Академический Документы
Профессиональный Документы
Культура Документы
Proprietary Rights
The information contained in this document is proprietary and confidential to
MasterCard International Incorporated, one or more of its affiliated entities
(collectively MasterCard), or both.
This material may not be duplicated, published, or disclosed, in whole or in part,
without the prior written permission of MasterCard.
Trademarks
Trademark notices and symbols used in this manual reflect the registration status of
MasterCard trademarks in the United States. Please consult with the Customer
Operations Services team or the MasterCard Law Department for the registration
status of particular product, program, or service names outside the United States.
All third-party product and service names are trademarks or registered trademarks
of their respective owners.
Disclaimer
Implementation of this M/Chip Advance Card Application Specification requires
a separate license from MasterCard and may require a license from third party
intellectual property owners.
MasterCard makes no representations or warranties of any kind, express or implied,
with respect to the contents of this Specification. Without limitation, MasterCard
specifically disclaims all representations and warranties with respect to the
Specification and any intellectual property rights subsisting therein or any part
thereof, including but not limited to any and all implied warranties of title, noninfringement, or suitability for any purpose (whether or not MasterCard has been
advised, has reason to know, or is otherwise in fact aware of any information).
Without limitation, MasterCard specifically disclaims all representations and
warranties that any practice or implementation of the Specification will not infringe
any third party patents, copyrights, trade secrets or other rights. Without limitation,
MasterCard specifically disclaims all representations and warranties in relation to
the Specifications, including but not limited to any and all implied warranties of
suitability for any purpose (whether or not MasterCard has been advised, has
reason to know, or is otherwise in fact aware of any information) or achievement of
any particular result.
MasterCard Worldwide
Chausse de Tervuren, 198A
B-1410 Waterloo
Belgium
Email: chip_help@mastercard.com
www.mastercard.com
Page 2
Table of Contents
Purpose........................................................................................................... 8
Audience ........................................................................................................ 8
Related Information ....................................................................................... 8
Abbreviations ................................................................................................. 9
Notational Conventions ............................................................................... 11
1.5.1
Hexadecimal Notational Convention ................................................... 11
1.5.2
Binary Notational Convention ............................................................. 11
1.5.3
Decimal Notational Convention .......................................................... 11
1.5.4
Data Object Notational Convention ..................................................... 11
1.5.5
State Notational Convention ................................................................ 11
1.5.6
C-APDU Notational Convention ......................................................... 12
1.6
Data Object Format ...................................................................................... 12
Overview ...................................................................................................... 14
Personalization State Machine for EMV Card Personalization ................... 14
2.2.1
Application Selection Use of the Personalization Flag........................ 16
2.2.2
Personalized Application States ........................................................... 17
2.2.3
Non-Personalized Application States .................................................. 18
2.3
Select ............................................................................................................ 19
2.4
External Authenticate................................................................................... 20
2.5
Initialize Update ........................................................................................... 20
2.6
Store Data..................................................................................................... 20
2.6.1
Grouped Data Groupings ..................................................................... 21
2.6.2
Order of Data Groupings ..................................................................... 21
2.6.3
Version Control .................................................................................... 21
2.6.4
M/Chip Advance Data Groupings ....................................................... 21
Overview ...................................................................................................... 24
Data Groupings Reserved for Record Values .............................................. 24
Records and Data Grouping Identifiers ....................................................... 24
Files with SFI Between 1 and 10 ................................................................. 25
Files with SFI between 11 and 20 ................................................................ 29
Files with SFI between 21 and 30 ................................................................ 30
Pre-allocation of Record Memory ............................................................... 30
Overview ...................................................................................................... 32
Form 1 .......................................................................................................... 32
Form 2 .......................................................................................................... 32
Encrypted Data Groupings ........................................................................... 33
Page 3
October 2012
Table of Contents
Page 4
Table of Contents
5.42
5.43
5.44
5.45
5.46
5.47
5.48
5.49
Overview ...................................................................................................... 60
Records ........................................................................................................ 60
Data Groupings ............................................................................................ 61
Data Grouping Order ................................................................................... 61
Grouped Data Groupings ............................................................................. 61
Version Control ............................................................................................ 62
ENC Field .................................................................................................... 62
Page 5
October 2012
Table of Contents
Page 6
Purpose ....................................................................................................... 8
Audience .................................................................................................... 8
Related Information ................................................................................... 8
Abbreviations ............................................................................................. 9
Notational Conventions ........................................................................... 11
Data Object Format .................................................................................. 12
Page 7
October 2012
1.1 Purpose
The M/Chip Advance Common Personalization Specification defines how the dual
interface payment, contact only payment and data storage version of M/ChipTM
Advance are personalized in accordance with the EMV Card Personalization
Specification.
Personalization of the M/Chip Advance application following the EMV Card
Personalization Specification is recommended, but not mandatory.
1.2 Audience
MasterCard provides this manual for customers and their authorized agents.
Specifically, the following personnel should find this manual useful:
Card application developers
Card application personalizers
Data preparation bureaus
[MCA]
[MCA PD]
Page 8
V1.1
1.4 Abbreviations
Table 1-1 contains the abbreviations used in this document.
Table 1-1Abbreviations
Abbreviation
Description
AC
Application Cryptogram
AID
Application Identifier
an
Alphanumeric characters
ans
ARPC
ASCII
ATC
Binary
BCD
C-APDU
CBC
CDOL
CLA
cn
Compressed Numeric
CRM
CRT
CVM
DDOL
DES
DGI
DS
Data Storage
DSPK
ECB
Electronic Code-Book
EMV
ENC
FCI
IAD
ICC
IPK
ISO
Page 9
October 2012
Abbreviation
Description
IVCVC3
KDCVC3
Lc
MAC
MCADP
MCADP-C
MCADS
MTA
Numeric
OS
Operating System
P1
Parameter 1
PAN
PF
Personalization Flag
PIN
RSA
SFI
SKUDEK
SMC
SMI
SW1-SW2
TLV
VERCNTL
Page 10
Page 11
October 2012
Page 12
2 Implementation of EMV
Personalization
2.1
2.2
2.3
2.4
2.5
2.6
Overview .................................................................................................. 14
Personalization State Machine for EMV Card Personalization ............... 14
Select ........................................................................................................ 19
External Authenticate............................................................................... 20
Initialize Update ....................................................................................... 20
Store Data................................................................................................. 20
Page 13
October 2012
2.1 Overview
This chapter provides the information required by application developers to
implement EMV Card Personalization on M/Chip Advance.
Page 14
idle
Select : '9000'
And PF=0b
Select : '9000'
And PF=1b
and interface
enabled
Select : '9000'
And PF=1b
and interface
disabled
Selected
Selected not
personalized
Else
Selected not
enabled
Last Store
data : '9000'
and interface
disabled
Initialize Update :
'9000'
initialized
Else
selected
Last Store
data : '9000'
and interface
enabled
External
Authenticate : '9000'
M/Chip Advance
Card Application
Specification
personalizing
Store Data
: '9000' or '6A88'
The following sections describe how the M/Chip Advance application identifies which
phase (personalization or operational) it is in, and which states are applicable to each
phase.
Page 15
October 2012
Meaning
0b
1b
Page 16
The Personalization Flag is an internal flag with no external visibility. Providing the
external behavior of the M/Chip Advance application remains indistinguishable from
the behavior defined in these specifications, you may choose an alternative
implementation of the functionality achieved with the Personalization Flag. For
example, you may implement the functionality with a lower layer such as the card
operating system (OS), or with the multi-application manager.
Whatever form your implementation takes, the application switch between
personalization phase and operational phase must be triggered by the last STORE
DATA (P1[8] = 1b).
2.2.2 Personalized Application States
When the M/Chip Advance application is in its operational phase (that is,
personalized), it can reach the states defined in [MCA], described below:
Table 2-2Application States Reached by a Personalized Application
State
Description
idle
selected
selectednotenabled
initiated
Transaction is initiated
online
script
Page 17
October 2012
Description
idle
Page 18
2.3 Select
Refer to the EMV Card Personalization Specification for a definition of the SELECT
command when the application is not yet personalized (Personalization Flag = 0b).
After pre-personalization, the response to the SELECT is the pre-personalization FCI
and SW1-personalization FCI is not interpreted by the
personalization device. As a consequence, the value of the pre-personalization FCI is
left to the implementation. The pre-personalization FCI may follow the 6F
template. It may even be empty (that is, the response only consists of SW1-SW2).
Page 19
October 2012
b7
b6
b5
b4
b4
b3
b2
b1
Description
MAC
No Security
Page 20
Page 21
October 2012
Page 22
Overview .................................................................................................. 24
Data Groupings Reserved for Record Values .......................................... 24
Records and Data Grouping Identifiers ................................................... 24
Files with SFI Between 1 and 10 ............................................................. 25
Files with SFI between 11 and 20 ............................................................ 29
Files with SFI between 21 and 30 ............................................................ 30
Pre-allocation of Record Memory ........................................................... 30
Page 23
October 2012
3.1 Overview
This chapter explains the relationship between records and data groupings, specifies
the structure of data groupings for data stored in files with an SFI between 1 and 30,
and describes the need to pre-allocate memory to store the records.
Page 24
Data Element
Length of Data
Element
57
16
5F28
5F20
Cardholder Name
26
9F0B
30
0101
Total Record
Length
89
0201
8F
90
144
92
IPK Remainder
36
Total Record
Length
191
0202
9F32
IPK Exponent
9F2E
9F47
93
144
Total Record
Length
162
Page 25
October 2012
Data Group
Tag
Identifier (DGI)
Data Element
Length of Data
Element
9F46
144
9F48
42
0203
Total Record
Length
196
0204
9F2D
144
9F2F
42
Total Record
Length
196
0301
5F25
5F24
9F07
5A
12
5F34
8E
18
9F0D
9F0E
IAC Denial
9F0F
IAC Online
8C
CDOL1
33
8D
CDOL2
12
Total Record
Length
132
0302
Page 26
9F4A
9F49
DDOL
9F44
9F42
5F30
Service Code
9F08
Data Group
Tag
Identifier (DGI)
Data Element
Length of Data
Element
Total Record
Length
32
Some data groupings are reserved for EMV record values. These data groupings are
identified with data grouping Identifiers (DGI) in the range in the range XXYY
where:
01< = XX < = 0A and
01< = YY < = FF
There are therefore ten files in which EMV records can be stored. Each file may
contain up to 255 records. However, the M/Chip Advance application does not reach
these limits.
Either before or after the personalization of the M/Chip Advance application, the
following are determined:
The files (that is, values for XX) used to store EMV values
The records (that is, values for YY) used and the length reserved for each
record
Some M/Chip Advance application implementations do not need to determine the
organization of data in records before personalization, as M/Chip Advance does not
require a file system and the applications can simulate the files and records
themselves.
Other implementations will need to determine the organization of data in records
before personalization. This is the case, for example, when a real file system is used
to store the records and when the file structure cannot be created by the applications.
The following requirements apply to the organization of these EMV records into files:
An issuer may request 3072 bytes of memory to store EMV records for
M/Chip Advance.
An issuer may store these bytes in any file with an SFI between 1 and 10 (for
example, in SFI 1 and 2, or in SFI 1, 3, 4 or in SFI 5, 6, 8, 9).
An issuer may request each file to support any number of records, provided
the total number of records is less than or equal to 16 (for example, two
records in file 1, three records in file 2, etc.).
An issuer may request records with a record length of up to 247 bytes.
In other words, allocation of the EMV data to files and records can be performed in
any file with an SFI between 1 to 10 and any record, provided that:
The total memory for records needed does not exceed 3072 bytes for M/Chip
Advance
The total number of records does not exceed 16
Page 27
October 2012
The length of records does not exceed 247 bytes (for records with an SFI
between 1 and 10) including the tag 70 and the length byte(s)
Implementations may support:
More than 3072 bytes
More than 16 records
Records with a length greater than 247 bytes
Depending on the nature of an M/Chip Advance implementation, some
implementations will support the above requirements without the need to prepare the
card before personalization to meet an issuers data organization needs whilst other
implementations will need to be customized before personalization.
Although the maximum memory requirement for M/Chip Advance is 3072 for EMV
files, different M/Chip Advance profiles may have lesser amounts. The EMV File
memory requirements for the different M/Chip Advance profiles are given in
Table 3-2.
Table 3-2EMV File Memory Requirements
M/Chip Advance Profile
3072
3072
2560
2048
1536
Table 3-3 provides an example of the organization of EMV records in files with an
SFI between 1 and 10. Each row corresponds to an SFI between 1 and 10. Each
column corresponds to a record number up to 16. Each entry represents the length
reserved for the record.
Table 3-3Example of EMV Data Element Record Usage
01
02
03
04
01
89
02
191
162
196
196
03
132
32
...
Record
Number
10
Short File
Identifier (SFI)
0A
Page 28
'E5'
var. up to
205
'DF01'
Operator Identifier
'DF02'
Digest Status
'DF03'
Digest
'DF04'
'DF05'
Summary
'DF06'
var. up to 160
Page 29
October 2012
01
02
YY
Short File
Identifier (SFI)
01
Maximum
length for
0101
Maximum
length for
0102
Maximum
length for
01YY
...
XX
Maximum
length for
XX01
Maximum
length for
XX02
Page 30
Maximum
length for
XXYY
Overview .................................................................................................. 32
Form 1 ...................................................................................................... 32
Form 2 ...................................................................................................... 32
Encrypted Data Groupings ....................................................................... 33
Page 31
October 2012
4.1 Overview
This chapter explains the possible key formats used for RSA keys, and provides
information concerning the encryption of data grouping.
4.2 Form 1
According to RSA, S = md mod n, where m is the data to be signed or decrypted, n is
the card key modulus and d is the card private key exponent. The modulus, n, is
created as the product of two prime numbers, p and q. Table 4-6 provides the cross
reference between the mathematical variable and the data element name.
Table 4-6Cross Reference between Mathematical Variable and Data Element
Data Element
Variable
As the data for data elements in Table 4-6 are ECB-encrypted in their data grouping,
they must be padded. Refer to the EMV Card Personalization Specification for a
definition of the padding rules.
4.3 Form 2
The secret key is personalized by its CRT components. According to RSA,
S = md mod n, where m is the data to be signed or decrypted, n is the card key
modulus and d is the card private key exponent. The modulus, n, is created as the
product of two prime numbers, p and q. Table 4-7 provides the cross reference
between the mathematical names and the data.
Table 4-7Cross Reference between Mathematical Variable and Data Element
Name Given in This Document
Variable
-1
q-1 mod p
d mod (q-1)
d mod (p-1)
Page 32
Page 33
October 2012
Page 34
DGI Definitions
5 DGI Definitions
5.1
5.2
5.3
5.4
5.5
5.6
5.7
5.8
5.9
5.10
5.11
5.12
5.13
5.14
5.15
5.16
5.17
5.18
5.19
5.20
5.21
5.22
5.23
5.24
5.25
5.26
5.27
5.28
5.29
5.30
5.31
5.32
5.33
5.34
5.35
5.36
5.37
5.38
5.39
5.40
5.41
5.42
5.43
5.44
Page 35
October 2012
DGI Definitions
5.45
5.46
5.47
5.48
5.49
Page 36
DGI Definitions
Length
76
Length
208
Length
FCI
[10, 128]
This data grouping is only supported when DGI 9102 defined in the EMV Card
Personalization Specification is not supported. The difference between this data
grouping and 9102 is:
For A001, the whole FCI is personalized, that is, the value starts with
6F.
For 9012, only the FCI proprietary template is personalized, that is, the value
starts with A5.
If this DGI is supported, as a minimum any FCI with length in [10, 128] can be used.
Length
25
25
Page 37
October 2012
DGI Definitions
Data Element
Length
18
Length
Page 38
DGI Definitions
Data Element
Length
Var.
Length
Var.
V1.1
Data Element
Length
IVCVC3(Track1) (Contact)
IVCVC3(Track2) (Contact)
Page 39
October 2012
DGI Definitions
Length
IVCVC3(Track1) (Contactless)
IVCVC3(Track2) (Contactless)
Length
Log Format
Var.
Length
Length
Var.
The length of the Application File Locator (Contact) varies according to the
organization of data elements in records. It must have a memory space allocation of
at least 32 bytes.
This DGI is only supported when DGI 9104 defined in the EMV Card
Personalization Specification is not supported. The differences between this data
grouping and 9104 are:
For A005, only values of the Application Interchange Profile (Contact) and
the Application File Locator (Contact) are personalized, without TLV-coding.
Page 40
DGI Definitions
For 9104, the values of the Application Interchange Profile (Contact) and
the Application File Locator (Contact) are TLV-coded.
Length
Var.
The length of the Application File Locator (Contactless) varies according to the
organization of data elements in records. It must have a memory space allocation of
at least 32 bytes.
This DGI is only supported when DGI B104 is not supported. The differences
between this data grouping and B104 are:
For B005, only values of the Application Interchange Profile (Contactless)
and the Application File Locator (Contactless) are personalized, without TLVcoding.
For B104, the values of the Application Interchange Profile (Contactless)
and the Application File Locator (Contactless) are TLV-coded.
Length
Var.
The length of the Application File Locator (Contactless) varies according to the
organization of data elements in records. It must have a memory space allocation of
at least 32 bytes.
This DGI is only supported when DGI B005 is not supported. The differences
between this data grouping and B005 are:
For B005, only values of the Application Interchange Profile (Contactless)
and the Application File Locator (Contactless) are personalized, without TLVcoding.
Page 41
October 2012
DGI Definitions
Length
Length
Length
Length
Page 42
DGI Definitions
Length
Var., up to 48
bytes
Due to the possible separation between the loading of the application code and the
personalization data on the hardware, only part of the Application Life Cycle Data
may be personalized.
Page 43
October 2012
DGI Definitions
Data Element
Length
Accumulator 1 Amount
Accumulator 2 Amount
Counter 1 Number
Counter 2 Number
Script Counter
20
Length
AID
Var. 5 to 32
Length
DS management Control
DS Number Of Slots
DSPK
12
Page 44
V1.1
V1.1
DGI Definitions
Length
Var.
Length
Var.
Length
16
16
16
Length
16
16
16
Length
16
Page 45
October 2012
DGI Definitions
Length
16
Length
Length
Length
Page 46
DGI Definitions
Length
Length
Length
Length
Page 47
October 2012
DGI Definitions
Length
Length
Length
Length
Page 48
DGI Definitions
Length
Length
Length
Length
Page 49
October 2012
DGI Definitions
The Reference PIN (in Format 1) data element follows ISO 9564-1 format 1. This
format is not the EMV format used by the application when personalized.
During personalization, the M/Chip Advance application converts the Reference PIN
in Format 1 into the Reference PIN specified in the [MCA] (that is, into the EMV
format) before storing it in permanent memory.
Length
KDCVC3 (Contact)
16
Length
KDCVC3 (Contactless)
16
Length
Page 50
DGI Definitions
Length
Var., 8-byte
multiple
Length
Var.
Page 51
October 2012
DGI Definitions
Page 52
Page 53
October 2012
Description
ICCModExp
ICCCRT
PINModExp
PINCRT
LifeCycle
Init
Calc
Zero
AltEMV
NoTLV
TLV
RSA
RSA is supported.
CCC
Log
NotUsed
Page 54
MCADP
MCADS
MCADP
MCADP-C
0B01 to
0BFF
Init
Init
Init
Log
0E01 to
0EFF
Init
NotUsed
NotUsed
A001
AltEMV
AltEMV
AltEMV
A002
A012
A022
NotUsed
B010
CCC
B023
NotUsed
B002
Log
A004
Calc
Calc
RSA
Calc
RSA
A005
AltEMV
AltEMV
AltEMV
B005
NoTLV
NoTLV
NotUsed
B104
TLV
TLV
NotUsed
V1.1
A007
A017
A027
NotUsed
A008
RSA
RSA
A009
LifeCycle
LifeCycle
LifeCycle
A00A
Zero
Zero
Zero
NotUsed
NotUsed
A00B
A00E
Page 55
October 2012
DGI
MCADS
MCADP
MCADP-C
B011 to
B015
Init
NotUsed
NotUsed
B016 to
B01A
Init
NotUsed
NotUsed
8000
8001
NotUsed
A006
RSA
RSA
A016
RSA
NotUsed
8101
ICCModExp
ICCModExp
RSA
ICCModExp
RSA
8103
ICCModExp
ICCModExp
RSA
ICCModExp
RSA
8201
ICCCRT
ICCCRT
RSA
ICCCRT
RSA
8202
ICCCRT
ICCCRT
RSA
ICCCRT
RSA
8203
ICCCRT
ICCCRT
RSA
ICCCRT
RSA
8204
ICCCRT
ICCCRT
RSA
ICCCRT
RSA
8205
ICCCRT
ICCCRT
RSA
ICCCRT
RSA
8102
PINModExp
PINModExp
RSA
PINModExp
RSA
8104
PINModExp
PINModExp
RSA
PINModExp
RSA
8301
PINCRT
PINCRT
RSA
PINCRT
RSA
8302
PINCRT
PINCRT
RSA
PINCRT
RSA
8303
PINCRT
PINCRT
RSA
PINCRT
RSA
8304
PINCRT
PINCRT
RSA
PINCRT
RSA
8305
PINCRT
PINCRT
RSA
PINCRT
RSA
8010
Page 56
DGI
MCADS
MCADP
MCADP-C
8400
CCC
8401
NotUsed
9102
AltEMV
AltEMV
AltEMV
LifeCycle
LifeCycle
LifeCycle
A200
RSA
RSA
A201
RSA
RSA
9010
9000
Page 57
October 2012
Page 58
Data Preparation
7 Data Preparation
7.1
7.2
7.3
7.4
7.5
7.6
7.7
Overview .................................................................................................. 60
Records .................................................................................................... 60
Data Groupings ........................................................................................ 61
Data Grouping Order ............................................................................... 61
Grouped Data Groupings ......................................................................... 61
Version Control ........................................................................................ 62
ENC Field ................................................................................................ 62
Page 59
October 2012
Data Preparation
7.1 Overview
This section describes the different aspects of data preparation for the M/Chip
Advance application, in accordance with the EMV Card Personalization Specification.
It covers the data preparation of:
Records, with SFI between 1 and 30 and corresponding DGI
Data groupings, including how they may be ordered and grouped
Version control
The ENC field
7.2 Records
The persistent data elements stored in files with an SFI between 1 and 30 are stored in
records and are retrievable with the READ RECORD command. MasterCard does
not mandate the file and record structure for the personalization of those files.
During personalization, the M/Chip Advance application receives a series of STORE
DATA commands corresponding to the record, and stores the record values in
records. For EMV Card Personalization, the M/Chip Advance application must have
the permanent memory available to store such records, using one of the following
methods:
Pre-allocation of the memory and file structure
Allocation of the memory and file structure during personalization
Some data groupings are reserved for record values. These data groupings are
identified with DGIs in the range XXYY, where:
01< = XX < = 1E, and
01< = YY < = FF
XX represents the SFI where the record is stored. YY represents the record
number.
If the permanent memory and file structure is pre-allocated, the files and records that
will store the data must be present in the card before personalization of the M/Chip
Advance application. In this case, the pre-personalizer, the issuer, and the Data
Preparation bureau must ensure that the M/Chip Advance application is able to accept
the STORE DATA command corresponding to the personalization of the records
when the application is personalized.
If the permanent memory and the file structure is not pre-allocated, the M/Chip
Advance application creates the files and records when the STORE DATA command
is processed and there is no need for additional pre-personalization.
Page 60
Data Preparation
Refer to Chapter 3 for further information on the card capabilities reserved for those
records.
Page 61
October 2012
Data Preparation
All M/Chip Advance applications compliant with this specification must support one
of the following:
Extended command data length for the STORE DATA
Data grouping data spanning several STORE DATA commands, as specified
in the EMV Card Personalization Specification. In this case, the M/Chip
Advance application must accept a STORE DATA command containing up to
255 bytes of data (that is, Lc = 255) and data groupings may be split over
more than one STORE DATA commands.
Page 62