit persistent
Commit persistent data
data
PD.1
'Challenge Availability' in Get Challenge Flag := 'Successful Get Challenge' in Get
Challenge Flag
Clear 'Successful Get Challenge' in Get Challenge Flag
PD.2
IF P1|P2 is an accepted tag (as listed in Table 18.3)
THEN
GOTO PD.4
ELSE
GOTO PD.3
ENDIF
PD.3
Build R-APDU consisting of SW12 equal to '6A88'.
PD.4
For fixed length data objects:
IF Lc-8 <= data length
THEN
GOTO PD.6
ELSE
GOTO PD.5
ENDIF
Partial update (i.e. Lc-8 < data length) is supported for all fixed length data objects.
For partial updates, the first Lc-8 bytes of stored data are overwritten and the
remaining bytes are left unchanged.
For variable length data objects (Application File Locator (Contact), Application File
Locator (Contactless), Linked Application Data, Read Record Filter (Contact) and
Read Record Filter (Contactless)):
IF Lc-8 <= max allowed data length
THEN
GOTO PD.6
ELSE
GOTO PD.5
ENDIF
The value of max allowed data length is 32 for the Application File Locator
(Contact), Application File Locator (Contactless), Read Record Filter (Contact) and
Read Record Filter (Contactless).
When the Read Record Filter (Contact) or Read Record Filter (Contactless) is
updated, M/Chip Advance must then use a new length L in the TLV representation of
the Read Record Filter in the GET DATA command response data. The value of L is
Lc-8. The new value of the Read Record Filter completely replaces the old one for
the processing of the READ RECORD command.
For the Linked Application Data max allowed data length is 247.
PD.5
Build R-APDU consisting of SW12 equal to '6700'.
PD.6
IF Script Failed Flag is set
THEN
GOTO PD.7
ELSE
GOTO PD.8
ENDIF
PD.7
Build R-APDU consisting of SW12 equal to '6982'.
PD.8
Set 'Script Received' in Previous Transaction History (do not commit)
PD.9
IF SMI Session Key Counter < SMI Session Key Counter Limit
THEN
GOTO PD.10
ELSE
GOTO PD.11
ENDIF
PD.10
Retrieve MAC and New Data Value from the PUT DATA command message.
PD.11
Set 'SMI Session Key Counter Limit Exceeded' in Security Limits Status
PD.12
Set 'Script Failed' in Previous Transaction History (do not commit)
PD.13
Set Script Failed Flag
PD.14
Build R-APDU consisting of SW12 equal to '6985'.
PD.15
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
PD.16
IF 'Session Key Derivation' in Application Control = EMV CSK
THEN
GOTO PD.17
ELSE
GOTO PD.22
ENDIF
PD.17
IF SMI CSK Key Present Flag is set
THEN
GOTO PD.18
ELSE
GOTO PD.19
ENDIF
PD.18
Clear New SMI Key Flag
PD.19
SMI Session Key Counter := SMI Session Key Counter + 1
PD.20
Derive new SMI Session Key according to the EMV CSK method.
Refer to [SECURITY] for details.
PD.21
Set SMI CSK Key Present Flag
Set New SMI Key Flag
PD.22
SMI Session Key Counter := SMI Session Key Counter + 1
PD.23
Derive new SMI Session Key according to the MasterCard Proprietary SKD method.
Refer to [SECURITY] for details.
PD.24
Clear SMI CSK Key Present Flag
Set New SMI Key Flag
PD.25
Verify the MAC on the PUT DATA command.
Refer to [SECURITY] for details.
PD.26
IF New SMI Key Flag is set
THEN
GOTO PD.31
ELSE
GOTO PD.32
ENDIF
PD.27
Set 'Script Failed' in Previous Transaction History (do not commit)
PD.28
Set Script Failed Flag
PD.29
Build R-APDU consisting of SW12 equal to '6982'.
PD.30
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
PD.31
SMI Session Key Counter := SMI Session Key Counter – 1
PD.32
Check if the data object indicated in the command is the Offline Accumulator Balance
1.
IF P1|P2 = '9F50'
THEN
GOTO PD.33
ELSE
GOTO PD.34
ENDIF
PD.33
Accumulator 1 Amount := '000000000000' (do not commit)
Accumulator 1 Upper Limit := New Data Value (do not commit)
Note
When the Offline Accumulator Balance 1 is partially updated, the Accumulator 1
Amount is reset, while the first Lc-8 bytes of the Accumulator 1 Upper Limit are
overwritten and the remaining bytes are left unchanged.
PD.34
Check if the data object indicated in the command is the Offline Accumulator
Balance 2.
IF P1|P2 = '9F58'
THEN
GOTO PD.35
ELSE
GOTO PD.36
ENDIF
PD.35
Accumulator 2 Amount := '000000000000' (do not commit)
Accumulator 2 Upper Limit := New Data Value (do not commit)
Note
When the Offline Accumulator Balance 2 is partially updated, the Accumulator 2
Amount is reset, while the first Lc-8 bytes of the Accumulator 2 Upper Limit are
overwritten and the remaining bytes are left unchanged.
PD.36
Check if the data object indicated in the command is the Offline Counter Balance 1.
IF P1|P2 = '9F7A'
THEN
GOTO PD.37
ELSE
GOTO PD.38
ENDIF
PD.37
Counter 1 Number := '00' (do not commit)
Counter 1 Upper Limit := New Data Value (do not commit)
PD.38
Check if the data object indicated in the command is the Offline Counter Balance 2.
IF P1|P2 = '9F59'
THEN
GOTO PD.39
ELSE
GOTO PD.60
ENDIF
PD.39
Counter 2 Number := '00' (do not commit)
Counter 2 Upper Limit := New Data Value (do not commit)
PD.60
Check if the data object indicated in the command is Linked Application Data.
IF P1|P2 = 'DF07'
THEN
GOTO PD.61
ELSE
GOTO PD.40
ENDIF
PD.40
Check if the data object indicated in the command is the PIN Try Limit.
IF P1|P2 = '00C6'
THEN
GOTO PD.41
ELSE
GOTO PD.46
ENDIF
PD.41
IF New Data Value < 16
THEN
GOTO PD.46
ELSE
GOTO PD.42
ENDIF
PD.46
Data Object indicated by P1|P2 := New Data Value (do not commit)
PD.61
Linked Application Data := New Data Value
PD.62
IF 'Version Number' in Linked Application Data = '00'
THEN
GOTO PD.63
ELSE
GOTO PD.42
ENDIF
PD.63
Addressing the target application is as follows:
IF 'Target Application' in Linked Application Data = '00'
THEN
The target application is the application currently selected.
ELSE IF 'Target Application' in Linked Application Data = 'FF’
THEN
The target application is the application with AID indicated in 'AID' in Linked
Application Data (which may be the currently selected application).
Full match is required between the two AIDs.
ELSE
The target application is the application with Linked Application Index equal to
'Target Application' in Linked Application Data.
ENDIF
PD.64
IF target application found
THEN
GOTO PD.65
ELSE
GOTO PD.42
ENDIF
PD.65
IF 'Target Data ID' in Linked Application Data = '0000'
AND target application is M/Chip Advance
THEN
GOTO PD.66
ELSE
GOTO PD.70
ENDIF
PD.66
IF 'New Value' in Linked Application Data = '01'
THEN
GOTO PD.67
ELSE
GOTO PD.68
ENDIF
PD.67
Block target application:
Set 'Application Blocked' in Previous Transaction History (do not commit)
PD.68
IF 'New Value' in Linked Application Data = '00'
THEN
GOTO PD.69
ELSE
GOTO PD.42
ENDIF
PD.69
Unblock target application:
Clear 'Application Blocked' in Previous Transaction History (do not commit)
PD.70
IF 'Target Data ID' in Linked Application Data = '00A5'
THEN
GOTO PD.71
ELSE
GOTO PD.42
ENDIF
PD.71
Replace the value field of the FCI Proprietary Template (tag 'A5') in the File Control
Information of the target application with the 'New Value' in Linked Application Data.
Update the length of the FCI Proprietary Template in the File Control Information to
reflect the replacement.
Update the length of the File Control Information to reflect the replacement.
Note
If the 'New Value' in Linked Application Data is empty (zero length), FCI Proprietary
Template (tag 'A5') value and length in the File Control Information is 'A500'.
PD.42
Set 'Script Failed' in Previous Transaction History (do not commit)
PD.43
Set Script Failed Flag
PD.44
Build R-APDU consisting of SW12 equal to '6985'.
PD.45
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
PD.47
IF 'Script Counter' in Script Counter = 'F'
THEN
'Script Counter' in Script Counter := '0' (do not commit)
ELSE
'Script Counter' in Script Counter := 'Script Counter' in Script Counter + 1 (do not
commit)
ENDIF
PD.48
IF Rand = 'FFFFFFFFFFFFFFFF'
THEN
Rand := '0000000000000000'
ELSE
Rand := Rand + 1
ENDIF
Rand is used for the verification of the MAC. In preparation of the next script
command (if any), Rand is incremented at this stage.
PD.49
Build R-APDU consisting of SW12 equal to '9000'.
PD.50
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
M/Chip Advance supports the READ RECORD command as specified in [EMV], but
it is extended by this specification to support the reading of records beyond the range
1 to 10. This is necessary to allow the command to be used to read the Transactions
Log File, within SFI 11.
RR
READ RECORD
2
P1-P2 NOK
3
Build response
SW12 = '6A86'
OK
4
Payment System SFI Other
5
Processing out of
scope
EMV
6
File
Supported?
No 7
Build response
SW12 = '6A82'
Yes
2 1
RR
8
Record No
found? 9
Build response
SW12 = '6A83'
Yes
10
Check if record is
in Read Record Filter
11
Record in
Read Record Yes
Filter?
No
12 13
Build response Build response
SW12 = '9000' SW12 = '6985'
RR
Payment System
14
SFI = 11 Yes
14.1
Allowed? No
Yes
15
No Record
No
Found?
Yes
16 17 17.1
Build response Build response Build response
SW12 = '9000' SW12 = '6A83' SW12 = '6985'
RR
18
File
Yes
Supported?
No
20 19
Build response Processing out of
SW12 = '6A82' scope
RR.1
'Challenge Availability' in Get Challenge Flag := 'Successful Get Challenge' in Get
Challenge Flag
Clear 'Successful Get Challenge' in Get Challenge Flag
RR.2
IF (P1 = '00') OR ((P2 AND '07') ≠ '04')
THEN
GOTO RR.3
ELSE
GOTO RR.4
ENDIF
RR.3
Build R-APDU consisting of SW12 equal to '6A86'.
RR.4
IF ('SFI' in Reference Control Parameter > 0) AND ('SFI' in Reference Control
Parameter < 11)
THEN
GOTO RR.6
Reference Control Parameter > 10) AND ('SFI' in Reference Control
ELSE IF ('SFI' in
Parameter < 21)
THEN
GOTO RR.14
ELSE
GOTO RR.5
ENDIF
ENDIF
RR.5
The file to read is neither an EMV file nor a payment system specific file. The
platform may still support this file (e.g. issuer-specific files). This would be in
addition to the functionality needed for M/Chip Advance. This is allowed but outside
the scope of this specification.
RR.6
Verify if the 'SFI' in Reference Control Parameter corresponds to a supported record
file. The way M/Chip Advance checks that the record file is supported is proprietary
and left to the implementation.
IF 'SFI' in Reference Control Parameter corresponds to a supported record file
THEN
GOTO RR.8
ELSE
GOTO RR.7
ENDIF
RR.7
Build R-APDU consisting of SW12 equal to '6A82'.
RR.8
Verify if there is a record corresponding to Record Number. The way M/Chip
Advance checks that the record is supported is proprietary and left to the
implementation.
IF there is a record corresponding to Record Number
THEN
GOTO RR.10
ELSE
GOTO RR.9
ENDIF
RR.9
Build R-APDU consisting of SW12 equal to '6A83'.
RR.10
Return Value := CALL CheckIfRecordInFilter( )
RR.11
IF Return Value
THEN
GOTO RR.13
ELSE
GOTO RR.12
ENDIF
RR.12
Build the response.
The response message consists of the record followed by SW12 equal to '9000'.
Note
Records in files with an SFI in the range 1 to 10 must follow the '70' template.
However, the application does not interpret this value. It is the responsibility of the
issuer to format each record correctly at personalization, or when a record is updated.
RR.13
Build R-APDU consisting of SW12 equal to '6985'.
RR.14
IF 'SFI' in Reference Control Parameter = 11
THEN
GOTO RR.14.1
ELSE
GOTO RR.18
ENDIF
RR.14.1
IF 'Allow Retrieval Of Transaction Log Records' in Application Control is set
THEN
GOTO RR.15
ELSE
GOTO RR.17.1
ENDIF
RR.15
Verify if there is a record corresponding to Record Number.
The way M/Chip Advance checks that the record corresponding to Record Number is
supported or empty is proprietary and outside the scope of the specification.
IF there is a record corresponding to Record Number
THEN
GOTO RR.16
ELSE
GOTO RR.17
ENDIF
RR.16
Build the response.
Refer to chapter 4 for the relationship between Record Number and the Transaction
Log Record in the response.
The response message consists of the Transaction Log Record followed by SW12
equal to '9000'.
RR.17
Build R-APDU consisting of SW12 equal to '6A83'.
RR.17.1
Build R-APDU consisting of SW12 equal to '6985'.
RR.18
Verify if the 'SFI' in Reference Control Parameter corresponds to a supported record
file. The way M/Chip Advance checks that the record file is supported is proprietary
and left to the implementation.
IF the 'SFI' in Reference Control Parameter corresponds to a supported record file
THEN
GOTO RR.19
ELSE
GOTO RR.20
ENDIF
RR.19
The platform may support this file, but this would be in addition to the functionality
needed for M/Chip Advance. This is allowed but is outside the scope of the
specification.
RR.20
Build R-APDU consisting of SW12 equal to '6A82'.
20. Recover AC
20.1. Recover AC Command Message ............................................................... 447
20.2. Local Transient Data .................................................................................. 447
20.3. Recover AC Processing ............................................................................. 448
RA
RECOVER AC
Update Get
Challenge Flag
3
2
Build response NOK P1-P2
SW12 = '6A86'
OK
5
4
Build response NOK Test Lc
SW12 = '6700'
OK
7 6
Build response No Recovery enabled?
SW12 = '6985'
Yes
9
8
Matching
Build response No Unpredictable
SW12 = '6A88'
Number?
Yes
RA
11 10
No
12
Set Recover AC
Performed Flag
13
Retrieve Issuer
Application Data
14
No
Torn transaction
was CDA?
15
Build response
SW12 = '9000'
Yes
RA
15.1
RRP
No
Performed Yes
(Recovery)
?
16 16.1
Build ICC Dynamic Build ICC Dynamic
Data (No RRP) Data (RRP)
17
Compute Hash on
Dynamic Application
Data to be Signed
18
Compute RSA
Signature
19
Build response
SW12 = '9000'
RA.1
'Challenge Availability' in Get Challenge Flag := 'Successful Get Challenge' in Get
Challenge Flag
Clear 'Successful Get Challenge' in Get Challenge Flag
RA.2
IF P1|P2 ≠ '0000'
THEN
GOTO RA.3
ELSE
GOTO RA.1.4
ENDIF
RA.3
Build R-APDU consisting of SW12 equal to '6A86'.
RA.1.4
IF Lc ≠ 4
THEN
GOTO RA.5
ELSE
GOTO RA.6
ENDIF
RA.5
Build R-APDU consisting of SW12 equal to '6700'.
RA.6
IF 'Torn Transaction Recovery' in Application Control is set AND Application
Transaction Counter (Recovery) ≠ '0000'
THEN
GOTO RA.8
ELSE
GOTO RA.7
ENDIF
RA.7
Build R-APDU consisting of SW12 equal to '6985'.
RA.8
IF Unpredictable Number = Unpredictable Number (Recovery)
THEN
GOTO RA.10
ELSE
GOTO RA.9
ENDIF
RA.9
Build R-APDU consisting of SW12 equal to '6A88'.
RA.10
IF Recover AC Performed Flag is set
THEN
GOTO RA.11
ELSE
GOTO RA.12
ENDIF
RA.11
Build R-APDU consisting of SW12 equal to '6985'.
RA.12
Set Recover AC Performed Flag
RA.13
Retrieve Issuer Application Data (Recovery).
Note
Issuer Application Data (Recovery) is of variable length.
RA.14
IF CDA Transaction Flag (Recovery) is set
THEN
GOTO RA.16
ELSE
GOTO RA.15
ENDIF
RA.15
Build the response.
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 20.3 followed by SW12
equal to '9000'.
Table 20.3—Response (No CDA)
Tag Length Description
'9F27' 1 Cryptogram Information Data (Recovery)
'9F36' 2 Application Transaction Counter (Recovery)
'9F26' 8 Application Cryptogram (Recovery)
'9F10' var. Issuer Application Data (Recovery)
RA.15.1
IF RRP Performed Flag (Recovery) is clear
GOTO RA.16
ELSE
GOTO RA.16.1
ENDIF
RA.16
Build ICC Dynamic Data as defined in Table 20.4.
Table 20.4—ICC Dynamic Data (No RRP)
Data Object Length
'08' (length of ICC Dynamic Number[9 : 16]) 1
ICC Dynamic Number[9 : 16] 8
Cryptogram Information Data (Recovery) 1
Application Cryptogram (Recovery) 8
Hash Result (Recovery) 20
RA.16.1
Build ICC Dynamic Data as defined in Table 20.5.
Table 20.5—ICC Dynamic Data (RRP)
Data Object Length
'08' (length of ICC Dynamic Number[9 : 16]) 1
ICC Dynamic Number[9 : 16] 8
Cryptogram Information Data (Recovery) 1
Application Cryptogram (Recovery) 8
Hash Result (Recovery) 20
Terminal Relay Resistance Entropy (Recovery) 4
Device Relay Resistance Entropy (Recovery) 4
Min Time For Processing Relay Resistance APDU 2
Max Time For Processing Relay Resistance APDU 2
Transmission Time For Relay Resistance R-APDU 2
RA.17
Build Dynamic Application Data To Be Signed as defined in Table 20.6.
Table 20.6—Dynamic Application Data To Be Signed
Data Object Length
'05' (signed data format) 1
'01'(hash algorithm indicator) 1
'26' or '34' (length of ICC Dynamic 1
Data)
ICC Dynamic Data 38 or 52
Padding bytes 'BB' Length Of ICC Public Key Modulus – 63 or
Length Of ICC Public Key Modulus – 77
Unpredictable Number (Recovery) 4
RA.18
Compute the Signed Dynamic Application Data.
Refer to [SECURITY] for details.
RA.19
Build the response.
The response message is an EMV Format 2 constructed data object with tag equal to
'77' containing the TLV coded data objects specified in Table 20.7 followed by SW12
equal to '9000'.
Table 20.7—Response (CDA)
Tag Length Value
'9F27' 1 Cryptogram Information Data (Recovery)
'9F36' 2 Application Transaction Counter (Recovery)
'9F4B' Length Of ICC Public Signed Dynamic Application Data
Key Modulus
'9F10' Var. Issuer Application Data (Recovery)
UR
UPDATE RECORD
1
Update Get Challenge
Flag
3
2
Build response
P1-P2 NOK
SW12 = '6A86'
OK
5
4
payment
system
SFI other out of scope
6 EMV
OK
UR
1
13 14
Build response
Lc NOK
SW12 = '6700'
OK
15 16
Script Failed Yes
Build response
Flag set? SW12 = '6982'
No
17
Set Script Received
in PTH
18 20
Set SMI Session Key Counter Limit
CTRSMI < LIMSMI No
Exceeded in Security Limits Status
21
Yes
Set Script Failed in PTH
22
19
Set Script Failed Flag
Retrieve MAC
23
Build response
SW12 = '6985'
24
2
Commit persistent
data
UR
25
Session Key
EMV CSK MasterCard Proprietary
Derivation
method
26
SMI CSK
No
key present?
28 31
27 29 32
Derive SMI Session
New SMI Key Flag = 0 Derive SMI Session
Key (MasterCard
Key (EMV CSK)
Proprietary SKD)
30 33
SMI CSK Key Present SMI CSK Key Present
Flag = 1 Flag = 0
New SMI Key Flag = 1 New SMI Key Flag = 1
UR
36
34
Verify NOK
Set Script Failed in
MAC PTH
OK 37
41
Update Record
UR
42
Increment script
counter
43
Increment Rand
44
Build response
SW12 = '9000'
45
Commit persistent
data
UR.1
'Challenge Availability' in Get Challenge Flag := 'Successful Get Challenge' in Get
Challenge Flag
Clear 'Successful Get Challenge' in Get Challenge Flag
UR.2
IF (P1 = '00') OR ((P2 AND '07') ≠ '04')
THEN
GOTO UR.3
ELSE
GOTO UR.4
ENDIF
UR.3
Build R-APDU consisting of SW12 equal to '6A86'.
UR.4
IF ('SFI' in Reference Control Parameter > 0) AND ('SFI' in Reference Control
Parameter < 11)
THEN
GOTO UR.9
Reference Control Parameter > 10) AND ('SFI' in Reference Control
ELSE IF ('SFI' in
Parameter < 21)
THEN
GOTO UR.6
ELSE
GOTO UR.5
ENDIF
ENDIF
UR.5
The file to update is neither an EMV file nor a payment system file. Support is
implementation specific and is not specified here.
UR.6
IF 'SFI' in Reference Control Parameter = 11
THEN
GOTO UR.7
ELSE
GOTO UR.8
ENDIF
UR.7
Build R-APDU consisting of SW12 equal to '6985'.
UR.8
Support is implementation specific and is not specified here.
UR.9
IF 'SFI' in Reference Control Parameter corresponds to a supported record file
THEN
GOTO UR.11
ELSE
GOTO UR.10
ENDIF
UR.10
Build R-APDU consisting of SW12 equal to '6A82'.
UR.11
IF there is a record corresponding to Record Number
THEN
GOTO UR.13
ELSE
GOTO UR.12
ENDIF
UR.12
Build R-APDU consisting of SW12 equal to '6A83'.
UR.13
IF Lc–8 <= reserved length for record
THEN
GOTO UR.15
ELSE
GOTO UR.14
ENDIF
Note
The reserved length is a record attribute that indicates the memory allocated for the
record. It cannot be modified by the UPDATE RECORD command. It must be equal
to or greater than the length needed for correct personalization of the record, and may
be different for each record. The memory allocated remains available to store new
data using the UPDATE RECORD command. The representation of the reserved
length is not externally visible and is implementation specific.
UR.14
Build R-APDU consisting of SW12 equal to '6700'.
UR.15
IF Script Failed Flag is set
THEN
GOTO UR.16
ELSE
GOTO UR.17
ENDIF
UR.16
Build R-APDU consisting of SW12 equal to '6982'.
UR.17
Set 'Script Received' in Previous Transaction History (do not commit)
UR.18
IF SMI Session Key Counter < SMI Session Key Counter Limit
THEN
GOTO UR.19
ELSE
GOTO UR.20
ENDIF
UR.19
Retrieve MAC and New Record Value from the UPDATE RECORD command
message.
UR.20
Set 'SMI Session Key Counter Limit Exceeded' in Security Limits Status
UR.21
'Script Failed' in Previous Transaction History (do not commit)
Set
UR.22
Set Script Failed Flag
UR.23
Build R-APDU consisting of SW12 equal to '6985'.
UR.24
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
UR.25
IF 'Session Key Derivation' in Application Control = EMV CSK
THEN
GOTO UR.26
ELSE
GOTO UR.31
ENDIF
UR.26
IF SMI CSK Key Present Flag is set
THEN
GOTO UR.27
ELSE
GOTO UR.28
ENDIF
UR.27
Clear New SMI Key Flag
UR.28
SMI Session Key Counter := SMI Session Key Counter + 1
UR.29
Derive new SMI Session Key according to the EMV CSK method.
Refer to [SECURITY] for details.
UR.30
Set SMI CSK Key Present Flag
Set New SMI Key Flag
UR.31
SMI Session Key Counter := SMI Session Key Counter + 1
UR.32
Derive new SMI Session Key according to the MasterCard Proprietary SKD method.
Refer to [SECURITY] for details.
UR.33
Clear SMI CSK Key Present Flag
Set New SMI Key Flag
UR.34
Verify the MAC on the UPDATE RECORD command.
Refer to [SECURITY] for details.
IF MAC is correct
THEN
GOTO UR.35
ELSE
GOTO UR.36
ENDIF
UR.35
IF New SMI Key Flag is set
THEN
GOTO UR.40
ELSE
GOTO UR.41
ENDIF
UR.36
Set 'Script Failed' in Previous Transaction History (do not commit)
UR.37
Set Script Failed Flag
UR.38
Build R-APDU consisting of SW12 equal to '6982'.
UR.39
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
UR.40
SMI Session Key Counter := SMI Session Key Counter – 1
UR.41
Value of record indicated by Record Number := New Record Value (do not commit)
Note
The UPDATE RECORD command replaces the current record by a new record, even
if those records are of different sizes. Partial update of a record is not supported.
New Record Value is the value that will be returned by the READ RECORD.
Records in files with an SFI in the range 1 to 10 must follow the'70' template. As a
consequence, New Record Value must follow the '70' template. However, the
application does not interpret this value. It is the responsibility of the issuer to
correctly format New Record Value.
UR.42
IF 'Script Counter' in Script Counter = 'F'
THEN
'Script Counter' in Script Counter := '0' (do not commit)
ELSE
'Script Counter' in Script Counter := 'Script Counter' in Script Counter + 1 (do not
commit)
ENDIF
UR.43
IF Rand = 'FFFFFFFFFFFFFFFF'
THEN
Rand := '0000000000000000'
ELSE
Rand := Rand + 1
ENDIF
Rand is used for the verification of the MAC. In preparation of the next script
command (if any), Rand is incremented at this stage.
UR.44
Build R-APDU consisting of SW12 equal to '9000'.
UR.45
Commit the persistent data objects, that have a new value assigned but that have not
yet been committed, in one atomic operation.
Implementations have the freedom to choose the optimal method through which this
goal is achieved, depending on their card operating system and application
characteristics.
22. Verify
22.1. Verify Command Message ........................................................................ 468
22.2. Local Transient Data .................................................................................. 468
22.3. Verify Processing ....................................................................................... 469
22.3.1. Start .................................................................................................... 469
22.3.2. Encrypted PIN .................................................................................... 471
22.3.3. Plaintext PIN ...................................................................................... 480
22.3.1. Start
The symbols in this diagram are labeled VY.1.x.
VY.1
VERIFY
1
Update Get Challenge
Flag
2
'0088' P1-P2 Other
'0080'
Build response
SW12 = '6A86'
encrypted plaintext
VY.1.1
'Challenge Availability' in Get Challenge Flag := 'Successful Get Challenge' in Get
Challenge Flag
Clear 'Successful Get Challenge' in Get Challenge Flag
VY.1.2
IF P1 ≠ '00'
THEN
GOTO VY.1.3
ELSE
IF P2 = '80'
THEN
GOTO VY.3.1 (Plaintext PIN)
ELSE IF P2 = '88'
THEN
GOTO VY.2.1 (Encrypted PIN)
ELSE
GOTO VY.1.3
ENDIF
ENDIF
ENDIF
VY.1.3
Build R-APDU consisting of SW12 equal to '6A86'.
VY.2
encrypted
Reset PVS
2
encrypted
No
supported?
3
Build response
SW12 = '6985'
Yes
4
DDA Key
DDA or Dedicated Dedicated
Key
5 7 6
Build response
Lc NOK NOK Lc
SW12 = '6700'
OK OK
1 2
VY.2
1 2
8 10 9
Build response
PTC = '00' Yes Yes PTC = '00'
SW12 = '6983'
No No
11 13 12
Challenge Build response Challenge
No No
available? SW12 = '6985' available?
Yes Yes
14 15
PIN PIN
Decipherments Decipherments
Yes Yes
Error Cntr Limit Error Cntr Limit
reached? reached?
16
Set PIN Decipherments Error
Counter Limit Exceeded in
Security Limits Status Common
No No
17
Build response
SW12 = '6984'
3 4
VY.2
3 4
18 23
Increment PIN Decipherments Increment PIN Decipherments
Error Counter Error Counter
19 24
20 25
21 26
22 27
VY.2
28
Challenge NOK
OK
29
Format NOK
OK
30
Decrement PIN Decipherments
Error Counter
31
PIN NOK
35
OK Build response
SW12 = '63Cx'
VY.2
32
PTC = PTL
33
Set Offline PIN
Verification Successful in
PVS
34
Build response
SW12 = '9000'
VY.2.1
PIN Verification Status := '00'
VY.2.2
IF 'Offline Encrypted PIN Verification' in Application Control is set
THEN
GOTO VY.2.4
ELSE
GOTO VY.2.3
ENDIF
VY.2.3
Build R-APDU consisting of SW12 equal to '6985'.
VY.2.4
IF 'Key For Offline Encrypted PIN Verification' in Application Control = DDA Key
THEN
GOTO VY.2.5
ELSE
GOTO VY.2.6
ENDIF
VY.2.5
IF Lc = Length Of ICC Public Key Modulus
THEN
GOTO VY.2.8
ELSE
GOTO VY.2.7
ENDIF
VY.2.6
IF Lc = Length Of ICC PIN Encipherment Public Key Modulus
THEN
GOTO VY.2.9
ELSE
GOTO VY.2.7
ENDIF
VY.2.7
Build R-APDU consisting of SW12 equal to '6700'
VY.2.8
IF PIN Try Counter = '00'
THEN
GOTO VY.2.10
ELSE
GOTO VY.2.11
ENDIF
VY.2.9
IF PIN Try Counter = '00'
THEN
GOTO VY.2.10
ELSE
GOTO VY.2.12
ENDIF
VY.2.10
Build R-APDU consisting of SW12 equal to '6983'.
VY.2.11
IF 'Challenge Availability' in Get Challenge Flag is set
THEN
GOTO VY.2.14
ELSE
GOTO VY.2.13
ENDIF
VY.2.12
IF 'Challenge Availability' in Get Challenge Flag is set
THEN
GOTO VY.2.15
ELSE
GOTO VY.2.13
ENDIF
VY.2.13
Build R-APDU consisting of SW12 equal to '6985'.
VY.2.14
IF PIN Decipherments Error Counter ≥ PIN Decipherments Error Counter Limit
THEN
GOTO VY.2.16
ELSE
GOTO VY.2.18
ENDIF
VY.2.15
IF PIN Decipherments Error Counter ≥ PIN Decipherments Error Counter Limit
THEN
GOTO VY.2.16
ELSE
GOTO VY.2.23
ENDIF
VY.2.16
Set 'PIN Decipherments Error Counter Limit Exceeded' in Security Limits Status
Common
VY.2.17
Build R-APDU consisting of SW12 equal to '6984'.
VY.2.18
PIN Decipherments Error Counter := PIN Decipherments Error Counter + 1
VY.2.19
PIN Try Counter := PIN Try Counter – 1
VY.2.20
Set 'Offline PIN Verification Performed' in PIN Verification Status
VY.2.21
Set 'Offline Encrypted PIN Verification Performed' in PIN Verification Status
VY.2.22
The PIN Related Data is decrypted with the ICC Private Key to obtain the Recovered
Data.
Refer to [SECURITY] for more details.
VY.2.23
PIN Decipherments Error Counter := PIN Decipherments Error Counter + 1
VY.2.24
PIN Try Counter := PIN Try Counter – 1
VY.2.25
Set 'Offline PIN Verification Performed' in PIN Verification Status
VY.2.26
Set 'Offline Encrypted PIN Verification Performed' in PIN Verification Status
VY.2.27
The PIN Related Data is decrypted with the ICC PIN Encipherment Private Key to
obtain the Recovered Data.
Refer to [SECURITY] for more details.
VY.2.28
IF Recovered Data[10-17] = ICC Unpredictable Number
THEN
GOTO VY.2.29
ELSE
GOTO VY.2.35
ENDIF
VY.2.29
IF Recovered Data[1] = '7F'
THEN
GOTO VY.2.30
ELSE
GOTO VY.2.35
ENDIF
VY.2.30
PIN Decipherments Error Counter := PIN Decipherments Error Counter – 1
VY.2.31
IF (Recovered Data[2][8 : 5] = '2') AND
(Recovered Data[2][4 : 1] >= '4') AND
(Recovered Data[2][4 : 1] <= 'C') AND
(Recovered Data[9] = 'FF') AND
(Recovered Data[2 : 9] = Reference PIN)
THEN
GOTO VY.2.32
ELSE
GOTO VY.2.35
ENDIF
VY.2.32
PIN Try Counter := PIN Try Limit
VY.2.33
Set 'Offline PIN Verification Successful' in PIN Verification Status
VY.2.34
Build R-APDU consisting of SW12 equal to '9000'.
VY.2.35
Build R-APDU consisting of SW12 equal to '63Cx', where x is 'Low Order Nibble Of
PIN Try Counter' in PIN Try Counter.
VY.3
plaintext
Reset PVS
2 3
plaintext Build response
No
supported? SW12 = '6985'
Yes
5
4
Build response
Lc NOK
SW12 = '6700'
OK
6 7
PTL Build response
Yes
exceeded? SW12 = '6983'
No
8
Decrement PTC
VY.3
9
Set Offline PIN Verification
Performed in PVS
10 11
Build response
PIN NOK
SW12 = '63Cx'
OK
12
PTC = PTL
13
Set Offline PIN Verification
Successful in PVS
14
Build response
SW12 = '9000'
VY.3.1
PIN Verification Status := '00'
VY.3.2
IF 'Offline Plaintext PIN Verification' in Application Control is set
THEN
GOTO VY.3.4
ELSE
GOTO VY.3.3
ENDIF
VY.3.3
Build R-APDU consisting of SW12 equal to '6985'.
VY.3.4
IF Lc = '08'
THEN
GOTO VY.3.6
ELSE
GOTO VY.3.5
ENDIF
VY.3.5
Build R-APDU consisting of SW12 equal to '6700'.
VY.3.6
IF PIN Try Counter = '00'
THEN
GOTO VY.3.7
ELSE
GOTO VY.3.8
ENDIF
VY.3.7
Build R-APDU consisting of SW12 equal to '6983'.
VY.3.8
PIN Try Counter := PIN Try Counter – 1
VY.3.9
Set 'Offline PIN Verification Performed' in PIN Verification Status
VY.3.10
IF (PIN Related Data[1][8 : 5] = '2') AND
(PIN Related Data[1][4 : 1] >= '4') AND
(PIN Related Data[1][4 : 1] <= 'C') AND
(PIN Related Data[8] = 'FF') AND
(PIN Related Data = Reference PIN)
THEN
GOTO VY.3.12
ELSE
GOTO VY.3.11
ENDIF
VY.3.11
Build R-APDU consisting of SW12 equal to '63Cx', where x is 'Low Order Nibble Of
PIN Try Counter' in PIN Try Counter.
VY.3.12
PIN Try Counter := PIN Try Limit
VY.3.13
Set 'Offline PIN Verification Successful' in PIN Verification Status
VY.3.14
Build R-APDU consisting of SW12 equal to '9000'.
23. Subroutines
23.1. Overview .................................................................................................... 485
23.2. Add Additional Log Info ........................................................................... 486
23.3. Add transaction Amount to Temporary Accumulator ............................... 487
23.4. Build Counters Field .................................................................................. 489
23.5. Check Accumulators and Counters Limits and Set CVR .......................... 494
23.6. Check Accumulators and Counters Limits and Set/Reset CVR ................ 496
23.7. Check for CVM Transaction ...................................................................... 497
23.8. Check Format of Issuer Updates Data ....................................................... 498
23.9. Check Format of Transaction Date ............................................................ 499
23.10. Check If Record Is in Read Record Filter .................................................. 500
23.11. Check Temp Accumulators and Temp Counters Limits and Set/Reset CVR
501
23.12. Compute M/Chip 2.05 CVR ...................................................................... 503
23.13. Compute M/Chip 2.2 CVR ........................................................................ 504
23.14. Compute M/Chip 4 1.1 CVR ..................................................................... 505
23.15. Determine Accumulator Active Flag ......................................................... 507
23.16. Determine Counter Active Flag ................................................................. 509
23.17. Process Additional Check Table ................................................................ 511
23.18. Process Issuer Updates ............................................................................... 512
23.19. Recognize Currency ................................................................................... 515
23.20. Save Active Accumulators and Counters .................................................. 516
23.21. Update Temporary Accumulators and Counters........................................ 517
23.1. Overview
23.2.1. Description
Append blocks extracted from CDOL1 Related Data to the current transaction log.
The blocks are defined in the Log Data Table. The maximum number of blocks is 4.
23.2.2. Computation
FUNCTION AddAdditionalLogInfo( )
IF ('Count Of Data Entries' in Log Data Table = 0 OR 'Count Of Data Entries' in Log
Data Table > 4)
THEN
EXIT FUNCTION
ENDIF
AdditionalLogLength := 0
END FUNCTION
23.3.1. Description
Add the amount of the transaction to an accumulator and places the result in a
temporary accumulator. This function is only called when the currency of a
transaction is supported by the accumulator. The currency is supported if it is:
The currency of the accumulator,
Or it is present in the currency conversion table of the accumulator.
23.3.3. Computation
FUNCTION AddAmountToTempAccumulator( x )
FOR i := 1 TO 5
IF Transaction Currency Code = 'Currency Code i' in Accumulator x Currency
Conversion Table
THEN
Exponent := 'Conversion Exponent i'[7 : 1] in Accumulator x Currency
Conversion Table
IF 'Conversion Exponent i'[8] in Accumulator x Currency Conversion Table =
0
THEN
IF (Amount,Authorized (Numeric) * 'Conversion Rate i' in Accumulator x
Currency Conversion Table * (10^Exponent)) + Accumulator x
Amount > 999999999999
THEN
Accumulator x Amount Temp := 999999999999
EXIT FUNCTION
ELSE
Accumulator x Amount Temp := (Amount, Authorized (Numeric) *
'Conversion Rate i' in Accumulator x Currency Conversion Table *
(10^Exponent)) + Accumulator x Amount
EXIT FUNCTION
ENDIF
ELSE
IF (Amount, Authorized (Numeric) * 'Conversion Rate i' in Accumulator x
Currency Conversion Table / (10^Exponent)) + Accumulator x Amount
> 999999999999
THEN
Accumulator x Amount Temp := 999999999999
EXIT FUNCTION
ELSE
(Accumulator x Amount Temp := Amount, Authorized (Numeric) *
'Conversion Rate i' in Accumulator x Currency Conversion Table /
(10^Exponent)) + Accumulator x Amount
EXIT FUNCTION
ENDIF
ENDIF
ENDIF
NEXT
EXIT FUNCTION
END FUNCTION
Note
The division is of a BCD coded number by powers of 10 and is the truncated integer
division so it can be implemented as a right shift.
23.4.1. Description
Fill in the counters field in Issuer Application Data. The Counters Field comprises
one or two parts.
Part 1 of the Counters Field (bytes 1 to 8) is always present. The first six bytes may
contain (i.e. are eligible for):
Accumulator/balance value
One or both counter/balance value(s)
'FF' padding
Byte 7 may contain:
counter/balance value if the Part 1 is being use for an accumulator
'FF' padding
Byte 8 may contain:
maximum time for Relay Resistance APDU processing
'FF' padding
Part 2 of the Counters Field (bytes 9 to 16) is present if not all accumulator/balance or
counter/balance values could fit in Part 1. If present, the length of Part 2 is 8 bytes.
The first six bytes may contain:
accumulator/balance value
counter/balance value
'FF' padding
Byte 7 may contain:
counter/balance value if the Part 2 is being used for an accumulator
'FF' padding
Byte 8 may contain:
minimum time for Relay Resistance APDU processing
'FF' padding
only included in the counters field generated during the 1st Generate AC
command.
23.4.2. Computation
FUNCTION BuildCountersField( )
AccumulatorSlot1Available := TRUE
AccumulatorSlot2Available := TRUE
CounterSlot1Available := TRUE
Plaintext/Encrypted Counters := 'FFFFFFFFFFFFFFFF'
IF CounterSlot1Available = TRUE
THEN
Plaintext/Encrypted Counters[7] := Counter 2 Number
ELSE
IF AccumulatorSlot2Available = TRUE
THEN
Plaintext/Encrypted Counters := Plaintext/Encrypted Counters
'FFFFFFFFFFFFFFFF'
Plaintext/Encrypted Counters[9] := Counter 2 Number
ELSE
Plaintext/Encrypted Counters[15] := Counter 2 Number
ENDIF
ENDIF
ENDIF
CASE Include As Balance
IF Counter 2 Number > Counter 2 Upper Limit
THEN
CounterBalance := '00'
ELSE
CounterBalance := Counter 2 Upper Limit - Counter 2 Number
ENDIF
IF AccumulatorSlot1Available = TRUE
THEN
IF CounterSlot1Available = TRUE
THEN
Plaintext/Encrypted Counters[1] := CounterBalance
ELSE
Plaintext/Encrypted Counters[2] := CounterBalance
ENDIF
ELSE
IF CounterSlot1Available = TRUE
THEN
Plaintext/Encrypted Counters[7] := CounterBalance
ELSE
IF AccumulatorSlot2Available = TRUE
THEN
Plaintext/Encrypted Counters := Plaintext/Encrypted Counters
'FFFFFFFFFFFFFFFF'
Plaintext/Encrypted Counters[9] := CounterBalance
ELSE
Plaintext/Encrypted Counters[15] := CounterBalance
ENDIF
ENDIF
ENDIF
CASE ELSE
END SELECT
EXIT FUNCTION
END FUNCTION
23.5.1. Description
Check the values of the two accumulators and the two counters stored in temporary
variables against the corresponding lower and upper limits and set the limit exceeded
bits in the CVR.
23.5.2. Computation
FUNCTION CheckAccsCntrsLimitsSetCVR( )
THEN
Set 'Upper Consecutive Counter 2 Limit Exceeded' in Card Verification Results
ENDIF
EXIT FUNCTION
END FUNCTION
23.6.1. Description
Check the values of the two accumulators and the two counters stored in temporary
variables against the corresponding lower and upper limits and set or reset the limit
exceeded bits in the CVR.
23.6.2. Computation
FUNCTION CheckAccsCntrsLimitsSetResetCVR( )
CALL CheckAccsCntrsLimitsSetCVR( )
EXIT FUNCTION
END FUNCTION
23.7.1. Description
Check if the transaction is performed with cardholder verification. The transaction is
a CVM transaction if it is performed with:
successful offline PIN,
or online PIN,
or signature.
23.7.2. Output
Boolean:
True if the transaction is done with cardholder verification (CVM transaction)
False if the transaction is done without cardholder verification (noCVM
transaction)
23.7.3. Computation
FUNCTION CheckCVMTransaction( ) AS BOOLEAN
END FUNCTION
23.8.1. Description
Check if Issuer Updates Data is correctly formatted.
23.8.2. Output
Boolean:
True if Issuer Updates Data is correctly formatted
False if Issuer Updates Data is not correctly formatted
23.8.3. Computation
FUNCTION CheckIssuerUpdates( ) AS BOOLEAN
END FUNCTION
Note
The Length(Issuer Updates Data) is the length in bytes of the Issuer Updates Data.
23.9.1. Description
Check if the format of the transaction date is correct. The transaction date is correctly
formatted if:
the year is between 0 and 88,
the month is between 1 and 12,
and the day is between 1 and 31.
23.9.2. Output
Boolean:
True if the format of the transaction date is correct
False if the format of the transaction date is not correct
23.9.3. Computation
FUNCTION CheckFormatOfDate( ) AS BOOLEAN
EXIT FUNCTION
END FUNCTION
23.10.1. Description
When attempting to read a record in a file with SFI in the range 1 to 10, check if the
record is referenced in the Read Record Filter. If the record is referenced in the Read
Record Filter, it can not be read with the READ RECORD command on the active
interface.
If the length of the Read Record Filter is less than 4 bytes, all records can be read. If
the length of the Read Record Filter is not a multiple of 4 bytes, the last byte(s) are
discarded.
23.10.2. Output
Boolean:
True if record is referenced in the Read Record Filter
False if the record is not referenced in the Read Record Filter
23.10.3. Computation
FUNCTION CheckIfRecordInFilter( ) AS BOOLEAN
END FUNCTION
Note
The Length(Read Record Filter) is the length in bytes of the data value of the Read
Record Filter. The division is the truncated integer division.
23.11.1. Description
Check the values of the two accumulators and the two counters stored in temporary
variables against the corresponding lower and upper limits stored in temporary
variables and set or reset the limit exceeded bits in the CVR.
23.11.2. Computation
FUNCTION CheckTempAccsCntrsLimitsSetResetCVR( )
EXIT FUNCTION
END FUNCTION
23.12.1. Description
Map the CVR into M/Chip 2.05 format.
23.12.2. Computation
FUNCTION Compute2.05CVR( )
EXIT FUNCTION
END FUNCTION
23.13.1. Description
Map the CVR into M/Chip 2.2 format.
23.13.2. Computation
FUNCTION Compute2.2CVR( )
EXIT FUNCTION
END FUNCTION
23.14.1. Description
Map the CVR into M/Chip 4 version 1.1 format.
23.14.2. Computation
FUNCTION Compute41.1CVR( )
'Go Online On Next Transaction Was Set' in CVR V1.1/V1.3 := 'Go Online On Next
Transaction Was Set' in Card Verification Results
Issuer Authentication Failed in CVR V1.1/V1.3 := Issuer Authentication Failed in
Card Verification Results
'Script Received' in CVR V1.1/V1.3 := 'Script Received' in Card Verification Results
'Script Failed' in CVR V1.1/V1.3 := 'Script Failed' in Card Verification Results
'Match Found In Additional Check Table' in CVR V1.1/V1.3 := 'Match Found In
Additional Check Table' in Card Verification Results
'No Match Found In Additional Check Table' in CVR V1.1/V1.3 := 'No Match Found
In Additional Check Table' in Card Verification Results
EXIT FUNCTION
END FUNCTION
Note
Since the position of the bits of the CVR V1.1/V1.3 and the bits of the Card
Verification Results appearing in the assignations is identical, this can be efficiently
implemented by masking the Card Verification Results and copying the masked value
in the CVR V1.1/V1.3.
23.15.1. Description
Determine if an accumulator will be active for the transaction and sets the
corresponding active flag. Only accumulators with the active flag set may be updated
by the transaction.
23.15.3. Computation
FUNCTION DetermineAccActiveFlag( x )
END FUNCTION
23.16.1. Description
Determine if a counter will be active for the transaction and sets the corresponding
active flag. Only counters with the active flag set may be updated by the transaction.
23.16.3. Computation
FUNCTION DetermineCntrActiveFlag( x )
END FUNCTION
23.17.1. Description
Compares a segment extracted from CDOL1 Related Data with entries in the
Additional Check Table.
The segment to extract is parameterized in the Additional Check Table. Before
comparison with the set of entries, the extracted segment is masked with a value also
present in the Additional Check Table.
If a match is found between the masked segment and the entries, a bit in the
decisional part of the Card Verification Results is set. If not match is found, another
bit set.
23.17.2. Computation
FUNCTION ProcessAddCheckTable( )
Set 'No Match Found In Additional Check Table' in Card Verification Results
EXIT FUNCTION
END FUNCTION
23.18.1. Description
Process Issuer Updates Data. Byte 2 identifies accumulator data and byte 3 identifies
counters data present in the Issuer Updates Data.
23.18.2. Computation
FUNCTION ProcessIssuerUpdates( )
Position =4
IF 'Accumulator 1 Amount Included' in Issuer Updates Data is set
THEN
Accumulator 1 Amount Temp := Issuer Updates Data[Position : Position + 6]
Accumulator 1 Amount := Issuer Updates Data[Position : Position + 6] (do not
commit)
Position := Position + 6
ELSE
Accumulator 1 Amount Temp := Accumulator 1 Amount
ENDIF
IF 'Accumulator 1 Lower Limit Included' in Issuer Updates Data is set
THEN
Accumulator 1 Lower Limit Temp := Issuer Updates Data[Position : Position + 6]
Accumulator 1 Lower Limit := Issuer Updates Data[Position : Position + 6] (do
not commit)
Position := Position + 6
ELSE
Accumulator 1 Lower Limit Temp := Accumulator 1 Lower Limit
ENDIF
IF 'Accumulator 1 Upper Limit Included' in Issuer Updates Data is set
THEN
Accumulator 1 Upper Limit Temp := Issuer Updates Data[Position : Position + 6]
Accumulator 1 Upper Limit := Issuer Updates Data[Position : Position + 6] (do
not commit)
Position := Position + 6
ELSE
Accumulator 1 Upper Limit Temp := Accumulator 1 Upper Limit
ENDIF
ENDIF
IF 'Accumulator 2 Lower Limit Included' in Issuer Updates Data is set
THEN
Accumulator 2 Lower Limit Temp := Issuer Updates Data[Position : Position + 6]
Accumulator 2 Lower Limit := Issuer Updates Data[Position : Position + 6] (do
not commit)
Position := Position + 6
ELSE
Accumulator 2 Lower Limit Temp := Accumulator 2 Lower Limit
ENDIF
IF 'Accumulator 2 Upper Limit Included' in Issuer Updates Data is set
THEN
Accumulator 2 Upper Limit Temp := Issuer Updates Data[Position : Position + 6]
Accumulator 2 Upper Limit := Issuer Updates Data[Position : Position + 6] (do
not commit)
Position := Position + 6
ELSE
Accumulator 2 Upper Limit Temp := Accumulator 2 Upper Limit
ENDIF
EXIT FUNCTION
END FUNCTION
23.19.1. Description
Recognize if the currency of a transaction is supported by an accumulator. The
currency is supported if it is:
The currency of the accumulator,
Or it is present in the currency conversion table of the accumulator.
23.19.3. Output
Boolean:
True if the currency of the transaction is supported by accumulator x
False if the currency of the transaction is not supported by accumulator x
23.19.4. Computation
FUNCTION RecognizeCurrency( x ) AS BOOLEAN
FOR i := 1 TO 5
IF Transaction Currency Code = 'Currency Code i' in Accumulator x Currency
Conversion Table
THEN
RecognizeCurrency := TRUE
EXIT FUNCTION
ENDIF
NEXT
RecognizeCurrency := FALSE
EXIT FUNCTION
END FUNCTION
23.20.1. Description
Save the values stored in the temporary variables in the two accumulators and the two
counters.
23.20.2. Computation
FUNCTION SaveActiveAccsCntrs( )
EXIT FUNCTION
END FUNCTION
23.21.1. Description
Update the two accumulators and the two counters in temporary variables, according
to the transaction characteristics and personalization settings. The function calls the
AddAmountToTempAccumulator( x ) function to add the amount of the transaction to
a temporary accumulator.
23.21.2. Computation
FUNCTION UpdateTempAccsCntrs( )
EXIT FUNCTION
END FUNCTION
AC Session Key
Tag: –
Length: 16
Format: b
Type: Global transient
Description: ICC session key for the generation of the Application Cryptogram.
If EMV CSK derivation is used, the AC Session Key is also used for
ARPC verification.
A variant of the AC Session Key is also used to encrypt counters in
the Issuer Application Data if this option is selected.
Accumulator 1 Amount
Tag: 'DF3B'
Length: 6
Format: n12
Type: Persistent
Description: Represents the cumulative amount of transactions accepted offline
and fulfilling the criteria specified in Accumulator 1 Control.
Byte 1-2
Currency Code 1
Byte 3-4
Conversion Rate 1
Byte 5
Conversion Exponent 1
Byte 6-7
Currency Code 2
Byte 8-9
Conversion Rate 2
Byte 10
Conversion Exponent 2
Byte 11-12
Currency Code 3
Byte 13-14
Conversion Rate 3
Byte 15
Conversion Exponent 3
Byte 16-17
Currency Code 4
Byte 18-19
Conversion Rate 4
Byte 20
Conversion Exponent 4
Byte 21-22
Currency Code 5
Byte 23-24
Conversion Rate 5
Byte 25
Conversion Exponent 5
Accumulator 2 Amount
Tag: 'DF13'
Length: 6
Format: n12
Type: Persistent
Description: Represents the cumulative amount of transactions accepted offline
and fulfilling the criteria specified in Accumulator 2 Control.
Byte 20
Conversion Exponent 4
Byte 21-22
Currency Code 5
Byte 23-24
Conversion Rate 5
Byte 25
Conversion Exponent 5
Byte 1
Position In CDOL1 Related Data
Byte 2
Length In CDOL1 Related Data
Byte 3
Number Of Entries
Byte 4-18
Entries
Entries contains the concatenation of the values used for the comparison, optionally padded
with 'FF' to make up 15 bytes. The first value is used as a bit mask.
Entries consist of the following:
Bit Mask with length equal to Length In CDOL1 Related Data
Value 1 with length equal to Length In CDOL1 Related Data
...
Value Number Of Entries - 1 with length equal to Length In CDOL1 Related Data
Padding with 'FF' of length equal to 15 – Number Of Entries * Length In CDOL1 Related
Data
AID
Tag: '4F'
Length: Variable, 5 - 16 bytes
Format: b
Type: Persistent
Description: As in [EMV]
Amount, Authorized 1
Tag: –
Length: 6
Format: n12
Type: Global transient
Description: Holds a copy of Amount, Authorized (Numeric) received during the
first GENERATE AC command
Amount, Other 1
Tag: –
Length: 6
Format: n12
Type: Global transient
Description: Holds a copy of Amount, Other (Numeric) received during the first
GENERATE AC command
Byte 1
b8 Accept Online Transactions Without ARPC
b7 Skip CIAC-Default On CAT3
b6 RFU
b5 Key For Offline Encrypted PIN Verification
0: DDA Key
1: Dedicated Key
b4 Offline Encrypted PIN Verification
b3 Offline Plaintext PIN Verification
b2 Session Key Derivation
0: MasterCard Proprietary SKD
1: EMV CSK
b1 Encrypt Offline Counters
Byte 2
b8-4 RFU
b3 Additional Check Table
b2 Allow Retrieval Of Balance
b1 Include Counters In AC
Byte 3
b8-7 Compute Cryptographic Checksum
00: RFU
01: Compute Cryptographic Checksum Supported
10: Compute Cryptographic Checksum Not Supported
11: RFU
b6 Decline If CDA Not Requested And RRP Performed
b5 Go Online If RRP Not Performed
b4 Decline If Unable To Go Online And RRP Not Performed
b3 Use M/Chip 4 CDOL1
b2 Enable Alternate Interface After TC Generated
b1 Enable Alternate Interface After Successful Verify
Byte 4
b8 Include Transaction In CRM If ARQC Is Requested
b7 Use CIAC-online To Decide On ARQC Request
b6 Generate Only TC Or AAC On TC Request
b5 MTA Check
b4 Maximum Number Of Days Offline Check
b3 Include RRP Data in Counters
b2 Plaintext Offline Change PIN
b1 Encrypted Offline Change PIN
Byte 5
b8 AAC Logging
b7 TC Logging
b6 ARQC Pre-logging
b5 Include Last Online ATC in IAD
b4-2 Issuer Host Backwards Compatibility
000: No Host Backwards Compatibility
001: V2.1/V2.2 Host Backwards Compatibility
010: V2.05 Host Backwards Compatibility
011: V1.1/V1.3 Host Backwards Compatibility
1xx: RFU
b1 Partial Authorization
Byte 6
b8 Enable Alternate Interface After First Gen AC
b7 Save Accumulators And Counters on ARQC Response
b6 AC for MAS4C
0: AAC
1:ARQC
b5 Key for MAS4C Processing Flow
0: AC Master Key
1: AC Master Key (MAS4C)
b4 Torn Transaction Recovery
b3 MAS4C Processing Flow
b2 Reset Script Counter With Online Response
b1 Allow Retrieval Of Transaction Log Records
Byte 2
b8-4 RFU
b3 Additional Check Table
b2 Allow Retrieval Of Balance
b1 Include Counters In AC
Byte 3
b8-7 Compute Cryptographic Checksum
00: RFU
01: Compute Cryptographic Checksum Supported
10: Compute Cryptographic Checksum Not Supported
11: RFU
b6 Decline If CDA Not Requested And RRP Performed
b5 Go Online If RRP Not Performed
b4 Decline If Unable To Go Online And RRP Not Performed
b3 Use M/Chip 4 CDOL1
b2 Enable Alternate Interface After TC Generated
b1 Enable Alternate Interface After Successful Verify
Byte 4
b8 Include Transaction In CRM If ARQC Is Requested
b7 Use CIAC-online To Decide On ARQC Request
b6 Generate Only TC Or AAC On TC Request
b5 MTA Check
b4 Maximum Number Of Days Offline Check
b3 Include RRP Data in Counters
b2 Plaintext Offline Change PIN
b1 Encrypted Offline Change PIN
Byte 5
b8 AAC Logging
b7 TC Logging
b6 ARQC Pre-logging
b5 Include Last Online ATC in IAD
b4-2 Issuer Host Backwards Compatibility
000: No Host Backwards Compatibility
001: V2.1/V2.2 Host Backwards Compatibility
010: V2.05 Host Backwards Compatibility
011: V1.1/V1.3 Host Backwards Compatibility
1xx: RFU
b1 Partial Authorization
Byte 6
b8 Enable Alternate Interface After First Gen AC
b7 Save Accumulators And Counters on ARQC Response
b6 AC for MAS4C Processing Flow
0: AAC
1:ARQC
b5 Key for MAS4C Processing Flow
0: AC Master Key
1: AC Master Key (MAS4C)
b4 Torn Transaction Recovery
b3 MAS4C Processing Flow
b2 Reset Script Counter With Online Response
b1 Allow Retrieval Of Transaction Log Records
Application Cryptogram
Tag: '9F26'
Length: 8
Format: b
Type: Local transient
Description: The Application Cryptogram is generated during first and second
GENERATE AC. It is used to authenticate the transaction to the
issuer.
Byte 2-8
Type Approval ID
The seven bytes reserved for the Type Approval ID contain an identifier given by MasterCard
when the application passes the Type Approval process.
Byte 9-28
Application Issuer ID
Twenty bytes are reserved to identify the application issuer, which is usually the card issuer.
Using this value, the issuer can identify the personalizer and the personalization batch.
Format and content are application issuer-specific.
Byte 29-48
Application Code ID
The last 20 bytes are used to uniquely identify the application code. This identifier supports
differentiation between different application behavior. Typically, this data element contains
the identifier of the application provider, and the identifier of the application code. It is the
responsibility of the application provider to ensure that this data element always differentiates
between the two different application behaviors. The easiest way to implement this feature is
to modify the value of this data element each time there is a modification to the:
Application (version identifier)
Application code (release identifier)
Platform on which the application is actually running (e.g. virtual machine version x or y)
Hardware on which the platform or the application is actually running
Format and content are implementation-specific.
Byte 2
b8-7 RFU
b6 Decline If Issuer Updates Not Received
b5 Approve Online Transaction
b4 Update PIN Try Counter
b3 Set Go Online On Next Transaction
b2-1 Update Accumulators/Counters
00: Do Not Update Accumulators/Counters
01: Set Accumulators/Counters To Upper Offline Limits
10: Reset Accumulators/Counters To Zero
11: Add Transaction To Accumulators/Counters
ATeC
Tag: –
Length: 2
Format: b
Type: Global transient
Description: Holds the first two bytes of the Additional Terminal Capabilities that
are passed to the card from the terminal as part of the PDOL Related
Data in the GET PROCESSING OPTIONS command.
Byte 1
b8 Last Online Transaction Not Completed
b7 Unable To Go Online Indicated
b6 Offline PIN Verification Not Performed
b5 Offline PIN Verification Failed
b4 PTL Exceeded
b3 International Transaction
b2 Domestic Transaction
b1 Terminal Erroneously Considers Offline PIN OK
Byte 2
b8 Lower Consecutive Counter 1 Limit Exceeded
b7 Upper Consecutive Counter 1 Limit Exceeded
b6 Lower Cumulative Accumulator 1 Limit Exceeded
b5 Upper Cumulative Accumulator 1 Limit Exceeded
b4 Go Online On Next Transaction Was Set
b3 Issuer Authentication Failed
b2 Script Received
b1 Script Failed
Byte 3
b8 Lower Consecutive Counter 2 Limit Exceeded
b7 Upper Consecutive Counter 2 Limit Exceeded
b6 Lower Cumulative Accumulator 2 Limit Exceeded
b5 Upper Cumulative Accumulator 2 Limit Exceeded
b4 MTA Limit Exceeded
b3 Number Of Days Offline Limit Exceeded
b2 Match Found In Additional Check Table
b1 No Match Found In Additional Check Table
Byte 2
b8 Lower Consecutive Counter 1 Limit Exceeded
b7 Upper Consecutive Counter 1 Limit Exceeded
b6 Lower Cumulative Accumulator 1 Limit Exceeded
b5 Upper Cumulative Accumulator 1 Limit Exceeded
b4 Go Online On Next Transaction Was Set
b3 Issuer Authentication Failed
b2 Script Received
b1 Script Failed
Byte 3
b8 Lower Consecutive Counter 2 Limit Exceeded
b7 Upper Consecutive Counter 2 Limit Exceeded
b6 Lower Cumulative Accumulator 2 Limit Exceeded
b5 Upper Cumulative Accumulator 2 Limit Exceeded
b4 MTA Limit Exceeded
b3 Number Of Days Offline Limit Exceeded
b2 Match Found In Additional Check Table
b1 No Match Found In Additional Check Table
Byte 2
b8 Lower Consecutive Counter 1 Limit Exceeded
b7 Upper Consecutive Counter 1 Limit Exceeded
b6 Lower Cumulative Accumulator 1 Limit Exceeded
b5 Upper Cumulative Accumulator 1 Limit Exceeded
b4 Go Online On Next Transaction Was Set
b3 Issuer Authentication Failed
b2 Script Received
b1 Script Failed
Byte 3
b8 Lower Consecutive Counter 2 Limit Exceeded
b7 Upper Consecutive Counter 2 Limit Exceeded
b6 Lower Cumulative Accumulator 2 Limit Exceeded
b5 Upper Cumulative Accumulator 2 Limit Exceeded
b4 MTA Limit Exceeded
b3 Number Of Days Offline Limit Exceeded
b2 Match Found In Additional Check Table
b1 No Match Found In Additional Check Table
Byte 1
b8 Last Online Transaction Not Completed
b7 Unable To Go Online Indicated
b6 Offline PIN Verification Not Performed
b5 Offline PIN Verification Failed
b4 PTL Exceeded
b3 International Transaction
b2 Domestic Transaction
b1 Terminal Erroneously Considers Offline PIN OK
Byte 2
b8 Lower Consecutive Counter 1 Limit Exceeded
b7 Upper Consecutive Counter 1 Limit Exceeded
b6 Lower Cumulative Accumulator 1 Limit Exceeded
b5 Upper Cumulative Accumulator 1 Limit Exceeded
b4 Go Online On Next Transaction Was Set
b3 Issuer Authentication Failed
b2 Script Received
b1 Script Failed
Byte 3
b8 Lower Consecutive Counter 2 Limit Exceeded
b7 Upper Consecutive Counter 2 Limit Exceeded
b6 Lower Cumulative Accumulator 2 Limit Exceeded
b5 Upper Cumulative Accumulator 2 Limit Exceeded
b4 MTA Limit Exceeded
b3 Number Of Days Offline Limit Exceeded
b2 Match Found In Additional Check Table
b1 No Match Found In Additional Check Table
Byte 1
b8 Last Online Transaction Not Completed
b7 Unable To Go Online Indicated
b6 Offline PIN Verification Not Performed
b5 Offline PIN Verification Failed
b4 PTL Exceeded
b3 International Transaction
b2 Domestic Transaction
b1 Terminal Erroneously Considers Offline PIN OK
Byte 2
b8 Lower Consecutive Counter 1 Limit Exceeded
b7 Upper Consecutive Counter 1 Limit Exceeded
b6 Lower Cumulative Accumulator 1 Limit Exceeded
b5 Upper Cumulative Accumulator 1 Limit Exceeded
b4 Go Online On Next Transaction Was Set
b3 Issuer Authentication Failed
b2 Script Received
b1 Script Failed
Byte 3
b8 Lower Consecutive Counter 2 Limit Exceeded
b7 Upper Consecutive Counter 2 Limit Exceeded
b6 Lower Cumulative Accumulator 2 Limit Exceeded
b5 Upper Cumulative Accumulator 2 Limit Exceeded
b4 MTA Limit Exceeded
b3 Number Of Days Offline Limit Exceeded
b2 Match Found In Additional Check Table
b1 No Match Found In Additional Check Table
Byte 1
b8 Last Online Transaction Not Completed
b7 Unable To Go Online Indicated
b6 Offline PIN Verification Not Performed
b5 Offline PIN Verification Failed
b4 PTL Exceeded
b3 International Transaction
b2 Domestic Transaction
b1 Terminal Erroneously Considers Offline PIN OK
Byte 2
b8 Lower Consecutive Counter 1 Limit Exceeded
b7 Upper Consecutive Counter 1 Limit Exceeded
b6 Lower Cumulative Accumulator 1 Limit Exceeded
b5 Upper Cumulative Accumulator 1 Limit Exceeded
b4 Go Online On Next Transaction Was Set
b3 Issuer Authentication Failed
b2 Script Received
b1 Script Failed
Byte 3
b8 Lower Consecutive Counter 2 Limit Exceeded
b7 Upper Consecutive Counter 2 Limit Exceeded
b6 Lower Cumulative Accumulator 2 Limit Exceeded
b5 Upper Cumulative Accumulator 2 Limit Exceeded
b4 MTA Limit Exceeded
b3 Number Of Days Offline Limit Exceeded
b2 Match Found In Additional Check Table
b1 No Match Found In Additional Check Table
Byte 1-3
CVR Informative Part
Byte 4-6
CVR Decisional Part
Byte 1
b8-7 AC Returned In Second Generate AC
00: AAC Returned In Second Generate AC
01: TC Returned In Second Generate AC
10: AC Not Requested In Second Generate AC
11: RFU
b6-5 AC Returned In First Generate AC
00: AAC Returned In First Generate AC
01: TC Returned In First Generate AC
10: ARQC Returned In First Generate AC
11: RFU
b4 Date Check Failed
b3 Offline PIN Verification Performed
b2 Offline Encrypted PIN Verification Performed
b1 Offline PIN Verification Successful
Byte 2
b8 DDA Returned
b7 Combined DDA/AC Generation Returned In First Generate AC
b6 Combined DDA/AC Generation Returned In Second Generate AC
b5 Issuer Authentication Performed
b4 CIAC-Default Skipped On CAT3
b3 Offline Change PIN Result
b2-1 Issuer Discretionary
Byte 3
b8-5 Low Order Nibble Of Script Counter
b4-1 Low Order Nibble Of PIN Try Counter
Byte 4
b8 Last Online Transaction Not Completed
b7 Unable To Go Online Indicated
b6 Offline PIN Verification Not Performed
b5 Offline PIN Verification Failed
b4 PTL Exceeded
b3 International Transaction
b2 Domestic Transaction
b1 Terminal Erroneously Considers Offline PIN OK
Byte 5
b8 Lower Consecutive Counter 1 Limit Exceeded
b7 Upper Consecutive Counter 1 Limit Exceeded
b6 Lower Cumulative Accumulator 1 Limit Exceeded
b5 Upper Cumulative Accumulator 1 Limit Exceeded
b4 Go Online On Next Transaction Was Set
b3 Issuer Authentication Failed
b2 Script Received
b1 Script Failed
Byte 6
b8 Lower Consecutive Counter 2 Limit Exceeded
b7 Upper Consecutive Counter 2 Limit Exceeded
b6 Lower Cumulative Accumulator 2 Limit Exceeded
b5 Upper Cumulative Accumulator 2 Limit Exceeded
b4 MTA Limit Exceeded
b3 Number Of Days Offline Limit Exceeded
b2 Match Found In Additional Check Table
b1 No Match Found In Additional Check Table
CDOL1
Tag: '8C'
Length: Variable
Format: b
Type: Persistent
Description: Tells the terminal what data is needed in the first GENERATE AC.
The CDOL1 is not interpreted by M/Chip Advance and is stored in a
record referenced in the AFL.
M/Chip Advance supports the following initial values:
If 'Use M/Chip 4 CDOL1' in Application Control is set:
'9F02069F03069F1A0295055F2A029A039C019F37049F35019
F45029F4C089F3403'
If 'Use M/Chip 4 CDOL1' in Application Control is not set:
'9F02069F03069F1A0295055F2A029A039C019F37049F35019
F45029F4C089F34039F21039F7C14'
M/Chip Advance allows the extension of CDOL1 with additional data
elements (i.e. append new data elements to the CDOL1 initial
content).
CDOL2
Tag: '8D'
Length: 12 or 18
Format: b
Type: Persistent
Description: Tells the terminal what data is needed in second GENERATE AC.
The CDOL2 is not interpreted by M/Chip Advance and is stored in a
record referenced in the AFL.
If partial authorization is not supported, then the value of CDOL2 is
'910A8A0295059F37049F4C08'.
If partial authorization is supported, then the value of CDOL2 is
'910A8A0295059F37049F4C089F02069F0306'.
Counter 1 Number
Tag: 'DF1C'
Length: 1
Format: b
Type: Persistent
Description: Represents the number of transactions accepted offline and fulfilling
the criteria specified in Counter 1 Control.
Counter 2 Number
Tag: 'DF20'
Length: 1
Format: b
Type: Persistent
Description: The Counter 2 Number represents the number of transactions
accepted offline and fulfilling the criteria specified in Counter 2
Control.
Byte 1
b8-7 Type Of Cryptogram
00: AAC
01: TC
10: ARQC
11: RFU
b6-5 Payment System-specific Cryptogram
b4 Advice Required
b3-1 Reason/Advice code
000: No Information Given
001: Service Not Allowed
010: PIN Try Limit Exceeded
011: Issuer Authentication Failed
1xx: RFU
Byte 1
b8-5 Cryptogram Version
b4 RFU
b3-2 Session Key Used For AC Computation
00: MasterCard Proprietary SKD Session Key
10: EMV CSK Session Key
b1 Counters Included In AC Computation
CVC3(Track1)
Tag: '9F60'
Length: 2
Format: b
Type: Local transient
Description: Cryptogram returned in the response to the COMPUTE
CRYPTOGRAPHIC CHECKSUM command. The CVC3(Track1) is
generated based on the IVCVC3(Track1), the Application
Transaction Counter and the Unpredictable Number (Numeric).
CVC3(Track2)
Tag: '9F61'
Length: 2
Format: b
Type: Local transient
Description: Cryptogram returned in the response to the COMPUTE
CRYPTOGRAPHIC CHECKSUM command. The CVC3(Track2) is
generated based on the IVCVC3(Track2), the Application
Transaction Counter and the Unpredictable Number (Numeric).
CVM Results
Tag: '9F34'
Length: 3
Format: b
Type: Global transient
Description: As in [EMV]
CVR V2.05
Tag: –
Length: 4
Format: b
Type: Local transient
Description: Card Verification Results used in case V2.05 host backwards
compatibility is required.
Byte 1
Length
Byte 2
b8-7 AC Returned In Second Generate AC
00: AAC Returned In Second Generate AC
01: TC Returned In Second Generate AC
10: AC Not Requested In Second Generate AC
11: RFU
b6-5 AC Returned In First Generate AC
00: AAC Returned In First Generate AC
01: TC Returned In First Generate AC
10: ARQC Returned In First Generate AC
11: RFU
b4 Not Used
b3 Offline PIN Verification Performed
b2 Offline PIN Verification Failed
b1 Unable To Go Online
Byte 3
b8 Last Online Transaction Not Completed
b7 PTL Exceeded
b6-1 Not Used
Byte 4
b8-4 Not Used
b3 LCOL Or LCOTA Exceeded
b2 UCOL Or UCOTA Exceeded
b1 Maximum Offline Transaction Amount
Exceeded
CVR V2.1/V2.2
Tag: –
Length: 4
Format: b
Type: Local transient
Description: Card Verification Results used in case V2.1/V2.2 host backwards
compatibility is required.
Byte 1
Length
Byte 2
b8-7 AC Returned In Second Generate AC
00: AAC Returned In Second Generate AC
01: TC Returned In Second Generate AC
10: AC Not Requested In Second Generate
AC
11: RFU
b6-5 AC Returned In First Generate AC
00: AAC Returned In First Generate AC
01: TC Returned In First Generate AC
10: ARQC Returned In First Generate AC
11: RFU
b4 Not Used
b3 Offline PIN Verification Performed
b2 Offline PIN Verification Failed
b1 Unable To Go Online
Byte 3
b8 Last Online Transaction Not Completed
b7 PTL Exceeded
b6-1 Not Used
Byte 4
b8-4 Not Used
b3 LCOL Or LCOTA Exceeded
b2 UCOL Or UCOTA Exceeded
b1 Not Used
CVR V1.1/V1.3
Tag: –
Length: 6
Format: b
Type: Local transient
Description: Card Verification Results used in case V1.1/V1.3 host backwards
compatibility is required.
Description: Card Verification Results used in case V1.1/V1.3 host backwards
compatibility is required.
Byte 1
b8-7 AC Returned In Second Generate AC
00: AAC Returned In Second Generate AC
01: TC Returned In Second Generate AC
10: AC Not Requested In Second Generate AC
11: RFU
b6-5 AC Returned In First Generate AC
00: AAC Returned In First Generate AC
01: TC Returned In First Generate AC
10: ARQC Returned In First Generate AC
11: RFU
b4 RFU
b3 Offline PIN Verification Performed
b2 Offline Encrypted PIN Verification Performed
b1 Offline PIN Verification Successful
Byte 2
b8 DDA Returned
b7 Combined DDA/AC Generation Returned In First Generate
AC
b6 Combined DDA/AC Generation Returned In Second
Generate AC
b5 Issuer Authentication Performed
b4 CIAC-Default Skipped On CAT3
b3-1 RFU
Byte 3
b8-5 Low Order Nibble Of Script Counter
b4-1 Low Order Nibble Of PIN Try Counter
Byte 4
b8 RFU
b7 Unable To Go Online Indicated
b6 Offline PIN Verification Not Performed
b5 Offline PIN Verification Failed
b4 PTL Exceeded
b3 International Transaction
b2 Domestic Transaction
b1 Terminal Erroneously Considers Offline PIN OK
Byte 5
b8 Lower Consecutive Offline Limit Exceeded
b7 Upper Consecutive Offline Limit Exceeded
b6 Lower Cumulative Offline Limit Exceeded
b5 Upper Cumulative Offline Limit Exceeded
b4 Go Online On Next Transaction Was Set
b3 Issuer Authentication Failed
b2 Script Received
b1 Script Failed
Byte 6
b8-3 RFU
b2 Match Found In Additional Check Table
b1 No Match Found In Additional Check Table
DAC/ICC Dyn Nr
Tag: –
Length: 2
Format: b
Type: Local transient
Description: A temporary variable used to hold either the Data Authentication
Code or the first two bytes of the ICC Dynamic Number (Terminal)
prior to building the Issuer Application Data.
DDOL
Tag: '9F49'
Length: 3
Format: b
Type: Persistent
Description: Tells the terminal what data is needed for the INTERNAL
AUTHENTICATE command data. The DDOL is not interpreted by
M/Chip Advance and is stored in a record referenced in the AFL.
The value of the DDOL is '9F3704'.
Byte 2
b8-6 RFU
b5 Approve Online Transaction
b4 RFU
b3 Set Go Online On Next Transaction
b2-1 Update Accumulators/Counters
00: Do Not Update Offline Accumulators/Counters
01: Set Accumulators/Counters To Upper Offline Limits
10: Reset Accumulators/Counters To Zero
11: Add Transaction To Accumulators/Counters
DRDOL
Tag: '9F51'
Length: 3
Format: b
Type: Persistent
Description: Tells the terminal what data is needed for the RECOVER AC
command data.
The value of the DRDOL is '9F3704'.
First AC
Tag: –
Length: 8
Format: b
Type: Global transient
Description: M/Chip Advance stores the Application Cryptogram generated during
the first GENERATE AC in First AC. First AC is used during the
second GENERATE AC for ARPC verification.
Hash Result
Tag: –
Length: 20
Format: b
Type: Local transient
Description: Temporary variable used whilst building the Signed Dynamic
Application Data.
Byte 1
Length Of ICC Dynamic Number[9 : 16]
Byte 2-9
ICC Dynamic Number[9 : 16]
Byte 10
Cryptogram Information Data
Byte 11-18
Application Cryptogram
Byte 19-38
Hash Result
Byte 39-42
Terminal Relay Resistance Entropy
Byte 43-46
Device Relay Resistance Entropy
Byte 47-48
Min Time For Processing Relay Resistance APDU
Byte 49-50
Max Time For Processing Relay Resistance APDU
Byte 51-52
Transmission Time For Relay Resistance R-APDU
Byte 2
b8-7 RFU
b6 Accumulator 2 Upper Limit Included
b5 Accumulator 2 Lower Limit Included
b4 Accumulator 2 Amount Included
b3 Accumulator 1 Upper Limit Included
b2 Accumulator 1 Lower Limit Included
b1 Accumulator 1 Amount Included
Byte 3
b8-7 RFU
b6 Counter 2 Upper Limit Included
b5 Counter 2 Lower Limit Included
b4 Counter 2 Number Included
b3 Counter 1 Upper Limit Included
b2 Counter 1 Lower Limit Included
b1 Counter 1 Number Included
Byte 4 up to 45
Accumulators And Counters Related Data
IVCVC3(Track1) (Contact)
Tag: 'DF38'
Length: 2
Format: b
Type: Persistent
Description: Issuer proprietary static data object that is used as input for the
generation of the CVC3(Track1) cryptogram when the contact
interface is active.
IVCVC3(Track1) (Contactless)
Tag: 'DC'
Length: 2
Format: b
Type: Persistent
Description: Issuer proprietary static data object that is used as input for the
generation of the CVC3(Track1) cryptogram when the contactless
interface is active.
IVCVC3(Track2) (Contact)
Tag: 'DF39'
Length: 2
Format: b
Type: Persistent
Description: Issuer proprietary static data object that is used as input for the
generation of the CVC3(Track2) cryptogram when the contact
interface is active.
IVCVC3(Track2) (Contactless)
Tag: 'DD'
Length: 2
Format: b
Type: Persistent
Description: Issuer proprietary static data object that is used as input for the
generation of the CVC3(Track2) cryptogram when the contactless
interface is active.
KDCVC3 (Contact)
Tag: –
Length: 16
Format: b
Type: Persistent
Description: ICC derived key for CVC3 generation when the contact interface is
used. KDCVC3 (Contact) is used directly to compute the dynamic
CVC3. No session key is used.
KDCVC3 (Contactless)
Tag: –
Length: 16
Format: b
Type: Persistent
Description: ICC derived key for CVC3 generation when the contactless interface
is used. KDCVC3 (Contactless) is used directly to compute the
dynamic CVC3. No session key is used.
Byte 2
Target Application
'00': The target application is this application
'yy': The target application is the application with Linked Application Index equal to 'yy'.
'FF': The target application is the application with AID equal to the AID indicated in the
next two fields below, which may be the currently selected application. Full match is
required between the two AIDs.
Byte 3
Length of AID
'Length of AID' is only present if 'Target Application' = 'FF'
The following table lists the supported values for 'Target Data ID':
Target Data ID Name Length New Value
'0000' Block status 1 '00': Unblocked
'01': Blocked
Other values RFU
'00A5' FCI Proprietary Template Variable Not interpreted
Log Format
Tag: '9F4F'
Length: Variable
Format: b
Type: Persistent
Description: The Log Format identifies the content of records in the Log Of
Transactions. The Log Format is not interpreted by M/Chip Advance
and is returned in response to a GET DATA command.
The following DOL provides the data elements identified in the Log
Format, and the order in which they appear without the additional
information defined by the Log Data Table:
'9F27019F02065F2A029A039F36029F5206DF3E019F21039F7C14'
The length of the Log Format is variable. If no additional
information is defined by the Log Data Table, then the length of the
Log Format is 26 bytes. A memory space of at least 48 bytes must
be available for the Log Format.
MAC
Tag: –
Length: 8
Format: b
Type: Local transient
Description: A temporary variable used to hold the MAC where data
authentication is needed.
PDOL
Tag: '9F38'
Length: 0 or 3
Format: b
Type: Persistent
Description: Contains a list of terminal resident data objects needed in the
processing of the GET PROCESSING OPTIONS command. If
MAS4C is not activated, PDOL is not present. If MAS4C is
activated, the value of PDOL is '9F4005'.
PDOL Values
Tag: –
Length: 0 or 5
Format: b
Type: Global transient
Description: PDOL Values is used to compute the intermediate hash result during
the calculation of the Signed Dynamic Application Data.
Plaintext/Encrypted Counters
Tag: –
Length: 8 or 16
Type: Local transient
Description: Temporary variable containing offline counters in a plaintext or
encrypted format. It is used as input to the Application Cryptogram
calculation and it is included in the Issuer Application Data.
Rand
Tag: –
Length: 8
Format: b
Type: Global transient
Description: M/Chip Advance stores the Application Cryptogram generated during
the first GENERATE AC in Rand. Rand is incorporated into the
computation of the MAC that protects the integrity of a script.
Record Number
Tag: –
Length: 1
Format: b
Type: Local transient
Description: Temporary variable used to indicate the record number of the target
record during an UPDATE RECORD command.
Recovered Data
Tag: –
Length: Variable
Format: b
Type: Local transient
Description: Temporary variable containing the PIN related data after decryption
during OFFLINE CHANGE PIN and VERIFY commands.
Reference PIN
Tag: –
Length: 8
Format: b
Type: Persistent
Description: Structured PIN block containing the cardholder PIN.
Return Value
Tag: –
Length: 1
Format: b
Type: Local transient
Description: Temporary variable containing data to be returned from a subroutine.
Return Value has values of either true or false.
RRP Counter
Tag: –
Length: 1
Format: b
Type: Global transient
Description: RRP Counter counts the number of EXCHANGE RELAY
RESISTANCE DATA commands after a GET PROCESSING
OPTIONS command.
Script Counter
Tag: –
Length: 1
Format: b
Type: Persistent
Description: Indicates the number of script commands processed previously. The
low order nibble is included in the information part of the Card
Verification Results.
Byte 1
b8-5 RFU
b4-1 Script Counter
Terminal Type
Tag: '9F35'
Length: 1
Format: n2
Type: Local transient
Description: As in [EMV]
Byte 2
b8 ICC And Terminal Have Different Application Versions
b7 Expired Application
b6 Application Not Yet Effective
b5 Requested Service Not Allowed For Card Product
b4 New Card
b3-1 RFU
Byte 3
b8 Cardholder Verification Was Not Successful
b7 Unrecognised CVM
b6 PIN Try Limit Exceeded
b5 PIN Entry Required And PIN Pad Not Present Or Not Working
b4 PIN Entry Required, PIN Pad Present, But PIN Was Not Entered
b3 Online PIN Entered
b2-1 RFU
Byte 4
b8 Transaction Exceeded Floor Limit
b7 Lower Consecutive Offline Limit Exceeded
b6 Upper Consecutive Offline Limit Exceeded
b5 Transaction Selected Randomly For Online Processing
b4 Merchant Forced Transaction Online
b3-1 RFU
Byte 5
b8 Default TDOL Used
b7 Issuer Authentication Failed
b6 Script Processing Failed Before Final Generate AC
b5 Script Processing Failed After Final Generate AC
b4 Relay Resistance Threshold Exceeded
b3 Relay Resistance Time Limits Exceeded
b2-1 Relay Resistance Performed
00: Relay resistance protocol not supported (not used by this
version of the specification)
01: RRP Not Performed
10: RRP Performed
11: RFU
Transaction Date
Tag: '9A'
Length: 3
Format: n6 YYMMDD
Type: Global transient
Description: As in [EMV]
Transaction Time
Tag: '9F21'
Length: 3
Format: n6 HHMMSS
Type: Global transient
Description: As in [EMV]
Transaction Type
Tag: '9C'
Length: 1
Format: n2
Type: Global transient
Description: As in [EMV]
Unpredictable Number
Tag: '9F37'
Length: 4
Format: b
Type: Local transient
Description: As in [EMV]