Professional Documents
Culture Documents
CARD SPECIFICATION
DISCLAIMER
This Specification is provided "AS IS" "WHERE IS" and "WITH ALL FAULTS". Neither
Discover Financial Services, nor Diners Club International Ltd., nor any of their affiliates,
subsidiaries, directors, officers or employees (collectively, the “DFS Parties”) assume or
accept any liability for any errors or omissions contained in the Specification.
For the avoidance of doubt, the DFS Parties make no representation or warranty
regarding whether any particular physical implementation of any part of this Specification
does or does not violate, infringe, or otherwise use the patents, copyrights, trademarks,
trade secrets, know-how, and/or other intellectual property of third parties, and thus any
person who implements any part of this Specification should consult an intellectual
property attorney before any such implementation. Any party seeking to implement this
Specification is solely responsible for determining whether their activities require a
license to any technology including, but not limited to, patents on public key encryption
technology. The DFS Parties shall not be liable for any party’s infringement of any
intellectual property right.
TABLE OF CONTENTS
1 Introduction ......................................................................................... 27
1.1 Objectives ............................................................................................................... 27
1.2 Audience................................................................................................................. 27
1.3 Scope of Document.................................................................................................. 27
1.4 New Features .......................................................................................................... 28
1.5 Document Organization ............................................................................................ 28
1.6 Data Conventions .................................................................................................... 28
1.7 Terminology ............................................................................................................ 29
1.8 Reference Documents .............................................................................................. 30
3 Application States................................................................................. 35
Appendixes
Appendix A. Acronyms & Glossary ............................................................................................. 163
Appendix B. Data Dictionary...................................................................................................... 171
1 Data Element Summary Table................................................................................. 171
2 Data Elements ....................................................................................................... 177
3 ICC Master Key Application Cryptogram (ICC MKac).................................................. 177
4 AltAIDs (Aliases).................................................................................................... 177
5 Application Cryptogram (AC)................................................................................... 177
6 Application Configuration Options (ACO) .................................................................. 178
7 Application Currency Code (9F42) ........................................................................... 179
8 Application Currency Exponent (9F44) ..................................................................... 179
9 Application Discretionary Data ................................................................................ 179
10 Application Effective Date ....................................................................................... 179
11 Application Expiration Date ..................................................................................... 179
12 Application File Locator (AFL).................................................................................. 180
13 Application Identifier (AID) ..................................................................................... 180
14 Application Interchange Profile (AIP) ....................................................................... 181
15 Application Label ................................................................................................... 182
16 Application Preferred Name .................................................................................... 182
17 Application Primary Account Number (PAN).............................................................. 182
18 Application Primary Account Number Sequence Number (PSN) .................................. 182
19 Application Priority Indicator (API)........................................................................... 182
20 Application Transaction Counter (ATC)..................................................................... 183
21 Application Usage Control (AUC) ............................................................................. 183
22 Application Version Number (AVN) .......................................................................... 184
23 Authorization Code................................................................................................. 184
24 Authorization Response Code (ARC) ........................................................................ 184
25 Card Action Codes (CACs)....................................................................................... 185
26 Card Risk Management Data Object List 1 (CDOL1) .................................................. 186
27 Card Risk Management Data Object List 2 (CDOL2) .................................................. 187
28 Card Status Update (CSU) ...................................................................................... 188
29 Card Verification Results (9F52) .............................................................................. 188
30 Cardholder Name................................................................................................... 191
31 Cardholder Name Extended .................................................................................... 191
32 Cardholder Verification Method (CVM) List ............................................................... 191
33 Certificate Authority Public Key Index (PKI).............................................................. 192
34 CRM Country Code................................................................................................. 192
FIGURES
Figure 1 - STATE-MACHINE Transitions Diagram ..............................................................37
Figure 2 - D-PAS EMV Transaction Processing Flow...........................................................40
Figure 3 - Generic Command Processing Flow...................................................................59
Figure 4 - APPLICATION BLOCK Transaction Flow Diagram ...............................................65
Figure 5 - APPLICATION UNBLOCK Transaction Flow Diagram ...........................................69
Figure 6 - CARD BLOCK Transaction Flow Diagram ...........................................................73
Figure 7 - GENERATE AC Flow Diagram (Start) .................................................................80
Figure 8 - GENERATE AC Flow Diagram (AAC) ..................................................................81
Figure 9 - GENERATE AC Flow Diagram (PTH Processing) .................................................82
Figure 10 - GENERATE AC Flow Diagram (CAC) ................................................................83
Figure 11 - GENERATE AC Flow Diagram (ARQC)..............................................................84
Figure 12 - GENERATE AC Flow Diagram (CAC-Online)......................................................85
Figure 13 - GENERATE AC Flow Diagram (NCOT inc) ........................................................86
Figure 14 - GENERATE AC Flow Diagram (CRM)................................................................87
Figure 15 - GENERATE AC Flow Diagram (TC1) ................................................................88
Figure 16 - GENERATE AC Flow Diagram (Authen Data Present) ........................................89
Figure 17 - GENERATE AC Flow Diagram (No Authen Data)...............................................90
Figure 18 - GENERATE AC Flow Diagram (TC2) ................................................................91
Figure 19 - GENERATE AC Flow Diagram (GENAC) ............................................................92
Figure 20 - GET CHALLENGE Transaction Flow .................................................................98
Figure 21 - GET DATA Transaction Flow Diagram............................................................103
Figure 22 - GET PROCESSING OPTIONS Flow Diagram ...................................................108
Figure 23 - INTERNAL AUTHENTICATE Flow Diagram .....................................................113
Figure 24 - PIN CHANGE/UNBLOCK Transaction Flow Diagram. .......................................118
Figure 25 - PUT DATA Transaction Flow Diagram (part 1) ...............................................125
Figure 26 - PUT DATA Transaction Flow Diagram (part 2) ...............................................126
Figure 27 - READ RECORD Response Message Data Field................................................131
Figure 28 - READ RECORD Transaction Flow Diagram .....................................................132
Figure 29 - SELECT FILE Command Transaction Flow Diagram ........................................ 137
Figure 30 - UPDATE RECORD Transaction Flow Diagram .................................................141
Figure 31 - VERIFY Transaction Flow Diagram 1 .............................................................146
Figure 32 - VERIFY Transaction Flow Diagram 2 .............................................................147
Figure 33 - Issuer Script Commands Flow Diagram .........................................................152
TABLES
Table 1 - Data Conventions .............................................................................................29
Table 2 - Reference Documents.......................................................................................30
Table 3 - D-PAS Functionality ..........................................................................................31
Table 4 - D-PAS Command Support .................................................................................34
Table 5 - Command APDU Acceptance or Rejection for Current Application State................35
Table 6 - PSE Record Format...........................................................................................42
Table 7 - Transaction Logging Configuration Options ........................................................54
Table 8 - APDU Command Summary Table.......................................................................60
Table 9 - APPLICATION BLOCK Command........................................................................63
Table 10 - APPLICATION BLOCK Status Words and Application Final State .........................64
Table 11 - APPLICATION BLOCK Command Example.........................................................66
Table 12 - APPLICATION BLOCK Response Example .........................................................67
Table 13 - APPLICATION UNBLOCK Command..................................................................67
Table 14 - APPLICATION UNBLOCK Status Words and Application Final State .....................68
Table 15 - APPLICATION UNBLOCK Command Example ....................................................70
Table 16 - APPLICATION UNBLOCK Response Example .....................................................71
Table 17 - CARD BLOCK Command ..................................................................................71
Table 18 - CARD BLOCK Status Words and Application Final State .....................................72
Table 19 - CARD BLOCK Command Example.....................................................................75
Table 20 - CARD BLOCK Response Example .....................................................................76
Table 21 - GENERATE AC Cryptogram Types ....................................................................76
Table 22 - GENERATE AC Command ................................................................................76
Table 23 - GENERATE AC Reference Control Parameter.....................................................77
Table 24 - GENERATE AC Response Data Field, CDA not requested....................................77
Table 25 - GENERATE AC Response Data Field for TC or ARQC, CDA requested..................78
Table 26 - GENERATE AC Response Message Data Field for AC, CDA requested..................78
Table 27 - GENERATE AC Cryptogram Information Data....................................................78
Table 28 - GENERATE AC Status Words and Application Final State ...................................79
Table 29 - GENERATE AC Command Example...................................................................95
Table 30 - GENERATE AC Response Example....................................................................96
Table 31 - GET CHALLENGE Command ............................................................................97
Table 32 - GET CHALLENGE Status Words and Application Final State................................97
Table 33 - GET CHALLENGE Command Example ...............................................................99
REVISION STATUS
Revision Status Date Description
SUMMARY OF CHANGES
The following table contains a summary of key changes to the D-PAS Card Specification version 1.0,
which is being updated as version 1.1.
It is important to note that this Summary of Changes is not a comprehensive list of all changes to D-
PAS Card Specification. Please carefully review this entire document for detailed changes.
Document
Section Changes
Revision Added
Summary
Section 2: D- • Table 3, D-PAS Functionality:
Payment
Application o Card Action Analysis and AC Gen: Deleted Application disabling – Mandatory
Specification (D- o Application Selection: Changed Directory Method (PSE) from an Issuer Option
PAS) to an Application Option.
Document
Section Changes
Section 2: Table 5: Command APDU Acceptance or Rejection for Current Application State –
Application modified as follows:*
States
INITIALIZED VERIFIED CHALLENGED SCRIPT
GET A A A R
CHALLENGE
GET DATA A A A A
GET DATA A A A A
(GPO
PROTECTED)
INTERNAL A A A R
AUTHENTICATE
VERIFY A A A R
[Plaintext]
VERIFY R R A R
[Encrypted]
*Note:
Modified the Application Protocol Data Unit (APDU) Acceptance (A) and Rejection
(R) responses for the following commands to meet current terminal requirements:
• CHALLENGED State - GET CHALLENGE: Changed the response to
“A”.
• SCRIPT State - GET DATA, GET DATA (GPO PROTECTED), GET DATA
(PIN PROTECTED), and READ RECORD commands: Changed the
response to “A”.
• INITIALIZED and VERIFIED State - INTERNAL AUTHENTICATE
command: Changed the response to “A”.
• VERIFY command: Split into two components - plaintext and
encrypted to enable the use of separate A and R criteria.
Section 4: High- • Section 4.11.1 Velocity Checking (Paragraph 4):
Level D-PAS
Application o Added unless bit 3 of the PRU byte for ‘Profile 0’ is set as follows:
Processing “If transaction profiles are not defined by the issuer, the NCOT in the ‘default
profile’ shall be used for all transactions, unless bit 3 of the PRU byte for
‘Profile 0’ is set.”
• Section 4.12.1 Issuer Authentication:
Document
Section Changes
Section 5: • Section 5.2 Common APDU Command Responses:
Common APDU
Command o At the end of the section, added a note that designates the sequence of the
Processing figures in the following sections as “recommended” rather than
“mandatory”.
• Section 5.3 APDU Command Summary Table (Table 10):
o “The ‘Script Failed’ bit in PTH (B1b1) is set by default, and only
cleared when the command is successful. Any error condition
should thus result in a ‘Script Failed’ bit of PTH being set.”
• Section 6.4.3 Data Field Returned in the Response Message:
• Section 6.4.6 S11 and S12: Expanded to include additional details regarding the
setting of Profile Resource Usage (PRU) values versus the acceptance of default
global values.
• Section 6.5.1 and 6.5.5 (Figure 20): Modified the description of the GET
CHALLENGE command to include the availability of the command in the
VERIFIED state.
o Replaced Card Application Life Cycle Data with the Issuer Life Cycle Data
(global change).
o Added CRM Country Code to the table.
• Section 6.6.6 (S2): Expanded to include the Counter Value/Limit and the
associated data elements to be checked for an Offline Balance Data Object
or a Counter Value/Limit.
• Figure 21:
o Added cross reference between GPO command execution and profile specific
tag read access request.
o Added flow for Issuer Defined Data Tags (IDDT).
o Added edit for handling overflow of offline balance.
Document
Section Changes
• Section 6.9.2 Command APDU:
o Last paragraph - Changed the PIN data to be used in the MAC generation
from its plaintext value to an “encrypted PIN block”.
• Section 6.9.4 Processing State Returned in Response Message:
• 6.12.4 (Table 70): Expanded the table note to include “and error codes” to
address an omission.
• 6.13.2 (Table 73): Added “command” to the value of the Lc to read as “Length
of command data” to address an omission.
o Clarified that the Command Data Length (Lc) varies based on whether the
PIN block is enciphered or plaintext.
• Section 6.14.4 Processing State Returned in the Response Message (Table 82):
o Added the ’67 00’ SW1 SW2 error code to the table.
• Section 6.14.6 Notes (S4):
Document
Section Changes
Appendix B • Table 85 – Data Elements Table: Updated the following data elements:
o B2b8: Replaced Off-line PIN verification not performed with Invalid PDOL
check.
o B2b4, B2b3, B2b2, B2b1 - Added “Note: May be profile-specific”
o Inserted after the table for clarification: “Note: Bits shaded in Blue are not
significant in the CAC-denial array.”
• Section 25 - Deleted:
D-PAS application proprietary data element that provides traceability of the D-PAS
chip card and its personalization.
It shall contain at a minimum:
• IC Type
• IC Serial Number
• IC Personalization Date
The Card Application Life Cycle Data is stored at the card level and may be obtained
using the GET DATA command.
Format: Binary, variable length.
Document
Section Changes
• Table 95 - Card Status Update (CSU) Encoding:
o B2b6 – Omission error: Added “1” and “DO NOT Reset Script Counter”
o B2b4 - Added for clarification: “If the PTC value in CSU B1b4-b1 > PTL
then PTC is updated with PTL value.”
• Table 96 - Card Verification Results (CVR) Encoding updated as follows:
• Format – bytes: Modified the formats in the following sections to meet current
terminal requirements: Sections 41, 69, 70, 71, 72, 88, 95, 96, and 97.
• Section 56 - Issuer Application Data Object List (IADOL): Modified the section
and Table 105 to clarify the use of IADOL.
• Section 60 - Issuer Defined Data Tags (DF01 to DF0A): Added a note to show
the maximum size of Issuer Defined Data Tags.
• Table 108 – Issuer Defined Data Tags (IDDT) Access Conditions Encoding B2b3:
Replaced “1” with “0”.
• Section 62 Issuer Life Cycle Data: New section added to address Issuer Life
Cycle Data.
o Table 110 - B1b5: Added a note to address the option of sending the first
transaction of a new card online.
o Table 111 – Added a new table to provide the conditions for setting and
clearing the contents of the PTH.
• Section 80 Reference PIN: Added a new section to describe the functionality of
the Reference PIN, which is a D-PAS proprietary data element.
Document
Section Changes
• Section 82 Security Counters and Limits (Table 113): Included information in
the Purpose column relative to exceeding the: ATC Limit, Encrypted PIN
cryptography failure limit, Failed MAC limit, Lifetime MAC Limit, Script Counter,
and Session MAC Limit.
• Section 93 Transaction Log Entry: Added a note and modified Table 114 BYTE 1
to verify the location of the Short File Identifier (SFI).
Appendix C • Section 1 Transaction Profiles: Added “PRU” to the first table and modified the
number of bytes to match the current values included in Appendix B for the
NCOT counter and LCOL, UCOL, LCOA, UCOA, and STA limits.
• Table 117 – Transaction Profile Content: Added the following to the designated
bits for clarification:
• Table 117, Note, paragraph 3: Clarified that the selection of a particular profile
will overwrite the Card Risk Management (CRM) resources specified in the global
profile as follows:
“These elements may also be individually accessed using the ‘Get Data’
command and tags in the range ‘C5’-‘CD’. A ‘Put Data’ command referencing
one of these data items directly (tags ‘C5’-‘CC’) will affect the CRM resource
specified in the current profile (as specified in the PRU bitmap). If the
resource being used by the currently selected profile is defined as being
‘Global’ (relevant PRU bit set to ‘0’), the data item in ‘profile 0’ will be
modified.”
• Table 118 – PDOL – Check Entry Content. Changes the Bit Mask for the Ref Data
Size by changing the value from 1 to 0 as follows: “(set bits you wish to
ignore to 0)”
• Table 119 – PDOL Check Entry Content: Modified the B1b8 encoding to include
values for both contact and contactless options as follows:
Document
Section Changes
• Section 2, Table 122: Modified the following Tags and Total Length of the PDOL-
Check Arrays to reflect currently used terminal values:
Appendix D, D- • Section 1, Table 123. Modified the Length to conform to standard terminal
PAS Application practices for the following Data Elements:
Personalization
o “The P1 value in the STORE DATA command header shall be ignored except
for the 3 first high-order bits, used to indicate an encrypted DGI or the
last STORE DATA command.”
• Section 3.8, Table 132 – Data Content for DCI ‘020n’: Modified to enable
conformity between this Card Specification and the D-PAS Key Management
Guide.
• Table 137 - Data Content for DGI '4000': Changed the Length for the ‘C2’ Data
Element to 48 based on current practices.
Document
Section Changes
• Table 141 – Data Content for Template ‘BF3b’ Entry:
• Section 5.3 Store Data Command: Added reference to [EMV CPS] to clarify
encryption/decryption requirements.
Appendix E, • Table 161 – Issuer Master Keys Used in Examples and Table 162 – ICC Master
Example Keys Key Used in Examples: Inserted additional information for the Ac Gen, Script
MAC, and Script Encrypt for the master keys used in examples.
1 INTRODUCTION
This document describes the technical and functional specifications of the D-Payment
Application Specification (D-PAS) chip card application, which is compliant with EMV™ v4.2
specifications.1 These specifications are meant to be generic, in that the D-PAS application
may be implemented on many different card types by multiple application providers.
1.1 OBJECTIVES
The objective of this document is to provide guidance information for the implementation of
the D-PAS application. It is meant to be a stand-alone specification which provides all of the
technical information necessary to create a D-PAS-compliant application.
1.2 AUDIENCE
The target audience for this document is developers of the D-PAS application, as well as
system integrators working with issuers and employees of Discover Financial Services (DFS).
The guide may also be useful for issuers and Card Bureaus involved in the personalization of
the D-PAS application.
1
EMV™ is a trademark owned by EMVCo LLC.
• The ability for the issuer to create 3 or more Alternate AIDs (AltAIDs), or
Aliases for the D-PAS application. Each ‘AltAID’ shall have its own File Control
Information (FCI) and Processing Data Objects List (PDOL) list, and shall allow
the D-PAS application to be selected according to multiple Application Identifiers
(AIDs) for regional specifics.
• New Cryptographic options include use of the EMV Common Session Key (CSK)
derivation mechanism, and Common Core Definitions (CCD)-compliant
Application Cryptograms.
These configuration and implementation options are detailed in the following sections.
1.7 TERMINOLOGY
The following terminology applies:
• “shall”, “ must”, “required” - Denotes a mandatory requirement
• “should” - Denotes a recommendation
• “may”, “optional” - Denotes an optional feature
Prior to acquiring and using any one of these Reference Documents to obtain additional
information, please check for any updates in the D-PAS bulletin section of Infonet.
• Mandatory: This must be present and must conform to the behavior described
in the D-PAS application specifications.
• Issuer Option: This must be present in the D-PAS application but the issuer
may configure the application to not use the feature.
3 APPLICATION STATES
The D-PAS application is built on a state machine architecture, which controls the availability
of certain APDU commands. The D-PAS application is free to implement the state machine in
any way it sees fit, but the application must be able to record the following four main
application states and two sub-states:
• SELECTED: The D-PAS application has been selected using the ISO-standard
‘Select DF’ command.
• INITIALIZED: The D-PAS application has successfully processed the GPO APDU
command.
• (sub) VERIFIED: The D-PAS application has received a correct ‘Verify PIN’ APDU
command.
The D-PAS application shall accept or reject a command APDU, according to its current state
and the following table.
APPLICATION R R R R R A
BLOCK
APPLICATION R R R R R A
UNBLOCK
CARD BLOCK R R R R R A
GENERATE R A A A A R
APPLICATION
CRYPTOGRAM
GET R A A A R R
CHALLENGE
GET DATA A A A A R A
GET A R R R R R
PROCESSING
OPTIONS
INTERNAL R A A A R R
AUTHENTICATE
PIN R R R R R A
CHANGE/UNBLO
CK
PUT DATA R R R R R A
READ RECORD A A A A R A
READ RECORD R A A A R R
(GPO
PROTECTED)
SELECT A A A A A A
UPDATE R R R R R A
RECORD
VERIFY A A A A R R
[Plaintext]
VERIFY R R R A R R
[Encrypted]
A = APDU accepted.
R = APDU rejected.
IDLE Unprotected
SELECT DF IDDT PUT DATA
Unprotected
DE-SELECT or RESET GET DATA
+ READ RECORD
SELECTED
VERIFY PIN
[Plaintext]
GPO-protected
GET DATA Scripted
INTERNAL + READ RECORD command fails
VERIFIED AUTHENTICATE GPO
GET
INITIALIZED
CHALLENGE
VERIFY PIN
[Plaintext] Any other CHALLENGED
1st GEN AC
command
PIN Protected
GET Data IDDT
VERIFY PIN
[Enciphered]
ARQC in 1st
GEN AC
TC or AAC in 1st GEN AC
PIN Protected, Unprotected, or
GPO protected PUT Data IDDT GET
(no Secure Messaging) CHALLENGE
TC or AAC in
2nd GEN AC
2nd GEN AC
ONLINE
SCRIPT
All Scripted commands
(Secure Messaging)
VERIFIED
Command succeeded
Command failed
or succeeded
The D-PAS application follows a standard EMV transaction processing flow, as described in
[EMV 4.2-2]. Additional internal card processes have been added to provide a maximum
amount of flexibility to the D-PAS application (e.g., PDOL pre-processing and Transaction
profile selection, or IADOL-configurable IAD contents).
The following diagram provides a general overview of the standard D-PAS transaction process
flow for both the terminal and card specification. For information regarding the steps
associated with the D-PAS Terminal, refer to the [D-PAS TS] document.
Step 1: Application
Chip card provid es supported appli cations Terminal di entifies and sele cts an applic atio n
Selection
Chip card provid es appli cation capabili ties
Step 2: Initiate and locatio n of data
Terminal initiates transaction
Applicatio n Processing
Step 3: Read Applicat oi n Chip car d provides application data Terminal requests and stores application data
Data
Step 4: Offline Da ta
Authe ntication fI DD A: chip card generates security data IfSD A orD DA: terminal vali date s chip card
The first digit of the service code for a D-PAS chip card must be:
On some card platforms, the discretionary part of ATR data may be updated by the D-PAS
application. For example, this may be used by the issuer to display an offline balance.
Key: M=Mandatory
O=Optional
The EMV implicit selection mechanism using PSE is outside the scope of the D-PAS application
specification.
If the ‘PDOL check’ mechanism described in Appendix C is being used, then the FCI may
contain a PDOL list, specifying the tagged ‘terminal-resident’ data objects the card expects to
receive in the GET PROCESSING OPTIONS APDU command.
Any terminal intended to be used to unblock the application shall continue to proceed with the
transaction in order to unblock that application with that AID.
If the D-PAS chip card has been blocked by a previous CARD BLOCK command, the status
words SW1 SW2 returned in response to the SELECT command shall be ‘6A81’ (Function not
supported).
If the ATC Limit of the D-PAS application is exceeded, the status words SW1 SW2 returned in
response to the SELECT command shall be '6985' (Conditions of use not satisfied).
‘Profile’, with a ‘profile-specific’ set of CRM elements (Offline counters and limits, AIP, AFL,
and CACs).
The main payment application shall provide the ability to be accessed by using a minimum of
4 different AID values (main AID + 3 Alternate AIDs). These 3 AltAIDs shall be registered in
the main payment application, and when receiving an APDU command, the main application
shall check if the AID originally used to select the application is within its approved AID list. If
the AID value is not in the list, then it shall not be possible to access the main application
using that AID. The Alias application contains an alias-specific FCI (response to SELECT). This
FCI record may contain an ‘Alias-specific’ PDOL list, which may be used to select an ‘Alias-
specific’ set of internal card resources. The maximum number of alternate AIDs is fixed by
implementation constraints and by the design of the smartcard application.
The AIP and AFL data returned by the D-PAS application in response to a GET PROCESSING
OPTIONS command shall be returned in format 2
The GET PROCESSING OPTIONS command ensures that the following are performed:
• Inform the D-PAS application that the processing of a new transaction has
begun.
• If PDOL Checks are activated, provide to the D-PAS application all terminal-
related transaction-specific information requested in PDOL, and provide an
opportunity for the card to ‘pre-process’ transaction-specific data and then
perform one of three actions:
• Select a specific ‘Transaction Profile’ with profile-specific AIP, AFL, and CRM values
(PDOL-Profile check). Note: Profile-specific CRM values are used in all subsequent
processing, including following PDOL check.
• Ensure that the D-PAS application provides to the terminal the proper
‘Application Interchange Profile’ (AIP) and a list of files that contain the D-PAS
chip card application data to be used in processing the transaction (AFL). The
AIP and AFL may be transaction profile-specific.
• The D-PAS application shall also increment the ATC, and reset the Card
Verification Results (CVR). The application switches to an ‘INITIALIZED’ state.
The D-PAS application offers a configuration option that provides the ability to specify that the
EMV-standard READ RECORD and GET DATA commands may only be executed after the card
is in an ‘INITIALIZED’ state (i.e., that the GET PROCESSING OPTIONS command has been
performed). This provides an additional level of cardholder data confidentiality and ensures
that the ATC is incremented each time data is read from the card
The issuer has the ability to activate or de-activate the PDOL-check mechanisms by setting
(or clearing) byte 2, bit 4 of the global Application Configuration Options (ACO) element. If
this bit is set, any previously defined PDOL-checks (Decline, Profile, and Online) shall be
executed. If this bit is not set, the card shall not perform any PDOL-check processing
(functionality is disabled). An issuer that chooses not to use the PDOL-check mechanism may
also clear this ACO bit to optimize transaction performance. If the ACO bit is cleared, all PDOL
check-related processing is bypassed.
If ‘PDOL-checks’ are activated, the D-PAS application uses elements requested in PDOL and/or
certain Operating System (OS) internal data elements (such as ‘AID selected’ or ‘type of
APDU interface’), and/or the value of a tagged internal card Data objects, to perform 3 types
of PDOL checks. These checks are always performed in the same sequence:
1. PDOL-Decline checks. Force the card application to deny a transaction, regardless of other
bits set in the CAC-Denial array. (Bit 1 of CVR byte 4 is set, and the equivalent bit in CAC-
default array shall be set by default).
2. PDOL-Profile checks. Allow the card application to select a particular transaction profile
based on internal or terminal resident data values.
3. PDOL-Online checks. Allow the card to force a transaction online, regardless of other CRM
checks performed in GENERATE AC command.
• The SFI range supported by the D-PAS application shall be as described in [EMV
4.2-1] and [EMV 4.2-3].
• The issuer shall be able to choose the SFI and record numbers for the terminal
file record data. The D-PAS application shall not explicitly specify the SFI and
records used for the terminal record data. This is to allow for flexibility in the
future, where an issuer may wish to move data from one file record to another.
• Follow best practices for the number of records and record contents as per EMV
optimization guidelines.
• Place the record containing SDA data early in the file list. This is to optimize
performance of a transaction at a terminal, in that the terminal may start processing
related to offline Card Authentication while still processing READ RECORD commands.
• Place the records containing the CVM list and Public Key (PK) data early in the file list
to facilitate processing overlap in the terminal.
• Minimize the number of file records and maximize the amount of data in each record.
However, the issuer shall be advised to keep in mind that there may be field
integration issues with very long record lengths.
The issuer shall be able to specify by means of a configuration option (ACO) if a GET
PROCESSING OPTIONS command is required before tagged data items may be read.
There shall be 10 global proprietary data tags (IDDT) in the range ‘DF01’ to ‘DF0A’. The size
of each tag shall be configurable at personalization time.
The tags shall be accessible using only the GET DATA command (described in [EMV 4.2-3]).
• Free read
• PIN protected (as specified in access control byte associated with each IDDT )
• Profile ID
IDDT data may be updated using PUT DATA with or without secure messaging for integrity.
The requirement for PUT DATA with or without secure messaging shall be configurable at
personalization time for each IDDT tag.
• Static Data Authentication (SDA): the digital signature is static; the terminal
authenticates critical ICC-resident static data.
To perform DDA and/or CDA methods, the D-PAS chip card must possess a dynamic-RSA
crypto-processor. The ability to perform SDA is mandatory.
The AIP determines which offline data authentication method(s) are supported by the card.
Note: The PDOL mechanism allows the card to force an immediate online transaction if no
common off-line data authentication method is supported by both the card and the terminal.
• DDA is executed before the Card Action Analysis process and requires that the
ICC generate a digital signature on ICC-resident/generated data and on data
received from the terminal and identified by the ICC Dynamic Data
Authentication Data Object List (DDOL). In case the ICC DDOL is not present a
default Terminal DDOL shall be used, including at least the unpredictable
number.
The D-PAS application may support the RSA Chinese Remainder Theorem (CRT) algorithm in
order to optimize transaction performance during DDA and enciphered PIN decryption.
Although this method is recommended, it is not mandatory.
The D-PAS application shall support the INTERNAL AUTHENTICATE command as described in
[EMV 4.2-3], using the ‘format 2’ response.
When DDA is performed, the D-PAS application shall set to ‘1’ the ‘DDA returned’ bit in the
CVR.
• Online PIN
• Signature
• No CVM required
The AIP indicates the ability of the card to support Offline PIN verification.
The D-PAS application plays a role only if Offline PIN CVM is selected.
The optional Offline Enciphered PIN method requires that the D-PAS chip card possess the
ability to perform RSA computations, and thus contains a dynamic-RSA crypto-processor. If
the chip does not have RSA crypto capabilities, the Offline enciphered PIN method is not
available, and this shall be indicated in the ACO data element.
If a D-PAS card supports Offline Enciphered PIN, the issuer may use a specific ICC PIN
Encipherment public/private key pair, for PIN decryption, or may use the same ICC
public/private key pair as is used for DDA. This issuer choice is specified via a configuration
option in the ACO data element.
If Offline Enciphered PIN or Offline Plaintext PIN verification is supported by the card, the D-
PAS application shall support the VERIFY command as described in [EMV 4.2-3].
The VERIFY command initiates the card comparison of the cardholder-entered transaction PIN
with the Reference PIN stored on card.
Depending on the CVM requested by the terminal, the PIN Try Counter value and the CVM
checks, the D-PAS application shall set the following indicators in the CVR Table:
The D-PAS application does not play a role in Terminal Risk Management.
The D-PAS application shall provide to the terminal the Issuer Action Codes (Denial, Online,
Default), but does not play a role in Terminal Risk Management.
After completing Card Risk Management, the card logs the transaction (configuration option)
and returns an Application Cryptogram to the terminal. This cryptogram is:
If supported by both the card and terminal, the terminal may request CDA. If so, an ARQC or
TC shall be returned as part of a dynamic signature computed by the card.
During the 1st Generate AC command, the D-PAS application performs the following actions:
1. Analyze CDOL1 Data, and perform Card Risk Management tests to determine if the
transaction must be declined, must go online, or may be accepted offline.
3. When a cryptogram is requested (ARQC), the card must also generate ‘Issuer Application
Data’ containing Derivation Key Index (DKI), Cryptogram Version Number (CVN), Card
Verification Results (CVR), and (optionally) the contents of additional tagged elements
[such as Number of Consecutive Offline Transactions (NCOT) and Cumulative Offline
Amount (COA)], then insert this into the GENERATEC AC response data. The actual
contents of Issuer Application Data depend on the contents of an IADOL which is
personalized by the issuer. By default, issuer application data contains the DKI, CVN, and
CVR, but the contents of IAD may be modified by adding tag values for particular internal
card data elements into the internal IADOL list. Note: This offers the issuer the ability to
evaluate the values stored in IDDT data (for example) during an authorization request, as
well as the current value of profile-defined offline counters.
4. If an ARQC is returned, the card is in an ‘ONLINE’ Application State, and expects a 2nd
‘GENERATE AC’ command with issuer response. A configuration option element in ACO
allows the issuer to specify whether ARQC transaction specifics shall be ‘Pre-logged’ in the
Transaction Log file. If this option is set, the card creates a Transaction Log record for the
current transaction, containing the ARQC cryptogram. If a 2nd GENERATE AC command is
received, this Transaction Log record is overwritten with the final Transaction Log record
containing TC or AAC.
The card performs a series of ‘Risk Management’ tests on current transaction to determine
whether the level of offline risk is acceptable. This process of CRM in the D-PAS application is
performed partly during the GET PROCESSING OPTIONS command (pre-processing) and
partly during the GENERATE AC command.
The first step of the CRM process during the GENERATE AC command consists of the card
registering events that occurred in the previous transaction by checking the bits set in the
PTH (in particular the ‘Go Online next transaction’ bit) and then updating the CVR with the
values stored in PTH . The PTH is then reset.
If the terminal does not request an AAC in the 1st GENERATE AC command, the card first
compares the CVR with the contents of the CAC-Denial array. If the same bit is set both in the
CVR and in the CAC-Denial array, the card returns an AAC (transaction declined) and shall not
perform any additional Card Risk Management tests. If the issuer configuration option has
been enabled, a Transaction Log record may be created for the denied transaction. Note:
‘GPO pre-processing’ may have previously set the ‘PDOL forced decline’ bit in the CVR (bit 1,
Byte 4), which may result in an automatic decline, since the equivalent bit in CAC-Denial
should always be set.
If the terminal does not request an AAC in the 1st GENERATE AC command, and if ‘GPO pre-
processing’ or ‘PTH processing’ has set either the ‘PDOL forced online’ or ‘PTH forced online’
bits in the CVR, all normal ‘1st GENERATEC AC’ risk management tests are bypassed, and the
card returns an ARQC response. If neither of these two CVR bits has been set, standard Risk
Management tests take place, using the CVR, CDOL1 data, and the ‘CAC-Online’ array.
The CAC arrays follow the structure of CVR bytes 4 and 5, and code all circumstances under
which the issuer may wish a transaction to be declined (CAC Denial), go online (CAC Online),
or be declined if online authorization request is not possible (CAC Default). The structure of
CVR and CAC arrays are documented in Appendix B.
The COA counter is always global, in that it accumulates all offline transaction amounts,
regardless of which transaction profile was used by the card application. The amount of the
current transaction (if known) is added to the contents of the global COA before comparing
COA with the profile-specified Lower Cumulative Offline Transaction Amount Limit (LCOA) and
Upper Cumulative Offline Amount Limit (UCOA). If the new COA value exceeds one of the two
offline limits, a specific bit in the CVR is set, and the CVR is then compared with the issuer-
specified actions coded in the CAC arrays. The personalization values of the CAC arrays
dictate whether the card will decline, accept, or request an online transaction, based on the
cumulative amount of consecutive offline transactions.
By default, the NCOT counter counts the number of consecutive offline transactions of all
types, regardless of currency code or issuer country code. However, if so desired, a
configuration option allows the issuer to specify that NCOT counters shall only count
transactions where the transaction currency is not recognized.
The NCOT counter may be specific to the current transaction profile. If transaction profiles
are not defined by the issuer, the NCOT in the ‘default profile’ shall be used for all
transactions, unless bit 3 of the PRU byte for ‘Profile 0’ is set. However, using the PDOL-
Profile pre-processing mechanism, ‘Domestic’ and ‘International’ transactions may be
managed using different transaction profiles, with separate NCOT counters and limits.
If the issuer chooses to use the ‘PDOL-Profile’ mechanism, each Transaction Profile may
potentially contain the following:
o LCOL,
o UCOL
o LCOA limit
o UCOA limit
o STA
Profile-specific LCOL and UCOL limits may work in association with either a profile-specific
NCOT counter, or a global (profile 0) NCOT counter. Use of NCOTs in transactions with
recognized currencies is an issuer configuration option. Profile-specific UCOA and LCOA limits
always work in association with the global COA counter, and may only be used when a
transaction currency is recognized.
If the issuer chooses to not use transaction profiles, or the current transaction specifics do not
merit the use of a specific transaction profile, the CRM objects defined in a default ‘Profile 0’
object are used.
Card Risk Management is performed by comparing the contents of the CVR with 3 CAC arrays.
The CAC arrays follow the structure of CVR bytes 4 and 5.
During the 1st GENERATE AC ‘Card Risk Management’ process, the card first initializes CVR
with contents of PTH, then compares the CVR and the CAC-Denial array. If a match is found,
the card declines the transaction by returning an AAC. If no match was found between CVR
and CAC-Denial array, the card verifies bits 2-3 of CVR byte 4 (B4b3-2). If either of these
two bits are set [‘PTH forced Online’, or ‘PDOL forced Online’], the card bypasses all other
CRM checks, does not increment the offline counters, and returns an ARQC and Issuer
Application Data.
Note: If offline counters are inserted into Issuer Application Data, these shall not include the
current transaction or transaction amount.
Note: A slight decrease of transaction performance may occur because many CRM checks are
bypassed when a transaction is forced online by the PDOL mechanisms.
If GPO pre-processing has resulted in the selection of a particular transaction profile, the
selected ‘Profile ID’ is inserted in bits 1-4 of CVR byte 6. If the ‘Profile selection’ mechanism
is not being used by the issuer, or if no particular profile was selected, these bits default to a
value of ‘0000’.
If the transaction was not forced online by either CVR byte 4 bit 2 or 3, the card proceeds
with standard risk management checks, by comparing the global COA with profile-specific
LCOA and UCOA, the current ‘Transaction Amount’ with the ‘Single Transaction Amount Limit’,
and the profile-specific NCOT counter with profile-specific LCOL and UCOL. The proper bits in
the CVR are set if any of the limits are exceeded. The CVR is then compared with the CAC-
Denial array:
1. If the same bit is set in both CVR bytes 4 or 5, and in the CAC-Denial array, the card
declines the transaction, and returns an AAC cryptogram.
If there is no match, the CVR is then compared with the CAC-Online array:
1. If the same bit is set in both CVR bytes 4 or 5, and in the CAC-Online array, the card
requests an online transaction, and returns an ARQC cryptogram.
2. If an Offline acceptance (TC) was requested, and no match was found between CAC arrays
and CVR bytes 4 and 5, the card accepts the transaction offline, and returns a TC
cryptogram.
Before returning the final AC the card (optionally) creates a Transaction Log record, which
records transaction specific data in a cyclic record file that may be read by the issuer using a
dedicated terminal. See section 4.13 for a description of the Transaction Logging sequence
and options, as well as a list of the data elements which are logged.
The card also changes its internal ‘Application State’ from ‘INITIALIZED’ to one of the
following:
2. It allows the card to perform Issuer Authentication to verify that the authorization
response was, in fact, generated by the issuer host.
3. It allows the card to create a final Transaction Log file record and update internal data
elements such as offline counters and PIN Try Counter (PTC).
4. It allows the card to perform further (contingency) card risk management, when the
terminal is unable to go online, but has received a previous online authorization request.
Regardless of the outcome of the 2nd GENERATE AC command (TC or AAC), the D-PAS
application shall thereafter be in an application-state of ‘SCRIPT’, and is ready to receive any
issuer scripts that may have been contained in the authorization response message.
Issuer authentication data is generated by the issuer host, using a card-specific 3DES key,
and is sent to the card in the 2nd GENERATE AC APDU command data. The card is
responsible for verifying the cryptogram generated by the issuer host based on the results of
this verification and an issuer configuration option (stating whether issuer authentication is
mandatory). If verified, the card shall return a TC cryptogram (transaction approved) or an
AAC cryptogram (transaction declined) to the terminal device.
In circumstances where only a partial-grade EMV infrastructure exists, the card application
may not receive all the ICC data normally conveyed in the DE-55 field of the authorization
response message (in particular, the ‘Issuer Authentication Data’). To prevent transaction
failures under these conditions, the card offers a configuration option (‘Issuer Authentication
Mandatory’) that instructs the card to accept an authorization response, even if Issuer
Authentication Data is not present, or if Issuer Authentication Data fails because of message
corruption/truncation. Other configuration options allow the issuer to specify whether Issuer
Authentication is mandatory before re-setting offline and script counters. (See Appendix A for
a description of ACO Issuer Authentication-related options available.) Note 1: If Issuer
Authentication Data is not received but Issuer Authentication is not mandatory to reset
counters, all profile-specified offline counters and script counter are automatically reset.
Offline counters used in other transaction profiles are not affected. Note 2: If Issuer
Authentication Data is not received, the application uses 10 byte of '00' to represent issuer
authentication data in CDOL2.
If Issuer Authentication Data is present and is valid, the card processes the Card Status
Update (CSU) value contained in authentication data. Based on the bits set in this variable,
the card sets offline counters to a predetermined value, sets certain bits in the PTH data
element, resets Script counter [or not], and/or sets PIN Try Counter (PTC) to a specified
value.
Note: The Terminal’s decision on whether to request TC or AAC depends on a second round
of Terminal Risk Management performed with the IAC-default array and TVR setting [EMV
4.2-4].
If the results of 2nd Terminal risk management have resulted in a TC request, the card must
now decide whether to accept the transaction despite the fact that the terminal was unable to
complete the online authorization request. This decision is taken after a second round of Card
Risk Management checks, performed with the ‘CAC default’ array and the transaction specifics
recorded in the CVR. Note: If the terminal type is ‘CAT3’ (Offline-only cardholder activated),
there is an ACO configuration option that allows the issuer to specify that CAC-Default checks
shall not be performed when an ‘Unable to go online’ message is received .If the CAC-Default
array is disregarded in the case of a CAT3 terminal Byte2, bit 2 of the CVR shall be set
The structure of the ‘CAC-default’ array is identical to that of the ‘CAC-Denial’ and ‘CAC-
Online’ arrays, as well as CVR bytes 4 and 5. The second card risk management process is
based on the results of a comparison performed between the bits set in CAC-default, and the
bits set in CVR bytes 4 and 5. If the same bit is set in the two byte arrays, the transaction is
declined offline, and the card returns an AAC. If no matching bits are found, the card accepts
the transaction offline and returns a TC.
Note: The bits set in ‘CAC-default’ are usually different from those set in ‘CAC-online’, to
permit contingency offline acceptances when the issuer host or network is down.
Offline counters and PTC are not affected in the case when the terminal is unable to go online,
since a completed Online authorization request-response transaction has not occurred.
The Transaction Log file is a global file having a cyclic structure with records of fixed length.
Record #1 corresponds to the most recent transaction. Record #2 is the next most recent
transaction, etc.
Logging occurs during the 1st GENERATE AC command for transactions approved or declined
offline. For transactions processed on-line, a pre-logging of ARQC data may take place during
the 1st GENERATE AC command (configuration option). A final Transaction Log record is
created during 2nd GENERATE AC command (over-writing the pre-logged record), if the 2nd
GENERATE AC command is subsequently received by the card. This allows Transaction Log
records to be created when an online authorization request is made, and the receipt of 2nd
GENERATE AC command is not received.
Each entry of the Transaction Log file consists of the concatenation of transaction related
values identified in the ‘Log Format’ data element (Tag 9F4F). Information about the location
(SFI) of the log file and the maximum number of log records is specified in the Transaction
Log Entry data element (Tag 9F4D).
The D-PAS application shall be able to log the following types of transactions, based on the
configuration options.
Option Description
Log Declined offline and online This option indicates whether a transaction is logged if the D-
Transactions (AACs) PAS application responds with an AAC to the GENERATE AC
command. This option applies to logging during both the 1st
and 2nd GENERATE AC command processing.
Log Approved Transactions This option indicates whether a transaction is logged if the D-
PAS application responds with a TC to the 1st or the 2nd
GENERATE AC command.
Log on-line authorization This option indicates whether a transaction is logged if the D-
requests (pre-log ARQC) PAS application responds with an ARQC to the 1st GENERATE
AC command. If a 2nd Generate AC is subsequently received,
the final Transaction Log record shall overwrite the pre-logged
transaction data.
The D-PAS application shall support the following Issuer Script Commands:
• APPLICATION BLOCK
• APPLICATION UNBLOCK
• PIN CHANGE/UNBLOCK
• PUT DATA
• UPDATE RECORD
Script commands shall be accepted when the card is in a ‘SCRIPT’ state, i.e., after a TC or
AAC is returned in response to a 1st or 2nd GENERATE AC command (tag ‘72’ scripts). No tag
’71’ scripts (executed between 1st and 2nd GENERATE AC commands) shall be accepted by
the card application.
The D-PAS application supports Format 2 for the secure messaging used in issuer scripted
commands. Format 2 Secure Messaging is described in [EMV 4.2-3].
As defined in [ISO7816-4], each command contains the following elements at the APDU level:
• Le, the expected response data block length, which may be present
Response
The INS byte is different for different transactions and is explicitly shown for each transaction.
If any undefined INS byte is used, the application returns an error status of ‘6D00’.
IFDs shall always send a P1 byte of zero unless the description of the transaction explicitly
states otherwise. If the application receives a non-zero P1 byte for a transaction which does
not use the P1 byte, the application returns an ISO-specified error of ‘6A86’.
IFDs shall always send a P2 byte of zero unless the description of the transaction explicitly
states otherwise. If the application receives a non-zero P2 byte for a transaction which does
not use the P2 byte, the application returns an ISO-specified error of ‘6A86’.
The lengths (or maximum values of the lengths) of the command data block (Lc) and
response data block (Le) are explicitly shown for each transaction. These lengths must be no
greater than 255.
• Only the exact value of Lc or a length up to the maximum allowed length is acceptable.
The application may return an ISO-specified error of ‘6700’ if Lc is incorrect.
• Except in a case 4 commands or when Le = '00' only the exact value of Le is acceptable.
The application returns an ISO-specified error of ‘6Cxx’ (with ‘XX’ indicating the proper Le)
if any other value is supplied.
Before processing the received command, the D-PAS application verifies the following
conditions:
Operation Error
• Verify application not disabled (due to counters, e.g., ATC reaching their limit) ‘6985’
• Verify in the D-PAS application that the AID selected by the terminal is that of ‘6985’
the main payment application (this AID of this application) or is registered in the
main payment application (is registered in this application).
• Check CLA ‘6E00’
Note: The flow charts in the following sections illustrate a recommended command
processing sequence that is not mandatory. It is understood that processing sequences
may be to a certain degree implementation-specific, and that the actual processing sequence
implemented may differ somewhat from the sequence illustrated.
APDU
(CLA, INS, P1, P2)
received
Valid AID
SW12
receiving No
‘6985’
APDU?
Yes
Application SW12
Yes
disabled? ‘6985’
No
Yes
SW12
INS byte valid? No
‘6D00’
Yes
No
Command specific
processing
ISO commands
GET RESPONSE ‘00’ ‘C0’ ‘00’ ‘00’ Le = Var. Required for T = 0 ISO case 4
commands protocol. Le = XX in 61XX
code returned by last (case 4)
command.
SELECT DF ‘00’ ‘A4’ ‘04’ ‘00’/ Lc = Var. Lc = Length of AID
‘02’
Le = ’00’ Final Le = Length of FCI
(Var)
PUT DATA ‘84’/ ‘DA’ Tag Lc = Var. Tag number coded in P1-P2, Lc =
length of tagged data object + 8 (if
‘80’
secure messaging required)
EMV Commands
CPS Commands
EXTERNAL ‘84’ ‘82’ Var. ‘00’ Lc = ’10’ Host cryptogram and command MAC
AUTHENTICATE
INITIALIZE ‘80’ ‘50’ Var. ‘00’ Lc = ’08’
UPDATE
STORE DATA ‘80’ ‘E2’ Var. Var. Lc = Var. Personalization data in plaintext
‘84’ Encrypted personalization data and
MAC
Legend
The following section provides more details on each of these APDU commands.
6 APPLICATION COMMANDS
This section describes the APDU commands supported by the application. Each command is
presented within a common format, with up to seven of the following subheadings;
1. Definition and Scope -Provides a definition of the purpose and effect of the
command under discussion.
2. Command APDU - Contains details of the command header, the associated length
parameters and any data that should be sent as part of the command.
3. Data Field Returned in the Response Message - Provides responses provided by
each command.
4. Processing State Returned in the response Message - Describes error conditions
returned by a command.
5. Transaction Flow – Contains a diagram that shows the processing flow inside the
ICC. These examples are not meant to be restrictive, in that other methods of meeting
the same function requirements may also be considered.
An application that has been blocked shall return the status bytes SW1 SW2 = '62 83' in
response to a SELECT command.
If an application has been blocked, it continues to process a transaction but shall always
return an AAC in response to a GENERATE AC command.
Code Value
CLA '84'
INS '1E'
P1 '00'
P2 '00'
Lc '08'
Data MAC
Le Not Present
Resultant
SW1 SW2 State Value
6.1.6 NOTES
S0
The Failed MAC, Session MAC and Lifetime MAC counters are incremented. The Failed MAC
counter is decremented when the MAC is correctly verified.
S1
S2
The ‘Script Failed’ bit in PTH (B1b1) is set by default, and only cleared when the command is
successful. Any error condition should thus result in a ‘Script Failed’ bit of PTH being set.
6.1.7 EXAMPLE
Parameters None
Details • AC is '1234 1234 1234 1234' and this is the 4th script command in the
session
• Session key for SM is thus: ‘7A36C671D15746BE 3F1398136AFD9546’
from RL = ‘1234 F034 1234 1234’ and RR = ‘1234 0F34 1234 1234’
• The following are concatenated to build input to MAC calculation:
o Command header = ‘841E000008’;
o ATC = ‘1234’;
o R = ‘1234 1234 1234 1237’ (AC+3);
o Padding to 8 byte boundary.
• The input blocks are thus:
o D1 = ‘841E000008123412’
o D2 = ‘3412341234123780’
• The output blocks are thus:
o O1 = ‘FA4268BEB51D7FBC’
o O2 = ‘AD966F32F5FB8AE2’
o O3 = ‘10654A884F5C68A5’
o O4 = ‘F9F2F1A6B581490D’
• The MAC is thus O4 = ‘F9F2F1A6B581490D’
Parameters None
Code Value
CLA '84'
INS '18'
P1 '00'
P2 '00'
Lc '08'
Data MAC
Le Not Present
Resultant
SW1 SW2 State Value
6.2.6 NOTES
S0
The Failed MAC, Session MAC and Lifetime MAC counters are incremented. The Failed MAC
counter is decremented when the MAC is correctly verified.
S1
S2
The ‘Script Failed’ bit in PTH (B1b1) is set by default, and only cleared when the command is
successful. Any error condition should thus result in a ‘Script Failed’ bit of PTH being set.
6.2.7 EXAMPLE
Parameters None
Details • AC is '1234 1234 1234 1234' and this is the 1st script command in the
session
• Session key for SM is thus: ‘7A36C671D15746BE 3F1398136AFD9546’
from RL = ‘1234 F034 1234 1234’ and RR = ‘1234 0F34 1234 1234’
• The following are concatenated to build input to MAC calculation:
o Command header = ‘8418000008’;
o ATC = ‘1234’;
o R = ‘1234 1234 1234 1234’ (AC);
o Padding to 8 byte boundary.
• The input blocks are thus:
o D1 = ‘8418000008123412’
o D2 = ‘3412341234123480’
• The output blocks are thus:
o O1 = ‘A43298E2D8F3DCE3’
o O2 = ‘17C96E54E8479BD9’
o O3 = ‘80E183470CEF96D9’
o O4 = ‘33F580805A567C6C’
• The MAC is thus O4 = ‘33F580805A567C6C’
Parameters None
The CARD BLOCK command shall disable all applications in the ICC, including applications that
may be selected implicitly.
Following the successful completion of a CARD BLOCK command, all subsequent SELECT
commands shall return the status bytes SW1 SW2 = '6A81' (Function not supported) and
perform no other action.
Code Value
CLA '84'
INS '16'
P1 '00'
P2 '00'
Lc Var.
Data (OS MAC) + 8-byte MAC
Le Not Present
The CARD BLOCK command may use the underlying operating system’s card block function to
disable applications. As such, the actual contents of APDU data are outside the scope of these
specifications. When the card is blocked, all applications shall not be selectable. If the card OS
does not support the ‘Card Block’ functionality and a correctly scripted ‘Card Block’ command
is received, at a minimum the D-PAS application must be blocked.
Note: By blocking the application and not returning an error response when the card OS does
not support the Card block functionality, the ‘minimal intent’ of the issuer scripted
command is accomplished, and further scripted commands may still be sent to the card.
Resultant
SW1 SW2 State Value
6.3.6 NOTES
S0
The Failed MAC, Session MAC and Lifetime MAC counters are incremented. The Failed MAC
counter is decremented when the MAC is correctly verified.
S1
S2
The CARD BLOCK command may use the underlying operating system’s card block function to
disable applications. The checking of OS MAC is a function provided by the card operating
system and is outside the scope of this specification.
S3
The ‘Script Failed’ bit in PTH (B1b1) is set by default, and only cleared when the command is
successful. Any error condition should thus result in a ‘Script Failed’ bit of PTH being set.
Example
Parameters None
Details • AC is '1234 1234 1234 1234' and this is the 1st script command in the
session
• Session key for SM is thus: ‘7A36C671D15746BE 3F1398136AFD9546’
from RL = ‘1234 F034 1234 1234’ and RR = ‘1234 0F34 1234 1234’
• The following are concatenated to build input to MAC calculation:
o Command header = ‘8416000010’;
o ATC = ‘1234’;
o R = ‘1234 1234 1234 1234’ (AC);
o OS MAC = ‘31B2 C75E D312 8854’;
o Padding to 8 byte boundary.
• The input blocks are thus:
o D1 = ‘8416000010123412’
o D2 = ‘3412341234123431’
o D3 = ‘B2C75ED312885480’
• The output blocks are thus:
o O1 = ‘B2F33446C4AE11BE’
o O2 = ‘A66DD9F8DE5D2EF0’
o O3 = ‘35653F86627C70F5’
o O4 = ‘81F38CEDD61179A3’
o O5 = ‘A019FD61B4A564BE’
• The MAC is thus O5 = ‘A019FD61B4A564BE’
Parameters None
Code Value
CLA '80'
INS 'AE'
P1 Reference Control parameter (refer to Table 23)
P2 '00'
Lc Var.
Data Transaction-specific data
Le '00'
0 0 - - - - - - AAC
0 1 - - - - - - TC
1 0 - - - - - - ARQC
1 1 - - - - - - Reserved for Future Use
(RFU)
- - X - - - - - RFU
- - - 0 - - - - CDA not requested
- - - 1 - - - - CDA requested
- - - - X X X X RFU
As shown in Table 23, parameter P1 indicates the type of cryptogram requested by the
terminal and whether the transaction is eligible for CDA cryptogram generation. The
cryptogram returned by the ICC may be different from the one requested depending on ICC
internal processing.
The APDU command data contains the data specified in the CDOL1 in case of GENERATE AC1
or CDOL2 in case of GENERATE AC2.
Note: If an application has been blocked, it returns an AAC in response to this command.
If the response is as a result of "CDA not requested", the response will be as specified in
Table 24. If the response is as a result of "CDA requested", the response will be as specified
in Table 25 or Table 26.
Table 26 - GENERATE AC Response Message Data Field for AC, CDA requested
If any of these mandatory data elements are missing, the terminal shall terminate the
transaction.
For both formats, the Cryptogram Information Data returned by this command shall be coded
as specified in Table 27.
0 0 - - - - - - AAC
0 1 - - - - - - TC
1 0 - - - - - - ARQC
1 1 - - - - - - RFU
- - X X - - - - Payment System-specific cryptogram
- - - - 0 - - - No advice required
- - - - 1 - - - Advice required
* Bit 4=1 is not supported by D-PAS
application
- - - - - X X X Reason/advice code
- - - - - 0 0 0 No information given
- - - - - 0 0 1 Service not allowed
- - - - - 0 1 0 PIN Try limit exceeded
- - - - - 0 1 1 Issuer authentication failed
- - - - - 1 X X Other values RFU
Resultant
SW1 SW2 State Value
GENERATE AC
command
received
Yes
S1
Yes
SW12 STATE Lc
No
‘6700' (SELECTED) OK?
Yes
S2
Process CDOL1
S3
Set ‘Unable to
Issuer. Auth. Data go online last
present? transaction’ bit
No of CVR B4b8(1)
Yes
ARC = Y3?
And Yes
No Authen Authen No P1 b87 = 01?
Data Data
present ARQC requested by
terminal in 1st GenAC
AAC Yes ?
Issuer Issuer
Authentication Authentication
not performed No
performed
AAC requested
CAC-
CRM
Online
TC requested
PTH
S8
PTC = 0?
Yes
No
PIN Try Limit
exceeded
CVR B5b6(1)
No
Script Failed?
PTH B1b1 = 1? Yes
Go online next
Set ‘PTH forced online’
Yes transaction?
bit in CVR B4b3(1)
PTH B1b5=1?
Set ‘Script
No Failed’ bit in
No CVR B4b4(1)
S13
CAC
Card Action Codes
Processing
AAC
Yes Application Blocked?
NO
ARQC TC
Compare all bits in CVR B4 and Compare all bits in CVR B4 and
AC requested in P1?
B5 with “CAC -Decline” B5 with “CAC -Decline”
AAC
Match?
Match?
No Yes Yes
No
Update temp
NCOT [volatile)
inc NCOT counter
S11
Yes
Currency
NCOT + 1 > ‘FF’? No
recognised?
Yes
Yes
Increment temp
(volatile) NCOT
RETURN
STATE
(SCRIPT)
Set CID to TC
CID b87(01)
Logging supported ?
ACO B1b3 = 1?
Set CVR to
TC returned in GENAC1 and S5
Yes
GENAC2 not requested No
CVR B1b8-5(1001)
Log Txn
S11
Non-Volatile COA = temp COA
Include Issuer
Discretionary data in
Profile-specific NCOT IAD?
indicated in PRU byte? ACO B2b6 =1 ?
Yes
No
GENAC
Yes
No Authen
Data
Yes
No
TC2
Generate GENAC2
Transaction Certificate
Generate Application
GENAC Cryptogram
S9
Include only CVR in
cryptogram input data? Compute hash
No
ACO B2b7 =1 ? result
Yes
S7
Compute hash
Generate ARQC or TC
on Dynamic
Aplication Data
to be signed
Yes
P1 specifies
CDA? Generate RSA
Signature
No
SW12 SW12
’9000' ’9000'
6.4.6 NOTES
S1. APDU checking
GENERATE AC1
• Parameters P1 b87 = 00b or 01b or 10b and P2 = ‘00’ otherwise status code ‘6A86’ is
returned.
• Length Lc <= 33 and Lc = CDOL1 length otherwise status code ‘6700’ is returned.
GENERATE AC2
• Parameters P1 b87 = 00b or 01b and P2 = ‘00’ otherwise status code ‘6A86’ is
returned.
• Length Lc <= 19 and Lc = CDOL2 length otherwise status code ‘6700’ is returned.
The data sent by the Terminal in the APDU command contains the data elements which were
requested in CDOL1 and CDOL2. The D-PAS application shall extract CDOL1 data specified in
Table 93 and CDOL2 data specified in Table 94.
PRU b3-2 = 10b (Global NCOT checked against Profile specific LCOL)
PRU b3-2 = 11b (Profile Specific NCOT checked against Profile specific LCOL)
PRU b3-2 = 01b (Profile Specific NCOT checked against Global LCOL)
6.4.7 EXAMPLE
CL INS P1 P2 Lc Data Le
A
The GET CHALLENGE command is available in the INITIALIZED and VERIFIED states.
Code Value
CLA '00'
INS '84'
P1 '00'
P2 '00'
Lc Not present
Data Not present
Le ‘00’
Resultant
SW1 SW2 State Value
GET CHALLENGE
received
Yes
Yes
SW12
P1P2 OK? No
‘6A86’
Yes
Generate 8 bytes
of unpredictable
numbers
STATE
(CHALLENGED)
SW12
‘9000’
6.5.6 NOTES
None.
6.5.7 EXAMPLE
Parameters None
Details None
Parameters None
Depending on data objects and the setting of configuration option, a GET PROCESSING
OPTIONS and/or a VERIFY command may be required prior to this command.
Following the GET DATA command, the D-PAS application will always remain in the current
state regardless of the command execution outcome.
Code Value
CLA '80'
INS 'CA'
P1 Data object tag. See Table 36.
P2
Lc Not present
Data Not Present
Le ‘00’
D-PAS Card Specification v1.1 Proprietary and Confidential Page 100 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Note: ‘*profile-specific’ resources are only available through a GET DATA command received
after the GPO command. Prior to the GPO command, profile-specific resources are not
initialized, and the application must return an error response code of ‘6985’.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 101 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 102 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 103 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
6.6.6 NOTES
S0
Check if GET DATA is only allowed after GPO.
S1
Check if P1P2 is an accepted tag; otherwise, error status words (‘6A88’) are returned. If
length indicated in Le is not equal to Data Object length, then ‘6CXX’ is returned, with ‘XX’
containing the length of the Data Object. A subsequent GET DATA with exact length of ‘XX’ in
Le will then be expected.
S2
Check if the Offline Balance Data Object or Counter Value/Limit has been requested for the
following Data Elements:
S3
If retrieval of the balance is allowed, the application computes the offline balance. Otherwise
the command is rejected (‘6985’).
S4
The offline balance is calculated as follows:
If an overflow occurs, the application returns zero value for the balance.
S5
If a GET DATA command is received before the GPO command (i.e., STATE != INITIALIZED or
SCRIPT), and a ‘profile-specific’ resource with tag in the range ‘C5’ – ‘CD’ is requested, the
card returns an error response of ‘6985’ indicating “Conditions of use not satisfied” (Profile
resources have not been initialized.)
D-PAS Card Specification v1.1 Proprietary and Confidential Page 104 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
6.6.7 EXAMPLE
Parameters ‘9F17’
Details None
Details None
D-PAS Card Specification v1.1 Proprietary and Confidential Page 105 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
• Inform the D-PAS application that the processing of a new transaction has
begun.
• If PDOL Checks are activated, provide to the D-PAS application all terminal-
related transaction-specific information requested in PDOL, and provide an
opportunity for the card to ‘pre-process’ transaction-specific data and then
perform one of three actions:
• Select a specific ‘Transaction Profile’ with profile-specific AIP, AFL, and CRM values
(PDOL-Profile check). Note: Profile-specific CRM values shall be used in all
subsequent processing, including following PDOL check.
• Ensure that the D-PAS application provides to the terminal the proper AIP and a
list of files that contain the D-PAS chip card application data, to be used in
processing the transaction (AFL). The AIP and AFL may be transaction profile-
specific.
• The D-PAS application shall also increment the ATC, and reset the CVR (Card
Verification Results). The application is now in an ‘INITIALIZED’ state.
Code Value
CLA '80'
INS 'A8'
P1 '00'
P2 '00'
Lc Var.
Data Tag '83' || Length || Concatenation of the BER-TLV value of the data elements
specified in Processing Options Data Object List (PDOL)
Le '00'
D-PAS Card Specification v1.1 Proprietary and Confidential Page 106 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
When no PDOL elements are defined, the command data shall be set to '8300'.
Format 2
A constructed data object with BER-TLV tag equal to ‘77’. The value field shall consist of
several BER-TLV coded objects, but shall always include the mandatory data specified in Table
41. If any of these mandatory data elements are missing, the terminal shall terminate the
transaction.
Table 42 - GET PROCESSING OPTIONS Status Words and Application Final State
Resultant
SW1 SW2 State Value
D-PAS Card Specification v1.1 Proprietary and Confidential Page 107 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 108 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
6.7.6 NOTES
S0
The application shall check the following:
• Parameters P1P2 are both ‘00’ otherwise status code ‘6A86’ is returned.
S1
If the ATC Limit or the Encrypted PIN Cryptography Failure Limit counters of the D-PAS
application is exceeded, the application is disabled and error response status words SW1 SW2
'6985' (Conditions of use not satisfied) are returned.
S2
The issuer has the ability to activate or de-activate the PDOL-check mechanisms by setting
(or clearing) byte 2, bit 4 of the global ACO element. If this bit is set, any previously defined
PDOL-checks (Decline, Profile, and Online) are executed. If this bit is not set, the card shall
not perform any PDOL-check processing (functionality is disabled).
S3
The PDOL Processing Mechanism description and an implementation example may be found in
Appendix C.
6.7.7 EXAMPLE
Details • PDOL content ('9F02 06 9F1A 02 5F2A 02 9A 03 9F35 01 9F40 02') sent to
ICC.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 109 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 110 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Code Value
CLA '00'
INS '88'
P1 '00'
P2 '00'
Lc Length of authentication-related data
Data Authentication-related data - Concatenation of the BER-TLV value of the data
elements specified in DDOL
Le '00'
It is mandatory that the DDOL contains at least the 4 byte unpredictable number BER-TLV tag
‘9F37’ generated by the Terminal.
This format consists of a constructed data object with BER-TLV tag equal to ‘77’. The value
field shall consist of one or more BER-TLV coded objects, but shall always include the
mandatory data specified in Table 46. If this mandatory data element is missing the terminal
shall terminate the transaction.
Note: The length of the Signed Dynamic Application Data is the same as the Length of the
ICC Public Key.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 111 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Resultant
SW1 SW2 State Value
D-PAS Card Specification v1.1 Proprietary and Confidential Page 112 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
INTERNAL
AUTHENTICATE
command received
STATE SW12
P1P2 OK? No
(SELECTED) ‘6A86’
Yes
STATE SW12
Lc OK? No
(SELECTED) ‘6700'
Yes
S0
First Internal STATE SW12
No
Auth.? (SELECTED) ‘6985'
S1 Yes
Process DDOL
S2
S3
STATE
(INITIALIZED)
SW12
‘9000'
D-PAS Card Specification v1.1 Proprietary and Confidential Page 113 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
6.8.6 NOTES
S0
The application shall ensure that only one INTERNAL AUTHENTICATE command is issued for
each value of the ATC, otherwise status code ‘6985’ is returned.
S1
The D-PAS application shall extract the data specified by the DDOL. It is mandatory that the
DDOL contains at least the 4 byte unpredictable number BER-TLV tag ‘9F37’ generated by the
Terminal.
S2
The generation of data shown in Table 48 is input to the Hash Algorithm.
S3
The ICC generates a signature on the data specified in Table 49 using the ICC private key.
The result of this process is called the Signed Dynamic Application Data is specified in [EMV
4.2-2] Section 6.5.1.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 114 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
6.8.7 EXAMPLE
Data SW1
SW2
D-PAS Card Specification v1.1 Proprietary and Confidential Page 115 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
• The value of the PIN Try Counter shall be reset to the value of the PIN Try Limit.
• If requested, the value of the reference PIN shall be set to the new PIN value.
Code Value
CLA '84'
INS '24'
P1 '00'
P2 '00' if data contains only a MAC (PIN UNBLOCK)
‘02’ if data contains enciphered PIN and MAC (PIN Change)
Lc '0x08' if P2 = '00'
'0x10' if P2 = '02'
Data Enciphered PIN data component, if present, and MAC data component.
Le Not Present
If P2 is ‘00’, the reference PIN is unblocked and the PIN Try Counter is reset to the PIN Try
Limit. The existing PIN value is retained as the PIN data component is not present.
If P2 is ’02’, this indicates an 8-byte PIN data component is present and it is enciphered. The
plaintext PIN data component format is defined in section 6.14.2. The 8-byte plaintext PIN
block is enciphered with the method as defined in section 7.5.
If the PIN data component is present, the encrypted PIN block is used in MAC generation. The
command data, when P2 is ‘02’, is thus a concatenation of the new enciphered PIN value and
MAC.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 116 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Resultant
SW1 SW2 State Value
D-PAS Card Specification v1.1 Proprietary and Confidential Page 117 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
PIN CHANGE/UNBLOCK
received
Set Script
Received in PTH
Yes
STATE SW12
P1P2 OK? No
(SELECTED) ‘6A86’
Yes
Yes
Yes
No
No S0
Increment Session
Failed MAC limit OR
MAC, Failed MAC STATE SW12
Session MAC limit Yes
and Lifetime MAC (SELECTED) ‘6988'
reached?
Security Counters
No
Is MAC valid? No
SW12
S1 ‘6982’
Yes No
Valid PIN STATE
format ? (SELECTED)
Decrypt and Decrement Failed
P2=’00'? No Update PIN
MAC counter,
Increment Script
S2 Yes counter in PTH
No Yes
S3
Clear ‘Script failed’
Set PIN Try bit in PTH
Update
Yes Counter = PIN Try
successful?
Limit
SW12
‘9000’
D-PAS Card Specification v1.1 Proprietary and Confidential Page 118 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
6.9.6 NOTES
S0
The Session MAC, Failed MAC and Lifetime MAC counters are incremented. The Failed MAC
counter is decremented when the MAC is correctly verified.
S1
The command MAC is verified as specified in section 7.3.
S2
Decryption is the reverse process as defined in section 7.5.
S3
The ‘Script Failed’ bit in PTH (B1b1) is set by default, and only cleared when the command is
successful. Any error condition should thus result in a ‘Script Failed’ bit of PTH being set.
Parameters None
Details • AC is '1234 1234 1234 1234' and this is the 3rd script command in the session
• Session key for SM is thus: ‘7A36C671D15746BE 3F1398136AFD9546’
from RL = ‘1234 F034 1234 1234’ and RR = ‘1234 0F34 1234 1234’
• The following are concatenated to build input to MAC calculation:
o Command header = ‘8424000008’;
o ATC = ‘1234’;
o R = ‘1234 1234 1234 1236’ (AC+2);
o Padding to 8 byte boundary.
• The input blocks are thus:
o D1 = ‘8424000008123412’
o D2 = ‘3412341234123680’
The output blocks are thus:
o O1 = ‘C1EDB979ABEDB744’
o O2 = ‘52B08FD0ABE6F37F’
o O3 = ‘30476E27BB00037D’
o O4 = ‘5EF936F6BD07A709’
• The MAC is thus O4 = ‘5EF936F6BD07A709’
D-PAS Card Specification v1.1 Proprietary and Confidential Page 119 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Parameters None
D-PAS Card Specification v1.1 Proprietary and Confidential Page 120 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Details • AC is '1234 1234 1234 1234' and this is the 3rd script command in the session
• Session key for SM is thus: ‘7A36C671D15746BE 3F1398136AFD9546’
from RL = ‘1234 F034 1234 1234’ and RR = ‘1234 0F34 1234 1234’
• New PIN value is ‘2712 3456 7FFF FFFF’ and no padding necessary.
• Encrypted PIN value is thus: ‘37521B05147C8C6E’
• The following are concatenated to build input to MAC calculation:
o Command header = ‘8424000218’;
o ATC = ‘1234’;
o R = ‘1234 1234 1234 1236’ (AC+2);
o Encrypted PIN value;
o Padding to 8 byte boundary.
• The input blocks are thus:
o D1 = ‘8424000218123412’
o D2 = ‘3412341234123637’
o D3 = ‘521B05147C8C6E80’
• The corresponding output blocks are:
o O1 = ‘1B247C7F2CA0BFA3’
o O2 = ‘048B2345CF41C6E3’
o O3 = ‘D76BB0ABC071209B’
o O4 = ‘69AF45A5341EBA25’
o O5 = ‘674FDBC79D60341F’
• MAC value is thus O6 = ‘674FDBC79D60341F’
D-PAS Card Specification v1.1 Proprietary and Confidential Page 121 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Parameters None
This command is only available in the SCRIPT state and may be transmitted with or without
Secure Messaging for Integrity. Secure Messaging is required for all data elements except the
Issuer Defined Data Tags for which the requirement for Secure Messaging is specifically
omitted at personalization time.
Code Value
D-PAS Card Specification v1.1 Proprietary and Confidential Page 122 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
The following Data Objects may be accessed using the PUT DATA command:
D-PAS Card Specification v1.1 Proprietary and Confidential Page 123 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Resultant
SW1 SW2 State Value
D-PAS Card Specification v1.1 Proprietary and Confidential Page 124 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 125 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 126 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
6.10.6 NOTES
S0
If the application is not in the SCRIPT state, the command is rejected (SW1-SW2 = ‘6985’)
and the state is set to SELECTED.
S1
If the tag in P1P2 is not in a valid tag for this command, the command is rejected (SW1-SW2
= ‘6A86’) and the state is set to SELECTED.
S2
If the lifetime MAC limit has been reached, the application is permanently disabled and the
command is rejected (SW1-SW2 = ‘6985’).
S3
If the command CLA byte of the command is not '84' for a tag not belonging to IDDT tags,
the command is rejected (SW1-SW2 = ‘6985’) and the state is set to SELECTED.
S4
The Failed MAC and Lifetime MAC counters are incremented. The Failed MAC counter is
decremented when the MAC is correctly verified.
S5
The command MAC is verified as specified in section 7.3.
S6
If the MAC is invalid, the Script Failed bit is set in PTH and the command is rejected (SW1-
SW2 = ‘6988’) and the state is set to SELECTED.
S7
If the tag data value is successfully updated, the command is completed. (SW1-SW2 =
‘9000’). If the tag data value is not successfully updated the Script Failed bit is set in PTH and
the command is rejected (SW1-SW2 = ‘6581').
S8
If the tag is an IDDT tag and the application tag size is '00' (an un-initialized tag) then the
command is rejected (SW1-SW2 = ‘6A88’) and the state is set to SELECTED.
S9
If the PUT DATA access condition for the IDDT tag indicates the need for a prior successful
offline PIN verification and if prior the offline PIN verification was unsuccessful, then the
command is rejected (SW1-SW2 = ‘6982’) and the state is set to SELECTED.
S10
If the PUT DATA access condition for the IDDT tag indicates the need for secure messaging
(for integrity) then the application proceeds to verify the MAC security counters. If secure
messaging is not required, then the MAC counter verification step is bypassed and proceeds
onto the next step to update the IDDT value.
S11
If the lifetime MAC limit has been reached, the application is permanently disabled and the
command is rejected (SW1-SW2 = ‘6985’).
D-PAS Card Specification v1.1 Proprietary and Confidential Page 127 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
S12
If the Failed MAC limit or session MAC limit has been reached, the command is rejected (SW1-
SW2 = ‘6985’) and the state is set to SELECTED.
S13
The Failed MAC and Lifetime MAC counters are incremented. The Failed MAC counter is
decremented when the MAC is correctly verified.
S14
The command MAC is verified as specified in section 7.3. If the MAC is invalid, the Script
Failed bit is set in PTH and the command is rejected (SW1-SW2 = ‘6988’) and the state is set
to SELECTED.
S15
If the tag data value is successfully updated, the command is completed. (SW1-SW2 =
‘9000’). If the tag data value is not successfully updated the Script Failed bit is set in PTH and
the command is rejected (SW1-SW2 = ‘6581').
S16
The ‘Script Failed’ bit in PTH (B1b1) is set by default, and only cleared when the command is
successful. Any error condition should thus result in a ‘Script Failed’ bit of PTH being set.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 128 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
6.10.7 EXAMPLE
Details • AC is '1234 1234 1234 1234' and this is the 2nd script command in the
session
• Session key for SM is thus: ‘7A36C671D15746BE 3F1398136AFD9546’
from RL = ‘1234 F034 1234 1234’ and RR = ‘1234 0F34 1234 1234’
• The following are concatenated to build input to MAC calculation:
o Command header = ‘84DA00D00D’;
o ATC = ‘1234’;
o R = ‘1234 1234 1234 1235’ (AC+1);
o IADOL (‘D0’) to be updated = ‘CA06DF0104’;
o Padding to 8 byte boundary.
• The input blocks are thus:
o D1 = ‘84DA00D00D123412’
o D2 = ‘34123412341235CA’
o D3 = ‘06DF010480000000’
• The output blocks are thus:
o O1 = ‘C7D8B5E710248FA8’
o O2 = ‘856879D8D02D6511’
o O3 = ‘7CC33AEB83A0DAC8’
o O4 = ‘43318679FE74DE52’
o O5 = ‘B0FFFCE67C9E63B4’
• The MAC is thus O4 = ‘B0FFFCE67C9E63B4’
D-PAS Card Specification v1.1 Proprietary and Confidential Page 129 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Parameters None
The AFL indicates to the terminal those records that may be read out from the ICC.
Depending on the setting of configuration option in ACO, a GET PROCESSING OPTIONS may
be required prior to this command.
This READ RECORD command always remains in the current state regardless of execution
outcome.
Code Value
CLA '00'
INS 'B2'
P1 Record Number
P2 Reference control parameter (see Table 64)
Lc Not present
Data Not present
Le ‘00’
D-PAS Card Specification v1.1 Proprietary and Confidential Page 130 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
x x x x x SFI
1 0 0 P1 is a record number
D-PAS Card Specification v1.1 Proprietary and Confidential Page 131 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
READ RECORD
recieived
S0
ACO B2b2 = 1?
SW12
Yes AND STATE =
‘6985'
SELECTED?
No
S1
Yes
SW12
Yes Wrong length?
‘6CXX'
No
S2 S3
Out of scope
payment
S4 S7
Yes
Yes
S5 S8
SW12
Record found? No No Record found?
‘6A83'
Yes
S6
SW12
Record in AFL? No
‘6985'
Yes Yes
SW12
response = record ‘9000'
D-PAS Card Specification v1.1 Proprietary and Confidential Page 132 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
6.11.6 NOTES
S0
The application checks if READ RECORD is allowed to only run after GET PROCESSING
OPTIONS.
S1
The application checks that P1 <> ‘00’ and (P2 AND ‘07’) = ‘04’. Otherwise the command is
rejected (‘6A86’).
S2
Check if the file to read is an EMV file, a payment system specific file, or another file:
• If the SFI is in the range 1 to 10, then the file is an EMV file.
• If the SFI is in the range 11 to 20, then the file is a payment system specific
file.
• If the SFI is not in the range 1 to 20, then the file is neither an EMV file nor a
payment system specific file.
S3
If the file is neither an EMV file nor a payment system specific file, it is not allowed and the
command is rejected (‘6A86’).
S4
If the file is an EMV file, the application verifies that the SFI corresponds to a supported
record file. If the record file is not supported, the command is rejected (‘6A82”).
S5
The application verifies that there is a record corresponding to the record number; otherwise
the command is rejected (‘6A83’).
S6
The application checks that the record is referenced in the AFL. If the record is not referenced
in AFL, the command is rejected (‘6985’). If the record is referenced in AFL, it is sent in the
response.
S7
If the file is a payment-system specific file, the application verifies that the SFI corresponds to
a supported record file.
The only payment-system specific file that must be supported by the application is the
Transaction Log, with SFI 11. Other specific files are outside the scope of this specification.
S8
The application verifies that there is a logged record corresponding to the Record Number,
otherwise the command is rejected (‘6A83’).
There is no limit on the number of records that the application may hold.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 133 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
6.11.7 EXAMPLE
Details None
Parameters CDOL1
Details CDOL1 comprising the Data Object List of ‘9F02’, ‘9F03’, ‘9F1A’, ‘95’, ‘5F2A’, ‘9A’,
‘9C’ and ‘9F37’.
6.12 SELECT
When the partial AID is used and it matches with more than one application, the application
selected depends on the sequence in which the applications are loaded onto the card.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 134 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Code Value
CLA '00'
INS 'A4'
P1 ‘04’
P2 ’00’' - First or only occurrence
'02' - Next occurrence
Lc ‘05’-‘10’
Data Partial or Full AID
Le ‘00’
D-PAS Card Specification v1.1 Proprietary and Confidential Page 135 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Note: Processing of the ‘Select DF’ command is very often handled by the Card Operating
System, and not the card application. Therefore, the states and error codes specified in table
above, and sequence of events illustrated in following flowchart is only a plausible
representation of how a specific card OS might process the ‘Select’ command. There may
however be differences occurring from one card type to another.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 136 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
SELECT received
SW12
Yes Card blocked?
‘6A81’
S0
No
SW12 P1 = ‘04'
No
‘6A86’ P2 = ‘00’ or ‘02’
S1
Yes
Match AID
SW12
No AID matched?
‘6A82’
Yes
SW12 Application
Yes
‘6283’ Blocked?
No
Build FCI
response
SW12
‘9000’
D-PAS Card Specification v1.1 Proprietary and Confidential Page 137 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
6.12.6 NOTES
S0
S1
In the case that an AID has been successfully selected, if the card receives a SELECT
command APDU with P2 = '02' and the same partial AID, as the next immediate command,
the card shall select a different AID matching the partial AID if it exists on the card.
If this process is repeated and there are no further match of the partial AID, the card returns
'6A 82'.
6.12.7 EXAMPLE
Command SELECT
Parameters ‘A0000001523010’
Details None
Response SELECT
Details None
D-PAS Card Specification v1.1 Proprietary and Confidential Page 138 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Code Value
CLA '84'
INS 'DC'
P1 Record Number
P2 Reference Control Parameter
Lc Length of command data
Data Data Object value and MAC
Le Not Present
The Reference Control Parameter specifies the SFI and indicates record number is specified in
P1. It is coded as shown in Table 74.
Bits Value
b8 – b4 SFI
b3 – b1 100 (binary value)
D-PAS Card Specification v1.1 Proprietary and Confidential Page 139 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Resultant
SW1 SW2 State Value
D-PAS Card Specification v1.1 Proprietary and Confidential Page 140 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 141 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
6.13.6 NOTES
S0
The Session MAC, Failed MAC and Lifetime MAC counters are incremented. The Failed MAC
counter is decremented when the MAC is correctly verified.
S1
The command MAC is verified as specified in section 7.3.
S2
The ‘Script Failed’ bit in PTH (B1b1) is set by default, and only cleared when the command is
successful. Any error condition should thus result in a ‘Script Failed’ bit of PTH being set.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 142 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
6.13.7 EXAMPLE
D-PAS Card Specification v1.1 Proprietary and Confidential Page 143 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Parameters None
6.14 VERIFY
The VERIFY command applies when the Cardholder Verification Method (CVM) chosen from
the CVM List is an offline PIN.
Code Value
CLA '00'
INS '20'
P1 '00'
P2 ‘80’ – Plaintext PIN
‘88’ – Enciphered PIN
Lc Var.
Data Transaction PIN Data
Le Not Present
The processing of the VERIFY command in the ICC is defined in combination with the CVM
rules.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 144 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Command Data length (Lc) varies according to whether the PIN block is enciphered or
plaintext. If P2 specifies ‘Plaintext offline PIN’, Lc must take the value of ‘08’. If P2 specifies
‘Encrypted offline PIN’, Lc will be equal to the Modulus length of ICC PIN encryption key.
where:
Name Value
C Control field 4 bit binary number with value of 0010 (Hex '2')
N PIN length 4 bit binary number with permissible values of 0100 to 1100 (Hex
'4' to 'C')
P PIN digit 4 bit binary number with permissible values of 0000 to 1001 (Hex
'0' to '9')
When for the currently selected application the comparison between the Transaction PIN Data
and the reference PIN data performed by the VERIFY command fails, the ICC shall return SW2
= 'Cx', where 'x' represents the number of retries still possible. When the card returns 'C0',
no more retries are left, and the CVM shall be blocked. Any subsequent VERIFY command
applied in the context of that application shall then fail with SW1 SW2 = '6983'.
In addition to the error codes listed in section 5.2, the status words in Table 80 shall be
returned in response to the command. The resulting application state is also shown.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 145 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
VERIFY received
S0
P1 = ‘00'
no
SW12
‘6A86’ yes
no
S1
P2 = ‘80’ or ‘88'
‘80’ ‘88’
S2 S3
yes yes
cleartext encrypted
D-PAS Card Specification v1.1 Proprietary and Confidential Page 146 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 147 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
6.14.6 NOTES
S0
P1 = ‘00’, otherwise the command is rejected (SW1-SW2 = ‘6A86’).
S1
If P2 = ‘88’ offline encrypted PIN verification is used. If P2 = ‘80’ offline plaintext PIN
verification is used. For any other value, the command is rejected (‘6A86’).
S2
If P2 = ‘88’, offline encrypted PIN verification is used by the terminal. The application checks
that offline encrypted PIN verification is supported. If not, the command is rejected (‘6985’).
S3
If P2 = ‘80’, offline plaintext PIN verification is used by the terminal. The application checks
that offline plaintext PIN verification is supported. If not, the command is rejected (‘6985’).
S4
If an ICC PIN Encipherment Key is present and the ACO Byte 1 bit 7 is configured, it is
selected. If not present, the ICC Key is selected for use in the subsequent steps.
S5
Check if Lc = selected key length (NICC or NPE), otherwise the command is rejected (‘6700’).
S6
The VERIFY command is rejected (‘6985’) if the immediately previous APDU command was
not a successful GET CHALLENGE command.
S7
Increment the Encrypted PIN Cryptography Failure Counter first. This Counter is decremented
at a later step when PIN decryption is successful.
S8
The encrypted PIN Data is decrypted and unpacked in accordance to [EMV 4.2-2] with the ICC
or the PE Private Key.
S9
The application verifies the format of the decrypted fields, recovered PIN block is valid and the
previously issued challenge bytes are correct.
If the verification fails, PIN verification has failed (‘63Cx’, with x = right nibble of PIN Try
Counter).
S10
The application verifies the input PIN with the Reference PIN.
If the verification fails, PIN verification has failed ( ‘63Cx’, with x = right nibble of PIN Try
Counter).
D-PAS Card Specification v1.1 Proprietary and Confidential Page 148 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
6.14.7 EXAMPLE
Command VERIFY
Details None
Response VERIFY
Parameters None
Details
D-PAS Card Specification v1.1 Proprietary and Confidential Page 149 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 150 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
• APPLICATION BLOCK
• APPLICATION UNBLOCK
• CARD BLOCK
• PIN CHANGE/UNBLOCK
• PUT DATA
• UPDATE RECORD
Script commands are accepted when the card is in a ‘SCRIPT’ state, i.e., after a TC or AAC is
returned in response to a 1st or 2nd GENERATE AC command (tag ‘72’ scripts). No tag ’71’
scripts (executed between 1st and 2nd GENERATE AC commands) are accepted by the card
application. The Issuer Script Command Processing flow is shown in Figure 33.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 151 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
No 9000
Issuer Script Increment Script
failed? counter in PTH Issuer Script (‘72’)
Set ‘Machine-
State’ to
‘SELECTED’
D-PAS Card Specification v1.1 Proprietary and Confidential Page 152 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
The secure message MAC is used to verify message integrity and to provide Issuer
Authentication. The MAC is the last data element in the APDU data field, and always has a
length of eight bytes.
1. The following data is concatenated in the order specified to create a block of data (D).
• ATC ,
• An 8-byte unpredictable value R. For the first issuer script command, R is the
application cryptogram provided by the card in response to the 1st GENERATE
AC command. All of the following issuer script commands generated and sent in
this session use the previous value of R + 1. For example, if R is the application
cryptogram = '1234 1234 1234 1234’, then,
• for the first script in the session, R = '1234 1234 1234 1234’
• for the second script in the session, R = '1234 1234 1234 1235’
2. Pad the data block D by adding a '80' byte to the right of D, and then adding the least
number of '00' bytes to the right such that the length of resulting data block is a multiple
of 8 bytes.
3. Divide the result of padding D, into 8-byte blocks D1, D2, . . . , D4.
4. Generate the 8-byte MAC using D1, D2, . . . , DN, session key K = SKSMI and the algorithm
as described in Figure 34. Note: Depending on the length of data block D, there may be
less than or greater than four 8-byte data blocks to input to the algorithm.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 153 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
1. If the number of data bytes is not divisible by 8, pad the plaintext data (D) in the APDU
data field by adding a '80' byte to the right of D, and then adding the least number of '00'
bytes to the right such that the length of resulting data block is a multiple of 8 bytes.
2. Divide the result of padding D, into 8-byte blocks D1, D2, . . . , DN.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 154 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
3. Compute for i = 1, 2, . . . , k:
Decryption of Y with a session key SKSMC = (SKL || SKR) takes place in the following steps:
4. Compute for i = 1, 2, . . . , k:
To obtain the original message D, concatenate the blocks D1, D2, . . . , Dk and remove the
trailing (‘80’ || ‘00’ || ‘00’ || . . . || ‘00’) byte-string from the last block Xk.
Encrypting and MAC'ing of an APDU is carried out according to the following steps,
2. The MAC is computed as described in section 7.3, with the command data being the
enciphered command data.
3. The new APDU data field consists of the concatenation of enciphered command data,
followed by the MAC.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 155 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 156 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
• CVN 5. This is the default CVN and indicates that Issuer Application Data is
included in the cryptogram generation (see Table 83). Note any data elements
requested in the IADOL will be included,
• CVN 6. This CVN is available as an option in the ACO. It indicates that only the
CVR is included in the cryptogram generation (see Table 83) instead of the
entire contents of Issuer Application Data.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 157 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
1. Derive a 16-byte Application Cryptogram Session Key SKAC from the ICC Application
Cryptogram Master Key MKAC and the 2-byte Application Transaction Counter (ATC) of the
ICC. Use the session key derivation function in section 8.2 to derive SKAC.
2. Concatenate the data in Table 83 in the order listed in the table, to give a data block D.
3. Pad the data block D by adding a '80' byte to the right of D, and then adding the least
number of '00' bytes to the right such that the length of resulting data block is a multiple
of 8 bytes.
4. Divide the result of padding D, into 8-byte blocks D1, D2, . . . , D5.
5. Generate the 8-byte TC, ARQC or AAC cryptogram using D1, D2, . . . , D5, session key K =
SKAC and the algorithm in Figure 35. Note: Depending on the length of data block D, there
may be less than or greater than five 8-byte data blocks to input to the algorithm.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 158 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D1
KL KL KL KL KL KR
O1 O2 O3 O4 O5 O6
KL
DEA(e)
D2 D3 D4 D5 O7
The D-PAS application computes the 8 byte ARPC cryptogram according to the following
steps,
1. Pad the 2 byte CSU by adding six '00' bytes to the right of the CSU, to obtain,
2. Compute
D-PAS Card Specification v1.1 Proprietary and Confidential Page 159 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Y: = ARQC EOR X.
In D-PAS, this is done by enciphering an 8-byte diversification value R, with the 16-byte ICC
Master Key (MK) to produce a 16-byte ICC Session Key (SK).
R = R0 || R1 || R2 || R3 || R4 || R5 || R6 || R7
6. SK is the concatenation of SKL and SKR Compute SKL, the left hand 8 bytes of SK,
SK := SKL || SKR
For the session key used to generate and verify the cryptograms, TC, ARQC, AAC and ARPC,
the diversification value is the ATC followed by 6 bytes of '00':
For the session keys used for secure messaging, the diversification value R is the Application
Cryptogram returned in the response example to the 1st GENERATE AC command.
The same session key is used for all commands in a single transaction.
The ICC Unpredictable Number (the challenge) and the ICC Dynamic Number (as included in
DDA/CDA) shall both be 8-byte unpredictable numbers and so shall appear to be randomly
generated. This may be achieved using a Random Number Generator (RNG) provided by the
IC manufacturer.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 160 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Length
Key Description (bytes)
D-PAS Card Specification v1.1 Proprietary and Confidential Page 161 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 162 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 163 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 164 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Card Verification Results CVR D-PAS card application proprietary data element
used to inform the issuer about exception
conditions that occurred during the current and
previous transactions. It is transmitted to the
terminal in Issuer Application Data.
Cardholder Activated CAT A Merchant’s unattended POS Device at which the
Terminal Cardholder’s signature is not required on the
Transaction Receipt in order to conduct a Card
Sale.
Cardholder Verification CVM Method used to ensure that the person presenting
Method the chip card is the person to whom the
application in the card was issued.
Certification Authority CA A trusted central party that issues and distributes
electronic certificates.
Chinese Remainder CRT
Theorem
Combined Dynamic Data CDA An authentication method that uses a dynamic
Authentication / signature and online application cryptogram
Application Cryptogram generated by the card
Generation
Common Core CCD A minimum common set of card application
Definitions implementation options, card application
behaviors, and data element definitions sufficient
to accomplish an EMV transaction.
Common Personalization CPS An EMVCo defined specification that standardizes
Specification EMV card personalization leading to faster, more
efficient and more economical solutions.
Common Session Key CSK A session key derivation method used to generate
a unique session key for each transaction
performed by the chip application.
Number of Consecutive NCOT D-PAS proprietary data element representing a
Offline Transactions profile-specific counter of consecutive offline
transactions that have occurred for that card
application since the last time a transaction went
online.
Cryptogram Information CID Indicates the type of cryptogram (TC, ARQC, or
Data AAC) returned by the card and the actions to be
performed by the terminal.
Cryptogram Version CVN D-PAS proprietary data element indicating the
Number version of the algorithm used by the card to
generate an Application Cryptogram (TC, ARQC,
AAC).
Cumulative Offline COA D-PAS proprietary data element representing a
Amount global counter of cumulative total amount of
offline transactions in the primary and secondary
currencies for the card application since the last
time a transaction went online.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 165 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 166 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
File Control Information FCI The information that is returned to the terminal in
response to a SELECT command.
GET PROCESSING GPO A command which initiates the transaction within
OPTIONS the chip application.
Hardware Security HSM An ISO 9564-1 compliant secure computational
Module device that is used to perform various
cryptographic functions.
Identifier ID
Integrated Circuit Card ICC A card that has a chip embedded in it, also called
a chip card.
Interface Device IFD That part of a terminal into which the ICC is
inserted, including such mechanical and electrical
devices as may be considered part of it.
International ISO An organization of international member countries
Organization for that develop and manage a broad range of
Standardization industry business standards.
Issuer Action Codes IACs Issuer action codes set up on the D-PAS card
during the personalization process and used to
designate the issuer’s selections for approving and
declining transactions. IACs include the:
IAC Default
Specifies the issuer‘s conditions that cause a
transaction to be rejected if it might have been
approved online, but the terminal is unable to
process the transaction online.
IAC Denial
Specifies the issuer‘s conditions that cause the
decline of a transaction without attempt to go
online.
IAC Online
Specifies the issuer‘s conditions that cause a
transaction to be transmitted online.
Issuer Application Data IAD Contains proprietary application data that must be
transmitted to the Issuer in an online transaction
in the authorization request and in the clearing
message, including the:
Length of data contained
Derivation Key Index
Cryptogram Version
Card Verification Results (CVRs)
Issuer Application Data IADOL Data element which allows the issuer to request
Object List additional data elements in the Issuer Application
Data.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 167 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 168 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 169 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Signed Static Application SSAD Static digital signature generated by the issuer on
Data critical application parameters for SDA,
personalized in the card application and validated
by the terminal
Single Transaction STA D-PAS application proprietary data element
Amount Limit specifying the largest amount of a single
transaction, in the reference currency, allowed for
the card application/transaction profile before a
transaction is forced to go online
Static Data SDA An authentication method that uses the static
Authentication signature of the card data, which is the same for
every transaction, to ensure that this data has not
been altered.
Tag Length Value TLV See BER-TLV
Terminal Risk TRM Risk management performed by the terminal to
Management protect the acquirer, issuer, and system from
fraud
Transmission Protocol TPDU
Data Unit
Transaction Certificate TC The Cryptogram generated by the D-PAS chip card
when the transaction decision is to approve the
transaction offline
Triple DES 3DES A form of DES Encipherment/Decipherment.
Triple DES encipherment involves enciphering an
8-byte plaintext block in an 8-byte ciphertext
block with a double-length (16-byte) secret key.
Upper Consecutive UCOL D-PAS card application proprietary data element
Offline Transaction Limit specifying the maximum number of offline
transactions allowed for the transaction profile
before a transaction is declined after an online
transaction is unable to be performed.
Upper Cumulative UCOA D-PAS card application proprietary data element
Offline Amount Limit specifying the maximum cumulative amount of
offline transactions allowed for the transaction
profile, before a transaction is declined after an
online transaction is unable to be performed.
Variable Var.
Year-Day-Day-Day YDDD A date format.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 170 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
• An initial section containing a Data Elements summary table with their tags and usage
specified.
• Subsequent sections that provide more detailed descriptions of the data elements
described in the summary table.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 171 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 172 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 173 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 174 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 175 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 176 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
2 DATA ELEMENTS
The Data Element Format definition follows those in EMV.
4 ALTAIDS (ALIASES)
Alternate AIDs (AltAIDs) are alternative application identifiers that point to an existing
application in addition to the AID of the application.
Each ‘AltAID’ has its own FCI and PDOL list, and this functionality allows the payment
application to be selected according to multiple Application IDs (for Regional specifics).
The D-PAS application does not support AAR generation (Application Advice Request).
The type of cryptogram contained in the Application Cryptogram is identified by the contents
of the Cryptogram Information Data (CID).
Application Cryptogram is a transient data element. The ICC returns an ARQC, a TC, or AAC in
response to the 1st GENERATE AC command; it may only return a TC or an AAC in response
to the 2nd GENERATE AC command.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 177 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Note: If Issuer Authentication is supported in the D-PAS application, the ACO B1b5 bit should
be set. The AIP B1b3 bit refers to Issuer authentication performed in a separate ‘External
authenticate’ command. This command is not implemented in the D-PAS application, (Issuer
authentication is performed during 2nd GENERATE AC) and therefore this bit should never be
set.
BYTE 1:
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
BYTE 2:
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
D-PAS Card Specification v1.1 Proprietary and Confidential Page 178 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
This data object must be present if the CVM List contains a condition code value of ‘06’, ‘07’,
‘08’, or ‘09’.
The decimal point location of amounts expressed in the currency code specified in the
Application Currency Code.
This Data Object must be present if the CVM List contains a condition code value of:
Tag: 9F05
Tag: 5F25
D-PAS Card Specification v1.1 Proprietary and Confidential Page 179 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Tag: 5F24
The AFL is a list identifying the files and records to be used in the processing of a transaction.
The terminal must only read the records named in the AFL.
With a maximum size of 32 bytes, a limit of 8 SFIs can be referenced in the AFL of the D-PAS
application.
Format: Binary, 32 bytes with each SFI listed in the AFL requiring 4 bytes.
The AID is used by the Terminal for application selection. For D-PAS applications:
Note: Additional PIX values may be defined by Discover Financial Services, in order to meet
specific market / franchisee requirements
D-PAS Card Specification v1.1 Proprietary and Confidential Page 180 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
BYTE 1 (Leftmost)
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 - - - - - - - RFU
- 1 - - - - - - SDA supported
- - 1 - - - - - DDA supported
- - - - - - 0 - RFU
- - - - - - - 1 CDA supported
BYTE 2 (Rightmost)
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 - - - - - - - RFU
- 0 - - - - - - RFU
- - 0 - - - - - RFU
- - - 0 - - - - RFU
- - - - 0 - - - RFU
- - - - - 0 - - RFU
- - - - - - 0 - RFU
- - - - - - - 0 RFU
Note: If Issuer Authentication is supported in D-PAS, the ACO B1b5 bit should be set. AIP
B1b3 bit refers to Issuer authentication performed during a separate ‘External authenticate’
command, is not used in D-PAS and should not be set.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 181 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
15 APPLICATION LABEL
Mnemonic associated with AID according to ISO/IEC 7816-5. Used in application selection.
Odd length PANs are padded with hex ‘F’ for storage in the ICC. Recommendation: pad with a
maximum of 1 ‘F’.
Tag: 5A
Tag: 5F34
Issuers must pay attention to the setting of bit 8 of the Application Priority Indicator. If the bit
is set, the associated application is not eligible at terminals that do not support a terminal
customer dialogue cardholder confirmation facility, such as vending machines and toll gates.
BYTE 1
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
D-PAS Card Specification v1.1 Proprietary and Confidential Page 182 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
The value of the ATC may be obtained from the application using the GET DATA command.
The issuer may specify access right after a GET PROCESSING Command through ACO.
As a part of security counters, the issuer may set ATC Limit. If ATC Limit is reached, the D-
PAS application is disabled.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 183 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
BYTE 1 (Leftmost)
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
BYTE 2 (Rightmost)
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
Tag: 9F08
23 AUTHORIZATION CODE
Value generated by the issuer for an approved transaction.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 184 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
The ARC is an ISO 8583 response code received by the terminal from the issuer via the
network, or a response code generated by the terminal. The following values are allowed:
Each profile contains Card Action Codes for Denial, Default, and Online. Each CAC is compared
to the Card Verification Results to take transaction decisions.
• CAC - Denial Used by the issuer to set the situations when a transaction is
always declined at the 1st GENERATE AC.
• CAC - Online Used by the issuer to set the situations when a transaction goes
online if the terminal is online-capable.
• CAC - Default Used by the issuer to set the situations when a transaction is
declined if the terminal is not online-capable or if connection to the issuer is not
possible.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 185 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
BYTE 1
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
BYTE 2
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
D-PAS Card Specification v1.1 Proprietary and Confidential Page 186 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
9A Transaction Date 3
9C Transaction Type 1
Note: If Issuer Authentication Data is not received, the application uses 10 bytes of '00' to
represent issuer authentication data in CDOL2.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 187 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
BYTE 1
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 0 0 0 - - - - RFU
- - - - X X X X PIN Try Counter
BYTE 2
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 0 - - - - - - RFU
- - 1 - - - - - DO NOT Reset Script Counter
- - - 1 - - - - Issuer Approves Online Transaction
- - - - 1 - - - Update PIN Try Counter. If the PTC value in
CSU B1b4-b1 > PTL then PTC is updated
with PTL value.
- - - - - 1 - - Set Go Online on next transaction
- - - - - - X X Update Counters
- - - - - - 0 0 Do Not Update Offline Counters
- - - - - - 0 1 Set Offline Counters to Upper Limits
- - - - - - 1 0 Reset Offline Counters to Zero
- - - - - - 1 1 Reset Offline Counters in all profiles to Zero
The CVR is used with CACs and ACO during Card Action Analysis and allows the card
application to take a decision on acceptable offline risk.
The value of CVR is sent to the issuer as part of Issuer Application Data.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 188 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
BYTE 1
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
D-PAS Card Specification v1.1 Proprietary and Confidential Page 189 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
D-PAS Card Specification v1.1 Proprietary and Confidential Page 190 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
30 CARDHOLDER NAME
Indicates cardholder name according to ISO 7813.
Always ‘00’
D-PAS Card Specification v1.1 Proprietary and Confidential Page 191 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Tag: ‘D2’
Tag: ‘D3’
D-PAS Card Specification v1.1 Proprietary and Confidential Page 192 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 0 - - - - - - AAC
0 1 - - - - - - TC
1 0 - - - - - - ARQC
- - X X - - - - Payment System Specific
- - - - 1 - - - Advice required
- - - - - X X X Reason/advice/referral code
- - - - - 0 0 0 No information given
- - - - - 0 0 1 Service Not Allowed
- - - - - 0 1 0 PIN Try Limit exceeded
- - - - - 0 1 1 Issuer authentication failed
- - - - - X X X Other value RFU
The value of CVN is sent to the issuer as part of the Issuer Application Data.
• '05'. CVN 5 is the default CVN and indicates that Issuer Application Data is
included in the cryptogram generation (see Table 83),
• '06'. CVN 6 is available as an option in the ACO. It indicates that the CVR is
included in the cryptogram generation (see Table 83) instead of Issuer
Application Data.
COA is initialized to zero and incremented by the amount authorized each time a transaction
in the reference currency is completed offline.
COA is reset to zero when a transaction is online approved by issuer, Issuer Authentication
succeeds, and appropriate CSU bit is set.
Option: Reset to zero when a transaction is online approved by issuer, regardless of whether
Issuer Authentication Data is received and/or is successfully verified.
The value of COA may be sent to the issuer as part of the Issuer Application Data (if COA tag
is included in IADOL). If COA is in issuer application data, and the appropriate configuration
item is set, it may also be included in Application Cryptogram.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 193 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
The Currency Conversion Code is used to convert transactions in a recognized currency code
into the primary currency code. The application increments COA with the converted amount.
Example:
To convert a transaction amount of 1 Canadian Dollar (CAD) to United States Dollar (USD).
Data
1 CAD = 000000000100
Conversion exponent: 83
Calculation
D-PAS Card Specification v1.1 Proprietary and Confidential Page 194 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 195 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
CID 1
Application Cryptogram 8
By default, the D-PAS application uses the DDA ICC Public/ICC private key pair.
The issuer may use a dedicated ICC Public/ICC private key pair through ACO.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 196 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
It may also used for Offline Enciphered PIN if the issuer doesn’t specify a different key.
• IAC – Default: Specifies the issuer’s conditions that cause a transaction to be declined if it
might have been approved online, but the terminal is unable to process the transaction
online.
• IAC – Denial: Specifies the issuer’s conditions that cause the decline of a transaction
without attempt to go online.
• IAC – Online: Specifies the issuer’s conditions that cause a transaction to be transmitted
online.
Format: Binary, 5 bytes.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 197 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
- - - - - 0 0 0 RFU
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
- - - - - - 0 0 RFU
D-PAS Card Specification v1.1 Proprietary and Confidential Page 198 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
- - - - - 0 0 0 RFU
BYTE 5
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
For the D-PAS application, the Issuer Application Data is the concatenation of internal card
data elements listed in the following table and Issuer Discretionary Data (IDD).
If present, the IDD allows the issuer to transmit online additional data as PDS items or tags
that are not available in the authorization request. The issuer selects those data by using
IADOL.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 199 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
IADOL allows the issuer to request date element such as Offline counters or IDDT items. This
adds flexibility to the application.
The following table provides a list of data objects which may be included in IADOL list.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 200 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
* The contents of IADOL can be dynamically modified using a scripted PUT DATA’ command, if
in-the-field troubleshooting is required. Issuer Life Cycle Data and profile-specific CACs are
included for this reason.
Note: max size of IDDT data items may be implementation specific, but must not exceed 247
bytes (0xF7) bytes, in order to provide for an 8-byte secure messaging MAC. Every
implementation must provide for IDDT data items of 32 bytes (or less).
Associated with each IDDT data element is a size and access control parameter. Size and
access conditions are set at personalization time. Un-initialized IDDT elements have a size
byte of ‘00’.
Table 107 - Issuer Defined Data Tags (IDDT) Size and Access Parameters
D-PAS Card Specification v1.1 Proprietary and Confidential Page 201 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Size and access conditions values are not returned when an IDDT element is accessed using
EMV GET DATA command.
Size and access conditions values are not supplied in the data field of a PUT DATA command
when writing to IDDT data elements
Table 108 - Issuer Defined Data Tags (IDDT) Access Conditions Encoding (Byte 2)
b8 b7 b6 b5 b4 b3 b2 b1
0 RFU
1 Prior GPO required
1 Prior offline PIN presentation
required
0 RFU
1 Secure messaging (integrity)
required
0 RFU
1 Prior offline PIN presentation
required
0 RFU
Different combinations of the above are possible; for example GPO and PIN may be required
for Read, while PIN and Secure Messaging may be required to update.
If Le in a GET DATA command addressing an IDDT is not the correct length, a 6CXX error
message is returned.
If proper access conditions have not been met, a ‘6982’ should be returned.
If the IDDT tag referenced has not been initialized (i.e., size of '00'), a ‘6A88’ is returned.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 202 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Issuer Life Cycle Data is stored at the application level and may be obtained using the GET
DATA command.
Length
Data Element (bytes) Description
D-PAS Card Specification v1.1 Proprietary and Confidential Page 203 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
The right nibble is included in the Card Verification Results of the current transaction (in the
authorization request) or of the previous transaction (in the clearing record).
The Script Counter is updated for each script command successfully processed and reset after
a successful online transaction.
A configuration option (ACO B1b4) allows the issuer to specify whether successful Issuer
authentication is mandatory to reset Script counter, and if so, a bit in the CSU (B2b6) allows
the issuer to prevent the Script counter from being reset during the current transaction [thus
permitting the issuer to store a cumulative count of scripts executed, over a longer period of
time].
The Script counter will roll-over (revert to ‘00’) if the number of scripts accumulated exceeds
‘FF’.
69 LANGUAGE PREFERENCE
1-4 languages stored in order of preference, each represented by 2 alphabetical characters
according to ISO 639-1.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 204 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
If the profile-specified NCOT counter has exceeded the profile-specified LCOL, the ‘Lower
Consecutive Offline Transaction limit exceeded’ bit of CVR is set (Byte 5, bit 5).
If a global COA has exceeded the profile-specified LCOA limit, the ‘Lower Cumulative Offline
Transaction Amount limit exceeded’ bit of CVR is set.
Optionally: Reset to zero when a transaction is online approved by issuer, regardless of the
presence and validity of Issuer Authentication Data.
The value of the profile-specific NCOT may be sent to the issuer as part of the Issuer
Application Data, if included in the IADOL list. If contained in Issuer application Data, and the
appropriate configuration item is set, the NCOT may also be included in the Application
Cryptogram.
73 OFFLINE BALANCE
D-PAS application proprietary data element specifying the amount of offline spending
available for the application/transaction profile.
The value of Offline Balance may be obtained from the application using the GET DATA
command, if allowed by the Application Configuration Options.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 205 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
75 PDOL-CHECK ENTRY
PDOL-Check Entry is an element in the PDOL-Check Table array. It describes the check
condition and action to take in the PDOL-check mechanism. Refer to Appendix C for a full
description of each of the fields.
PDOL – Denial: Specifies the issuer’s conditions that cause a transaction to be declined during
the 1st Generate AC command.
PDOL – Online: Specifies the issuer’s conditions that cause a transaction to be transmitted
online. If a transaction is forced online by PDOL processing, all standard CRM processing is
bypassed and if terminal is unable to go online, the transaction is automatically declined.
PDOL - Profile: Select a specific ‘Transaction Profile’ with profile-specific AIP, AFL, and values
for CRM elements.
The value of the PIN Try Counter may be obtained from the application using the GET DATA
command. The issuer may restrict access rights to PTC until after a GET PROCESSING
Command has been successfully performed (Configuration item in ACO).
Decremented by 1 each time an incorrect PIN is entered. Reset to the PIN Try Limit when the
correct PIN is entered or when the PIN is changed or unblocked by the issuer.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 206 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
During the Card risk management process, all information stored in the PTH must be
transferred into the CVR, and may then force a transaction to be declined or performed
online.
BYTE 1
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 0 - - - - - - RFU
- - - 1 - - - - ‘Go on-line next transaction’ was set (New Card, or bit set
in CSU of last transaction)
Note: If an issuer wishes to send the first transaction of a
new card online, then it is recommended to issue the
application personalized with PTH B1b5 = '1' and CAC-
Online B1b3 of = '1'.
- - - - 1 - - - Issuer authentication not performed in last online
transaction
- - - - - 1 - - Issuer Authentication failed during previous transaction
- - - - - - 1 - Script received
- - - - - - - 1 Script failed
BYTE 2
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
The contents of PTH are set and cleared under the conditions in Table 111.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 207 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
BYTE 1
D-PAS Card Specification v1.1 Proprietary and Confidential Page 208 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
BYTE 2
81 REFERENCE PIN
D-PAS application proprietary data element containing the value of the offline PIN that is
compared to a PIN entered by the cardholder.
If supported, the SDA Tag List contains only the tag of the Application Interchange Profile.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 209 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Security Length
Counter/Limit (bytes) Purpose
D-PAS Card Specification v1.1 Proprietary and Confidential Page 210 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Security Length
Counter/Limit (bytes) Purpose
MACs verified during the current session. When the “Session
MAC” counter reaches the “Session MAC limit” the current
command is aborted with a ‘6985’ error response, and no
other scripted commands will be accepted in the current
session.
If the transaction amount has exceeded this limit, the relevant CVR bit is set.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 211 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Tag: 57
Tag: 9F1F
A terminal obtains this value from the SELECT response in the FCI. This data element is also
personalized outside the SELECT response, so that the application knows where to log
transactions and the maximum number of records supported in the Transaction Log file. Note:
[EMV] specifies that the transaction log file should be in an SFI between 11 and 30.
BYTE 1
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 0 0 - - - - - RFU
- - - x x x x x SFI containing the cyclic Transaction Log file
BYTE 2
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
Example:
A Log Entry Data Element (Tag 9F4D) with the following content ‘1012’ indicates that the
Transaction Log file is located in SFI 16 and contains a maximum of 18 records.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 212 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
This value may be obtained from the application using the GET DATA command.
The Log Format is coded like a DOL, and is fixed for the D-PAS application.
Example:
A Log Format Data Element (tag 9F4F) with the following content
9F02065F2A029A039F36029F34039F52069F1A0295059C018A02 indicates that the
Transaction Log records have the content specified in Table 114.
The D-PAS application shall be able to support a minimum of 3 profiles. The maximum is
limited by issuer requirement and application design.
Each Transaction Profile is given a specific ID between 0 and 15 and provides the following
resources. The presence or absence of profile-specific resources is indicated in a Profile
Resource Usage’ bitmap (PRU). Default Profile is set to 0.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 213 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
If the profile-specified NCOT has exceeded this limit, the ‘Upper Consecutive Offline
Transaction limit exceeded’ bit of CVR is set during 1st Generate AC velocity checks.
If the global COA counter has exceeded the profile-specified UCOA limit, the ‘Upper
Cumulative Offline Transaction Amount limit exceeded’ bit of CVR is set during 1st Generate
AC velocity checks.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 214 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 215 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
However, aside from the standard EMV ‘GET PROCESSING OPTIONS’ processing, the D-PAS
application performs a proprietary series of ‘PDOL-checks’, which complement (and in some
cases, accelerates) the Card Risk Management tests performed during the 1st GENERATE AC
command.
The GET PROCESSING OPTIONS command ensures that the following are performed:
• Inform the D-PAS application that the processing of a new transaction has
begun;
• If PDOL Checks are activated, provide to the D-PAS application all terminal-
related transaction-specific information requested in PDOL, and provide an
opportunity for the card to ‘pre-process’ transaction-specific data and then
perform one of three actions:
• Select a specific ‘Transaction Profile’ with profile-specific AIP, AFL, and CRM values
(PDOL-Profile check). Note: Profile-specific CRM values are used in all subsequent
processing, including following PDOL check.
• Ensure that the D-PAS application provides to the terminal the proper
‘Application Interchange Profile’ (AIP) and a list of files that contain the D-PAS
chip card application data, to be used in processing the transaction (AFL). The
AIP and AFL may be transaction profile-specific;
• The D-PAS application shall also increment the ATC, and reset the CVR (Card
Verification Results). The application is now be in an ‘INITIALIZED’ state.
The issuer has the ability to activate or de-activate the PDOL-check mechanisms by setting
(or clearing) byte 2, bit 4 (B2b4) of the global ACO element. If this bit is set, any previously
defined PDOL-checks (Decline, Profile, and Online) are executed. If this bit is not set, the
card shall not perform any PDOL-check processing (functionality is disabled). An issuer that
chooses to not use the PDOL-check mechanism may also clear this ACO bit to thereby bypass
all PDOL check-related processing, and thus optimize transaction performances.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 216 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
1 TRANSACTION PROFILES
The D-PAS application shall offer the possibility of implementing a minimum of 3 pre-
allocated Transaction Profiles. Each Transaction Profile is given a specific ID between 1
and 15 (‘0F’) and potentially provides the following resources:
PRU 1 byte
AIP 2 bytes
AFL 32 bytes
CAC Denial 2 bytes
CAC Online 2 bytes
CAC Default 2 bytes
NCOT counter 1 byte
LCOL 1 byte
UCOL 1 byte
LCOA limit 6 bytes
UCOA limit 6 bytes
STA limit 6 bytes
Total: 62 bytes
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
1 Profile-specific AIP
- 1 - - - - - - Profile-specific AFL
- - 1 - - - - - Profile-specific CACs
- - - 1 - - - - Profile-specific STA limit
- - - - 1 - - - Profile-specific LCOA and UCOA limits
- - - - - 1 - - Profile-specific LCOL and UCOL limits
- - - - - - 1 - Profile-specific NCOT counter
(Note: when bit value = 0, use global NCOT
counter)
D-PAS Card Specification v1.1 Proprietary and Confidential Page 217 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
When a specific profile is selected (using the PDOL-Profile check mechanism), any of the
above-mentioned profile-specified limits and data are copied into the global AIP, AFL, CAC,
LCOL, UCOL, LCOA, UCOA and STA internal card data elements, and is used for subsequent
Card Risk Management (CRM) checks, performed in the current transaction.
These elements may also be individually accessed using the ‘Get Data’ command and tags in
the range ‘C5’-‘CD’. A ‘Put Data’ command referencing one of these data items directly (tags
‘C5’-‘CC’) will affect the CRM resource specified in the current profile (as specified in the PRU
bitmap). If the resource being used by the currently selected profile is defined as being
‘Global’ (relevant PRU bit set to ‘0’), the data item in ‘profile 0’ will be modified.
The COA (Cumulative Offline Amount) counter used is always a single global counter, so that
the cumulative transaction amount is always the sum of all offline amounts accepted by (all
profiles on) the card.
The NCOT (Number of Consecutive Offline Transactions) counter may be profile-specific. This
allows the issuer to differentiate between the numbers of offline transactions occurring for
different transaction types.
If indicated in the IADOL list, the IAD (Issuer Application Data) in an online authorization
request (or AAC or TC response) may contain the value of the global COA counter, and the
value of the NCOT associated with the current transaction profile.
The ARPC response code contained in the authorization response resets the profile-specified
NCOT as well as the global COA. However, profile-specific NCOT values in other profiles are
not affected unless the CSU specifies that all offline counters shall be reset. (See Appendix B.)
Use of profiles is optional; a profile that is not initialized by the issuer, and not referenced in
the PDOL-Profile checks, shall not be used. By default, profile 00 is selected by the
application, and must be initialized with default AIP, AFL, LCOA, UCOA, LCOL, UCOL, CACs,
STA. as well as the Offline counters COA and NCOT.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 218 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
• Note: This PDOL and FCI might be specific to a particular ‘Alias’ (AltAID).
If ‘PDOL-checks’ are activated, the D-PAS application uses these PDOL elements and/or
certain OS-internal data elements (such as ‘AID selected’, or ‘type of APDU interface’), and/or
the value of a tagged internal card Data objects, to perform 3 types of PDOL checks. These
checks are always performed in the same sequence:
2. PDOL-Profile checks. Allow the card application to select a particular transaction profile
based on internal or terminal resident data values.
3. PDOL-Online checks. Allow the card to force a transaction online, regardless of other CRM
checks performed in GENERATE AC command.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 219 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Initialize
Initialize ‘global
‘global resources’
resources’
with
with default
default values
values in
in ‘profile
‘profile 0’
0’
Increment
Increment ATC,
ATC, Initialize
Initialize
CVR
CVR &CID
&CID
Process
Process all
all ‘PDOL-Decline’
‘PDOL-Decline’
table
table entries
entries
Match
Match found?
found?
Yes
No
Initiate
Initiate Application
Application
Set
Set ‘PDOL
‘PDOL forced
forced Process
Process all
all ‘PDOL-Profile’
‘PDOL-Profile’ Processing
Processing
decline’
decline’ bit
bit and
and table
table entries
entries
‘PDOL-check
‘PDOL-check ID’ ID’ in
in
CVR
CVR
Yes
Match
Match found?
found?
No
Set
Set Profile
Profile ID
ID in
in byte
byte 55
Default
Default Transaction
Transaction Profile
Profile bits
bits 1-4
1-4 ofof CVR
CVR
ID
ID == 00
Copy
Copy ‘profile-specific’
‘profile-specific’
Process
Process all
all ‘PDOL-CRM
‘PDOL-CRM ’’ resources
table resources into
into ‘global
‘global
table entries
entries resources’
resources’
Yes
Match
Match found?
found?
Set
Set ‘PDOL
‘PDOL forced
forced
No online’
online’ bit
bit and
and ‘PDOL-
‘PDOL-
check
check ID’
ID’ in
in CVR
CVR
Return
Return Profile-Specific
Profile-Specific AIP
AIP
and
and AFL
AFL
AIP, AFL
GET PROCESSING OPTIONS
Response
Set
Set ‘Machine-State’
‘Machine-State’ to
to
‘INITIALIZED’
‘INITIALIZED’
The issuer may configure up to 15 ‘PDOL checks’ of each type. Each entry in the PDOL-check
tables (Decline, Profile, or Online) specifies which data element to evaluate, as well as size
and location of reference data, the type and number of comparisons to make, the action to be
taken if match is found, and the action to be taken if match fails. A bit-mask is also provided
D-PAS Card Specification v1.1 Proprietary and Confidential Page 220 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
to enable the issuer to filter out irrelevant bit combinations. Potential actions to take are
encoded in a bit-map, and may include:
• ‘Same as’
• ‘Different than’
• ‘Equal or greater’
Reference data may be either ‘OS data’ (such as ‘AltAID’ or ‘Interface type’), any TLV item
received in PDOL data (such as ‘Amount’ or ‘Terminal Type’), or an internal (tagged) card
data element. If comparison data is found in PDOL, an offset in PDOL data and size of
reference data must be indicated. If an Internal card data is used, the tag of the data item is
provided (Note: a maximum size of 15 bytes of comparison data is allowed).
One or more ‘comparison’ values may be provided in a PDOL-check entry. Each comparison
value must be of same length as reference value and compared with the bit-masked reference
data. All potential comparisons must be performed before the check fails. If the check
succeeds, the action to be taken is specified by the PDOL-check entry. If the check fails, the
action to be taken is also specified by the PDOL-check entry.
Note: If a data element requested in PDOL is not available to the terminal, the bytes received
in PDOL data are initialized with ‘00’s. This must be taken into consideration when coding the
‘Match’ and ‘No match’ ‘action bytes’ of PDOL-check entries.
The size of PDOL-check tables varies dynamically with the number of PDOL-check entries of
each type, as well as the size and number of comparison values. The size and contents of
PDOL-check tables are specified by the issuer during Data Preparation/ Personalization, and
sufficient EEPROM must be allocated to ensure that the issuer may use up to 15 different
PDOL-check entries in each of the 3 PDOL-check arrays (Decline, Profile, and Online).
D-PAS Card Specification v1.1 Proprietary and Confidential Page 221 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
PDOL-Check Entry:
Ref Data Type Bit map coding type of Reference Data to be used in 4 bits
comparisons: ‘Interface type’, ‘Alias ID’, ‘Internal Data’
(see table below)
or ‘PDOL Data’
Ref Data Size Size of Reference and Comparison data (Max: 15 4 bits
bytes)
Ref Data Offset or Tag Offset of Reference data in PDOL data or Tag of 2 bytes
Internal Data object
‘Test type’ Bit map coding type of comparison to make, either: 4 bits
Match, No match, Equal or Greater than
(see table below)
‘Match found’ Bit map coding action to take if ‘Match found’ 1 byte
(see table below)
‘Match not found’ Bit map coding action to take if ‘Match not found’ 1 byte
(see table below)
Bit mask Bit mask used to focus on specific bits in reference Ref Data Size
data. A logical ‘AND’ is performed between bit mask
(set bits you wish
and reference data before evaluating match with
to ignore to 0)
comparison values.
Number of Match values Number of comparison values of length ‘Ref Data Size’ 1 byte
[n]
….. …. ….
D-PAS Card Specification v1.1 Proprietary and Confidential Page 222 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
1 0 0 0 - - - - Never
0 1 0 0 - - - - Exact Match
0 0 1 0 - - - - No Match
0 0 0 1 - - - - Equal or Greater
0 0 0 0 - - - - Always
- - - - X X X X Value to set (Result). Note: Always ‘0’ or ‘1’ in ‘PDOL-
Decline’ and ‘PDOL-Online’ arrays
D-PAS Card Specification v1.1 Proprietary and Confidential Page 223 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
‘PDOL-Checks’ array:
Tag - Length ‘DF10’ ‘xx’ (xx = total length of PDOL-Decline array) 3 bytes
N Number of PDOL-Decline entries (max 15) 1 byte
PDOL-D Len1 Size of PDOL-Decline entry 1 1 byte
PDOL-D entry 1 First PDOL-Decline Table entry PDOL-A Len1
------- -------- ------
PDOL-D LenN Size of PDOL-Decline entry N 1 byte
PDOL-D entry N Last PDOL-Decline Table entry PDOL-A LenN
Tag - Length ‘DF11’ ‘yy’ (yy = total length of PDOL-Profile array) 3 bytes
N Number of PDOL-Profile entries (max 15) 1 byte
PDOL-P Len1 Size of PDOL-Profile entry 1 1 byte
PDOL-P entry 1 First PDOL-Profile Table entry PDOL-P Len1
------- -------- ------
PDOL-P LenN Size of PDOL-Profile entry N 1 byte
PDOL-P entry N Last PDOL-Decline Table entry PDOL-P LenN
Tag-Length ‘DF12’ ‘zz’ (zz = total length of PDOL-Online array) 3 bytes
N Number of PDOL-Online entries (max 15) 1 byte
PDOL-O Len1 Size of PDOL-Online entry 1 1 byte
PDOL-O entry 1 First PDOL-Online Table entry PDOL-P Len1
------- -------- ------
PDOL-O LenN Size of PDOL-Online entry N 1 byte
PDOL-O entry N Last PDOL-Online Table entry PDOL-P LenN
The following transaction flow diagram describes the sequence of events occurring during
PDOL Processing:
D-PAS Card Specification v1.1 Proprietary and Confidential Page 224 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Copy ‘Profile 0’
PDOL- checks resources into
PDOL-Decline checks
‘Global’ profile object
Yes Application
Compare Masked
blocked?
reference data with
comparison value
3 Comparison
GPO types Yes
No No match ?
response
No
PDOL checks
Yes Evaluate ‘Match
deactivated ? Exact Match? Yes
Found’ Action code
No
No
PDOL- No
Yes
Profile
checks
Evaluate first
PDOL-check Last
Next comparison
Comparison
value
No value?
Retrieve PDOL or internal card
element ‘Reference data’ Yes
Yes
No
Set ‘Action flag’
Set ‘Action flag’
No
Yes
PDOL-
enter ID of PDOL-Check
Profile ‘Action Flag’ Set CVR Byte 4 bit 1
No Yes which set ‘Action Flag’ in
checks set? ‘PDOL Decline’
CVR Byte 6, bits 5-8
D-PAS Card Specification v1.1 Proprietary and Confidential Page 225 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
# of PDOL-Profile
checks >0 ?
No match ? Yes
Retrieve PDOL or internal card
element ‘Reference data’
No
Yes Evaluate ‘Match
Exact Match?
Found’ Action code
Perform a logical ‘AND’
between reference data No
and PDOL-check Bitmask Equal or Yes
Greater ?
No
Last
Next comparison
Comparison
value
No value?
Yes
No
No
‘Jump To’ or
‘Jump To’ or ‘Next’
‘Continue’ Action
PDOL-Check entry
Yes indicated ?
No
Using PRU, copy all profile- PDOL-
Last PDOL-Profile Online
specific resources from new
entry, or ‘Exit’ Checks
Profile object into Global
indicated ?
No Profile object
Yes
PDOL-
Online New Profile Enter new Profile ID in
Checks No Yes
selected? CVR byte 6, bits 1-4
D-PAS Card Specification v1.1 Proprietary and Confidential Page 226 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 227 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Implementation Example
The following are multiple examples of a PDOL-Check sequence, with elements personalized in
the following way:
Profiles (Each profile has its own AIP, AFL, FCI, Offline Limits, NCOT and CACs)
0 Credit (Default)
1 Alias Payment application 1
2 Debit
3 OTP Generation
4 Low Value Payments
1 ‘Discover Debit’ and ‘Alias Payment application 1’ applications may not be accessed over
‘Contactless’ interface,
2 If ‘OTP application’ AID is selected, Terminal type must be ‘34’, and first two bytes of
‘Terminal Capabilities’ must be ‘0000’,
3 If Alias Payment application 1 AID is selected, ‘' Alias Payment application 1' transaction
profile must be used,
4 If ‘Discover Debit’ AID is selected, ‘Debit’ transaction profile must be used,
5 If ‘OTP application’ AID is selected, ‘OTP’ transaction profile must be used,
6 If transaction amount is less than USD10.00, and transaction currency is in USD, LVP (Low
Value Payment) transaction profile must be used,
7 An ATM transaction (as indicated by ‘Terminal Type’) must always go online.
All of the above business requirement may be met with the following PDOL and PDOL-check
table array:
PDOL
‘9F02069F1A025F2A029A039F35019F4002’
D-PAS Card Specification v1.1 Proprietary and Confidential Page 228 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 229 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Capabilities]
Test type + Result ‘41’ [Exact match, result = 1 (Abort)]
Match found ‘20’ [Do not set value, Exit]
Match not found ‘A0’ [Set value; Exit]
Bit mask ‘FFFFFF’ [all bits]
Number of Match values ‘01’
Value 1 ‘340000’ [Terminal Type = 34, Capabilities
‘0000’]
D-PAS Card Specification v1.1 Proprietary and Confidential Page 230 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Size of Check 4 13
Data Type + Size 16 [PDOL data; 6 bytes]
Data Offset 0000 [First bytes in PDOL data]
PDOL Profile Entry 4
D-PAS Card Specification v1.1 Proprietary and Confidential Page 231 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Size of Check 5 0B
Data Type + Size 12 [PDOL data; 2 bytes]
PDOL Profile Entry 5
Size of Check 1 0B
Data Type + Size 11 [PDOL data. 1 byte]
Data Offset 000D [i.e., Terminal Type]
Test type + Result 41 [Exact match, result = 1 (Force
PDOL ONLINE Entry 1
Online)]
Match found A0 [Set value, Exit]
Match not found 00 [Continue (Exit)]
Bit mask FF [Not used]
Number of Match values 03
Value 1 14 [If Terminal type is ATM]
Value 2 15 [“““““]
Value 3 16 [“““““]
Scenario 1
D-PAS Card Specification v1.1 Proprietary and Confidential Page 232 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Result Based on PDOL checks, the transaction shall proceed using the
LVP transaction profile.
Scenario 2
Scenario 3
Scenario 4
D-PAS Card Specification v1.1 Proprietary and Confidential Page 233 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Scenario 5
D-PAS Card Specification v1.1 Proprietary and Confidential Page 234 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 235 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
• EMV Parameter settings, including acceptable card usage and offline limits,
• Card and Terminal risk management parameters (IAC and CAC values),
• Use and definition of Transaction Profiles; choice of Profile resources (offline limits),
1. Data Preparation Template tool, which will walk the issuer through all the personalization
choices available and provide default values when appropriate. This functionality will
usually be supplied in the form of a separate software utility, which is linked with the ‘Data
Preparation’ process preceding card personalization; or
2. An EMV Common Personalization Specification (CPS) interface, which uses the commands
‘Select’, ‘Initialize Update’, ‘External authenticate’, and ‘Store data’ to load a pre-defined
set of DGIs (Data Grouping Identifiers), which contain all the personalization data required
by the card, grouped by data type.
The following sections document the interface that shall be implemented by a D-PAS-
compliant application supporting personalization by means of CPS. For the sake of clarity and
completeness, much of the following sections are extracted verbatim from [EMV CPS]
specifications. In other cases, reference to specific sections of [EMV CPS] is made.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 236 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
How data elements are personalized or pre personalized is beyond the scope of these
specifications, except when EMV CPS is used.
However, in order to function properly, the D-PAS application must have been supplied with
personalization values for a ‘Minimal set’ of data items.
CPS
Tag Data Element Location Length DGI
D-PAS Card Specification v1.1 Proprietary and Confidential Page 237 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
CPS
Tag Data Element Location Length DGI
D-PAS Card Specification v1.1 Proprietary and Confidential Page 238 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
CPS
Tag Data Element Location Length DGI
'9F32' IPK Exponent If SDA, DDA, CDA, or Offline Enciphered PIN is 1 or 3 ‘0202’
supported
'92' IPK Remainder If SDA, DDA, CDA, or Offline Enciphered PIN is Var. ‘0202’
supported and entire IPK does not fit in IPK
Certificate
'8F' Certificate Authority If SDA, DDA, CDA, or Offline Enciphered PIN is 1 ‘0202’
Public Key Index supported
'9F47' ICC Public Key If DDA, CDA, or Offline Enciphered PIN using ICC 1 or 3 ‘0202’
Exponent Public Key is supported
'9F48' ICC Public Key If DDA, CDA, or Offline Enciphered PIN using ICC Var ‘0202’
Remainder Public Key is supported and entire ICC PK does not
fit in ICC PK Certificate
'9F49' DDOL If DDA or CDA is supported 3 ‘0202’
'9F2E' ICC PIN Encipherment If Offline Enciphered PIN using ICC PIN Var. ‘0202’
Public Key Exponent Encipherment Public Key is supported
'9F2F' ICC PIN Encipherment If Offline Enciphered PIN using ICC PIN Var. ‘0202’
Public Key Remainder Encipherment Public Key is supported and entire
ICC PIN Encipherment PK does not fit in ICC PIN
Encipherment PK Certificate
‘93’ SDA Certificate If SDA, is supported Var. ‘0203’
'9F46' ICC Public Key If DDA, CDA, or Offline Enciphered PIN using ICC Var. ‘0204’
Certificate Public Key is supported
In any of the above ‘Internal card data items’ is not personalized, and is required by the D-
PAS application processing, the D-PAS application must return a SW1SW2 of ‘6984’
(Reference data not useable). If the missing data is normally contained in Terminal file
records, the terminal will often register the event ‘ICC missing mandatory element’ bit in TVR,
and depending on IAC-Decline and TAC-decline personalization settings, may abort the
transaction.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 239 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
The files (i.e., values for SFI) used to store EMV data.
The records (i.e., values for the record number within a file) used and the length reserved for
each record.
Some D-PAS implementations do not need to determine the organization of data in records
before personalization, since some multi application card platforms do not require a file
system and the applications may then simulate the files and records themselves.
Other implementations will need to determine the organization of data in records before
personalization. This is the case, for example, when a real file system is used to store the
records and when the file structure may not be created by the applications.
The following requirements apply to the organization of EMV records into files:
At a minimum, the D-PAS application shall support up to 2K (2048) bytes of memory to store
EMV records if the application supports the Dynamic-RSA implementer-option.
At a minimum, the D-PAS application shall support up to 1.5K (1536) bytes of memory to
store EMV records if the application does not support the Dynamic-RSA implementer-option.
It shall be an issuer-option to store the EMV records in any file with an SFI between 1 and 10
(e.g., records may be stored in SFI 1 and 2; or in SFI 1, 3, and 4; or in SFI 5, 6, 8, 9).
At a minimum, the D-PAS application shall support up to a total of 16 records for EMV data.
It shall be an issuer-option to place up to 16 records in any file with SFI between 1 and 10,
provided the total number of records is less than or equal to the maximum number of records
supported by the application (e.g., two records in file 1, three records in file 2 etc.).
In other words; in any implementation of the D-PAS application, allocation of the EMV data to
files and records may be performed in any file with an SFI between 1 to 10 and any record,
provided that:
The total memory for records needed is less than or equal to:
The length of records is less than or equal to 254 bytes, including the tag '70' and the length
byte(s).
• More than 16 records total in all files with SFI between 1 and 10
D-PAS Card Specification v1.1 Proprietary and Confidential Page 240 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
As previously implied, some implementations will support the above requirements without the
need to prepare the card before personalization to meet an issuer’s data organization needs
whilst other implementations will need to be customized before personalization.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 241 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
3 EMV CPS
Support of the EMVCo Card Personalization Specification (CPS) is an implementer option for
D-PAS. For cards that support the CPS implementer option, the format of the Personalization
data must be consistent across implementations for an issuer to be able to personalize
different implementations with the same Personalization data. The requirements of this
section apply when the application is personalized using EMV CPS as the Personalization
method.
3.1.1 OVERVIEW
Command APDUs are defined in the [EMV CPS], Chapter 3. A typical Personalization consists
of the following commands in the sequence shown:
• Select
• Initialize Update
• External Authenticate
• Store Data
• Note: CPS-specific APDU command specifics are documented in section 5.
The SELECT command will be issued once for each IC card application to be personalized. The
data in the FCI (the response to the SELECT command) will be changed during the
Personalization process. There is no specific requirement for it prior to Personalization, other
than the requirement to return the AID Tag (84) with length and value.
D-PAS applications shall support the three security levels allowed in EMV CPS:
D-PAS Card Specification v1.1 Proprietary and Confidential Page 242 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Encryption and MAC – The secure channel is established for confidentiality and integrity as
well as authentication purposes.
Note: In order to enable the ‘External authentication’ mechanism, and permit the creation of
a secure personalization channel, The D-PAS application must be ‘pre-personalized’ with 1 or
more 3DES ‘authentication’ keys, before the CPS session is initialized. How these keys are
diversified on a card-by-card basis, and how these keys are initialized in a specific card OS, is
beyond the scope of these specifications.
The P1 value in the STORE DATA command header shall be ignored except for the 3 first high-
order bits, used to indicate an encrypted DGI or the last STORE DATA command.
Support for a single DGI spanning two STORE DATA commands is needed to personalize a
record containing an Issuer Certificate with a CA key size of 1984-bits, and template tags that
may overflow the length of the command data field in a single STORE DATA command.
Support of multiple DGIs in a single STORE DATA command may reduce the number of
commands needed, and perhaps the personalization time. A STORE DATA command that
supports multiple DGIs is not required to also be able to span the last DGI over a second
STORE DATA command.
The DPAS application must support any single DGI spanning two STORE DATA commands.
All tagged data elements shall be entered in the DGI in TLV format, and the application shall
accept tagged data elements in any order within the specified DGI.
The application developer and Data Preparation must ensure that any such implementation-
specific constraints are respected.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 243 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
The application developer and Data Preparation must ensure that any such implementation-
specific constraints are respected.
The requirement column titled “Req.”, in the following tables of data elements for each DGI,
lists the requirements for each data element:
• C (Conditional) indicates that the data element is necessary under certain conditions.
Data Groupings are reserved for record values for Data Grouping Identifiers in the range
‘XXYY’, where ‘XX’ indicates the SFI and ‘YY’ indicates the record number as follows:
‘XX’ represents the SFI where the record is stored. ‘YY’ represents the record number. This
specification does not mandate the file and record structure for the personalization of these
files.
As defined by EMV, the persistent data elements stored in files with a Short File Indicator
(SFI) between 1 to 10, are stored in records following the ‘70’ template and are retrievable
with the Read Record command. Note that the P1 value used in the Read Record command
corresponds to the ‘YY’ value in the DGI.
Also as specified by EMV, D-PAS applications, in both non personalized and personalized
states, do not interpret the data elements stored in these records but instead process the
Read Record command so that the appropriate personalized record is returned in the response
message.
Data Groupings are reserved for EMV SFI and record values in the range ‘'XXYY' where:
D-PAS Card Specification v1.1 Proprietary and Confidential Page 244 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
There are therefore ten files in which EMV records may be stored. Each file may contain up to
255 records. However, the D-PAS application should not approach these limits.
Support of these Data Grouping Identifiers is optional. Among those Data Grouping
Identifiers, only 'XX' = '0B' is defined for D-PAS. D-PAS applications may support Data
Grouping Identifiers for records in other files in with a Short File Identifier between 11 and 30.
For DGIs with the first byte equal to '01' through '1E', the first byte indicates the SFI in which
the data is to be stored and the second byte indicates the record number within the SFI.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 245 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Other DGIs in this range are also supported, but the ones listed above reflect the default
record layout.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 246 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 247 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
D-PAS Card Specification v1.1 Proprietary and Confidential Page 248 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
NOTE: The data elements in this grouping are included in the Signed Application Data (SAD).
If updates to the Cardholder Verification Methods (CVM) List are to be made by the issuer
using Issuer Script Processing or if multiple CVM Lists are used and a single SAD is used, the
CVM List should be included in DGI 0303 rather than in DGI 0303.
NOTE: The AIP included in the Signed Application Data (SAD) is not included in the record
data because the value may change with the profile selected for the transaction.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 249 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
'4F3B' Template ‘BF3B’, Transaction Profile Objects (0- Table 140 No D-PAS
15)
‘4F42’ Template ‘BF42’, Issuer Defined Data Tags Table 141 No D-PAS
D-PAS Card Specification v1.1 Proprietary and Confidential Page 250 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Length
Req Tag Data Element (bytes) Encrypt
Template ‘BF33’ contains 1-15 ‘PDOL-Denial’ checks; Template ‘BF34’ contains 1-15 ‘PDOL-
Profile’ checks; Template ‘BF35’ contains 1-15 ‘PDOL-Online’ checks. Inclusion of DGIs ‘3F33’-
‘3F35’ is optional, if PDOL checks are not being used.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 251 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
DGI ‘4F3B’ contains 1 or more ‘Transaction Profile’ objects, embedded in a BER-TLV template
with tag ‘BF3B’. Each ‘Transaction Profile’ object consists of the following elements,
concatenated without tags or lengths:
'DF20’-
M Profile identifier (0-15) 2 N/A
‘DF2F’
M - Profile Resource Usage (PRU) bitmap 1 N/A
O - AIP 2 N/A
O - AFL 32 N/A
O - CACs (Default, Denial, Online) 3x2 N/A
- NCOT (Number of Consecutive Offline 1
O N/A
Transactions) counter
O - LCOL (Lower Consecutive Offline Limit) 1 N/A
O - UCOL (Upper Consecutive Offline Limit) 1 N/A
O - LCOA (Lower Cumulative Offline Amount) limit 6 N/A
O - UCOA (Upper Cumulative Offline Amount) limit 6 N/A
O - STA (Single Transaction Amount) limit 6 N/A
At a minimum, ‘Profile 0’ (tag DF20) must be personalized in DGI 4F3B. The presence of other
Transaction Profile objects is Optional. At a minimum ‘Profile 0’ must define an AIP, an AFL,
and a set of CAC arrays. Use of other profile resources is optional; unused resources should
be initialized with a value of ’00..00’. Optional Profile objects 1-15 may contain any or all of
the profile resources specified above (as indicated in the PRU byte). Unused profile resources
should be initialized with the value ’00..00’.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 252 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
DGI ‘4F42’ contains 1 or more IDDT (Issuer Defined Data Tag) entries, embedded in a BER-
TLV template with tag ‘BF42’. Use of IDDT tags, and inclusion of DGI ‘4F42’ is optional. If
present, each IDDT entry in template BF42 will have the following format:
Lengt Encryp
Byte Data h t
Note that Get Processing Options (GPO) response data for D-PAS uses DGI 'BF41' rather than
DGI '9104' as defined in EMV CPS. The values needed by the application to build the Issuer
Application Data contained in the Generate AC command response is personalized using tag
'D0' in DGI '0400'.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 253 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
DGI ‘8000’ contains the 3DES keys used by the DPAS card application. This DGI must be encrypted as it
contains confidential information.
DGI ‘8010’ contains the Offline PIN. This DGI must be encrypted as it contains confidential information.
DGI ‘9010’ contains Offline PIN-related Data. The contents of this DGI should be as follows:
The q-1 mod p is the default convention to be used to generate the values for DGIs containing
the CRT components for a D-PAS RSA Private key [DDA or PIN Encipherment].
D-PAS Card Specification v1.1 Proprietary and Confidential Page 254 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
Table 148 - Data Content for DDA Key data DGIs '8201' Through '8205'
Table 149 - Data Content for PIN Encipherment Key data DGIs '8301' Through '8305'
D-PAS Card Specification v1.1 Proprietary and Confidential Page 255 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
4.1 AIP
The ‘Issuer Authentication is supported’ bit in the AIP is set to 0b to indicate that the card
supports Issuer Authentication as part of processing the 2nd Generate AC command
The application shall be personalized with at least one AIP, AFL Length, and AFL to be used by
the application. These will be defined in the default ‘Profile 0’.
4.2 CACS
The following requirements identify values that must be personalized in application data
elements in order to ensure D-PAS is compliant with CCD.
The following bits in the CAC-Online shall be personalized to the value 1b (for CCD
compliance):
The following bits in the CAC-Default shall be personalized to the value 1b (for CCD
compliance):
Application Effective '5F25' Omission allows use of card beyond its authorized time window
Date
Application Expiration '5F24' Omission allows use of card beyond its authorized time window
Date
Application Usage '9F07' Omission may allow attacker to avoid usage restrictions of card
Control
D-PAS Card Specification v1.1 Proprietary and Confidential Page 256 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
CDOL1 if card '8C' Omission for CDA-capable applications may allow attacker to
supports CDA mislead the interpretation of the CDOL data
CDOL2 if card '8D' Omission for CDA-capable applications may allow attacker to
supports CDA mislead the interpretation of the CDOL data
CVM list '8E' Omission may allow attacker to avoid cardholder verification
Issuer Action Code- '9F0D' Omission allows attacker to alter terminal action analysis (and
Default thereby affect risk management)
Issuer Action Code- '9F0E' Omission allows attacker to alter terminal action analysis (and
Denial thereby affect risk management)
Issuer Action Code- '9F0F' Omission allows attacker to alter terminal action analysis (and
Online thereby affect risk management)
Issuer Country Code '5F28' Omission may allow attacker to avoid international restrictions
(tag 5F28)
PAN '5A' Omission allows attacker to claim a bogus card Identity in offline
transactions
PAN Sequence '5F34' Omission allows attacker to claim a bogus card Identity in offline
Number transactions
SDA Tag List '9F4A' Omission allows attacker to avoid or alter offline data
authentication and may allow alteration to terminal risk
management and cardholder verification
1
These are the minimum requirements that must be supported by any implementation of D-
PAS. It is allowed for an implementation to support more than this minimum, but issuers
should note that not all implementations may support more than the minimum.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 257 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
At a minimum, the issuer shall be able to request up to 2K (2048) bytes of memory to store
EMV records for D-PAS
At a minimum, the issuer shall be able to store these bytes in any file with SFI 1-10 (for
example in SFI 1 and 2, or in SFI 1, 3, and 4; or in SFI 5, 6, 8, and 9)
At a minimum, the issuer shall be able to request up to a total of 16 records; with any
number of records in each file, provided the total number of records is less than or equal to
16 (for example 2 records in file 1, 3 records in file 2,…)
An issuer shall be able to request records of up to 254 bytes for each record.
Each record in SFI 1 through 10 begins with template tag '70' and a length byte, followed by
the TLV-coded record data.
4.5 CDOLS
CDOL1 shall contain the tags and lengths of the data elements listed in Table 93 (Appendix A)
in the order shown.
CDOL2 shall contain the tags and lengths of the data elements listed in Table 94 (Appendix A)
in the order shown.
4.6 KEYS
An expiration date is assigned to each Issuer Public Key certificate. The application’s
expiration data shall not be greater than the expiration date of the certificate.
All cards which support SDA, DDA or CDA shall be personalized with an Issuer Public Key
Certificate and a CA Public Key Index to identify the CA Public Key to use to decipher the
certificate.
In EMV, the same Issuer Public/Private Keys and Issuer PK Certificates are used for SDA, DDA
and CDA.
In all cards which support DDA or CDA, the ICC PK Certificate is personalized on the card. The
ICC public/private key data may also be used to support the Offline Enciphered PIN method of
cardholder verification described in Chapter 12, Cardholder Verification.
If transactions are to be logged, then the Log Entry data element shall also be personalized
for the application in addition to the personalization of the FCI.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 258 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
CLA ‘80’ 1
INS ‘50’ 1
P1 ’00’ – ‘7F’ 1
P2 ‘00’ 1
Lc Random number used in host and card 8
cryptogram generation
Le ‘00’ 1
Field Length
D-PAS Card Specification v1.1 Proprietary and Confidential Page 259 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
KEYDATA contents:
Identifier of the KMC (e.g., IIN right justified and left 6 BCD
padded with 1111b per quartet)
Chip Serial Number (CSN) 4 binary
The Key Version Number defines the key set Version Number to be used to initiate the Secure
Channel Session. If this value is zero, the default key set for the selected application shall be
used.
While implementing this feature is required, utilizing this feature is optional depending on the
personalization context (e.g., if the entity personalizing the EMV application is different from
the entity personalizing the PSE application).
If the value indicates a Key Version Number that is not present or indicates a Key Version
Number that is incomplete (i.e., the Key Version Number does not contain Key Identifiers 1, 2
and 3), a response of '6A88' shall be returned. The identifier of the KMC is part of the
response data to the INITIALIZE UPDATE command and it facilitates locating the issuer’s KMC.
3.2.5.7 The first 6 bytes of KEYDATA returned from the INITIALIZE UPDATE command are
used to identify the master key for secure messaging (KMC).
The six least significant bytes of KEYDATA are used as key diversification data. The
personalization device must use the KMC and KEYDATA to generate the KENC, the KMAC and
the KDEK for this IC card. These keys must have been placed in the IC card prior to the start
of the personalization process.
Subsequent processing must use the identifier for Secure Channel Protocol (ALGSCP) in the
response to the INITIALIZE UPDATE command to determine how to create MACs and when to
create session keys. The session keys must be calculated during processing of the INITIALIZE
UPDATE response using data from the IC card.
A pseudo-random card challenge generation algorithm in the card provides the data
preparation system with the ability to pre-compute the card challenge as opposed to being
random. This allows an off-card entity, with knowledge of the relevant Secure Channel secret
keys and the ability to track the Secure Channel Sequence Counter, to pre-compute an
authentication sequence without first communicating with the card.
The card challenge is a pseudo-random number that shall be unique to a Secure Channel
Session. A pseudo-random3 card challenge shall be generated as follows:
• The AID of the currently selected Application is padded with standard DES
padding.
• A MAC is calculated across the padded data using single DES plus final triple
DES, using the SKUMAC session key and an ICV of binary zeroes;
• The six leftmost bytes of the resultant MAC constitute the card challenge.
The personalization device must verify the card cryptogram in the response to the INITIALIZE
UPDATE command by generating a duplicate cryptogram and comparing it to the value
returned in the response.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 260 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
If the card cryptogram does not verify correctly, personalization processing must be
terminated and a log of the process written.
If the received host challenge is identical to the concatenation of the Secure Channel
Sequence Counter of the identified Key Version Number and the card challenge (6 bytes
generated as described previously), a response of '6982' shall be returned.
For pre-computing INITIALIZE UPDATE command during the data preparation process, the
data preparation system needs to generate or to have access to the derived KENC, the KMAC
and the KDEK for each given card to be personalized.
For more information on cryptographic algorithms and mechanisms, please refer to [EMV CPS]
section 5.
The EXTERNAL AUTHENTICATE command will be issued once for each secure channel
initiation, and must be coded as shown in the following table:
CLA ‘84’ 1
INS ‘82’ 1
P1 Security level (see Table 155) 1
P2 00 1
Lc 10 1
Data Host cryptogram (8 bytes), C-MAC (8 bytes) 16
The host cryptogram is calculated by the personalization device. The response to the
EXTERNAL AUTHENTICATE commands consists only of SW1 SW2. Table 18 lists status
conditions that may occur, in addition to the general ones listed in ISO/IEC 7816-3.
Status conditions:
D-PAS Card Specification v1.1 Proprietary and Confidential Page 261 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
If the secure messaging bit of the class byte (bit 3) is not set, a response of '6E00' shall be
returned.
The security level is determined by the SECLEV field within the PDI.
The following table applies to all commands following the EXTERNAL AUTHENTICATE
command. The security level does not apply to the EXTERNAL AUTHENTICATE command.
b8 b7 b6 b5 b4 b3 b2 b1 Description
No security – All subsequent commands received by the IC card application will not include
any security, i.e., no C-MAC and no encryption of the entire command data string by the
SKUENC.
MAC – All subsequent commands received by the IC card application must contain a C-MAC.
Encryption and MAC - All subsequent commands received by the IC card application will
include a C-MAC and the command data field will be encrypted by the SKUENC.
Note that the encryption specified in the EXTERNAL AUTHENTICATE command does not
impact the security specified by the value of P1 in the STORE DATA command (see next
section). If both the EXTERNAL AUTHENTICATE command and the STORE DATA command
specify encryption, the data is encrypted twice.
The host cryptogram must be created by generating a MAC using SKUENC. The data to be
MACed is = Sequence Counter (2 bytes) || RCARD (6 bytes)|| RTERM (8 bytes).
The DPAS application must verify the host cryptogram by generating a duplicate cryptogram
and comparing it to the value received in the command data field.
Note: For more information on cryptographic algorithms and mechanisms, please refer to
[EMV CPS] section 5.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 262 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
This version of the STORE DATA command requires a secure channel to be established. A
security level of ‘00’ may be specified. The DGIs and data groupings used by the STORE DATA
command are dependent on the data in the input record. Field ENC in the input record lists
the identifiers of data groupings that must be encrypted.
b8 b7 b6 b5-b1
DGI-1 to DGI-n contain a triplet of ‘DGI tag’ (2), Length (1 or 3), and DGI data (Var.).
The CLA byte of the STORE DATA command must be consistent with the security level of
secure messaging set in EXTERNAL AUTHENTICATE command (CLA = ‘80’ if security level =
‘00’, otherwise CLA = ‘84’).
The version of the STORE DATA command used to personalize the IC card applications must
be coded as shown in Table above. One or more triplets (DGI, Length, Data body) may be
sent.
The following table lists the status conditions that may occur in addition to those specified in
ISO/IEC 7816-3.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 263 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
If the final length of an intended STORE DATA command data field (data grouping(s) and
possible MAC) may be more that 255 bytes, then the DGI or grouped DGIs must be sent to
the card in multiple STORE DATA commands as follows:
• The first APDU contains a STORE DATA command according to the foregoing
table, truncated at the maximum allowable length (Lc equals 255 bytes
including possible MAC).
• The subsequent APDU contains a STORE DATA command with any remaining
data as command data, possibly again truncated at the maximum allowable
length (Lc less than or equal to 255 bytes including possible MAC).
The application is responsible for managing any DGI data that spans more than one STORE
DATA command. For the first STORE DATA command, the application will use the length of
the last (or only) DGI, and the actual length of the DGI data, to determine whether a
subsequent STORE DATA command is expected.
For subsequent STORE DATA commands, the application concatenates the segments of data
until the total length of the data equals the DGI length in the first STORE DATA command.
Any inconsistency between the total length of the data segments in the STORE DATA
commands, and the DGI length, shall cause an SW1SW2 of ‘6A80’ to be returned by the card.
The personalization device must set P2 to ‘00’ for the first STORE DATA command sent to the
IC card application. The personalization device must then increment the value of P2 by 1 for
each subsequent STORE DATA command.
If the FORMATTK field in the input record is set to ‘00’ and a DGI is listed in the ENC field in
the input record, the TK identified in the input record must be used to decrypt the data
created by the data preparation process.
After the input data is decrypted as described in section 5.5 of [EMV CPS] it must be re-
encrypted prior to sending it to the IC card as described in section [5.6 of EMV CPS]. Only the
data portion of the data grouping is encrypted. The DGI and length field are not encrypted.
If the FORMATTK field in the input record is set to ‘00’ and the encryption type for the DGI
listed in field ENC is ‘11’, decryption of data by the personalization device must be done in
ECB mode. Triple DES is used to decrypt each block.
If the FORMATTK field in the input record is set to ‘01’ and a DGI is listed in the “DGIs for TK”
field (as shown in Table 10) in the input record, the TK identified in the input record must be
used to decrypt the data created by the data preparation process. If the same DGI is listed in
the ENC field in the input record, after the input data is decrypted, it must be re-encrypted
prior to sending it to the IC card. Only the data portion of the data grouping is encrypted. The
DGI and length field are not encrypted.
If the FORMATTK field in the input record is set to ‘01’ and the CMODE field (as shown in Table
10) is set to ‘11’, decryption of data by the personalization device must be done in ECB mode.
Otherwise Triple DES is used to decrypt each block.
If a DGI is listed in the ENC field in the input record, after the input data is decrypted, it must
be re-encrypted prior to sending it to the IC card as described in the [EMV CPS]. Only the
data portion of the data grouping is encrypted. The DGI and length field are not encrypted.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 264 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
If the encryption type for the DGI listed in field ENC is ‘11’, the personalization device uses
the session key SKUDEK to encrypt the data. Encryption must be done in ECB mode. Triple
DES is used to encrypt each block.
If all DGIs within STORE DATA command are encrypted the personalization device must set
b7 of P1 to 1, and b6 of P1 to 1. Based on this setting of P1, the IC card must use session key
SKUDEK to decrypt each individual DGI data in ECB mode. Triple DES is used to decrypt each
block.
If some DGIs within STORE DATA command are encrypted the personalization device must set
b7 of P1 to 0, and b6 of P1 to 1. Based on this setting of P1 the IC application must have the
knowledge of which DGIs are encrypted. The IC card must use session key SKUDEK to
decrypt each individual encrypted DGI data in ECB mode. Triple DES is used to decrypt each
block.
If the security level in the EXTERNAL AUTHENTICATE command specified MACing, the C-MAC
must be calculated by the personalization device using SKUMAC and verified by the IC card.
The padding is not sent to the IC card.
If the security level in the EXTERNAL AUTHENTICATE command specified MACing and
encryption, the C-MAC must be calculated by the personalization device using SKUMAC and the
command data field must be encrypted using SKUENC. Note that the padding added to the
data field to ensure that encryption takes place over a data size which is a multiple of 8-bytes
becomes part of the data field and must be reflected in the Lc. The IC card must decrypt the
command data field and verify the C-MAC.
If the SW1 SW2 that is returned by the IC card is ‘6A88’, the input data record for the DPAS
application must be checked for the presence of the field VERCNTL. If the Data Grouping
Identifier (DGI) that was rejected by the IC card is listed in field VERCNTL, normal processing
must continue and the C-MAC must be saved to be used in the computation of the next C-
MAC (i.e., it is inserted in beginning of the next command data body), and it is this modified
command data body that is MAC’ed, using an IV of eight ‘00’ bytes.
If the data grouping DGI is not listed in field VERCNTL, personalization processing of the IC
card application must be ended. The IC card must be rejected and an error log entry written.
Data grouping ‘7FFF’, if present, must be retrieved from the input record and must be used as
the data to be sent to the DPAS application with the last STORE DATA command. The ORDER
field within PDI may override this rule.
If the IC card application being personalized uses DGI ‘7FFF’, there may be additional status
conditions that are specific to the application.
If required by the application and after successful completion of the personalization, the
acceptance of the Store Data command may be disabled by the application.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 265 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
6 COMMAND RESPONSES
All responses to commands, whether successfully processed or not, include two status bytes,
SW1 and SW2. SW1 and SW2 are one byte long each as defined in ISO/IEC 7816-3.
Beside specific behavior defined for each command in above sections, when a personalization
device receives an SW1SW2 code different from ’9000’, ’6A88’, ‘61xx’ or ‘67xx’; it shall abort
the personalization process for the application if recovery is not possible.
D-PAS Card Specification v1.1 Proprietary and Confidential Page 266 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC
D-PAS Card Specification
DKI ‘01’
AC Gen ‘0123456789ABCDEFFEDCBA9876543210’
PSN ‘01’
AC Gen ‘CB45F892BCDA763EF131AE6DE0762634’
[End of Document]
D-PAS Card Specification v1.1 Proprietary and Confidential Page 267 of 267
Effective Date: March 24, 2010 © 2009 DFS Services LLC