Вы находитесь на странице: 1из 558
Visa Integrated Circuit Card Specification (VIS) Version 1.5 May 2009 May 2009 Visa Confidential Portions

Visa Integrated Circuit Card Specification (VIS)

Version 1.5

May 2009

Circuit Card Specification (VIS) Version 1.5 May 2009 May 2009 Visa Confidential Portions © 1998–2007 Visa

May 2009

Visa Confidential

THIS SPECIFICATION IS PROVIDED ON AN “AS IS”, “WHERE IS”, BASIS, “WITH ALL FAULTS” KNOWN AND UNKNOWN. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, VISA EXPLICITLY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, REGARDING THE LICENSED WORK AND TITLES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

THE INFORMATION CONTAINED HEREIN IS PROPRIETARY AND CONFIDENTIAL AND MUST BE MAINTAINED IN CONFIDENCE IN ACCORDANCE WITH THE TERMS AND CONDITIONS OF THE WRITTEN AGREEMENT BETWEEN YOU AND VISA INC., VISA INTERNATIONAL SERVICE ASSOCIATION, AND/OR VISA EUROPE LIMITED.

Visa Confidential

May 2009

Welcome to the Visa Integrated Circuit Card Specification (VIS) The Visa Integrated Circuit Card (ICC)

Welcome to the Visa Integrated Circuit Card Specification (VIS)

The Visa Integrated Circuit Card (ICC) Specification has been updated. Please see section 1.6, Impact Summary, for information on what has changed from Visa ICC Specification (VIS) version 1.4.1.

This document is the final copy of the Visa ICC Specification version 1.5. Documentation regarding changes to the specification will be sent to the email address of the primary business contact of the licensed vendor.

If you have any comments regarding this manual, please contact your regional representative. Your opinion is important to us.

May 2009

Visa Confidential

Visa Confidential

May 2009

Visa Integrated Circuit Card Specification (VIS) Version 1.5

Contents

Chapter 1 • About This Specification

Contents

1.1 Audience .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–2

1.2 VIS Update

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–2

1.3 Terminology .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–2

1.3.1 Mandatory/Required/Recommended/Optional

.

.

.

.

.

.

.

.

.

.

.

1–2

1.3.2 Implement/Enable/Support

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–3

1.3.3 Card/Application/Integrated Circuit .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–3

1.3.4 Terminated Transactions .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–3

1.3.5 Presence of Data Elements .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–3

1.3.6 Notation

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–4

1.3.7 Coding of RFU Values in Data Elements .

.

.

.

.

.

.

.

.

.

.

.

.

.

1–4

1.4 Document Structure .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–4

1.4.1 Volume Overview .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–4

1.4.2 Chapter Overview

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–5

1.4.3 Subheading Overview .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–7

1.4.4 Flowcharts

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–7

1.5 Revisions to This Specification

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–8

1.6 Impact Summary .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–8

1.6.1 Mandatory

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–8

1.6.2 Optional

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–9

1.6.3 Editorial/Document Structure

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 1–10

1.7 Reference Materials

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 1–12

1.7.1 International Organisation for Standardisation (ISO) Documents

.

.

.

. 1–12

1.7.2 Federal Information Processing Standards (FIPS) Publication

.

.

.

.

. 1–12

1.7.3 EMV Documents .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 1–13

1.7.4 Visa Documents

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 1–13

Chapter 2 • Processing Overview

 

2.1

Functional Overview

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

2–1

2.1.1 Application Selection (mandatory)

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

2–1

2.1.2 Initiate Application Processing/Read Application Data (mandatory)

.

.

.

2–1

2.1.3 Offline Data Authentication .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

2–2

2.1.4 Processing Restrictions (mandatory)

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

2–2

2.1.5 Cardholder Verification (mandatory)

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

2–3

2.1.6 Terminal Risk Management (mandatory)

.

.

.

.

.

.

.

.

.

.

.

.

.

2–3

2.1.7 Terminal Action Analysis (mandatory) .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

2–3

May 2009

Visa Confidential

 

Page iii

Contents

Visa Integrated Circuit Card Specification (VIS) Version 1.5

 

2.1.8 Card Action Analysis (mandatory)

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

2–4

2.1.9 Online Processing

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

2–4

2.1.10 Completion (mandatory)

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

2–5

2.1.11 Issuer-to-Card Script Processing .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

2–5

2.2

Mandatory and Optional Functionality .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

2–7

2.2.1 Card Functional Requirements

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

2–7

2.2.2 Command Support Requirements

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

2–9

Chapter 3 • Application Selection

 

3.1 Card Data .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

3–2

3.2 Terminal Data

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

3–6

3.3 Commands

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

3–7

3.4 Building the Candidate List

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

3–8

 

3.4.1 Directory Selection Method

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

3–8

3.4.2 List of AIDs Method .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 3–10

3.5 Identifying and Selecting the Application .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 3–12

3.6 Flow

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 3–13

3.7 Subsequent Related Processing .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 3–15

Chapter 4 • Initiate Application Processing

 

4.1 Card Data .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

4–2

4.2 Terminal Data

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

4–3

4.3 GET PROCESSING OPTIONS Command .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

4–4

4.4 Processing

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

4–4

4.5 Profiles Functionality

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

4–5

 

4.5.1 Profile Selection

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

4–6

4.5.2 Profile Behavior for Initiate Application Processing .

.

.

.

.

.

.

.

.

.

4–7

4.6 Prior Related Processing .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

4–9

4.7 Subsequent Related Processing .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

4–9

Chapter 5 • Read Application Data

 

5.1 Card Data .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

5–2

5.2 Terminal Data

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

5–3

5.3 READ RECORD Command .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

5–3

5.4 Processing

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

5–3

5.5 Prior Related Processing .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

5–3

5.6 Subsequent Related Processing .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

5–3

Chapter 6 • Offline Data Authentication

 

6.1

Keys and Certificates

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

6–2

6.1.1

Visa Certificate Authority (CA) .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

6–2

Page iv

Visa Confidential

 

May 2009

Visa Integrated Circuit Card Specification (VIS) Version 1.5

Contents

 

6.1.2

. 6.1.2.1 Visa Public/Private Keys

RSA Key Pairs .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

6–2

6–2

 

6.1.2.2 Issuer Public/Private Keys

.

.

.

.

.

.

.

.

.

.

.

.

.

.

6–3

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

6–4

6.1.2.3 ICC Public/Private Keys . .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

6.4 Determining Whether to Perform SDA, DDA, or CDA .

6.3 Terminal Data .

6.2 Card Data

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

6–4

.

. 6–10

6–9

.

6.5 Static Data Authentication (SDA)

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 6–11

 

6.5.1

Processing

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 6–11

6.6 Dynamic Data Authentication (DDA and CDA)

.

.

.

.

.

.

.

.

.

.

.

.

.

. 6–12

 

Commands

6.6.1 .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 6–12

 

6.6.1.1

INTERNAL AUTHENTICATE Command

.

.

.

.

.

.

.

.

. 6–12

6.6.1.2

GENERATE APPLICATION CRYPTOGRAM (AC) Command . 6–13

 

6.6.2 .

Processing

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 6–13

 

6.6.2.1

DDA

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 6–13

6.6.2.2

CDA

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 6–15

6.7 Prior Related Processing .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 6–15

6.8 Subsequent Related Processing .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 6–16

Chapter 7 • Processing Restrictions

 

7.1 Card Data

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

7–2

7.2 Terminal Data .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

7–3

7.3 Processing

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

7–3

 

7.3.1 Application Version Number

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

7–3

7.3.2 Application Usage Control

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

7–4

7.3.3 Application Effective Date

.

.

.

.

.

.

.

.

.

.

.

.

.