PayPass - MChip Flex Technical Specifications (V1.1)

PayPass M/Chip Flex
Technical Specifications
Version 1.1 October 2006
Copyright
The information contained in this manual is proprietary and confidential to MasterCard and its members. This material may not be duplicated, published, or disclosed, in whole or in part, without the prior written permission of MasterCard.
Media
This document is available in both electronic and printed format. MasterCard Worldwide - CCOE Chausse de Tervuren, 198A B-1410 Waterloo Belgium E-mail: specifications@paypass.com
Version 1.1 - October 2006
2006 MasterCard
PayPass M/Chip Flex Technical Specifications Proprietary and Confidential
Table of Contents
Using this Manual ................................................................................. 9

Scope ...........................................................................................................................9 Audience......................................................................................................................9 Related Publications ....................................................................................................9 Abbreviations ............................................................................................................11 Notational Conventions .............................................................................................12 Specification Principles .............................................................................................13
Introduction .............................................................................. 15
1.1 1.2 1.3 Overview..........................................................................................................15 Offline Counters...............................................................................................16 Co-application..................................................................................................16
Co-application Interface .......................................................... 17

2.1 2.2 2.3 Overview..........................................................................................................17 PayPass Options Indicator ..............................................................................17 Co-application Interoperability Requirements.................................................19
2.3.1 POI Control.......................................................................................................19 2.3.2 Update Limits of Offline Counters....................................................................20
State Machine........................................................................... 21
3.1 3.2 3.3 Signals and Transitions ....................................................................................21 Application States ............................................................................................22 Variables ..........................................................................................................24
Signal Processing.................................................................... 27
4.1 4.2 Overview..........................................................................................................27 C-APDU Recognition ......................................................................................32
4.2.1 Input ..................................................................................................................32 4.2.2 Processing .........................................................................................................33 4.2.3 Output................................................................................................................34
4.3
C-APDU Acceptance .......................................................................................35

4.3.1 Input ..................................................................................................................35 4.3.2 Processing .........................................................................................................36 4.3.3 Output................................................................................................................37
4.4
Rejected C-APDU Processing .........................................................................37

4.4.1 Input ..................................................................................................................37
2006 MasterCard
Table of Contents
4.4.2 Processing .........................................................................................................38 4.4.3 Data Field Returned in the Response Message .................................................39 4.4.4 Destination State ...............................................................................................39
4.5
SELECT Signal Processing .............................................................................40

4.5.1 Processing .........................................................................................................40 4.5.2 Data Field Returned in the Response Message .................................................44 4.5.3 Destination State ...............................................................................................44
4.6
UNSELECT Processing...................................................................................45
4.6.1 Processing .........................................................................................................45 4.6.2 Destination State ...............................................................................................46
4.7
C-APDU Processing ........................................................................................47
C-APDU Processing................................................................. 49
5.1 COMPUTE CRYPTOGRAPHIC CHECKSUM ...........................................................49
5.1.1 5.1.2 5.1.3 5.1.4 Command Message ...........................................................................................49 Processing .........................................................................................................49 Data Field Returned in the Response Message .................................................51 Destination State ...............................................................................................51 Command Message ...........................................................................................52 Processing .........................................................................................................53 Data Field Returned in the Response Message .................................................75 Destination State ...............................................................................................75 Command Message ...........................................................................................76 Processing .........................................................................................................77 Data Field Returned in the Response Message .................................................79 Destination State ...............................................................................................79 Command Message ...........................................................................................80 Processing .........................................................................................................81 Data Field Returned in the Response Message .................................................83 Destination State ...............................................................................................83 Command Message ...........................................................................................84 Processing .........................................................................................................85 Data Field Returned in the Response Message .................................................87 Destination State ...............................................................................................87
5.2
GENERATE APPLICATION CRYPTOGRAM ...........................................................52

5.2.1 5.2.2 5.2.3 5.2.4
5.3
GET DATA.........................................................................................................76
5.3.1 5.3.2 5.3.3 5.3.4
5.4
GET PROCESSING OPTIONS ...............................................................................80

5.4.1 5.4.2 5.4.3 5.4.4
5.5
READ RECORD ..................................................................................................84

5.5.1 5.5.2 5.5.3 5.5.4
5.6
SELECT .............................................................................................................88
5.6.1 Command Message ...........................................................................................88 5.6.2 Processing .........................................................................................................89
2006 MasterCard
Table of Contents
5.6.3 Data Field Returned in the Response Message .................................................89 5.6.4 Destination State ...............................................................................................89
Cryptographic Algorithms and Key Management................. 91

6.1 6.2 6.3 6.4 Application Cryptogram Generation................................................................91 Dynamic CVC3 Generation.............................................................................92 IVCVC3 Generation .........................................................................................93 Symmetric Keys for Application Cryptogram Generation ..............................93
6.4.1 M/Chip 2.05, M/Chip Lite 2.1...........................................................................93 6.4.2 CCD ..................................................................................................................94 6.4.3 UKIS .................................................................................................................94
6.5 6.6
ICC Derived Key for CVC3 Generation (KDCVC3)..........................................95 MAC Algorithm...............................................................................................95
Data Elements Location .......................................................... 97

7.1 7.2 7.3 Transient Data Elements that Exist Beyond a Single C-APDU ......................97 Persistent Data Elements..................................................................................99 Secret Keys ....................................................................................................103
Personalization ...................................................................... 105

8.1 8.2 8.3 8.4 8.5 8.6 8.7 8.8 8.9 Application Selection Data Elements ............................................................105 COMPUTE CRYPTOGRAPHIC CHECKSUM Data Objects ...................................105 Persistent Data Referenced in the AFL ..........................................................106 Persistent Data Elements for GPO Response.................................................108 Persistent Data Elements for CRM ................................................................109 Secret Keys ....................................................................................................109 Miscellaneous ................................................................................................110 Counters and Previous Transaction History ..................................................110 Data Elements with a Fixed Initial Value ......................................................111
Annex A : Data Elements Dictionary ............................................... 113

A.1 AC Session Key Counter ...............................................................................113 A.2 AC Session Key Counter Limit .....................................................................113 A.3 Additional Check Table .................................................................................113 A.4 Application Control .......................................................................................114 A.5 Application Life Cycle Data ..........................................................................116
2006 MasterCard
Table of Contents
A.6 Application Transaction Counter...................................................................117 A.7 Application Transaction Counter Limit .........................................................117 A.8 Card Issuer Action Code Decline, Default, Online.....................................117 A.9 Card Verification Results...............................................................................120 A.10 CDOL 1..........................................................................................................125 A.11 CDOL 1 Related Data Length........................................................................125 A.12 Co-application Indicator ................................................................................126 A.13 Consecutive Offline Transactions Number....................................................126 A.14 Counters .........................................................................................................126 A.15 CRM Country Code .......................................................................................127 A.16 CRM Currency Code .....................................................................................127 A.17 Cryptogram Information Data........................................................................127 A.18 Cryptogram Version Number ........................................................................127 A.19 Cumulative Offline Transaction Amount ......................................................128 A.20 Currency Conversion Parameters ..................................................................128 A.21 Currency Conversion Table ...........................................................................128 A.22 CVR CCD ...................................................................................................129 A.23 CVR - M/Chip 2.05 .......................................................................................132 A.24 CVR - M/Chip Lite 2.1 ..................................................................................135 A.25 CVR - UKIS...................................................................................................138 A.26 File Control Information ................................................................................140 A.27 Issuer Application Data (CCD)......................................................................141 A.28 Issuer Application Data (M/Chip 2.05) .........................................................141 A.29 Issuer Application Data (M/Chip Lite 2.1) ....................................................142 A.30 Issuer Application Data (UKIS).....................................................................142 A.31 IVCVC3TRACK1 ...............................................................................................143 A.32 IVCVC3TRACK2 ...............................................................................................143 A.33 Key Derivation Index.....................................................................................143 A.34 Lower Consecutive Offline Limit..................................................................143 A.35 Lower Cumulative Offline Transaction Amount...........................................143 A.36 Offline Balance ..............................................................................................144 A.37 Offline Consecutive Transactions Remaining ...............................................144 A.38 Previous Transaction History.........................................................................144
2006 MasterCard
Table of Contents
A.39 Security Limits...............................................................................................145 A.40 Security Limits Status ....................................................................................146 A.41 Static CVC3TRACK1 .........................................................................................146 A.42 Static CVC3TRACK2 .........................................................................................146 A.43 Upper Consecutive Offline Limit ..................................................................147 A.44 Upper Cumulative Offline Transaction Amount ...........................................147
Annex B : Currency Conversion...................................................... 149

B.1 Currency Conversion Process ........................................................................149 B.2 Currency Conversion Parameters ..................................................................150 B.3 Currency Conversion Algorithm....................................................................151
Annex C : CVR Mapping Tables....................................................... 153

C.1 CVR Mapping Table for M/Chip 2.05...........................................................154 C.2 CVR Mapping Table for M/Chip Lite 2.1 .....................................................155 C.3 CVR Mapping Table for CCD.......................................................................156 C.4 CVR Mapping Table for UKIS......................................................................157
Annex D : Additional Check Table................................................... 159
2006 MasterCard
Table of Contents
2006 MasterCard
Using this Manual

Scope
Using this Manual

This chapter contains information that helps you understand and use this document.
Scope
MasterCard PayPass technology enables fast, easy and globally accepted payments through the use of contactless chip technology on the traditional MasterCard card platform. PayPass M/Chip Flex is designed specifically for authorization networks that presently support chip card authorizations for credit or debit applications. PayPass M/Chip Flex is an independent contactless application intended to reside on a dual interface card together with an implementation of a choice of several supported contact-based EMV applications (M/Chip 2.05, M/Chip Lite 2.1, CCD, UKIS Compliant Payment Application).
Audience
This document is intended for use by vendors that want to implement the MasterCard PayPass M/Chip Flex application on a card or acceptance device. This document is also intended for type approval services, which would test the actual implementations against this specification. It is assumed that the audience already has an understanding of chip card technology in general and of M/Chip 4 and ISO/IEC 14443 in particular.
Related Publications
The following publications contain information directly related to the contents of this specification. [PAYPASS MCHIP] [PAYPASS ISO/IEC 14443] [M/CHIP4] [SECURITY] PayPass M/Chip Technical Specification PayPass ISO/IEC 14443 Implementation Specification M/Chip 4 Card Application Specifications for Credit and Debit M/Chip 4 Cryptography & Key Management v4.0
2006 MasterCard
Using this Manual

Related Publications
[ISO/IEC 8825:1990]
Information technology Open systems interconnection Specification of basic encoding rules for abstract syntax notation one (ASN.1) Identification cards Recording technique Part 2: Magnetic stripe Identification cards Financial transaction cards Information technology Identification cards Integrated circuit(s) cards with contacts Part 4: Interindustry commands for interchange Identification cards Integrated circuit(s) cards with contacts Part 5: Numbering system and registration procedure for application identifiers Identification cards Integrated circuit(s) cards with contacts Part 6: Interindustry data elements Integrated Circuit Card Specification for Payment Systems: Application Independent ICC to Terminal Interface Requirements. Version 4.1, May 2004 Integrated Circuit Card Specification for Payment Systems: Security and Key Management. Version 4.1, May 2004 Integrated Circuit Card Specification for Payment Systems: Application Specification. Version 4.1, May 2004 Integrated Circuit Card Specification for Payment Systems: Cardholder, Attendant and Acquirer Interface Requirements. Version 4.1, May 2004
[ISO/IEC 7811/2] [ISO/IEC 7813:1995] [ISO/IEC 7816-4:1995]
[ISO/IEC 7816-5:1993]
[ISO/IEC 7816-6:1996] [EMV BOOK 1]
[EMV BOOK 2]
[EMV BOOK 3]
[EMV BOOK 4]
2006 MasterCard
10
Using this Manual

Abbreviations
Abbreviations
The following abbreviations are used in this specification:
Abbreviation AAC AC ADF AFL AID AIP an ans APDU ARQC ATC b BER CDA CDOL CIAC CID CRM CVR DDA DDOL DEA DES EMV FCI IAD ICC MAC MKAC MKIDN n NIC PAN PDOL PIN Description Application Authentication Cryptogram Application Cryptogram Application Definition File Application File Locator Application Identifier Application Interchange Profile Alphanumeric characters Alphanumeric and Special characters Application Protocol Data Unit Authorization Request Cryptogram Application Transaction Counter Binary Basic Encoding Rules Combined DDA / Application Cryptogram Generation Card Risk Management Data Object List Card Issuer Action Code Cryptogram Information Data Card Risk Management Card Verification Results Dynamic Data Authentication Dynamic Data Authentication Data Object List Data Encryption Algorithm Data Encryption Standard Europay MasterCard Visa File Control Information Issuer Application Data Integrated Circuit Card Message Authentication Code AC Master Key ICC Dynamic Number Master Key Numeric characters Length of the ICC Public Key Modulus Primary Account Number Processing Options Data Object List Personal Identification Number
2006 MasterCard
11
Using this Manual

Notational Conventions
Abbreviation POI RFU SDA SFI SHA SW1- SW2, SW12 TC TLV TVR var.
Description PayPass Options Indicator Reserved for Future Use Static Data Authentication Short File Identifier Secure Hash Algorithm Status bytes 1-2 Transaction Certificate Tag Length Value Terminal Verification Results Variable
Notational Conventions
The following notations apply:
Notation 0 to 9 and A to F 1001b abcd digit [] xx A := B C := (A || B) Y := ALG(K)[X] X&Y X|Y Application File Locator STATE GENERATE AC Description Hexadecimal notation. Values expressed in hexadecimal form are enclosed in single quotes (i.e. _). Binary notation. Values expressed in binary form are followed by a lower case b. an or ans string Any of the ten Arabic numerals from 0 to 9 Optional part Any value A is assigned the value of B. The concatenation of an n-bit number A and an m bit number B, which is defined as C = 2mA + B. Encipherment of a 64-bit data block X with a 64-bit block cipher using a secret key K. The bit-wise and of the data blocks X and Y The bit-wise or of the data blocks X and Y Data elements used for this specification are written in italics to distinguish them from the text. States are written in COURIER FONT to distinguish them from the text. Command APDUs used for this specification are written in SMALL CAPITALS to distinguish them from the text.
2006 MasterCard
12
Using this Manual

Specification Principles
In this document, the PayPass M/Chip Flex application is specified according to the following principles: The application is a state machine. The processing of an external signal (e.g. C-APDU) causes a transition between states.
These principles are used in order to present the application concepts. These principles do not need to be followed in the implementation. However, the implementation must behave in a way that is indistinguishable from the behavior specified in this document.
Note
The Type Approval service tests an implementation against the behavior specified in this document. The Type Approval service treats the card application as a black box and validates the output signals that the application generates as a result of processing of input signals, against the output signals defined by these specifications.
2006 MasterCard
13
Using this Manual

2006 MasterCard
14
Introduction
Overview
1
1.1
Introduction
Overview
PayPass M/Chip Flex is a contactless chip card application which resides on a dual interface card which also carries a second payment application. The second application (referred to in this document as the co-application) uses the contact interface. Only coapplications from an approved list can be used with PayPass M/Chip Flex. PayPass M/Chip Flex has the following characteristics: It only uses the contactless interface of the dual-interface card. It has an internal interface to the co-application in order to exchange information. It supports the PayPass Mag Stripe functionality to ensure acceptance on a PayPass Mag Stripe only terminal. It supports only one co-application at a time. The PayPass M/Chip Flex application must be configured for a specific co-application during personalization. It is able to store a complete set of cryptographic keys to perform transactions compatible with any supported co-application. It supports all the cryptographic algorithms and key derivation mechanisms used by any supported co-application. It provides a mechanism for selecting the appropriate cryptographic algorithm or key derivation mechanism, depending on the co-application. It supports SDA and (optionally) CDA. The support of CDA is an implementation option. It performs Card Risk Management using the Card Verification Results as specified for the M/Chip 4 application. Additionally, for each supported co-application the relevant CVR is added to the PayPass M/Chip Flex application. During processing of the first GENERATE AC command, the Card Verification Results of the PayPass M/Chip Flex application is mapped on the CVR of the active co-application.
PayPass M/Chip Flex does not support the following:

Transaction logging Encryption of counters DDA Application Cryptograms of type AAR PDOL processing Issuer-to-card script processing Second GENERATE AC command.
2006 MasterCard
15
Introduction
Offline Counters
1.2
Offline Counters
The Consecutive Offline Transactions Number and the Cumulative Offline Transaction Amount are referred to as offline counters in this specification. These counters are used to monitor and control offline spending, and in EMV payment cards they are reset when the application receives a valid issuer response to an online authorization request. The PayPass M/Chip Flex application does not support the second GENERATE AC command which would normally reset the offline counters, because during a PayPass M/Chip Flex transaction, the card is removed after the first GENERATE AC command. The offline counters can therefore only be reset by the co-application using the contact interface. Additionally, the PayPass M/Chip Flex application provides a mechanism to force the coapplication to go online at the next contact transaction whenever one of the offline counters exceeds its lower limit. The issuer is then able to reset the offline counters for both applications.
1.3
Co-application
The interface between the PayPass M/Chip Flex application and the issuer host is controlled by the co-application. PayPass M/Chip Flex properties which are dependant on the co-application are fixed during personalization by defining the Co-application Indicator. By checking the Co-application Indicator, the PayPass M/Chip Flex application can recognize the active co-application, and can then create responses compliant with the issuer host interface. The following co-applications are supported:

M/Chip 2.05 M/Chip Lite 2.1 CCD-compliant application UKIS Compliant Payment Application
2006 MasterCard
16
Co-application Interface
Overview
2
2.1
Overview
A PayPass M/Chip Flex transaction is completed by returning a response to the first GENERATE AC command or to the COMPUTE CRYPTOGRAPHIC CHECKSUM command. As neither online processing nor issuer-to-card script processing is supported, there is a mechanism to allow issuers to control PayPass M/Chip Flex offline counters by using the co-application. The offline counters must be reset by the issuer after exceeding their predefined limits, in order to allow the card to continue to make offline transactions.
2.2
PayPass Options Indicator

A new data element, PayPass Options Indicator (POI), has been added to the card data. In order to ensure security and integrity of the application data, direct exchange of data between applications on a single card is not recommended. The new data element therefore belongs neither to the PayPass M/Chip Flex application nor to the co-application. The POI may only be accessed by the PayPass M/Chip Flex application and the coapplication, and not by any other application which may be present on the card. The coding of the PayPass Options Indicator is shown in Table 2.1.
Table 2.1PayPass Options Indicator Coding b8 b7 b6 b5 b4 b3 b2 b1 Meaning x x x x x 1 1 1 RFU Block PayPass M/Chip Flex application Go online on next transaction Reset PayPass M/Chip Flex offline counters
Note
The details of the mechanism for accessing and protecting the POI are proprietary to the card implementer. MasterCard will perform a security evaluation of the access mechanism as part of the CAST program.
2006 MasterCard
17
PayPass Options Indicator
Instructions from the issuer to reset PayPass M/Chip Flex offline counters are transmitted during an online contact transaction using the second GENERATE AC command. Figure 2.1 shows an overview of this offline counters reset mechanism.
Figure 2.1Offline Counters Reset Mechanism Overview
Issuer Host
Terminal
2nd GENERATE AC
T=0/T=1 Dual Interface Card

Reset Offline Counters Read/Write
T=CL
POI
Read/Write
Co-application
PayPass M/Chip Flex Application
Offline Counters
Offline Counters
2006 MasterCard
18
Co-application Interoperability Requirements
2.3

2.3.1 POI Control
Before responding to the first GENERATE AC command, the co-application must read the 'Go online on next transaction' indicator (POI [2]): If POI [2] = 1b, then: If the terminal is online capable, then the co-application must request to go online. If the terminal is offline only, then no further action is required by the co-application.
To reset the offline counters of the PayPass M/Chip Flex application, the following must be performed by the co-application: Set the 'Reset PayPass M/Chip Flex offline counters' bit in the POI:
SAVE
POI [1] (1b)
Reset the 'Go online on next transaction' bit in the POI:

SAVE
POI [2] (0b)

How the co-application decides to reset the offline counters of the PayPass M/Chip Flex application depends on the rules defined by the individual payment products and is outside the scope of this specification.
Note
If the co-application receives the script command APPLICATION BLOCK, then the coapplication must set the 'Block PayPass M/Chip Flex application' bit in the POI:
SAVE
POI [3] (1b)
If the co-application receives the script command UNBLOCK APPLICATION, then the coapplication must reset the 'Block PayPass M/Chip Flex application' bit in the POI:
SAVE
POI [3] (0b)
Note
The POI mechanism specified in this chapter follows a set of general design principles. Implementers deviating from these principles must make sure that their implementation behaves in a way that is indistinguishable from the behavior specified in this document.
2006 MasterCard
19
2.3.2
Update Limits of Offline Counters
Updating the limits of the offline counters of the PayPass M/Chip Flex application must be done by sending script commands to the co-application. The actual script commands are proprietary to the co-application (e.g. PUT DATA, UPDATE RECORD). The limits of the offline counters of the PayPass M/Chip Flex application must be identified to the co-application by the following tag values:
Table 2.2Tag Values for Updating Limits of Offline Counters Tag DF0A DF0B DF0C DF0D Limit Lower Consecutive Offline Limit Lower Cumulative Offline Transaction Amount Upper Consecutive Offline Limit Upper Cumulative Offline Transaction Amount
If the co-application receives a script command to update a limit of an offline counter of the PayPass M/Chip Flex application, then the co-application must map the tag received in the script command on the tag that is used by the PayPass M/Chip Flex application to identify this offline counter limit, and then the co-application must update the limit. How the co-application obtains access to the limits of the offline counters of the PayPass M/Chip Flex application is implementation specific.
2006 MasterCard
20
State Machine
Signals and Transitions
3
3.1
State Machine
Signals and Transitions
When the application has been personalized and is being used in live operation, its behavior can be specified as an Extended Finite State Machine (EFSM). Using this model, transitions between states are triggered by the reception of signals which may convey values. Signals conveying values are used to represent the reception of C-APDUs, i.e. of application-layer data units. When the ICC receives a C-APDU in the input buffer, an internal application-layer signal is sent to the PayPass M/Chip Flex application, which then processes the C-APDU. As a result of C-APDU processing the application generates a response. The model for sending responses is also that of transmitting application-layer signals, i.e. of R-APDUs. Apart from C-APDUs, there are also external signals which do not convey values but which change the application state. These are the SELECT and UNSELECT signals: The SELECT signal is used to activate the PayPass M/Chip Flex application. The UNSELECT signal is used to de-activate the PayPass M/Chip Flex application.
Conditions which trigger the UNSELECT signal and thereby lead to the de-activation of the PayPass M/Chip Flex application, are: 1. Selection of another application, in the case of a multi-application card 2. Reset 3. Power off of the ICC When processing triggered by reception of an application-layer signal is completed, the application reaches a destination state.
2006 MasterCard
21
State Machine
Application States
3.2
Application States
The application states of the PayPass M/Chip Flex application are listed in Table 3.1.
Table 3.1Application States of the PayPass M/Chip Flex Application State IDLE SELECTED INITIATED Description Application is not currently selected Application is selected Transaction is initiated
The PayPass M/Chip Flex application is in state IDLE if it is not currently activated. In a multi-application card for instance, the application may be in state IDLE if another application is activated. The application also goes to the state IDLE when the card is reset or powered off. In the state IDLE the application does not process C-APDUs, but is only waiting for an external SELECT signal. The technical signal processing mechanism depends on card platform and card operating system and is outside the scope of this specification. Successful processing of the SELECT signal changes the application state from IDLE to SELECTED. Every transaction starts in the state SELECTED. There are four C-APDUs handled by the PayPass M/Chip Flex application in this state:

GET PROCESSING OPTIONS GET DATA READ RECORD SELECT
The PayPass M/Chip Flex application goes to state INITIATED after the successful processing of the GET PROCESSING OPTIONS command. In this state, a new transaction is initiated. There are five C-APDUs handled by the PayPass M/Chip Flex application in the INITIATED state:

GET DATA READ RECORD SELECT COMPUTE CRYPTOGRAPHIC CHECKSUM GENERATE AC
The GET DATA and the READ RECORD command do not modify the application state, whether used in the state SELECTED or in the state INITIATED. The SELECT command is only present for compatibility reasons. Refer to Section 5.6 for details.
2006 MasterCard
22
State Machine
Application States
The PayPass M/Chip Flex application goes back from the state INITIATED to the state SELECTED:
After the successful processing of the COMPUTE CRYPTOGRAPHIC CHECKSUM command After the successful processing of the first GENERATE AC command. The second GENERATE AC command is not supported by the PayPass M/Chip Flex application.
Figure 3.1 illustrates the state transitions supported by the PayPass M/Chip Flex application.
Figure 3.1State Machine of the PayPass M/Chip Flex Application
IDLE
ERROR
SELECT
signal processing
SELECTED
SELECT READ RECORD GET DATA ERROR
SELECT COMPUTE CRYPTOGRAPHIC CHECKSUM GENERATE AC ERROR GET PROCESSING OPTIONS
INITIATED
READ RECORD GET DATA
2006 MasterCard
23
State Machine
Variables
3.3
Variables
An Extended Finite State Machine uses state variables for maintaining its history. In this specification state variables are called data elements. There are two kinds of data elements described in this document: Data elements with a lifetime exceeding a single card session (persistent data elements) Data elements with a lifetime that does not exceed a single card session (transient data elements)
Persistent data elements must be stored in non-volatile memory (e.g. EEPROM). Transient data elements are generally stored in volatile memory (e.g. RAM), although this is not mandated. Refer to Section 7.2 for an identification of persistent data elements. Any modification of the value of a persistent data element is explicitly specified with the word SAVE. For instance
SAVE
Var1(new value)
means that the new value of Var1 is written in non-volatile memory. The other data elements used in this specification are transient. The lifetime of a transient data element is defined as the period where the value of the data element is accessible, in either read or write mode. The creation of a transient data element is explicitly specified with the word NEW. The initial value is then specified. For instance
NEW
Var1(00000)
means that the data element Var1 becomes accessible and has its initial value set to all zeros. Only one instance of a data element exists at a time in the PayPass M/Chip Flex application.
SET SET
When a specific value is assigned to a transient data element, it is specified with the words or RESET or the symbol :=. The value is then specified. For instance Var1(00000)
means that the zero value is assigned to the data element Var1. There is no difference between SET, RESET or :=. The RESET is only used to emphasize that the data element takes back its initial value. This is generally a value of all zeros. In figures the symbol := is used for convenience. The destruction of a transient data element is explicitly specified with the word FREE. For instance
FREE
Var1
means that the value of Var1 will no longer be used.
2006 MasterCard
24
State Machine
Variables
This specification identifies two types of transient data elements: Transient data elements with a lifetime that does not exceed the processing of a single C-APDU. For brevity, these data elements are not explicitly created or killed (using NEW and FREE) in this document. Transient data elements with a lifetime that does exceed the processing of a single CAPDU. Their creation and destruction using NEW and FREE are shown explicitly in this document.
It is acceptable to create and kill transient data elements at other points in time, as far as the external behavior of the application is indistinguishable from the behavior specified in this document. Section 7.1 specifies the use of transient data elements with a lifetime spanning a single CAPDU processing throughout the application. This information can be used to decide when to create and kill the data elements in the implementation. Table 3.2 lists the conventions used for data element manipulation.
Table 3.2Conventions used for Data Element Manipulation Operation create kill assign Persistent SAVE
Transient
NEW FREE SET, RESET,
:=
2006 MasterCard
25
State Machine
Variables
2006 MasterCard
26
Signal Processing
Overview
4
4.1
Signal Processing
Overview
The PayPass M/Chip Flex application can reside in either a multi-application environment or in a mono-application environment without changing its behavior. Depending on the ICC platform there will be an internal interface between the PayPass M/Chip Flex application and a 'lower level' ICC processing unit. This unit can be the card operating system or a subunit controlled by the card operating system, e.g. a multi-application manager. For ease of use a common term - card manager - has been chosen for this entity. The card manager controls the PayPass M/Chip Flex application by sending signals via the internal interface. The application state determines which signals are accepted by the PayPass M/Chip Flex application. When the PayPass M/Chip Flex application is in the state IDLE, the only signal accepted from the card manager is the SELECT signal. When the PayPass M/Chip Flex application is active (i.e. the application state is SELECTED or INITIATED), the signals that it accepts from the card manager are: 1. The SELECT signal After successful processing of an incoming SELECT signal the PayPass M/Chip Flex application is activated, i.e. the application goes from the state IDLE to the state SELECTED. If the application receives the SELECT signal in a state other than IDLE, the application, already activated, stays in or goes back to the state SELECTED. 2. A string of bytes representing a card command (i.e. a C-APDU) Any C-APDU received by the card when the PayPass M/Chip Flex application is active will lead to one of the following behaviors: If the C-APDU is recognized by the card manager as a SELECT command of the PayPass M/Chip Flex application, the card manager sends the SELECT signal to the PayPass M/Chip Flex application. If the C-APDU leads to the selection of another application on the card (in the case of a multi-application environment), the UNSELECT signal is sent to the PayPass M/Chip Flex application. If the C-APDU is not a SELECT command, and does not lead to the selection of an application on the card, then the C-APDU is sent to the PayPass M/Chip Flex application as a CARD COMMAND. It is assumed in this specification that the card manager would not send a C-APDU to the application if the bytes received do not contain a valid C-APDU header, so a CARD COMMAND has the following characteristic: Length (CARD COMMAND) >= 4.
2006 MasterCard
27
Signal Processing
Overview
3. The UNSELECT signal The PayPass M/Chip Flex application is de-activated through the UNSELECT signal. Any event leading to an application state transition with destination state IDLE triggers the UNSELECT signal. Table 4.1 lists the valid signals depending on the application state.
Table 4.1Signals sent by the Card Manager Application State Valid signals IDLE
SELECT
SELECTED, INITIATED
SELECT, CARD COMMAND, UNSELECT
Note
The use of the SELECT, CARD COMMAND, UNSELECT signals is an abstraction which, in a real card, can be implemented in various ways.
Figure 4.1 illustrates the overall processing of signals. The following sections of this chapter describe in more detail the different functions referenced in Figure 4.1.
2006 MasterCard
28
Signal Processing
Overview
Figure 4.1Processing Signals

0
initial state signal reception

1
signal
signal analysis
CARD COMMAND blocked ?
2 4
2'4
2''
no
signal
yes
blocked ? signal
yes
SELECT
no
UNSELECT
signal
no
initial state
yes
C-APDU Recognition
5
BAD CLA BAD INS BAD LENGTH
other
6
yes
C-APDU Acceptance
6'
no
accepted
yes
signal processing
7 8 9 11
RejectedC-APDU Processing
C-APDU Processing
SELECT Processing
UNSELECT Processing
10
response
12
final state
2006 MasterCard
29
Signal Processing
Overview
Symbol 0, 1 The application receives external signals in any of its states. The current application state determines which signals are accepted by the PayPass M/Chip Flex application, as shown in Table 4.1. Symbol 2
COMMAND
This type of signal carries a string of bytes called CARD COMMAND or C-APDU. A CARD has the following characteristic:
Length (CARD COMMAND) >= 4. It is assumed in this specification that the card manager will not send a C-APDU to the application if the bytes received do not contain a valid C-APDU header. A CARD COMMAND will pass a recognition process called C-APDU Recognition. C-APDU Recognition transforms input bytes sent by the card manager into C-APDU literals recognized by the PayPass M/Chip Flex application. Basically, the application checks that the bytes received represent a C-APDU supported by the application. C-APDU Recognition for PayPass M/Chip Flex is specified as a procedure and described in Section 4.2. Symbol 2' To activate the PayPass M/Chip Flex application, the card manager sends a SELECT signal. The activation of the PayPass M/Chip Flex application (i.e. the processing triggered by the SELECT signal) is specified in Section 4.5. Symbol 2'' The PayPass M/Chip Flex application can be de-activated by the card manager, e.g. if another application is selected in a multi-application environment. The PayPass M/Chip Flex application is also de-activated if the card is reset or powered off. The signals resulting from these events are gathered under the generic name UNSELECT. Symbol 3 Any other signal is ignored. The PayPass M/Chip Flex application returns to the state IDLE. Symbol 4 C-APDUs received from the card manager are first checked against recognized C-APDUs. This is specified in Section 4.2. Symbol 5 Further processing depends on the results of the C-APDU Recognition procedure. Symbol 6 C-APDUs are only accepted if the PayPass M/Chip Flex application is in a state where the C-APDU is allowed to be processed. The C-APDU Acceptance procedure is specified in Section 4.3. Symbol 6' Further processing depends on the results of the C-APDU Acceptance procedure.
2006 MasterCard
30
Signal Processing
Overview
Symbol 7 C-APDUs not supported or C-APDUs received when the PayPass M/Chip Flex application is in an inconsistent state are rejected by the application. The processing of rejected C-APDUs is specified in Section 4.4. Symbol 8 An accepted C-APDU is processed by the application. The processing of accepted C-APDUs is specified in Section 4.7. Symbol 9
SELECT
Processing is specified in Section 4.5.
Symbol 10 The application response may be either an R-APDU, or may consist only of SW1-SW2. Symbol 11 When the PayPass M/Chip Flex application is de-activated, the transient data elements are destroyed. UNSELECT processing is specified in Section 4.6. Symbol 12 When the processing of an external signal is terminated, the application goes to a destination state. The destination state depends on both the signal that has been processed and the original state (i.e. the application state when the signal was received). The destination state is specified in the sections dedicated to the processing of each signal.
2006 MasterCard
31
Signal Processing
C-APDU Recognition
4.2
C-APDU Recognition
The C-APDU Recognition procedure identifies the C-APDU transmitted by the terminal to the PayPass M/Chip Flex application via the card manager. Recognition is based on the CLA and INS byte. The PayPass M/Chip Flex application only supports the CLA and INS bytes specified in Table 4.2. The C-APDU Recognition procedure takes the CLA and INS bytes as input and produces as output the literals specified in the third column of Table 4.2. If the CLA byte of the C-APDU is not one of those listed in Table 4.2, then the C-APDU Recognition procedure returns BAD CLA. If the CLA byte is listed in Table 4.2, but the combination of the CLA and INS byte is not, then the C-APDU Recognition procedure returns BAD INS.
Table 4.2C-APDU Recognition CLA 80 80 80 80 00 00 INS 2A AE CA A8 B2 A4 C-APDU COMPUTE CRYPTOGRAPHIC CHECKSUM GENERATE AC GET DATA GET PROCESSING OPTIONS READ RECORD SELECT
Furthermore, when the application has recognized the C-APDU, it must perform a validity check on the following:

Consistency between Lc and the length of data sent Le
These checks are protocol dependent and cannot be specified independently from the transport layer. As a result, they are not described in the C-APDU Recognition processing flow. However, when the validity check detects an error in the lengths, the output of the procedure C-APDU Recognition is BAD LENGTH. If the output of the C-APDU Recognition is BAD CLA, BAD INS or BAD LENGTH, the C-APDU is not supported by the PayPass M/Chip Flex application.
4.2.1
Input
Input to the procedure C-APDU Recognition is a string of bytes - CARD COMMAND - with the following characteristics: Length (CARD COMMAND) >= 4.
2006 MasterCard
32
Signal Processing
C-APDU Recognition
4.2.2
Processing
C-APDU Recognition processing is performed according to Figure 4.2.

Figure 4.2C-APDU Recognition Processing
CLA = '80'
yes
3
no
CLA = '00'
yes
4 3
else
BAD CLA
4
INS = 'A8'
yes
INS = 'B2'
yes
GET PROC.. OPT.

3 4 3
READ RECORD
4
INS = 'AE'
yes
INS = 'A4' GEN. AC
yes
SELECT
4
else
4
INS = 'CA'
yes
GET DATA
3 4
BAD INS
INS = '2A'
yes
COMP. CRYPT. CHECKSUM

else
4
BAD INS
Symbol 2 The CLA byte is checked. Symbol 3 The INS byte is checked. Symbol 4 The result of the CLA byte check and INS byte check is mapped on an output literal.
2006 MasterCard
33
Signal Processing
C-APDU Recognition
4.2.3
Output
The output of the procedure can be one of the following literals: READ RECORD COMPUTE CRYPTOGRAPHIC CHECKSUM GET PROCESSING OPTIONS GENERATE AC SELECT GET DATA BAD CLA BAD INS BAD LENGTH
2006 MasterCard
34
Signal Processing
C-APDU Acceptance
4.3
C-APDU Acceptance
The C-APDU Acceptance procedure checks whether the PayPass M/Chip Flex application is in a valid state to process the C-APDU currently received. Acceptance or rejection of a C-APDU is specified in Table 4.3. If the C-APDU is accepted in the current application state (P: Processed), then the C-APDU is processed as specified in the particular section of Chapter 5 dedicated to the C-APDU. If the C-APDU is rejected in the current state (R/CNS: Rejected, Conditions Not Satisfied), then further processing is specified in Section 4.4.
Table 4.3Acceptance Matrix COMMAND COMPUTE CRYPTOGRAPHIC CHECKSUM GENERATE AC GET PROCESSING OPTIONS READ RECORD SELECT GET DATA SELECTED R/CNS R/CNS P P P P INITIATED P P R/CNS P P P
4.3.1
Input
Input to this procedure is the result of the C-APDU Recognition procedure, i.e. one of the following literals: READ RECORD COMPUTE CRYPTOGRAPHIC CHECKSUM GET PROCESSING OPTIONS GENERATE AC SELECT GET DATA
2006 MasterCard
35
Signal Processing
C-APDU Acceptance
4.3.2
Processing
C-APDU Acceptance processing is performed according to Figure 4.3.

Figure 4.3C-APDU Acceptance Processing
2 state = SELECTED yes 3 C-APDU = READ RECORD no state = INITIATED yes
2 else
yes
3 C-APDU = READ RECORD
yes
3 C-APDU = GET DATA yes C-APDU = GET DATA
3 yes
3 C-APDU = GPO yes C-APDU = CCC
3 yes
3 C-APDU = SELECT yes C-APDU = SELECT
3 yes
else
3 C-APDU = GENERATE AC
yes
else
R / CNS
R / CNS
R / CNS
2006 MasterCard
36
Signal Processing
Rejected C-APDU Processing
Symbol 2 The PayPass M/Chip Flex application checks whether it is in a valid state to process C-APDUs. Symbol 3 The C-APDU currently received is compared to the C-APDUs accepted for processing in the current application state. Depending on the result the decision is P (Process) or R/CNS (Reject, Conditions Not Satisfied).
4.3.3
Output
Output of the procedure can be one of the following literals: P (Process) R/CNS (Reject, Conditions Not Satisfied)
4.4

A C-APDU can be rejected for the following two reasons: 1. The bytes received are not recognized as a supported C-APDU, for one of the following reasons: The CLA and INS bytes do not correspond to a C-APDU supported by the PayPass M/Chip Flex application. In this case the C-APDU is rejected in the procedure CAPDU Recognition, with one of the following reasons: BAD CLA or BAD INS. There is an error relating to the lengths of the data. In this case the C-APDU is rejected in the procedure C-APDU Recognition, with the reason BAD LENGTH.
2. The C-APDU is supported by the PayPass M/Chip Flex application, but the application is in a state where the C-APDU is not accepted. In this case the C-APDU is rejected in the procedure C-APDU Acceptance, with the reason R/CNS.
4.4.1
Input
Input to the procedure is one of the following literals: BAD CLA BAD INS BAD LENGTH R/CNS (Rejected, Conditions not Satisfied)
2006 MasterCard
37
Signal Processing
4.4.2
Processing
Rejected C-APDU Processing is performed according to Figure 4.4.

Figure 4.4Rejected C-APDU Processing
reset transient data

3
BAD CLA
yes
SW1-SW2='6E00'
BAD INS
yes
SW1-SW2='6D00'
BAD LENGTH
yes
SW1-SW2='6700'
else
SW1-SW2='6985'
R / CNS
Symbol 2 The transaction related transient data elements are reset:

RESET RESET RESET RESET RESET RESET RESET RESET RESET
CDOL 1 Related Data (00..00) Card Verification Results (00...00) Amount, Authorised (00...00) Amount, Other (0000) Terminal Country Code (0000) Transaction Currency Code (0000) Transaction Date (00...00) Transaction Type (00) Data Authentication Code (0000)
2006 MasterCard
38
Signal Processing
RESET RESET RESET
First AC (00...00) AC Session Key (0000) ICC Dynamic Number(00...00) (if CDA supported)
If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then RESET CVR-UKIS (00...00) If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then RESET CVR-CCD (00...00) If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then RESET CVR-M/Chip 2.05 (00...00) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then RESET CVR-M/Chip Lite 2.1 (00...00)
Symbol 3 The error literal ( the reason for performing Rejected C-APDU Processing) is converted to the appropriate values of SW1-SW2.
4.4.3
Data Field Returned in the Response Message
Response consists only of SW1-SW2.
4.4.4
Destination State
Table 4.4 lists the destination states after Rejected C-APDU Processing.
Table 4.4Destination State after Rejected C-APDU Processing SW1 6E 6D 67 69 SW2 00 00 00 85 SELECTED SELECTED SELECTED SELECTED SELECTED SELECTED INITIATED SELECTED SELECTED SELECTED SELECTED SELECTED
Other
2006 MasterCard
39
Signal Processing
SELECT Signal Processing
4.5

4.5.1 Processing
The processing of the PayPass M/Chip Flex application when a SELECT signal is received varies depending on the application state. If the application is in state IDLE, then the application behavior is specified in Section 4.5.1.1. If the application is in any other state (SELECTED, INITIATED), then its behavior is specified in Section 4.5.1.2.
Note Do not confuse the terms 'SELECT signal' and ' SELECT command'. The SELECT signal is a card level trigger signal whereas the SELECT command is processed by the application during C-APDU processing.
4.5.1.1
Flow, SELECT Processing, Application in State IDLE
Figure 4.5SELECT Processing, Application in State IDLE
POI [1] = 1b
no
yes
2
reset offline counters
update PTH
new transient data

5
no
blocked ?
yes
resp:= FCI sw12:=' 9000'

resp:= FCI sw12:=' 6283'
2006 MasterCard
40
Signal Processing
Symbol 1 The 'Reset PayPass M/Chip Flex offline counters' bit in the POI is checked. Symbol 2 If the 'Reset PayPass M/Chip Flex offline counters' bit in the POI is set (i.e. if POI [1] = 1b), then first the offline counters are reset in non-volatile memory:
SAVE SAVE
Cumulative Offline Transaction Amount (0000) Consecutive Offline Transactions Number (00)
Secondly, the 'Reset PayPass M/Chip Flex offline counters' bit in the POI is reset:
SAVE
POI [1] (0b)
Symbol 3 Copy the 'Block PayPass M/Chip Flex application' bit in the POI (i.e. PayPass Options Indicator [3]) to the 'Block application' bit in the Previous Transaction History:
SAVE
Previous Transaction History [5] (PayPass Options Indicator [3])
Symbol 4 The transaction related transient data elements are created:

NEW NEW NEW NEW NEW NEW NEW NEW NEW NEW NEW NEW
CDOL 1 Related Data (00..00) Card Verification Results (00...00) Amount, Authorised (00...00) Amount, Other (0000) Terminal Country Code (0000) Transaction Currency Code (0000) Transaction Date (00...00) Transaction Type (00) Data Authentication Code (0000) ICC Dynamic Number (0000) (if CDA supported) First AC (00...00) AC Session Key (0000)
If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then NEW CVR-UKIS (00...00) If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then NEW CVR-CCD (00...00) If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then NEW CVR-M/Chip 2.05 (00...00) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then NEW CVR-M/Chip Lite 2.1 (00...00)
2006 MasterCard
41
Signal Processing
Note
This step corresponds to the creation of all the transient data elements whose existence extends beyond the processing of a single C-APDU. It is possible to create these data elements during the processing of other CAPDUs, without changing the external behavior of the PayPass M/Chip Flex application. This is allowed since it is undetectable by Type Approval services. Section 7.1 gives information about the usage of these transient data elements throughout the PayPass M/Chip Flex application.
Symbol 5 If the application is blocked (i.e. if Previous Transaction History [5] =1b), then the application will return with the FCI and SW1-SW2=6283, otherwise (i.e. if Previous Transaction History [5] = 0b), the application will return with the FCI and SW1-SW2=9000.
4.5.1.2
Flow, SELECT Processing, Application in State SELECTED or INITIATED
Figure 4.6SELECT Processing, Application in State SELECTED or INITIATED
1 no
blocked?
yes
resp:=FCI sw12:=' 9000'
resp:=FCI sw12:=' 6283'
2006 MasterCard
42
Signal Processing
Symbol 0 The transaction related transient data elements are reset:

RESET RESET RESET RESET RESET RESET RESET RESET RESET RESET RESET RESET
Note
This step corresponds to the resetting of all the transient data elements whose existence extends beyond the processing of a single C-APDU. It is possible to reset these data elements during the processing of other CAPDUs, without changing the external behavior of the PayPass M/Chip Flex application. This is allowed since it is undetectable by Type Approval services. Section 7.1 gives information about the usage of these transient data elements throughout the PayPass M/Chip Flex application.
Symbol 1 If the application is blocked (i.e. if Previous Transaction History [5] =1b), then the application will return with the FCI and SW1-SW2=6283, otherwise (i.e. if Previous Transaction History [5] = 0b), the application will return with the FCI and SW1-SW2=9000.
2006 MasterCard
43
Signal Processing
4.5.2
The response to the SELECT signal is the FCI corresponding to the ADF selected.
Table 4.5SELECT Signal Response Message Data Element FCI Template Tag 6F
4.5.3
Destination State
Table 4.6 lists the application states after SELECT Processing.

Table 4.6Destination State for SELECT Processing SW1 90 62 SW2 00 83 Other IDLE SELECTED SELECTED IDLE SELECTED SELECTED SELECTED SELECTED INITIATED SELECTED SELECTED SELECTED
2006 MasterCard
44
Signal Processing
UNSELECT Processing
4.6
UNSELECT Processing
When the PayPass M/Chip Flex application is de-selected, the application goes to the state IDLE. All transient data elements are deleted.
4.6.1
Processing
UNSELECT Processing is performed according to Figure 4.7.

Figure 4.7UNSELECT Processing
free transient data
Symbol 1 The transaction related transient data elements are destroyed:

FREE FREE FREE FREE FREE FREE FREE FREE FREE FREE FREE FREE
CDOL 1 Related Data Card Verification Results Amount Authorised Amount, Other Terminal Country Code Transaction Currency Code Transaction Date Transaction Type Data Authentication Code ICC Dynamic Number (if CDA supported) First AC AC Session Key
2006 MasterCard
45
Signal Processing
UNSELECT Processing
If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then FREE CVR-UKIS If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then FREE CVR-CCD If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then FREE CVR-M/Chip 2.05 If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then FREE CVR-M/Chip Lite 2.1
4.6.2
Destination State
Table 4.7 lists the application states accepting the UNSELECT signal, together with the resulting destination states.
Table 4.7Destination States for UNSELECT Processing SELECTED IDLE INITIATED IDLE
2006 MasterCard
46
Signal Processing
C-APDU Processing
4.7
C-APDU Processing
Figure 4.8 illustrates the actions taken by the PayPass M/Chip Flex application when a C-APDU is processed.
Figure 4.8Processing a C-APDU
ACCEPTED
SPECIFIC PROCESSING
RESPONSE
DESTINATION STATE
A C-APDU is processed if the C-APDU acceptance procedure has determined that the CAPDU can be accepted in the current application state. The processing that is specific to the C-APDU, the R-APDU resulting from the processing of a C-APDU, and the destination state of the application when the C-APDU has been processed is specified in the section dedicated to the C-APDU. The way the response is sent depends on the protocol and is outside the scope of this specification. The processing that is specific to the C-APDU is specified Chapter 5.
2006 MasterCard
47
Signal Processing
C-APDU Processing
2006 MasterCard
48
C-APDU Processing
Compute Cryptographic Checksum
C-APDU Processing
This chapter specifies the processing specific to each C-APDU supported by the PayPass M/Chip Flex application.
5.1
COMPUTE CRYPTOGRAPHIC CHECKSUM

5.1.1 Command Message
The COMPUTE CRYPTOGRAPHIC CHECKSUM command message coding is shown in Table 5.1.
Table 5.1COMPUTE CRYPTOGRAPHIC CHECKSUM Command Message Code CLA INS P1 P2 Lc Data Le Value 80 2A 8E 80 04 Unpredictable Number (Numeric) 00
As the UDOL is not provided by the PayPass M/Chip Flex application, the data field of the command message is the value field of the Unpredictable Number (Numeric) data object.
5.1.2
Processing
Figure 5.1 specifies the flow of the COMPUTE CRYPTOGRAPHIC CHECKSUM command processing.
2006 MasterCard
49
C-APDU Processing
Figure 5.1COMPUTE CRYPTOGRAPHIC CHECKSUM Processing
P1-P2 OK
1
NOK
SW1-SW2='6A86' NOK
Lc OK
2
SW1-SW2='6700' NOK
BLOCKED? OK
3
SW1-SW2='6985' NO
YES
USE STATIC CVC3?
CVC3TRACK1 = Static CVC3TRACK1 CVC3TRACK2 = Static CVC3TRACK2
GENERATE CVC3TRACK1 and CVC3TRACK2
RESPONSE = CVC3TRACK1, CVC3TRACK2 , ATC
SW1-SW2='9000'
Symbol 0 If P1 8E or P2 80, then the C-APDU is rejected (SW1-SW2 = 6A86). Symbol 1 If Lc 4, then the C-APDU is rejected (SW1-SW2 = 6700). Symbol 2 If the application is blocked (i.e. if Previous Transaction History[5] = 1b), then the C-APDU is rejected (SW1-SW2=6985). Symbol 3 The PayPass M/Chip Flex application checks if the Static CVC3 must be used (i.e. if Application Control[3][8] = 1b).
2006 MasterCard
50
C-APDU Processing
Symbol 4 If Static CVC3 must be used, then the PayPass M/Chip Flex application sets CVC3TRACK1 equal to Static CVC3TRACK1 and CVC3TRACK2 equal to Static CVC3TRACK2. Symbol 5 The PayPass M/Chip Flex application generates CVC3TRACK1 and CVC3TRACK2 as specified in Section6.2. Symbol 6 The PayPass M/Chip Flex application generates the response message template containing the CVC3TRACK1, the CVC3TRACK2 and the ATC.
5.1.3
The data field of the response message is a constructed data object with tag 77. As shown in Table 5.2, the value field of the constructed data object includes the CVC3TRACK1, the CVC3TRACK2 and the ATC.
Table 5.2COMPUTE CRYPTOGRAPHIC CHECKSUM Response Message Data Element Response Message Template CVC3TRACK2 CVC3TRACK1 ATC Tag 77 9F61 9F60 9F36 Length 15 2 2 2
The CVC3TRACK2 and the CVC3TRACK1 are cryptograms generated by the PayPass M/Chip Flex application according the algorithm specified in Sections 6.2, 6.3 and 6.5. Both cryptograms are generated with the same dynamic data (UN and ATC) and with the same secret key (ICC Derived Key for CVC3 Generation), but with a different initialization vector (IVCVC3TRACK1 for CVC3TRACK1 and IVCVC3TRACK2 for CVC3TRACK2).
5.1.4
Destination State
The destination states for the COMPUTE CRYPTOGRAPHIC CHECKSUM command are listed in Table 5.3.
Table 5.3Destination State for COMPUTE CRYPTOGRAPHIC CHECKSUM Command SW1 67 69 6A 90 SW2 00 85 86 00 Other INITIATED SELECTED SELECTED SELECTED SELECTED SELECTED
2006 MasterCard
51
C-APDU Processing
Generate Application Cryptogram
5.2
GENERATE APPLICATION CRYPTOGRAM

The GENERATE AC command message is coded according to Table 5.4.

Table 5.4GENERATE AC Command Message Code CLA INS P1 P2 Lc Data Le Value 80 AE Reference Control Parameter 00 var. Transaction Related Data 00
Table 5.5 specifies the coding of the Reference Control Parameter.

Table 5.5Reference Control Parameter Coding for the GENERATE AC b8 x 0 0 1 1 b7 x 0 1 0 1 x 0 x 0 1 x 0 x 0 x 0 x 0 b6 b5 b4 b3 b2 b1 Meaning Cryptogram Type AAC TC ARQC RFU RFU Other values RFU Combined DDA/AC Generation Requested Combined DDA/AC Generation Not Requested Combined DDA/AC Generation Requested RFU Other values RFU
2006 MasterCard
52
C-APDU Processing
5.2.2
5.2.2.1
Processing
Flow, First Generate AC, Starting Diagram
Figure 5.2First GENERATE AC Processing Starting Diagram
P1-P2
KO
sw12:='6A86'
OK 2
Lc
KO
sw12:='6700'
OK
retrieve transaction related data values from C-APDU

4
update CVR
application blocked?
no 6 ARQC
yes
AC requested?
AAC
TC 7 8 9
ARQC requested
TC requested
decision AAC
2006 MasterCard
53
C-APDU Processing
Symbol 1 If CDA supported: (P1[8-7] = 00b or 01b or 10b) and P2=00, otherwise the C-APDU is rejected (SW1-SW2 = 6A86). If CDA not supported: (P1[8-7] = 00b or 01b or 10b) and P1[5] = 0b and P2=00, otherwise the C-APDU is rejected (SW1-SW2 = 6A86). Symbol 2 32 <= Lc and Lc = CDOL 1 Related Data Length, otherwise the C-APDU is rejected (SW1-SW2 = 6700). Symbol 3 The transaction related transient data elements are filled with the values given in the Transaction Related Data (GENERATE AC command message data):
SET CDOL 1 Related Data (CDOL 1 Related Data Length bytes from the Transaction Related Data) SET SET SET SET SET SET SET SET SET SET SET
Amount, Authorised (Numeric) (6 bytes from the Transaction Related Data) Amount, Other (6 bytes from the Transaction Related Data) Terminal Country Code (2 bytes from the Transaction Related Data) Terminal Verification Results (5 bytes from the Transaction Related Data) Transaction Currency Code (2 bytes from the Transaction Related Data) Transaction Date (3 bytes from the Transaction Related Data) Transaction Type (1 byte from the Transaction Related Data) Unpredictable Number (4 bytes from the Transaction Related Data) Terminal Type (1 byte from the Transaction Related Data) Data Authentication Code (2 bytes from the Transaction Related Data)
CDOL1 Extension (CDOL 1 Related Data Length 32 remaining bytes from the Transaction Related Data)
Note that it is possible to keep only the value of CDOL 1 Related Data and to work with offsets to access the values corresponding to the variables in CDOL 1 Related Data. In this case, no assignation is required. Note also that the application does not use the CDOL1 Extension as an individual element, but always as part of the CDOL 1 Related Data.
Note
2006 MasterCard
54
C-APDU Processing
Symbol 4 The Card Verification Results is updated: If (Terminal Country Code = CRM Country Code), then the Domestic Transaction bit in the Card Verification Results is set to 1b:
SET
Card Verification Results [4][2] (1b) Card Verification Results [4][3] (1b)
otherwise the International Transaction bit is set to 1b:

SET
Byte 5 bits 8 to 5 in the Card Verification Results are updated to reflect the values of the offline counters: If (Consecutive Offline Transactions Number > Lower Consecutive Offline Limit), then the Lower Consecutive Offline Limit Exceeded bit in the Card Verification Results is set to 1b:
SET
Card Verification Results [5][8] (1b)
If (Consecutive Offline Transactions Number > Upper Consecutive Offline Limit), then the Upper Consecutive Offline Limit Exceeded bit in the Card Verification Results is set to 1b:
SET
If (Cumulative Offline Transaction Amount > Lower Cumulative Offline Transaction Amount), then the Lower Cumulative Offline Limit Exceeded bit in the Card Verification Results is set to 1b:
SET
If (Cumulative Offline Transaction Amount > Upper Cumulative Offline Transaction Amount), then the Upper Cumulative Offline Limit Exceeded bit in the Card Verification Results is set to 1b:
SET
The Card Verification Results is mapped on the CVR of the active co-application: If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then If (Card Verification Results [5][8] = 1b or Card Verification Results [5][7] = 1b or Card Verification Results [5][6] = 1b or Card Verification Results [5][5] = 1b), then
SET
CVR-UKIS [3][6] (1b)
2006 MasterCard
55
C-APDU Processing
If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then

SET
If (Card Verification Results [5][8] = 1b), then CVR-CCD [3][8] (1b)
If (Card Verification Results [5][7] = 1b), then SET CVR-CCD [3][7] (1b) If (Card Verification Results [5][6] = 1b), then SET CVR-CCD [3][6] (1b) If (Card Verification Results [5][5] = 1b), then SET CVR-CCD [3][5] (1b) If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then If (Card Verification Results [5][8] = 1b or Card Verification Results [5][7] = 1b), then SET CVR-M/Chip 2.05 [3][6] (1b) If (Card Verification Results [5][8] = 1b or Card Verification Results [5][6] = 1b), then SET CVR-M/Chip 2.05 [4][3] (1b) If (Card Verification Results [5][7] = 1b or Card Verification Results [5][5] = 1b), then SET CVR-M/Chip 2.05 [4][2] (1b) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then If (Card Verification Results [5][8] = 1b or Card Verification Results [5][7] = 1b), then SET CVR-M/Chip Lite 2.1 [3][6] (1b) If (Card Verification Results [5][8] = 1b or Card Verification Results [5][6] = 1b), then SET CVR-M/Chip Lite 2.1 [4][3] (1b) If (Card Verification Results [5][7] = 1b or Card Verification Results [5][5] = 1b), then SET CVR-M/Chip Lite 2.1 [4][2] (1b) If 'Activate additional check table' is set in the Application Control (i.e. if Application Control [2][3] = 1b), then the application performs the additional check on CDOL 1 Related Data with the Additional Check Table. If (Position in CDOL 1 Related Data = 00), then the check with the Additional Check Table is terminated (the application goes to Symbol 5 without setting bits in the Card Verification Results [6]). If (Position in CDOL 1 Related Data + Length in CDOL 1 Related Data 1 > CDOL 1 Related Data Length), then the check with the Additional Check Table is terminated (the application goes to Symbol 5 without setting bits in the Card Verification Results [6]). If (Length in CDOL 1 Related Data * Number of Entries > 15), then the check with the Additional Check Table is terminated (the application goes to Symbol 5 without setting bits in the Card Verification Results [6]). Masked Value = CDOL 1 Related Data [Position in CDOL 1 Related Data to Position in CDOL 1 Related Data + Length in CDOL 1 Related Data - 1] & Bit Mask
2006 MasterCard
56
C-APDU Processing
for (i = 2; i <= Number of Entries, i++) { Entry i = Additional Check Table [4 + (i-1) * Length in CDOL 1 Related Data to 4 + i * Length in CDOL 1 Related Data - 1] if (Masked Value = Entry i), then SET Card Verification Results [6][2](1b) (match found in Additional Check Table) Exit loop and terminate check with the Additional Check Table (the application goes to Symbol 5) }
SET
Card Verification Results [6][1](1b) (no match found in Additional Check Table)
Terminate check with the Additional Check Table (the application goes to Symbol 5).
Note
This is the first time bits from the Card Verification Results are set since they were reset to 0b. Therefore, all bits that are not set in this step have a value of 0b.
Symbol 5 If the application is blocked (i.e. if Previous Transaction History[5] =1b), then the PayPass M/Chip Flex application generates an AAC. Symbols 6-7-8-9 If the application is not blocked (i.e. if Previous Transaction History[5] = 0b), then the process depends on the terminal request. If the terminal requests an ARQC (i.e. if Reference Control Parameter [8-7] = 10b), then the terminal asks for an online transaction. This PayPass M/Chip Flex application process is specified in Section 5.2.2.2. If the terminal requests a TC (i.e. if Reference Control Parameter [8-7] = 01b), then the terminal asks for an offline transaction. This PayPass M/Chip Flex application process is specified in Section 5.2.2.3. If the terminal requests an AAC (i.e. if Reference Control Parameter [8-7] = 00b), then the terminal declines the transaction. The PayPass M/Chip Flex application generates an AAC. The computation of an AAC is specified in Section 5.2.2.4 (if CDA supported) and Section 5.2.2.5 (if CDA not supported).
2006 MasterCard
57
C-APDU Processing
5.2.2.2
Flow, First Generate AC, ARQC Requested
Figure 5.3First GENERATE AC Processing ARQC Requested

7
ARQC requested
10' Offline-only? no 10 CVR and CIACs decline decline yes
do not decline 11 9
decision ARQC
decision AAC
Symbol 10' If the Offline-only bit is set in the Application Control (i.e. Application Control[1][6] = 1b), then the PayPass M/Chip Flex application will decline the transaction and compute an AAC, otherwise the PayPass M/Chip Flex application will check the Card Issuer Action Code Decline. Symbol 10 The decisional part of the Card Verification Results is checked against the Card Issuer Action Code Decline: If ((Card Verification Results[4-6] & Card Issuer Action Code Decline) <> 000000), then the PayPass M/Chip Flex application declines the transaction and will compute an AAC, otherwise the PayPass M/Chip Flex application will compute an ARQC. Symbol 9 The computation of an AAC is specified in Section 5.2.2.4 (if CDA supported) and Section 5.2.2.5 (if CDA not supported). Symbol 11 The computation of an ARQC is specified in Section 5.2.2.4 (if CDA supported) and Section 5.2.2.5 (if CDA not supported).
2006 MasterCard
58
C-APDU Processing
5.2.2.3
Flow, First GENERATE AC, TC Requested
Figure 5.4First GENERATE AC Processing TC Requested-1

8
TC requested
CVR 12 and CIACs decline
decline
decision AAC
do not decline
13
transaction currency
application currency
other
convertible currency
15
convert amount in app currency .

OK
14 16
15 '
KO
17
KO 14 '
add amount to cumulative amount

OK OK
add amount in app . currency to cumulative amount

18'
KO
16 '
add to consecutive transaction number
always update cons nr

YES
17
NO
19
update consecutive offline limit exceeded in CVR
add to consecutive transaction number

19
update consecutive offline limit exceeded in CVR
18
update cumulative offline limit exceeded in CVR
see next flow diagram
2006 MasterCard
59
C-APDU Processing
Figure 5.5First GENERATE AC Processing TC Requested-2
see previous flow diagram

20'
update POI
20'
offline-only?
no
20
yes
offline only terminal
offline only
online capable yes
22
CAT3 and skip CRM for CAT3
no
21 23
CVR and CIACs online
offline
offline
CVR and CIACs default
25
online
update counters
decline
11
27
decision ARQC
decision TC
decision AAC
2006 MasterCard
60
C-APDU Processing
Symbol 12 The decisional part of the Card Verification Results is checked against the Card Issuer Action Code Decline: If ((Card Verification Results[4-6] & Card Issuer Action Code Decline) <> 000000), then the PayPass M/Chip Flex application declines the transaction and will compute an AAC. Symbol 9 The computation of an AAC is specified in Section 5.2.2.4 (if CDA supported) and Section 5.2.2.5 (if CDA not supported). Symbol 13 The Transaction Currency Code is checked against the CRM Currency Code and the Currency Conversion Parameters 1 to 5: If (Transaction Currency Code = CRM Currency Code), then the Amount, Authorised will be added to the Cumulative Offline Transaction Amount without conversion, otherwise the Transaction Currency Code is checked against the Currency Code in the Currency Conversion Parameters 1 to 5 1: for (i=1; i<=5, i++) { If (Transaction Currency Code = Currency Conversion Parameters i [1-2]), then exit loop to convert the Amount, Authorised into the Amount in Counter Currency, using the Currency Conversion Parameters i } If ((Transaction Currency Code <> CRM Currency Code ) and (Transaction Currency Code <> Currency Code for Currency Conversion Parameters 1 to 5)), then the Consecutive Offline Transactions Number will be incremented. Symbols 14, 14 The value of the Cumulative Offline Transaction Amount is computed and stored in a temporary variable: Temp Cumulative Offline Transaction Amount := Cumulative Offline Transaction Amount + Amount, Authorised. If an overflow happens during the addition (i.e. the result exceeds 999999999999), then the C-APDU is rejected (SW1-SW2 = 6985).
Note The result of the addition is not stored in non-volatile memory at this point (i.e. Cumulative Offline Transaction Amount in non-volatile memory is not yet impacted by the addition) as the addition is performed on a transient data element. The Temp Cumulative Offline Transaction Amount does not exist beyond a single C-APDU processing, as it is not mentioned in Section 7.1.
Note
Currency Code is stored in byte 1-2 of the Currency Conversion Parameters.

2006 MasterCard
61
C-APDU Processing
Symbols 15, 15 The Amount, Authorised is converted into the Amount in Counter Currency, using the Currency Conversion Parameters 1 to 5. This process is specified in Annex B. If an overflow happens during the conversion, then the C-APDU is rejected (SW1-SW2 = 6985). Symbol 16, 16 The value of the Cumulative Offline Transaction Amount is computed and stored in a temporary variable: Temp Cumulative Offline Transaction Amount := Cumulative Offline Transaction Amount + Amount in Counter Currency. If an overflow happens during the addition (i.e. the result exceeds 999999999999), then the C-APDU is rejected (SW1-SW2 = 6985). Symbol 17 The value of the Consecutive Offline Transactions Number is computed and stored in a temporary variable: Temp Consecutive Offline Transactions Number := Consecutive Offline Transactions Number +1. If an overflow happens during the addition (i.e. the result exceeds FF), then the counter remains at FF (i.e. FF+1=FF for this operation).
Note The result of the increment is not stored in non-volatile memory at this point (i.e. Consecutive Offline Transactions Number in non-volatile memory is not yet impacted by the addition) as addition is performed on a transient data element. The Temp Consecutive Offline Transactions Number does exist beyond a single C-APDU processing, since it is not mentioned in Section 7.1.
Note
Symbols 18 If the always add to consecutive transaction number bit is set in the Application Control (i.e. if Application Control [2][4] = 1b), then the current transaction is added to the Consecutive Offline Transactions Number. Symbol 18 The Card Verification Results is updated: If (Temp Cumulative Offline Transaction Amount > Lower Cumulative Offline Transaction Amount), then the Lower Cumulative Offline Limit Exceeded bit in the Card Verification Results is set to 1b:
SET
2006 MasterCard
62
C-APDU Processing
If (Temp Cumulative Offline Transaction Amount > Upper Cumulative Offline Transaction Amount), then the Upper Cumulative Offline Limit Exceeded bit in the Card Verification Results is set to 1b:
SET
The Card Verification Results is mapped on the CVR of the active co-application: If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then If (Card Verification Results [5][6] = 1b or Card Verification Results [5][5] = 1b), then SET CVR-UKIS [3][6] (1b) If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then If (Card Verification Results [5][6] = 1b), then SET CVR-CCD [3][6] (1b) If (Card Verification Results [5][5] = 1b), then SET CVR-CCD [3][5] (1b) If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then If (Card Verification Results [5][6] = 1b), then SET CVR-M/Chip 2.05 [4][3] (1b) If (Card Verification Results [5][5] = 1b) , then SET CVR-M/Chip 2.05 [4][2] (1b) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then If (Card Verification Results [5][6] = 1b) , then SET CVR-M/Chip Lite 2.1 [4][3] (1b) If (Card Verification Results [5][5] = 1b), then SET CVR-M/Chip Lite 2.1 [4][2] (1b)
Symbol 19 The Card Verification Results is updated: If (Temp Consecutive Offline Transactions Number > Lower Consecutive Offline Limit), then the Lower Consecutive Offline Limit Exceeded bit in the Card Verification Results is set to 1b:
SET
If (Temp Consecutive Offline Transactions Number > Upper Consecutive Offline Limit), then the Upper Consecutive Offline Limit Exceeded bit in the Card Verification Results is set to 1b:
SET
The Card Verification Results is mapped on the CVR of the active co-application: If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then If (Card Verification Results [5][8] = 1b or Card Verification Results [5][7] = 1b), then SET CVR-UKIS [3][6] (1b)
2006 MasterCard
63
C-APDU Processing
If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then

SET
If (Card Verification Results [5][8] = 1b), then CVR-CCD [3][8] (1b)
If (Card Verification Results [5][7] = 1b), then SET CVR-CCD [3][7] (1b) If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then If (Card Verification Results [5][8] = 1b), then SET CVR-M/Chip 2.05 [3][6] (1b) SET CVR-M/Chip 2.05 [4][3] (1b) If (Card Verification Results [5][7] = 1b), then SET CVR-M/Chip 2.05 [3][6] (1b) SET CVR-M/Chip 2.05 [4][2] (1b) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then If (Card Verification Results [5][8] = 1b), then SET CVR-M/Chip Lite 2.1 [3][6] (1b) SET CVR-M/Chip Lite 2.1 [4][3] (1b) If (Card Verification Results [5][7] = 1b), then SET CVR-M/Chip Lite 2.1 [3][6] (1b) SET CVR-M/Chip Lite 2.1 [4][2] (1b) Symbol 20 Update the Go online on next transaction bit in the POI. If one of the offline counters exceeds the lower limit, then the bit is set, otherwise the bit is reset:
SAVE
POI [2] (Card Verification Results [5][8] | Card Verification Results [5][6])
Symbol 20 If the Offline-only bit is set in the Application Control (i.e. Application Control[1][6] = 1b), then the PayPass M/Chip Flex application will not check the Card Issuer Action Code Online, otherwise the PayPass M/Chip Flex application will check if the terminal is online capable. Symbol 20 If the terminal is offline only (i.e. if Terminal Type = 23 or 26 or 36), then the PayPass M/Chip Flex application will not check the Card Issuer Action Code Online, otherwise the PayPass M/Chip Flex application will check the Card Issuer Action Code Online.
2006 MasterCard
64
C-APDU Processing
Symbol 21 If the terminal is online capable, then the PayPass M/Chip Flex application checks the Card Issuer Action Code Online: If ((Card Verification Results[4-6] & Card Issuer Action Code Online) <> 000000), then the PayPass M/Chip Flex application will compute an ARQC, otherwise the PayPass M/Chip Flex application will approve the transaction and compute a TC. Symbol 22 If the terminal is offline only, then the PayPass M/Chip Flex application checks if the Card Issuer Action Code Default is to be used: If (the terminal is a CAT3 terminal (i.e. if the Terminal Type = 26) and the Skip CIAC-Default on CAT3 bit is set in the Application Control (i.e. if Application Control[1][7] = 1b)), then the PayPass M/Chip Flex application will approve the transaction without checking the Card Issuer Action Code Default and will compute a TC, otherwise the PayPass M/Chip Flex application will check the Card Issuer Action Code Default. Symbol 23 The PayPass M/Chip Flex application checks the Card Issuer Action Code Default: If ((Card Verification Results[4-6] & Card Issuer Action Code Default) <> 000000), then the PayPass M/Chip Flex application will decline the transaction and compute an AAC, otherwise the PayPass M/Chip Flex application will approve the transaction and compute a TC. Symbol 25 If modified, then the Cumulative Offline Transaction Amount is updated in non-volatile memory:
SAVE
Cumulative Offline Transaction Amount (Temp Cumulative Offline Transaction Amount)
If modified, then the Consecutive Offline Transactions Number is updated in non-volatile memory:
SAVE
Consecutive Offline Transactions Number (Temp Consecutive Offline Transactions Number) Symbol 27
The computation of a TC is specified in Section 5.2.2.4 (if CDA supported) and Section 5.2.2.5 (if CDA not supported).
2006 MasterCard
65
C-APDU Processing
5.2.2.4
Flow, GENERATE AC, Decision AAC, TC or ARQC (CDA Supported)
This section specifies how the AAC, TC and ARQC are computed by the PayPass M/Chip Flex application. It also specifies how the PayPass M/Chip Flex application calculates the corresponding response message to the GENERATE AC when CDA is supported.
Figure 5.6AAC, TC, ARQC Generation and Corresponding Response Message for GENERATE AC 1 (CDA Supported)
decision AAC
9
decision TC
27
decision ARQC
11
100
101
102
set AAC in CVR and CID
set TC in CVR and CID
set ARQC in CVR and CID
103
103
combined
combined
104
combined
combined
104
set combined returned in CVR

not combined not combined
set combined returned in CVR
see next diagram
2006 MasterCard
66
C-APDU Processing
Figure 5.7AAC, TC, ARQC Generation and Corresponding Response Message for GENERATE AC 2 (CDA Supported)
previous diagram
107
compute AAC/TC/ARQC
108
compute Issuer App. Data
111
combined and TC/ARQC
combined
112
compute hash result
113
not combined
build ICC Dynamic Data

114
compute hash on Dynamic Application Data to be Signed

115
compute RSA signature

117 116
build response
build response
118
118
resp., sw12='9000'
2006 MasterCard
67
C-APDU Processing
Symbol 100 The Card Verification Results is updated (the AC Returned in First Generate AC bits are set to AAC, the AC Returned in Second Generate AC bits are set to not requested):
SET
Card Verification Results [1][8-5] (1000b)
The Card Verification Results is mapped on the CVR of the active co-application: If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then SET CVR-UKIS [2][8-5] (1000b)
SET
If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then CVR-CCD [1][8-5] (1000b)
If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then SET CVR-M/Chip 2.05 [2][8-5] (1000b) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then SET CVR-M/Chip Lite 2.1 [2][8-5] (1000b) The Cryptogram Information Data is set to AAC:
SET
Cryptogram Information Data (00)
Symbol 101 The Card Verification Results is updated (the AC Returned in First Generate AC bits are set to TC, the AC Returned in Second Generate AC bits are set to not requested):
SET
SET
If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then SET CVR-M/Chip 2.05 [2][8-5] (1001b) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then SET CVR-M/Chip Lite 2.1 [2][8-5] (1001b) The Cryptogram Information Data is set to TC:
SET
2006 MasterCard
68
C-APDU Processing
Symbol 102 The Card Verification Results is updated (the AC Returned in First Generate AC bits are set to ARQC, the AC Returned in Second Generate AC bits are set to not requested):
SET
The Card Verification Results is mapped on the CVR of the active co-application: If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then SET CVR-UKIS [2][8-5] (1010b) If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then SET CVR-CCD [1][8-5] (1010b) If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then SET CVR-M/Chip 2.05 [2][8-5] (1010b) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then SET CVR-M/Chip Lite 2.1 [2][8-5] (1010b)
The Cryptogram Information Data is set to ARQC:

SET
Symbol 103 If the terminal asks for combined DDA/AC generation (i.e. if Reference Control Parameter[5] = 1b), then the Card Verification Results is updated. Symbol 104 The Combined DDA/AC Generation Returned in First Generate AC bit is set in the Card Verification Results:
SET
Card Verification Results[2][7] (1b)
If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then the CDA performed bit is set in the CVR-CCD:
SET
CVR-CCD [1][4] (1b)
Symbol 107 The PayPass M/Chip Flex application computes the AAC, TC or ARQC using the algorithm determined in Section 6.1. Symbol 108 The PayPass M/Chip Flex application computes the Issuer Application Data. For values refer to Annex A.
2006 MasterCard
69
C-APDU Processing
Symbol 111 If the terminal asks for combined DDA/AC generation (i.e. if Reference Control Parameter[5] = 1b) and the decision is to compute a TC or ARQC, then the PayPass M/Chip Flex application will wrap the TC/ARQC in a RSA envelope. If the terminal does not ask for combined DDA/AC generation (i.e. if Reference Control Parameter[5] = 0b) or the decision is to compute an AAC, then the PayPass M/Chip Flex application will build the response. Symbol 112 The PayPass M/Chip Flex application computes the Hash Result on CDOL 1 Related Data and Generate AC Response Data (except the Signed Dynamic Application Data). See [EMV BOOK 2], Section 6.6.1, for details. Symbol 113 The PayPass M/Chip Flex application builds the ICC Dynamic Data. See [EMV BOOK 2], Section 6.6.1, for details. Symbol 114 The PayPass M/Chip Flex application computes the Hash of the Dynamic Application Data and its Related Information. See [EMV BOOK 2], Section 6.6.1, for details. Symbol 115 The PayPass M/Chip Flex application computes the RSA signature. See [EMV BOOK 2], Section 6.6.1, for details. Symbol 116 If Combined DDA/Application Cryptogram Generation (CDA) has been chosen for the current transaction and the ICC returns a TC or ARQC, then the GENERATE AC response message data field is an EMV Format 2 constructed data object with tag equal to '77' containing the BER-TLV coded objects specified in Table 5.6. If the ICC returns an AAC, then the GENERATE AC response message data field is an EMV Format 2 constructed data object with tag equal to '77' containing the BER-TLV coded objects specified in Table 5.7.
Table 5.6 GENERATE AC Response Message Data Field (CDA) Tag 9F27 9F36 9F4B 9F10 Length 1 2 NIC up to 32 Description Cryptogram Information Data Application Transaction Counter Signed Dynamic Application Data Issuer Application Data (coded according to the active co-application)
2006 MasterCard
70
C-APDU Processing
Symbol 117 If Static Data Authentication has been chosen for the current transaction (i.e. AC generation is not combined with DDA), then the GENERATE AC response message data field for an AAC, TC or ARQC is an EMV Format 2 constructed data object with tag equal to '77' containing the BER-TLV coded objects specified in Table 5.7.
Table 5.7 GENERATE AC Response Message Data Field (SDA) Tag 9F27 9F36 9F26 9F10 Length 1 2 8 up to 32 Description Cryptogram Information Data Application Transaction Counter Application Cryptogram Issuer Application Data (coded according to the active co-application)
2006 MasterCard
71
C-APDU Processing
5.2.2.5
Flow, GENERATE AC, Decision AAC, TC or ARQC (CDA Not Supported)
This section specifies how the AAC, TC and ARQC are computed by the PayPass M/Chip Flex application, as well as the corresponding response message to the first GENERATE AC when CDA is not supported.
Figure 5.8AAC, TC, ARQC Generation and Corresponding Response Message for GENERATE AC (CDA not supported)
decision AAC
9
decision TC
27
decision ARQC
11
100
101
102
set AAC in CVR and CID
set TC in CVR and CID
set ARQC in CVR and CID
103
compute AAC/TC/ARQC
103'
build Issuer App. Data

104
build response
105
2006 MasterCard
72
C-APDU Processing
Symbol 100 The Card Verification Results is updated (the AC Returned in First Generate AC bits are set to AAC, the AC Returned in Second Generate AC bits are set to not requested):
SET
SET
If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then SET CVR-M/Chip 2.05 [2][8-5] (1000b) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then SET CVR-M/Chip Lite 2.1 [2][8-5] (1000b) The Cryptogram Information Data is set to AAC:
SET
Symbol 101 The Card Verification Results is updated (the AC Returned in First Generate AC bits are set to TC, the AC Returned in Second Generate AC bits are set to not requested):
SET
SET
If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then SET CVR-M/Chip 2.05 [2][8-5] (1001b) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then SET CVR-M/Chip Lite 2.1 [2][8-5] (1001b) The Cryptogram Information Data is set to TC:
SET
2006 MasterCard
73
C-APDU Processing
Symbol 102 The Card Verification Results is updated (the AC Returned in First Generate AC bits are set to ARQC, the AC Returned in Second Generate AC bits are set to not requested):
SET
The Card Verification Results is mapped on the CVR of the active co-application: If Co-application Indicator [2-1] = 10b (co-application UKIS is active), then SET CVR-UKIS [2][8-5] (1010b) If Co-application Indicator [2-1] = 11b (co-application CCD-compliant is active), then SET CVR-CCD [1][8-5] (1010b) If Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), then SET CVR-M/Chip 2.05 [2][8-5] (1010b) If Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then SET CVR-M/Chip Lite 2.1 [2][8-5] (1010b)
The Cryptogram Information Data is set to ARQC:

SET
Symbol 103 The PayPass M/Chip Flex application computes the AAC, TC or ARQC using the algorithm determined in Section 6.1. Symbol 103' The PayPass M/Chip Flex application builds the Issuer Application Data. For values refer to Annex A. Symbol 104 The GENERATE AC response message data field for an AAC, TC or ARQC is an EMV Format 2 constructed data object with tag equal to '77' containing the BER-TLV coded objects specified in Table 5.8.
Table 5.8 GENERATE AC Response Message Data Field (SDA) Tag 9F27 9F36 9F26 9F10 Length 1 2 8 up to 32 Description Cryptogram Information Data Application Transaction Counter Application Cryptogram Issuer Application Data (coded according to the active co-application)
2006 MasterCard
74
C-APDU Processing
5.2.3
The response message varies with the cryptogram computed and is specified in the sections dedicated to the cryptogram generation.
5.2.4
Destination State
The destination states for the GENERATE AC command are listed in Table 5.9.
Table 5.9Destination State for GENERATE AC Command SW1 67 69 6A 90 SW2 00 85 86 00 Other INITIATED SELECTED SELECTED SELECTED SELECTED SELECTED
2006 MasterCard
75
C-APDU Processing
Get Data
5.3
GET DATA
The GET DATA command message is coded as shown in Table 5.10.

Table 5.10GET DATA Command Message Code CLA INS P1/P2 Lc Data Le Value 80 CA Tag Not present Not present 00
Single byte tags are preceded with a leading 00 byte to fill P1/P2. Table 5.11 shows the tag values that must be supported by the GET DATA command of the PayPass M/Chip Flex application.
Table 5.11Tag Values for GET DATA P1/P2 0082 0094 00C3 00C4 00C5 00C6 00C7 00C8 00C9 00CA 00CB 00D1 00D3 00D5 9F14 9F23 9F50 9F7A 9F7E DF02 Data Element Application Interchange Profile Application File Locator Card Issuer Action Code Decline Card Issuer Action Code Default Card Issuer Action Code Online Counters CDOL 1 Related Data Length CRM Country Code CRM Currency Code Lower Cumulative Offline Transaction Amount Upper Cumulative Offline Transaction Amount Currency Conversion Table Additional Check Table Application Control Lower Consecutive Offline Limit Upper Consecutive Offline Limit Offline Balance Offline Consecutive Transactions Remaining Application Life Cycle Data Security Limits Status Length 2 var 3 3 3 10 1 2 2 6 6 25 18 3 1 1 6 1 48 1
2006 MasterCard
76
C-APDU Processing
Get Data
5.3.2
Processing
Figure 5.9 specifies the flow of the GET DATA command processing.
Figure 5.9GET DATA Processing
P1-P2
KO
sw12:= '6A88'
OK 2 3 yes
Tag =no '9F50'
allowed
no yes 4
no
compute balance sw12:= '6985'
6 yes
Tag = no '9F7A'
allowed
no yes 7
no
compute remaining sw12:= '6985'
resp:=TLV(data) sw12:= '9000'
2006 MasterCard
77
C-APDU Processing
Get Data
Symbol 1 P1/P2 is an accepted tag (i.e. tag in Table 5.11), otherwise the C-APDU is rejected (6A88). Symbol 2 If P1/P2 carry the tag of the Offline Balance (i.e. if P1/P2 = 9F50), then the application will check the Application Control. Symbol 3 If retrieval of the Offline Balance is allowed (i.e. if Application Control[2][2] = 1b), then the application will compute the offline balance. Otherwise the C-APDU is rejected (6985). Symbol 4 The Offline Balance is computed as follows: Offline Balance = Upper Cumulative Offline Transaction Amount - Cumulative Offline Transaction Amount. If an overflow occurs (i.e. if Upper Cumulative Offline Transaction Amount < Cumulative Offline Transaction Amount), then the value returned for the Offline Balance is 000000000000. Symbol 5 If P1/P2 carry the tag of the Offline Consecutive Transactions Remaining (i.e. if P1/P2 = 9F7A), then the application will check the Application Control. Symbol 6 If retrieval of the Offline Balance is allowed (i.e. if Application Control[2][2] = 1b), then the application will compute the Offline Consecutive Transactions Remaining. Otherwise the C-APDU is rejected (6985). Symbol 7 The Offline Consecutive Transactions Remaining is computed as follows: Offline Consecutive Transactions Remaining = Upper Consecutive Offline Limit Consecutive Offline Transactions Number. If an overflow occurs (i.e. if Upper Consecutive Offline Limit < Consecutive Offline Transaction Number), then the value returned for the Offline Consecutive Transactions Remaining is 00.
2006 MasterCard
78
C-APDU Processing
Get Data
5.3.3
The data field of the response message contains the data object, TLV encoded.
Table 5.12GET DATA Response Message Name Tag Length Value Length 1 or 2 1 var.
5.3.4
Destination State
The destination states for the GET DATA command are listed in Table 5.13.
Table 5.13Destination State for GET DATA Command SW1 69 6A 90 SW2 85 88 00 Other SELECTED SELECTED SELECTED SELECTED SELECTED INITIATED SELECTED SELECTED INITIATED SELECTED
2006 MasterCard
79
C-APDU Processing
Get Processing Options
5.4
GET PROCESSING OPTIONS

The GET PROCESSING OPTIONS command message is coded according to Table 5.14.
Table 5.14GET PROCESSING OPTIONS Command Message Code CLA INS P1 P2 Lc Data Le Value 80 A8 00 00 02 PDOL Related Data 00
PDOL Related Data follows a command template equal to 83 and is empty as shown in Table 5.15.
Table 5.15PDOL Related Data Data Element PDOL Related Data Tag 83 Length 00 Value empty
2006 MasterCard
80
C-APDU Processing
5.4.2
Processing
Figure 5.10 specifies the flow of the GET PROCESSING OPTIONS command processing.
Figure 5.10GET PROCESSING OPTIONS Processing
P1-P2
KO
sw12:='6A86'
4''
application disabled?
OK 2 no KO 5
yes
sw12:='6985'
Lc
sw12:='6700'

6
OK 3
PDOL related data

OK 4
KO
sw12:='6985'
ATC++; save ATC

7
ATC < ATC Limit
compute ICC DN
no
4'
resp:=AIP, AFL sw12:= '9000'

yes
disable application
Symbol 1 P1=00 and P2=00, otherwise the C-APDU is rejected (6A86). Symbol 2 Lc=02, otherwise the C-APDU is rejected (6700). Symbol 3 PDOL Related Data = 8300, otherwise the C-APDU is rejected (6985).
2006 MasterCard
81
C-APDU Processing
Symbol 4, 4' If the Application Transaction Counter has reached the limit (i.e. if Application Transaction Counter >= Application Transaction Counter Limit), then the application is disabled:
SAVE
Previous Transaction History [6] (1b)
Symbol 4'' If the application is disabled (i.e. if Previous Transaction History [6] = 1b), then GET PROCESSING OPTIONS is rejected (6985). Symbol 5 The transaction related transient data elements are reset:
RESET RESET RESET RESET RESET RESET RESET RESET RESET RESET RESET RESET
This step corresponds to the resetting of all the transient data elements that exist beyond the processing of a single C-APDU. It is possible to reset these data elements during the processing of other C-APDUs, without changing the external behavior of the PayPass M/Chip Flex application. This is allowed since it is undetectable by Type Approval. Section 7.1 gives information about the usage of these transient data elements throughout the PayPass M/Chip Flex application.
Note
2006 MasterCard
82
C-APDU Processing
Symbol 6 The Application Transaction Counter is incremented and saved in non-volatile memory:
SAVE
Application Transaction Counter (Application Transaction Counter +1)
Symbol 7 If CDA supported: The ICC Dynamic Number (ICC DN) is computed using the ICC Dynamic Number Master Key (MKIDN) and the Application Transaction Counter (ATC): ICC DN := DES3 (MKIDN) [(ATC ||00||00||00||00||00||00)]
5.4.3
The data field of the response message is an EMV Format 2 constructed data object with tag equal to '77' containing the BER-TLV coded objects specified in Table 5.16.
Table 5.16 GET PROCESSING OPTIONS Response Message Data Element Response Message Template Application Interchange Profile Application File Locator Tag 77 82 94
5.4.4
Destination State
Table 5.17 lists the destination states for the GET PROCESSING OPTIONS command.
Table 5.17Destination State for GET PROCESSING OPTIONS Command SW1 67 69 6A 90 SW2 00 85 86 00 Other SELECTED SELECTED SELECTED SELECTED INITIATED SELECTED
2006 MasterCard
83
C-APDU Processing
Read Record
5.5
READ RECORD
The PayPass M/Chip Flex application supports only one form of the READ RECORD C-APDU: the EMV 4.1 READ RECORD.
5.5.1
Command Message
The READ RECORD command message is coded according to Table 5.18.

Table 5.18READ RECORD Command Message Code CLA INS P1 P2 Lc Data Le Value 00 B2 Record Number Reference Control Parameter not present not present 00
Table 5.19 specifies the coding of the Reference Control Parameter.

Table 5.19Reference Control Parameter Coding for the READ RECORD b8 x b7 x b6 x b5 x b4 x x 1 x 0 x 0 P1 is a record number b3 b2 b1 Meaning SFI
2006 MasterCard
84
C-APDU Processing
Read Record
5.5.2
Processing
Figure 5.11 specifies the flow of the READ RECORD command processing.
Figure 5.11READ RECORD Processing
1 P1-P2 KO sw12:='6A86' OK 1' EMV SFI other out of scope payment system 2 file supported KO KO file supported 5 1''
sw12:='6A82' OK 3 record found KO KO record found OK 6
sw12:='6A83' OK 4 record in AFL KO sw12:='6985' OK resp:=record sw12:='9000' resp:=record sw12:='9000' OK
2006 MasterCard
85
C-APDU Processing
Read Record
Symbol 1 The PayPass M/Chip Flex application checks that: P1<>00 and (P2 & 07) = 04
otherwise the C-APDU is rejected (6A86). Symbol 1' If the C-APDU is the READ RECORD as reserved by EMV 4.1, then the PayPass M/Chip Flex application checks if the file to read is an EMV file, a payment system specific file, or another file: If the SFI in the Reference Control Parameter is in the range 1 to 10, then the file to read is an EMV file. If the SFI in the Reference Control Parameter is in the range 11 to 20, then the file to read is a payment system specific file. If the SFI in the Reference Control Parameter is not in the range 1 to 20, then the file to read is neither an EMV file nor a payment system specific file.
Symbol 1'' If the file to read is neither an EMV file nor a payment system specific file, it may be that the platform supports it anyway (for instance, issuer specific files). This would be in addition to the functionality needed for the PayPass M/Chip Flex application and is allowed but is proprietary to the implementation. Symbol 2 If the file to read is an EMV file, the PayPass M/Chip Flex application verifies that the SFI in the Reference Control Parameter corresponds to a supported record file. If the record file is not supported, the C-APDU is rejected (6A82). The way the PayPass M/Chip Flex application checks that the record file is supported is proprietary and left to the implementation. Symbol 3 The PayPass M/Chip Flex application verifies that there is a record corresponding to the Record Number, otherwise the C-APDU is rejected (6A83). The way the PayPass M/Chip Flex application checks that the record is supported is proprietary and left to the implementation. Symbol 4 The PayPass M/Chip Flex application checks if the record is referenced in the Application File Locator. If the record is not referenced in the Application File Locator, the C-APDU is rejected (6985). If the record is referenced in the Application File Locator, it is sent in the response.
2006 MasterCard
86
C-APDU Processing
Read Record
Symbol 5 If the file to read is a payment system specific file, the PayPass M/Chip Flex application verifies that the SFI in the Reference Control Parameter corresponds to a supported record file. If the file is not supported, the C-APDU is rejected (6A82). The way the PayPass M/Chip Flex application checks that the file is supported is proprietary and left to the implementation. Symbol 6 The PayPass M/Chip Flex application verifies that there is a non-empty record corresponding to the Record Number, otherwise the C-APDU is rejected (6A83). The way the PayPass M/Chip Flex application checks that the record is supported or empty is proprietary and left to the implementation.
5.5.3
The records referenced in the Application File Locator are stored in files with SFI in the range 1-10. For these records, the response message follows the AEF Data Template 70, as shown in Table 5.20.
Table 5.20READ RECORD Response Message (SFI in the range 1-10) Name AEF Data Template Record Tag 70
5.5.4
Destination State
Table 5.21 lists the destination states for the READ RECORD command.
Table 5.21Destination State for READ RECORD Command SW1 90 6A 6A 6A SW2 00 86 82 83 Other SELECTED SELECTED SELECTED SELECTED SELECTED SELECTED INITIATED INITIATED SELECTED SELECTED SELECTED SELECTED
2006 MasterCard
87
C-APDU Processing
Select
5.6
SELECT
The PayPass M/Chip Flex application does not use the SELECT command for application selection. The application selection mechanism is described in Section 4.5. A SELECT command transferred to the PayPass M/Chip Flex application indicates that the file/application to be selected is not present on the ICC.
Note In order to comply with the EMV 4.1 application selection process, the PayPass M/Chip Flex application must support the SELECT command (i.e. CLA/INS = 00A4) if any special behavior (i.e. responding 6A82 when the application to be selected is not present on the ICC) is not handled by a lower card layer (for example by the card manager, the multi-application manager, or the operating system). If an ICC platform is used that handles this behavior by a lower layer, then the SELECT command does not have to be supported by the PayPass M/Chip Flex application.
5.6.1
Command Message
The SELECT command message is coded according to Table 5.22.

Table 5.22SELECT Command Message Code CLA INS P1 P2 Lc Data Le Value 00 A4 04 00 first occurrence 02 next occurrence 05-10 file name 00
2006 MasterCard
88
C-APDU Processing
Select
5.6.2
Processing
Figure 5.12 specifies the flow of the SELECT command processing.

Figure 5.12SELECT Processing
1 P1-P2 KO sw12:='6A86'
OK sw12:='6A82'
Symbol 1 If P1= 04 and (P2 = 00 or 02), then the C-APDU is rejected with SW1-SW2 = 6A82, otherwise the C-APDU is rejected with SW1-SW2 = 6A86.
5.6.3
The response consists only of SW1-SW2.
5.6.4
Destination State
Table 5.23 lists the destination states for the SELECT command.
Table 5.23Destination State for SELECT Command SW1 6A 6A SW2 82 86 SELECTED SELECTED SELECTED SELECTED INITIATED SELECTED SELECTED SELECTED
Other
2006 MasterCard
89
C-APDU Processing
Select
2006 MasterCard
90
Cryptographic Algorithms and Key Management

Application Cryptogram Generation

Application Cryptogram Generation
The Application Cryptogram is generated using the MAC algorithm specified in Section 6.6 and a symmetric key as specified in Section 6.4. Data objects to be included in the Application Cryptogram are:
6.1
Terminal resident data objects (referenced in CDOL1 transmitted to the terminal in response to the READ RECORD command) and Card internal data objects depending on the co-application.
Table 6.1 shows the terminal resident data objects to be included in the Application Cryptogram.
Table 6.1Data Input for AC Generation (Terminal Resident Data Objects) Tag 9F02 9F03 9F1A 95 5F2A 9A 9C 9F37 Description Amount, Authorized Amount, Other Terminal Country Code Terminal Verification Results Transaction Currency Code Transaction Date Transaction Type Unpredictable Number
If the co-application is CCD-compliant, then the card data elements listed in Table 6.2 are included in the Application Cryptogram. They are included in the Application Cryptogram in the order shown at the end of the terminal residing data.
Table 6.2 Card Data Input for AC Generation (CCD-compliant) Tag 82 9F36 9F10 Length 2 2 32 Description Application Interchange Profile Application Transaction Counter Issuer Application Data (CCD-compliant co-application)
2006 MasterCard
91

Dynamic CVC3 Generation
If the co-application is M/Chip 2.05, or M/Chip Lite 2.1, or UKIS, then the card data elements listed in Table 6.3 are included in the Application Cryptogram. They are included in the Application Cryptogram in the order shown at the end of the terminal residing data.
Table 6.3Card Data Input for AC Generation (M/Chip 2.05, M/Chip Lite 2.1, UKIS) Tag 82 9F36 9F52 Length 2 2 var. Description Application Interchange Profile Application Transaction Counter CVR-M/Chip 2.05 or CVR-M/Chip Lite 2.1 or CVR-UKIS
6.2
Dynamic CVC3 Generation

The CVC3TRACK1 is generated using DES3 encipherment as follows: 1. Concatenate the data listed in Table 6.4 in the order specified to obtain an 8 byte data block (D):
Table 6.4Track 1 CVC3 Data Elements Data Element IVCVC3TRACK1 Unpredictable Number Application Transaction Counter
a
a
Length 2 bytes 4 bytes 2 bytes
If Application Control[3][7] = 0b (do not include the ATC in dynamic CVC3 generation), then the 2 bytes are filled with hexadecimal zeroes (00 00).
2. Calculate O as follows: O := DES3(KDCVC3)[D] 3. The two least significant bytes of O are the CVC3TRACK1. The CVC3TRACK2 is generated in the same way by replacing IVCVC3TRACK1 with IVCVC3TRACK2.
2006 MasterCard
92

IVCVC3 Generation
6.3
IVCVC3 Generation
The IVCVC3TRACK1 and IVCVC3TRACK2 are issuer proprietary static data elements that are used as input for the generation of the CVC3TRACK1 and CVC3TRACK2 cryptograms. IVCVC3TRACK1 is a MAC calculated over the static part of the Track 1 Data using the ICC Derived Key for CVC3 Generation. IVCVC3TRACK2 is a MAC calculated over the static part of the Track 2 Data also using the ICC Derived Key for CVC3 Generation. The MAC is generated using DES encipherment as specified in Section 6.6 using KDCVC3 as the key. For the generation of IVCVC3TRACK1 the message M consists of the static part of the Track 1 Data. For the generation of IVCVC3TRACK2 the message M consists of the static part of the Track 2 Data. The two least significant bytes of the MAC are the IVCVC3TRACK1 or IVCVC3TRACK2.
6.4
Symmetric Keys for Application Cryptogram Generation

Master keys for Application Cryptogram Generation are stored in the ICC during personalization. Refer to Section 8.6 for details. Derived session keys are stored in the AC Session Key data element.
6.4.1
M/Chip 2.05, M/Chip Lite 2.1
A unique 16-byte AC Master Key (MKAC) is stored in the ICC during personalization. For Application Cryptogram generation a session key valid only for the current Application Cryptogram is used. This 16-byte session key SKAC = (SKAC,L || SKAC,R) is derived from MKAC using: The 2-byte Application Transaction Counter (ATC) of the ICC A 4-byte terminal Unpredictable Number (UN)
The session key is derived as follows: SKAC,L: = DES3(MKAC)[(ATC || F0 || 00 ||UN)], and SKAC,R: = DES3(MKAC)[(ATC || 0F || 00 ||UN)]
2006 MasterCard
93

Symmetric Keys for Application Cryptogram Generation
6.4.2
CCD
A unique 16-byte AC Master Key (MKAC) is stored in the ICC during personalization. For Application Cryptogram generation the EMV Common Session Key Derivation Method (EMV CSK) is used in order to produce a session key, valid for the current transaction and derived from the MKAC. This 16-byte session key SKAC = (SKAC,L || SKAC,R) is derived from MKAC using the 2-byte Application Transaction Counter (ATC) of the ICC. The session key is derived as follows: SKAC,L: = DES3(MKAC)[(ATC || F0 || 00 || 00 || 00 || 00 || 00)], and SKAC,R: = DES3(MKAC)[(ATC || 0F || 00 || 00 || 00 || 00 || 00)].
The AC Session Key Counter is incremented and saved in non-volatile memory:

SAVE
AC Session Key Counter (AC Session Key Counter +1)
If (AC Session Key Counter AC Session Key Counter Limit), then The 'Application Cryptogram Error Limit Exceeded' bit in the Security Limits Status is set: SET Security Limits Status [8] (1b) The application is disabled: SAVE Previous Transaction History [6] (1b)
6.4.3
UKIS
A unique 16-byte AC Master Key (MKAC), consisting of two 8-byte keys Unique DEA Key A and Unique DEA Key B, is stored in the ICC during personalization, where MKAC = Unique DEA Key A || Unique DEA Key B. This key is used for Application Cryptogram generation according to Cryptogram Version 10. Cryptogram Version 12: Not supported. Cryptogram Version 14: Not supported.
2006 MasterCard
94

ICC Derived Key for CVC3 Generation (KDCVC3)
6.5
ICC Derived Key for CVC3 Generation (KDCVC3)

This section specifies the key derivation method used to generate the ICC Derived Key for CVC3 Generation (KDCVC3). KDCVC3 is a 16-byte DES3 key derived from the Issuer Master Key for CVC3 Generation (IMKCVC3) as follows: 1. Concatenate from left to right the PAN (without any hex F padding) with the PAN sequence number (if the PAN sequence number is not available, then it is replaced by a 00 byte). If the result X is less than 16 digits long, pad it to the left with hexadecimal zeros in order to obtain an eight-byte number Y in numeric (n) format. If X is at least 16 digits long, then Y consists of the 16 rightmost digits of X in numeric (n) format. 2. Compute the two eight-byte numbers: ZL := DES3(IMKCVC3)[Y] ZR := DES3(IMKCVC3)[Y (FF||FF||FF||FF||FF||FF||FF||FF)] and define: Z := (ZL || ZR). KDCVC3 is defined to be Z, with the exception of the least significant bit of each byte of Z which is set to a value that ensures that each of the 16 bytes of KDCVC3 has an odd number of nonzero bits (this is to conform with the odd parity requirements for DES keys).
6.6
MAC Algorithm
The following algorithm, commonly known as Retail MAC, is used for Application Cryptogram generation and for IVCVC3 generation: ISO/IEC 9797-1 MAC algorithm 3 with block cipher DES, zero IV (8 bytes), and ISO9797-1 padding method 2. The MAC length must be 8 bytes.
2006 MasterCard
95

MAC Algorithm
2006 MasterCard
96
Data Elements Location

Transient Data Elements that Exist Beyond a Single C-APDU
7
7.1

Some transient data elements exist beyond a single C-APDU processing. All such transient data elements are created at application selection and are identified in Table 7.1.
Note Column 3 of Table 7.1 specifies when the data elements are used for the different modes (create/reset/kill/read/write). This information can be used to decide when to create and kill the variables in an implementation.
Table 7.1Transient Data Elements Management Data Element CDOL 1 Related Data Mode create reset kill read write Card Verification Results create reset kill read write C-APDU SELECT SELECT, GET PROCESSING OPTIONS
UNSELECT
2
Usage The CDOL 1 Related Data is used to compute the intermediate hash result if the response to the first GENERATE AC uses the Combined DDA/AC generation. Furthermore CDOL 1 Related Data is used for the Additional Check Table. The Card Verification Results contains the results of checks performed for Card Risk Management. The first part contains some information for the issuer. The second part is used by the PayPass M/Chip Flex application to take a decision: the Card Verification Results is compared to the Card Issuer Action Codes during the Card Risk Management to decide which cryptogram is computed. It is used as input to the MAC for first GENERATE AC.
first GENERATE AC first GENERATE AC SELECT SELECT, GET PROCESSING OPTIONS

UNSELECT
first GENERATE AC first GENERATE AC
UNSELECT does not designate a C-APDU supported by the PayPass M/Chip Flex application, but is a generic term for any operation that de-activates the application. It is used here for convenience. Refer to section 3.1 for more details.
2006 MasterCard
97

Data Element Amount, Authorised
Mode create reset kill read write
C-APDU SELECT SELECT, GET PROCESSING OPTIONS

UNSELECT
Usage The Amount, Authorised is received from the terminal in the first GENERATE AC command. It is used for Card Risk Management and as input to the MAC for the first GENERATE AC.

UNSELECT
Amount, Other
create reset kill read write
The Amount, Other is received from the terminal in the first GENERATE AC command. It is used as input to the MAC for first GENERATE AC.

UNSELECT
Terminal Country Code
The Terminal Country Code is received from the terminal in the first GENERATE AC command. It is used for Card Risk Management and as input to the MAC for the first GENERATE AC.

UNSELECT
Transaction Currency Code
The Transaction Currency Code is received from the terminal in the first GENERATE AC command. It is used for Card Risk Management and as input to the MAC for the first GENERATE AC.

UNSELECT
Transaction Date
The Transaction Date is received from the terminal in the first GENERATE AC command. It is used as input to the MAC for the first GENERATE AC.

UNSELECT
Transaction Type
The Transaction Type is received from the terminal in the first GENERATE AC command. It is used as input to the MAC for the first GENERATE AC.
first GENERATE AC first GENERATE AC
2006 MasterCard
98

Persistent Data Elements
Data Element Data Authentication Code
Mode create reset kill read write
C-APDU SELECT SELECT, GET PROCESSING OPTIONS

UNSELECT
Usage The Data Authentication Code is received from the terminal in the first GENERATE AC command. It is used as part of the Issuer Application Data for the first GENERATE AC.

UNSELECT
ICC Dynamic Number
The ICC Dynamic Number is only present if CDA is supported. The ICC Dynamic Number is computed by the PayPass M/Chip Flex application in the GET PROCESSING OPTIONS. It is used as input to the signed data in the first GENERATE AC with Combined DDA/AC generation.
first GENERATE AC GET PROCESSING OPTIONS
7.2

The persistent data elements that are supported by the PayPass M/Chip Flex application are listed in this section. Table 7.2 shows the persistent data elements for application selection and their access conditions.
Table 7.2Persistent Data Elements for Application Selection Data Element AID FCI Length [5, 16] (wider range allowed) [10, 64] (wider range allowed) read record No No internal update No No get data No No
Table 7.3 lists the persistent data elements referenced in the AFL and their access conditions.
2006 MasterCard
99

Table 7.3Persistent Data Elements Referenced in the AFL Tag 56 9F62 9F63 9F64 9F65 9F66 9F67 9F68 9F6B 9F6C 9F42 5F25 5F24 9F07 5A 5F34 9F0D 9F0E 9F0F 9F08 8C 5F20 5F28 9F4A 57 8F 9F32 92 93 90 9F47 9F48 9F46 Name Track 1 Data PCVC3TRACK1 PUNATCTRACK1 NATCTRACK1 PCVC3TRACK2 PUNATCTRACK2 NATCTRACK2 Mag Stripe CVM List Track 2 Data Mag Stripe Application Version Number Application Currency Code Application Effective Date Application Expiration Date Application Usage Control Application Primary Account Number Application PAN Sequence Number Issuer Action Code Default Issuer Action Code Denial Issuer Action Code Online Application Version Number CDOL 1 Cardholder Name Issuer Country Code SDA Tag List Track-2 Equivalent Data Certification Authority Public Key Index Issuer Public Key Exponent Issuer Public Key Remainder Signed Application Data Issuer Public Key Certificate ICC Public Key Exponent ICC Public Key Remainder ICC Public Key Certificate read record Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes internal internal get read update data No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No
2006 MasterCard
100

Table 7.4 lists the persistent data elements for Card Risk Management and their access conditions.
Table 7.4Persistent Data Elements for Card Risk Management Tag D5 9F14 9F23 CA CB C4 C5 C3 C9 D1 D3 C7 C8 Name Application Control Lower Consecutive Offline Limit Upper Consecutive Offline Limit Lower Cumulative Offline Transaction Amount Upper Cumulative Offline Transaction Amount Card Issuer Action Code Default Card Issuer Action Code Online Card Issuer Action Code Decline CRM Currency Code Currency Conversion Table Additional Check Table CDOL 1 Related Data Length CRM Country Code read record No No No No No No No No No No No No No internal internal get read update data Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No No No No No No No No No No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Table 7.5 shows miscellaneous persistent data elements and their access conditions.
Table 7.5Miscellaneous Persistent Data Elements Tag DF01 DF02 9F7E Name Co-application Indicator Key Derivation Index Security Limits Security Limits Status Application Life Cycle Data read record No No No No No internal internal get read update data Yes Yes Yes Yes No No No No Yes No No No No Yes Yes
2006 MasterCard
101

Table 7.6 lists the persistent data elements for the GPO response and their access conditions.
Table 7.6Persistent Data Elements for the GPO Response Tag 94 82 Name Application File Locator Application Interchange Profile read record No No internal internal get read update data No No No No Yes Yes
Table 7.7 lists the persistent data elements for the COMPUTE CRYPTOGRAPHIC CHECKSUM command and their access conditions.
Table 7.7Persistent Data Elements for COMPUTE CRYPTOGRAPHIC CHECKSUM Tag ----Name Static CVC3TRACK1 Static CVC3TRACK2 IVCVC3TRACK1 IVCVC3TRACK2 read record No No No No internal internal get read update data Yes Yes Yes Yes No No No No No No No No
Table 7.8 lists the persistent data elements for the Counters and Previous Transaction History and their access conditions.
Table 7.8Persistent Data Elements for Counters and Previous Transaction History Tag 9F36 Name Application Transaction Counter Application Transaction Counter Limit Cumulative Offline Transaction Amount Consecutive Offline Transactions Number AC Session Key Counter AC Session Key Counter Limit Previous Transaction History read record No No No No No No No internal internal get data read update Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes No Yes As part of Counters No No No No No No
2006 MasterCard
102

Secret Keys
7.3
Secret Keys
The secret keys that are listed in this section are supported by the PayPass M/Chip Flex application. Table 7.9 shows the Triple DES key for CVC3 generation.
Table 7.9Triple DES Key for CVC3 Generation Data Element ICC Derived Key for CVC3 Generation (KDCVC3) length 16 get data internal update No No
Table 7.10 shows the Triple DES key for ICC Dynamic Number generation. This key is only present if CDA is supported.
Table 7.10Triple DES Key for ICC Dynamic Number Generation Data Element ICC Dynamic Number Master Key (MKIDN) length 16 get data internal update No No
Table 7.11 shows the Triple DES master key for Session Key Derivation and Application Cryptogram generation. Refer to Section 6.4 for details.
Table 7.11Triple DES Master Key for Session Key Derivation Data Element AC Master Key (MKAC) length 16 get data internal update No No
Table 7.12 shows the ICC's RSA private key and a related data element. These data elements are only present if CDA is supported.
Table 7.12ICC's RSA Private Key Data Element Length of ICC Public Key Modulus (NIC) ICC Private Key length 1 get data internal update No No No
Implemen- No tation specific
2006 MasterCard
103

Secret Keys
2006 MasterCard
104
Personalization
Application Selection Data Elements
Personalization
This section specifies the data elements that are available to the issuer for personalization. The personalization commands are not in the scope of this specification. They are left to the implementation.
8.1
Application Selection Data Elements

Table 8.1 specifies the data elements used during the application selection process.
Table 8.1Data Elements for Application Selection Name AID FCI Length 5 to16 var Value Any binary value See Section A.26
8.2
COMPUTE CRYPTOGRAPHIC CHECKSUM Data Objects

Table 8.2 lists the persistent card data elements used during the generation of CVC3TRACK1 and CVC3TRACK2.
Table 8.2Data Elements for CVC3 Generation Tag ----Data Element Static CVC3TRACK1 Static CVC3TRACK2 IVCVC3TRACK1 IVCVC3TRACK2 Length (bytes) 2 2 2 2 Format Binary Binary Binary Binary Value Refer to Section A.41 Refer to Section A.42 Refer to Section A.31 Refer to Section A.32
2006 MasterCard
105
Personalization
Persistent Data Referenced in the AFL
8.3

The data elements listed in Table 8.3 are the PayPass Mag Stripe specific data elements and are included in record 1 of the record file with SFI 1.
Table 8.3SFI 1 Record 1 Tag Name Length (bytes) 2 6 6 var. up to 76 1 2 2 var. up to 19 1 var. up to 32 Presence Mandatory Conditional(1) Conditional(1) Optional Conditional (1) Mandatory Mandatory Mandatory Mandatory Mandatory
9F6C Mag Stripe Application Version Number (Card) 9F62 Track 1 Bit Map for CVC3 (PCVC3TRACK1) 9F63 Track 1 Bit Map for UN and ATC (PUNATCTRACK1) 56 Track 1 Data 9F64 Track 1 Nr of ATC Digits (NATCTRACK1) 9F65 Track 2 Bit Map for CVC3 (PCVC3TRACK2) 9F66 Track 2 Bit Map for UN and ATC (PUNATCTRACK2) 9F6B Track 2 Data 9F67 Track 2 Nr of ATC Digits (NATCTRACK2) 9F68 Mag Stripe CVM List
(1)
This data element must be present if Track 1 Data is present.
Table 8.4 lists the data elements to be included in record 1 of the file with SFI 2. The file with SFI 2 shall have only one record. Record 1 of SFI 2 is the only record to be used as input for the generation of the Signed Static Application Data.
Table 8.4SFI 2 Record 1 Tag 57 5A 5F20 5F24 5F25 5F28 5F34 8C 8D 8E 9F07 9F08 9F0D 9F0E 9F0F 9F42 9F4A Description Track 2 Equivalent Data Application Primary Account Number (PAN) Cardholder Name Application Expiry Date Application Effective Date Issuer Country Code PAN Sequence Number CDOL1 CDOL2 CVM List Application Usage Control Application Version Number Issuer Action Code Default Issuer Action Code Denial Issuer Action Code Online Application Currency Code SDA Tag List Length (bytes) var. up to 19 var. up to 10 var. up to 26 3 3 2 1 var. (refer to Section A.10) var. var. 2 2 5 5 5 2 var. up to 1
2006 MasterCard
106
Personalization
Table 8.5 and Table 8.6 list the data elements included in the first and second record of the file with SFI 3. These records include the data objects required to retrieve the Issuer Public Key and to perform static data authentication.
Table 8.5SFI 3 Record 1 Tag 8F 9F32 92 90 Description Certification Authority Public Key Index Issuer Public Key Exponent Issuer Public Key Remainder Issuer Public Key Certificate Length (bytes) 1 var. up to 3 NI-NCA+36 NCA
Table 8.6SFI 3 Record 2 Tag 93 Description Signed Static Application Data Length (bytes) NI
Table 8.7 and Table 8.8 list the data objects required to retrieve the ICC Public Key and to perform combined DDA/AC generation.
Table 8.7SFI 4 Record 1 Tag 9F47 9F48 Description ICC Public Key Exponent ICC Public Key Remainder Length (bytes) var. up to 3 NIC-NI+42
Table 8.8SFI 4 Record 2 Tag 9F46 Description ICC Public Key Certificate Length NI
2006 MasterCard
107
Personalization
Persistent Data Elements for GPO Response
8.4
Persistent Data Elements for GPO Response

Table 8.9 lists the persistent data elements for the GPO response.
Table 8.9Persistent Data Elements for GPO Response Tag 94 82 Data Element Application File Locator Application Interchange Profile Length 12 or 16 2 Format/Value supported Binary Binary
For a card that supports only static data authentication, the AFL shall be personalized with the value: 08 01 01 00 10 01 01 01 18 01 02 00 For a card that supports combined DDA/AC generation, the AFL shall be personalized with the value: 08 01 01 00 10 01 01 01 18 01 02 00 20 01 02 00 The AIP includes the M/Chip profile is supported bit and must be personalized as specified in Table 8.10 and Table 8.11.
Table 8.10Byte 1 of the Application Interchange Profile b8 b7 b6 b5 b4 b3 b2 b1 Meaning 0 0/1 0 1 1 0 0 RFU Offline static data authentication supported Offline dynamic data authentication supported Cardholder verification supported Terminal risk management to be performed Issuer authentication supported RFU 0/1 Combined DDA GENERATE AC supported
Table 8.11Byte 2 of the Application Interchange Profile b8 b7 b6 b5 b4 b3 b2 b1 Meaning 1 0 0 0 0 0 0 0 M/Chip profile is supported RFU
2006 MasterCard
108
Personalization
Persistent Data Elements for CRM
8.5
Persistent Data Elements for CRM

The data elements listed in Table 8.12 are the persistent data elements for Card Risk Management.
Table 8.12Persistent Data Elements for Card Risk Management Tag D5 Name Application Control Length (bytes) 2 1 1 6 6 2 25 2 3 3 3 18 1
9F14 Lower Consecutive Offline Limit 9F23 Upper Consecutive Offline Limit CA CB C9 D1 C8 C3 C4 C5 D3 C7 Lower Cumulative Offline Transaction Amount Upper Cumulative Offline Transaction Amount CRM Currency Code Currency Conversion Table CRM Country Code Card Issuer Action Code Decline Card Issuer Action Code Default Card Issuer Action Code Online Additional Check Table CDOL 1 Related Data Length
8.6
Secret Keys
Table 8.13 lists the Triple DES keys.
Table 8.13Triple DES Keys Data Element ICC Dynamic Number Master Key (MKIDN) (if CDA supported) AC Master Key (MKAC) ICC Derived Key for CVC3 Generation (KDCVC3) Length (bytes) 16 16 16
Table 8.14 shows the ICC's RSA private key and a related data element (only if CDA supported).
Table 8.14ICC's RSA Private Key Data Element Length of ICC Public Key Modulus (NIC) ICC Private Key Length (bytes) 1 Implementation specific
2006 MasterCard
109
Personalization
Miscellaneous
Note
If the PayPass M/Chip Flex application supports CDA, then it must accept any RSA key with modulus in the range 80 to128. The storage format of the RSA key is implementation specific. The card application developer must provide storage format details for the RSA keys.
8.7
Miscellaneous
Table 8.15 shows miscellaneous persistent data elements.
Table 8.15Miscellaneous Persistent Data Elements Tag 9F7E Name Co-application Indicator Key Derivation Index Application Life Cycle Data Length (bytes) 1 1 48
8.8
Counters and Previous Transaction History

Table 8.16 lists those persistent data elements that are linked to the counters and keep track of previous transaction history.
Table 8.16Counters and Previous Transaction Name Application Transaction Counter Limit Previous Transaction History AC Session Key Counter Limit Length (bytes) 2 1 2
2006 MasterCard
110
Personalization
Data Elements with a Fixed Initial Value
8.9

Table 8.17 lists data elements with a fixed initial value. The decision about whether to include these data elements as data to be personalized is implementation specific. If these data elements cannot be personalized, their initial values must be as specified in Table 8.17.
Table 8.17Data Elements with a Fixed Initial Value Name Cumulative Offline Transaction Amount Consecutive Offline Transaction Number Application Transaction Counter AC Session Key Counter Length 6 1 2 2 Initial Value 000000000000 00 0000 0000
2006 MasterCard
111
Personalization
2006 MasterCard
112
Data Elements Dictionary

AC Session Key Counter
Annex A: Data Elements Dictionary

This annex lists the definitions of data elements that are supported by the PayPass M/Chip Flex application and that are not provided by [PAYPASS M/CHIP], or that are constrained by the PayPass M/Chip Flex application.
A.1 AC Session Key Counter

Tag: Format: Description: b, 2 bytes The AC Session Key Counter is a two-byte counter, initialized to zero and counting the number of times the AC Master Key (MKAC) has been used to derive a session key in the case of a CCD compliant co-application. When the AC Session Key Counter has reached the AC Session Key Counter Limit, the application is disabled. PayPass M/Chip Flex does not provide a mechanism to reset the AC Session Key Counter.
A.2 AC Session Key Counter Limit

Tag: Format: Description: b, 2 bytes The AC Session Key Counter Limit limits the number the AC Master Key can be used to derive a session key in the case of a CCD compliant coapplication. The AC Session Key Counter Limit is determined by the issuer at personalization time.
A.3 Additional Check Table

Tag: Format: Description: D3 b, 18 bytes The Additional Check Table contains values that are compared to values given by the terminal in CDOL 1 Related Data. The result of the comparison is reflected in the decision-making part of the Card Verification Results. The check with the Additional Check Table is only performed if Application Control [2][3] is set to 1b.
2006 MasterCard
113

Application Control
A.4 Application Control

Tag: Format: Description: D5 b, 3 bytes The Application Control activates or de-activates functions in the application. The PayPass M/Chip Flex application extends the definition of the Application Control of the M/Chip 4 contact-only application with 1 additional byte, which is used to activate or to de-activate options for the generation of the dynamic CVC3. Byte 1 of the Application Control is coded according to Table A.1.
Table A.1Byte 1 of the Application Control b8 b7 b6 b5 b4 b3 b2 b1 Meaning x 0 x 0 1 x 0 1 x 0 x 0 x 0 x 0 x 0 magstripe grade issuer activated not supported skip CIAC-default on CAT3 do not skip CIAC-default on CAT3 skip CIAC-default on CAT3 offline-only not offline-only offline-only key for offline encrypted PIN verification not supported offline encrypted PIN verification not supported offline plaintext PIN verification not supported session key derivation not supported encrypt offline counters not supported
Byte 2 of the Application Control is coded according to Table A.2.
2006 MasterCard
114

Application Control
Table A.2Byte 2 of the Application Control b8 b7 b6 b5 b4 b3 b2 b1 Meaning x 0 x 0 x 0 x 0 x 0 1 x 0 1 x 0 1 x 0 reserved other values RFU always add to consecutive transaction number do not add always add always activate additional check table do not activate additional check table activate additional check table allow retrieval of balance do not allow retrieval of balance allow retrieval of balance include counters in AC not supported
Byte 3 of the Application Control is coded according to Table A.3.

Table A.3Byte 3 of the Application Control b8 b7 b6 b5 b4 b3 b2 b1 Meaning x 0 1 x 0 1 0 0 0 0 0 0 indicate if Static CVC3 must be used do not use Static CVC3 use Static CVC3 include ATC in CVC3 generation do not include ATC include ATC other values RFU
2006 MasterCard
115

Application Life Cycle Data
A.5 Application Life Cycle Data

Tag: Format: Description: 9F7E b, 48 bytes The purpose of the Application Life Cycle Data is to uniquely identify the application code and the application issuer. The Application Life Cycle Data is coded as shown in Table A.4. The 7 bytes reserved for the Type Approval ID will contain an identifier given by MasterCard when the application has passed the Type Approval process. 20 bytes are reserved to identify the application issuer, most likely the card issuer. The issuer should, using this value, be able to identify the personalizer and the personalization batch. The last 20 bytes are used to uniquely identify the application code. This identifier must allow discrimination between any different behaviors of the application. Typically, this field may contain the identifier of the application provider and the identifier of the application code. It is left to the application provider to ensure that two different behaviors will always be discriminated with this field. The easiest way to implement this feature is to modify the value of this field at each modification of the application (version identifier), the application code (release identifier), the platform on which the application is actually running (e.g. virtual machine version x or y), and the hardware on which the platform or the application is actually running. The organization of the storage of these fields in the application is left to the implementation. The last field may be coded in the application itself (i.e. in the code) while the others are set at personalization.
Table A.4Coding of Application Life Cycle Data Field Version Number Type Approval ID Application Issuer ID Application Code ID Length 1 7 20 20 Format binary binary binary binary
2006 MasterCard
116

Application Transaction Counter
A.6 Application Transaction Counter

Tag: Format: Description: 9F36 b, 2 bytes The Application Transaction Counter counts the number of transactions processed by the application. The PayPass M/Chip Flex application increments the ATC by 1 when it receives the GET PROCESSING OPTIONS command.
A.7 Application Transaction Counter Limit

Tag: Format: Description: b, 2 bytes The Application Transaction Counter Limit limits the number of transactions processed by the application. When the Application Transaction Counter reaches the Application Transaction Counter Limit, the application will not process transactions anymore.
A.8 Card Issuer Action Code Decline, Default, Online

Tag: Card Issuer Action Code Decline: C3 Card Issuer Action Code Default: C4 Card Issuer Action Code Online: C5 b, 3 bytes each The Card Issuer Action Codes (CIACs) are compared to the decisional part of the Card Verification Results to take decisions: Card Issuer Action Code Decline is used by the issuer to set the situations when a transaction is always declined at the first GENERATE AC. Card Issuer Action Code Online is used by the issuer to set the situations when a transaction goes online if the terminal is online capable. Card Issuer Action Code Default is used by the issuer to set the situations when a transaction is declined if the terminal is not online capable. The three Card Issuer Action Codes have the format given below. CIAC Byte 1 is coded according to Table A.5.
Format: Description:
2006 MasterCard
117

Card Issuer Action Code Decline, Default, Online
Table A.5Coding of CIAC (Byte 1) b8 x 0 x 0 x 0 x 0 x 0 x 0 1 x 0 1 x 0 b7 b6 b5 b4 b3 b2 b1 Meaning Reserved-no meaning Other value RFU Unable to go online indicated Not supported Offline PIN verification not performed Not supported Offline PIN verification failed Not supported PTL exceeded Not supported International transaction Do not take action if International transaction Take action if International transaction Domestic transaction Do not take action if Domestic transaction Take action if Domestic transaction Terminal erroneously considers offline PIN OK Not supported
CIAC Byte 2 is coded according to Table A.6.
2006 MasterCard
118

Card Issuer Action Code Decline, Default, Online
Table A.6Coding of CIAC (Byte 2) b8 x 0 1 x 0 1 x 0 1 x 0 1 x 0 x 0 x 0 x 0 b7 b6 b5 b4 b3 b2 b1 Meaning Lower consecutive offline limit exceeded Do not take action if lower consecutive offline limit exceeded Take action if lower consecutive offline limit exceeded Upper consecutive offline limit exceeded Do not take action if upper consecutive offline limit exceeded Take action if upper consecutive offline limit exceeded Lower cumulative offline limit exceeded Do not take action if lower cumulative offline limit exceeded Take action if lower cumulative offline limit exceeded Upper cumulative offline limit exceeded Do not take action if upper cumulative offline limit exceeded Take action if upper cumulative offline limit exceeded Go online on next transaction was set Not supported Issuer Authentication failed Not supported Script received Not supported Script failed Not supported
CIAC Byte 3 is coded according to Table A.7.
2006 MasterCard
119

Card Verification Results
Table A.7Coding of CIAC (Byte 3) b8 x 0 b7 x 0 b6 x 0 b5 x 0 b4 x 0 b3 x 0 x 0 1 x 0 1 b2 b1 Meaning Reserved Other values RFU Match found in Additional Check Table Do not take action if match found in Additional Check Table Take action if match found in Additional Check Table No match found in Additional Check Table Do not take action if no match found in Additional Check Table Take action if no match found in Additional Check Table
A.9 Card Verification Results

Tag: Format: Description: 9F52 b, 6 bytes The Card Verification Results contains transaction related information as well as decision making information resulting from the Card Risk Management with regard to accepting a transaction offline, going online to the issuer, or declining a transaction. Byte 1 of the Card Verification Results is coded according to Table A.8.
2006 MasterCard
120

Table A.8Coding of the Card Verification Results (Byte 1) b8 x 0 0 1 1 b7 x 0 1 0 1 x 0 0 1 1 x 0 1 0 1 x 0 x 0 x 0 x 0 b6 b5 b4 b3 b2 b1 Meaning AC returned in second GENERATE AC AAC TC Not requested RFU AC returned in first GENERATE AC AAC TC ARQC RFU Reserved Other value RFU Offline PIN verification performed Not supported Offline Encrypted PIN verification performed Not supported Offline PIN verification successful Not supported
Byte 2 of the Card Verification Results is coded according to Table A.9.
2006 MasterCard
121

Table A.9Coding of the Card Verification Results (Byte 2) b8 x 0 x 0 1 x 0 x 0 x 0 x 0 x 0 x 0 b7 b6 b5 b4 b3 b2 b1 Meaning DDA Returned Not supported Combined DDA/AC Generation returned in first GENERATE AC Combined DDA/AC Generation not returned in first GENERATE AC Combined DDA/AC Generation returned in first GENERATE AC Combined DDA/AC Generation returned in second GENERATE AC Not supported Issuer Authentication performed Not supported CIAC-Default skipped On CAT3 Not supported Reserved All other values RFU

Table A.10Coding of the Card Verification Results (Byte 3) b8 x 0 b7 x 0 b6 x 0 b5 x 0 x 0 x 0 x 0 x 0 b4 b3 b2 b1 Meaning Right nibble of Script Counter Not supported Right nibble of PIN Try Counter Not supported
2006 MasterCard
122

Table A.11Coding of the Card Verification Results (Byte 4) b8 x 0 x 0 x 0 x 0 x 0 x 0 1 x 0 1 x 0 b7 b6 b5 b4 b3 b2 b1 Meaning Reserved Other value RFU Unable to go online indicated Not supported Offline PIN verification not performed Not supported Offline PIN verification failed Not supported PTL exceeded Not supported International transaction Domestic transaction International transaction Domestic transaction International transaction Domestic transaction Terminal erroneously considers Offline PIN OK Not supported
2006 MasterCard
123

Table A.12Coding of the Card Verification Results (Byte 5) b8 x 0 1 x 0 1 x 0 1 x 0 1 x 0 x 0 x 0 x 0 b7 b6 b5 b4 b3 b2 b1 Meaning Lower Consecutive Offline Limit exceeded Lower Consecutive Offline Limit not exceeded Lower Consecutive Offline Limit exceeded Upper Consecutive Offline Limit exceeded Upper Consecutive Offline Limit not exceeded Upper Consecutive Offline Limit exceeded Lower Cumulative Offline Limit exceeded Lower Cumulative Offline Limit not Exceeded Lower Cumulative Offline Limit exceeded Upper Cumulative Offline Limit exceeded Upper Cumulative Offline Limit not exceeded Upper Cumulative Offline Limit exceeded Go online on next transaction was set Not supported Issuer Authentication failed Not supported Script received Not supported Script failed Not supported

Table A.13Coding of the Card Verification Results (Byte 6) b8 x 0 b7 x 0 b6 x 0 b5 x 0 b4 x 0 b3 x 0 x 0 1 x 0 1 b2 b1 Meaning Reserved Other value RFU Match Found in Additional Check Table No match found in Additional Check Table Match found in Additional Check Table No Match Found in Additional Check Table Match found in Additional Check Table No match found in Additional Check Table
2006 MasterCard
124

CDOL 1
A.10 CDOL 1
Tag: Format: Description: 8C b, var. Informs the terminal of data needed by the ICC in the first GENERATE AC command. Table A.14 defines the content of the CDOL 1 for the PayPass M/Chip Flex application.
Table A.14Content of the CDOL 1 Data Element Amount Authorized (Numeric) Amount Other (Numeric) Terminal Country Code Terminal Verification Results Transaction Currency code Transaction Date Transaction Type Unpredictable Number Terminal Type Data Authentication Code Tag 9F02 9F03 9F1A 95 5F2A 9A 9C 9F37 9F35 9F45 Length 6 6 2 5 2 3 1 4 1 2
A.11 CDOL 1 Related Data Length

Tag: Format: Description: C7 b, 1 byte Contains the length of CDOL 1 Related Data. If no extension to CDOL 1 Related Data is used, the CDOL 1 Related Data Length value is '20'. The PayPass M/Chip Plus application allows the extension of this value by at least 10 bytes. The personalization value for CDOL 1 Related Data Length must be consistent with the personalization value for CDOL 1.
2006 MasterCard
125

Co-application Indicator
A.12 Co-application Indicator

Tag: Format: Description: b, 1 byte The Co-application Indicator is a persistent data element personalized by the issuer. It defines the active co-application. Table A.15 shows the Coapplication Indicator coding.
Table A.15Co-application Indicator Coding b8 0 b7 0 b6 0 b5 0 b4 0 b3 0 0 0 1 1 0 1 0 1 b2 b1 Meaning Other values RFU M/Chip Lite 2.1 co-application active M/Chip 2.05 co-application active UKIS co-application active CCD-compliant co-application active
A.13 Consecutive Offline Transactions Number

Tag: Format: Description: b, 1 byte The Consecutive Offline Transactions Number represents the number of transactions accepted offline and which have not been cumulated in the Cumulative Offline Transaction Amount. The offline counters are internally compared to the offline limits. If a counter has exceeded its lower or upper limit, the relevant Card Verification Results bit is set.
A.14 Counters
Tag: Format: Description: C6 b, 10 bytes Counters is the concatenation of internal counters as specified in Table A.16.
Table A.16Content of Counters Element Application Transaction Counter AC Session Key Counter RFU Length 2 2 6
2006 MasterCard
126

CRM Country Code
A.15 CRM Country Code

Tag: Format: Description: C8 n 3, 2 bytes The CRM Country Code is used to differentiate between domestic transactions (when the CRM Country Code matches the Terminal Country Code) and international transactions (when the CRM Country Code does not match the Terminal Country Code). This may have an influence on the Card Risk Management, depending on the Card Issuer Action Codes settings.
A.16 CRM Currency Code

Tag: Format: Description: C9 n 3, 2 bytes The CRM Currency Code is the currency of the Cumulative Offline Transaction Amount.
A.17 Cryptogram Information Data

Tag: Format: Description: '9F27' b, 1 byte The Cryptogram Information Data contains Application Cryptogram related information. If Co-application Indicator [2-1] = 10b (co-application UKIS is active), or if Co-application Indicator [2-1] = 01b (co-application M/Chip 2.05 is active), or if Co-application Indicator [2-1] = 00b (co-application M/Chip Lite 2.1 is active), then the Cryptogram Information Data is coded according to [EMV BOOK 3], Section 6.5.5.4. If Co-application Indicator [2-1] = 11b (CCD-compliant co-application is active), then the Cryptogram Information Data is coded according to Table CCD 3 in the CCD section of [EMV BOOK 3].
A.18 Cryptogram Version Number

Tag: Format: Description: b, 1 byte The Cryptogram Version Number informs the issuer about algorithm and data used for Application Cryptogram computation.
2006 MasterCard
127

Cumulative Offline Transaction Amount
A.19 Cumulative Offline Transaction Amount

Tag: Format: Description: n, 12 The Cumulative Offline Transaction Amount represents the cumulative value of transactions accepted offline. Transactions can be cumulated if they are in the counter currency or if they are in a currency that can be converted into the counter currency by the application. The offline counters are internally compared to the offline limits. If a counter has exceeded its lower or upper limit, the relevant Card Verification Results bit is set.
A.20 Currency Conversion Parameters

Tag: Format: Description: b, 5 bytes Used to convert transactions in recognized currencies into transactions in the counter currency. See Table A.17 for details.
Table A.17 Currency Conversion Parameters Position Byte 1-2 Byte 3-4 Byte 5 Data Currency Code Conversion Rate Conversion Exponent Length 2 2 1 Value Issuer specific Decimal, BCD coding of multiplication factor Binary coding of 10-power (most significant bit is the sign)
A.21 Currency Conversion Table

Tag: Format: Description: D1 b, 25 bytes The Currency Conversion Table is used to convert transactions in recognized currencies into transactions in the counter currency. See Table A.18 for details.
Table A.18Currency Conversion Table Data Element Currency Conversion Table Currency Conversion Parameters 1 Currency Conversion Parameters 2 Currency Conversion Parameters 3 Currency Conversion Parameters 4 Currency Conversion Parameters 5 Length 25 5 5 5 5 5
2006 MasterCard
128

CVR CCD
A.22 CVR CCD

Tag: Format: Description: 9F52 b, 5 bytes The CVR - CCD contains the CVR for a CCD-compliant co-application. Byte 1 of the CVR - CCD is coded according to Table A.19.
Table A.19Coding of CVR - CCD (Byte 1) b8 x 0 0 1 1 b7 x 0 1 0 1 x 0 0 1 1 x 0 1 0 1 x 1 0 x 0 x 0 x 0 b6 b5 b4 b3 b2 b1 Meaning Application Cryptogram Type returned in second GENERATE AC: Not supported Not supported Second GENERATE AC not requested RFU Application Cryptogram Type returned in first GENERATE AC: AAC TC ARQC RFU CDA performed 'Combined DDA/AC Generation returned in first GENERATE AC' bit = 1 in Card Verification Results 'Combined DDA/AC Generation not returned in first GENERATE AC ' bit = 1 in Card Verification Results Offline DDA performed DDA not supported Issuer Authentication not performed Issuer Authentication not supported Issuer Authentication failed Issuer Authentication not supported
Byte 2 of the CVR - CCD is coded according to Table A.20.
2006 MasterCard
129

CVR CCD
Table A.20Coding of CVR - CCD (Byte 2) b8 x 0 b7 x 0 b6 x 0 b5 x 0 x 0 x 0 x 0 x 0 b4 b3 b2 b1 Meaning Low order nibble of PIN Try Counter VERIFY command not supported Offline PIN verification performed VERIFY command not supported Offline PIN verification performed and PIN not successfully verified VERIFY command not supported PIN Try Limit exceeded VERIFY command not supported Last online transaction not completed PayPass never completes online transactions

Table A.21Coding of CVR - CCD (Byte 3) b8 x 1 0 x 1 0 x 1 0 x 1 0 b7 b6 b5 b4 b3 b2 b1 Meaning Lower Offline Transaction Count Limit exceeded Lower Consecutive Offline Limit Exceeded' bit = 1 in Card Verification Results 'Lower Consecutive Offline Limit Exceeded' bit = 0 in Card Verification Results Upper Offline Transaction Count Limit exceeded Upper Consecutive Offline Limit Exceeded' bit = 1 in Card Verification Results 'Upper Consecutive Offline Limit Exceeded' bit = 0 in Card Verification Results Lower Cumulative Offline Amount Limit exceeded 'Lower Cumulative Offline Limit Exceeded' bit = 1 in Card Verification Results 'Lower Cumulative Offline Limit Exceeded' bit = 0 in Card Verification Results Upper Cumulative Offline Amount Limit exceeded 'Upper Cumulative Offline Limit Exceeded' bit = 1 in Card Verification Results 'Upper Cumulative Offline Limit Exceeded' bit = 0 in Card Verification Results
2006 MasterCard
130

CVR CCD
b8
b7
b6
b5
b4 x 0
b3
b2
b1
Meaning Issuer-discretionary bit 1 Not used
x 0 x 0 x 0
Issuer-discretionary bit 2 Not used Issuer-discretionary bit 3 Not used Issuer-discretionary bit 4 Not used

Table A.22Coding of CVR - CCD (Byte 4) b8 x 0 b7 x 0 b6 x 0 b5 x 0 x 0 x 0 x 0 x 0 b4 b3 b2 b1 Meaning Number of Issuer Script commands containing secure messaging processed Issuer-to-card Script Processing not supported Issuer script processing failed Issuer-to-card Script Processing not supported Offline data authentication failed on previous transaction Information not available from terminal because card is removed after first GENERATE AC Go online on next transaction was set Information not available from terminal because card is removed after first GENERATE AC Unable to go online Information not available from terminal because card is removed after first GENERATE AC

Table A.23Coding of CVR - CCD (Byte 5) b8 0 b7 0 b6 0 b5 0 b4 0 b3 0 b2 0 b1 0 Meaning RFU
2006 MasterCard
131

CVR - M/Chip 2.05
A.23 CVR - M/Chip 2.05

Tag: Format: Description: 9F52 b, 4 bytes The CVR - M/Chip 2.05 contains the CVR for a co-application M/Chip 2.05. Byte 1 of the CVR - M/Chip 2.05 indicates the CVR length and is set to '03'. Byte 2 of the CVR - M/Chip 2.05 is coded according to Table A.24.
Table A.24Coding of CVR - M/Chip 2.05 (Byte 2) b8 x 0 0 1 b7 x 0 1 0 b6 b5 b4 b3 b2 b1 Meaning Type of Application Cryptogram returned in second GENERATE AC: Not supported Not supported Second GENERATE AC not requested (true for first issuance of GENERATE AC, false for the second issuance) RFU x 0 0 1 1 x 0 1 0 1 x 0 x 0 x 0 x 0 Type of Application Cryptogram returned in first GENERATE AC: AAC TC ARQC RFU Issuer Authentication failed Issuer Authentication not supported Offline PIN Verification performed Offline PIN Verification not supported Offline PIN Verification failed Offline PIN Verification not supported Unable to go online Information not available from terminal because card is removed after first GENERATE AC
Byte 3 of the CVR - M/Chip 2.05 is coded according to Table A.25.
2006 MasterCard
132

CVR - M/Chip 2.05
Table A.25Coding of CVR - M/Chip 2.05 (Byte 3) b8 x 0 x 0 x 1 b7 b6 b5 b4 b3 b2 b1 Meaning Last online transaction not completed PayPass never completes online transactions Pin Try Limit exceeded VERIFY command not supported Exceeded velocity checking 'Lower Consecutive Offline Limit Exceeded' bit = 1 or 'Upper Consecutive Offline Limit Exceeded' bit = 1 in Card Verification Results 'Lower Consecutive Offline Limit Exceeded' bit = 0 and 'Upper Consecutive Offline Limit Exceeded' bit = 0 in Card Verification Results x 0 x 0 x 0 0 x 0 New card Not supported Issuer Authentication failure on last online transaction No Issuer Authentication supported because card is removed after first GENERATE AC Issuer Authentication not performed after online authorization No Issuer Authentication supported because card is removed after first GENERATE AC Not set by the application Static Data Authentication failed on last transaction and transaction declined offline Information not available from terminal because card is removed after first GENERATE AC (SDA performed after GENERATE AC)
Byte 4 of the CVR - M/Chip 2.05 is coded according to Table A.26.
2006 MasterCard
133

CVR - M/Chip 2.05
Table A.26Coding of CVR - M/Chip 2.05 (Byte 4) b8 x 0 b7 x 0 b6 x 0 x 0 x 0 x 1 b5 b4 b3 b2 b1 Meaning Number of Issuer Script Commands containing secure messaging processed on last transaction Issuer-to-card Script Processing not supported DDA failed on last transaction and transaction declined offline DDA not supported Issuer script processing failed on last transaction Issuer-to-card Script Processing not supported Lower Consecutive Offline Limit or Lower Cumulative Offline Transaction Amount exceeded 'Lower Consecutive Offline Limit Exceeded' bit = 1 or 'Lower Cumulative Offline Limit Exceeded' bit = 1 in Card Verification Results 'Lower Consecutive Offline Limit Exceeded' bit = 0 and 'Lower Cumulative Offline Limit Exceeded' bit = 0 in Card Verification Results x 1 Upper Consecutive Offline Limit or Upper Cumulative Offline Transaction Amount exceeded 'Upper Consecutive Offline Limit Exceeded' bit = 1 or 'Upper Cumulative Offline Limit Exceeded' bit = 1 in Card Verification Results 'Upper Consecutive Offline Limit Exceeded' bit = 0 and 'Upper Cumulative Offline Limit Exceeded' bit = 0 in Card Verification Results x 0 Maximum offline transaction amount exceeded Not supported
2006 MasterCard
134

CVR - M/Chip Lite 2.1
A.24 CVR - M/Chip Lite 2.1

Tag: Format: Description: 9F52 b, 4 bytes The CVR - M/Chip Lite 2.1 contains the CVR for a co-application M/Chip Lite 2.1. Byte 1 of the CVR - M/Chip Lite 2.1 indicates the CVR length and is set to '03'. Byte 2 of the CVR - M/Chip Lite 2.1 is coded according to Table A.27.
Table A.27Coding of CVR - M/Chip Lite 2.1 (Byte 2) b8 x 0 0 1 1 b7 x 0 1 0 1 x 0 0 1 1 x 0 1 0 1 x 0 x 0 x 0 x 0 b6 b5 b4 b3 b2 b1 Meaning Type of Application Cryptogram returned in second GENERATE AC: Not supported Not supported Second GENERATE AC not requested RFU Type of Application Cryptogram returned in first GENERATE AC: AAC TC ARQC RFU Issuer Authentication failed Issuer Authentication not supported Offline PIN Verification performed Offline PIN not supported Offline PIN Verification failed Offline PIN Verification not supported Unable to go online Information not available from terminal because card is removed after first GENERATE AC
Byte 3 of the CVR - M/Chip Lite 2.1 is coded according to Table A.28.
2006 MasterCard
135

Table A.28Coding of CVR - M/Chip Lite 2.1 (Byte 3) b8 x 0 x 0 x 1 b7 b6 b5 b4 b3 b2 b1 Meaning Last online transaction not completed PayPass never completes online transactions Pin Try Limit exceeded VERIFY command not supported Exceeded velocity checking 'Lower Consecutive Offline Limit Exceeded' bit = 1 or 'Upper Consecutive Offline Limit Exceeded' bit = 1 in Card Verification Results 'Lower Consecutive Offline Limit Exceeded' bit = 0 and 'Upper Consecutive Offline Limit Exceeded' bit = 0 in Card Verification Results x 0 x 0 x 0 x 0 x 0 New card Not supported Issuer Authentication failure on last online transaction No Issuer Authentication supported because card is removed after first GENERATE AC Issuer Authentication not performed after online authorization No Issuer Authentication supported because card is removed after first GENERATE AC Application blocked by card because PIN Try Limit exceeded VERIFY command not supported Offline Static Data Authentication failed on last transaction Information not available from terminal because card is removed after first GENERATE AC (SDA performed after GENERATE AC)
Byte 4 of the CVR - M/Chip Lite 2.1 is coded according to Table A.29.
2006 MasterCard
136

Table A.29Coding of CVR - M/Chip Lite 2.1 (Byte 4) b8 x 0 b7 x 0 b6 x 0 0 x 0 x 1 b5 b4 b3 b2 b1 Meaning Number of script commands processed successfully Issuer-to-card Script Processing not supported Not used Issuer script processing failed on last or current transaction Issuer-to-card Script Processing not supported Lower Consecutive Offline Limit or Lower Cumulative Offline Transaction Amount exceeded 'Lower Consecutive Offline Limit Exceeded' bit = 1 or 'Lower Cumulative Offline Limit Exceeded' bit = 1 in Card Verification Results 'Lower Consecutive Offline Limit Exceeded' bit = 0 and 'Lower Cumulative Offline Limit Exceeded' bit = 0 in Card Verification Results x 1 Upper Consecutive Offline Limit or Upper Cumulative Offline Transaction Amount exceeded 'Upper Consecutive Offline Limit Exceeded' bit = 1 or 'Upper Cumulative Offline Limit Exceeded' bit = 1 in Card Verification Results 'Upper Consecutive Offline Limit Exceeded' bit = 0 and 'Upper Cumulative Offline Limit Exceeded' bit = 0 in Card Verification Results 0 Not used
2006 MasterCard
137

CVR - UKIS
A.25 CVR - UKIS

Tag: Format: Description: 9F52 b, 4 bytes The CVR - UKIS contains the CVR for a co-application UKIS. Byte 1 of the CVR - UKIS indicates the CVR length and is set to '03'. Byte 2 of the CVR - UKIS is coded according to Table A.30.
Table A.30Coding of CVR UKIS (Byte 2) b8 x 0 0 1 1 b7 x 0 1 0 1 x 0 0 1 1 x 0 1 0 1 x 0 x 0 x 0 x 0 b6 b5 b4 b3 b2 b1 Meaning Type of Application Cryptogram returned in second GENERATE AC: Not supported Not supported Second GENERATE AC not requested RFU Type of Application Cryptogram returned in first GENERATE AC: AAC TC ARQC AAR (not supported) Issuer Authentication performed and failed Issuer Authentication not supported Offline PIN Verification performed Offline PIN Verification not supported Offline PIN Verification failed Offline PIN Verification not supported Unable to go online Information not available from terminal because card is removed after first GENERATE AC
Byte 3 of the CVR - UKIS is coded according to Table A.31.
2006 MasterCard
138

CVR - UKIS
Table A.31Coding of CVR UKIS (Byte 3) b8 x 0 x 0 x 1 b7 b6 b5 b4 b3 b2 b1 Meaning Last online transaction not completed PayPass never completes online transactions Pin Try Limit exceeded VERIFY command not supported Exceeded velocity checking counters 'Lower Consecutive Offline Limit Exceeded' bit = 1 or 'Lower Cumulative Offline Limit Exceeded' bit = 1 or 'Upper Consecutive Offline Limit Exceeded' bit = 1 or 'Upper Cumulative Offline Limit Exceeded' bit = 1 in Card Verification Results 'Lower Consecutive Offline Limit Exceeded' bit = 0 and 'Lower Cumulative Offline Limit Exceeded' bit = 0 and 'Upper Consecutive Offline Limit Exceeded' bit = 0 and 'Upper Cumulative Offline Limit Exceeded' bit = 0 in Card Verification Results x 0 x 0 x 0 x 0 x 0 New card Not supported Issuer Authentication failure on last online transaction No Issuer Authentication supported because card is removed after first GENERATE AC Issuer Authentication not performed after online authorization No Issuer Authentication supported because card is removed after first GENERATE AC Application blocked by card because PIN Try Limit exceeded VERIFY command not supported Offline Static Data Authentication failed on last transaction and transaction declined offline Information not available from terminal because card is removed after first GENERATE AC
Byte 4 of the CVR - UKIS is coded according to Table A.32.
2006 MasterCard
139

File Control Information
Table A.32Coding of CVR - UKIS (Byte 4) b8 x b7 x b6 x b5 x b4 b3 b2 b1 Meaning Number of Issuer Script Commands received after the second GENERATE AC command containing secure messaging processed on last transaction Issuer-to-card Script Processing not supported x 0 x 0 x 0 0 Issuer script processing failed on last transaction Issuer-to-card Script Processing not supported Offline dynamic data authentication failed on last transaction and transaction declined offline Dynamic Data Authentication not supported Offline dynamic data authentication performed Dynamic Data Authentication not supported RFU
A.26 File Control Information

Tag: Format: Description: 6F (FCI template) b, length is variable The File Control Information (FCI) is not interpreted by the application. It is simply returned in the response to the SELECT. The FCI must be personalized by the issuer to values compliant to [PAYPASS MCHIP]. Since the PayPass M/Chip Flex application does not use the PDOL to receive data from the terminal in the GET PROCESSING OPTIONS, having a PDOL in the FCI is not allowed. Table A.33 shows the coding of the FCI.
Table A.33FCI Coding Tag 6F Value FCI Template 84 A5 DF Name FCI Proprietary Template 50 87 5F2D 9F11 9F12 BF0C Application Label Application Priority Indicator Language Preference Issuer Code Table Index Application Preferred Name FCI Issuer Discretionary Data Presence Mandatory Mandatory Mandatory Optional Optional Optional Optional Optional Optional
2006 MasterCard
140

Issuer Application Data (CCD)
A.27 Issuer Application Data (CCD)

Tag: Format: Description: 9F10 b, 32 bytes The Issuer Application Data (IAD) generated by the PayPass M/Chip Flex application contain transaction related information for the issuer. The IAD for a CCD-compliant co-application is coded as specified in the CCD Part of EMV Book 3, Annex C.7, for a CCD-compliant application with a Format Code of 'A' with Cryptogram Version of '4'. The coding is shown in Table A.34.
Table A.34Coding of CCD-compliant Issuer Application Data IAD Byte 1 2 3 4-8 9-16 17 18-32 Description Length Indicator Common Core Identifier (CCI) Derivation Key Index (DKI) CVR CCD Counters Length Indicator Issuer-Discretionary Comment '0F' 'A4' Issuer-discretionary The Card Verification Results from Card Risk Management processing Cumulative Offline Transaction Amount || Consecutive Offline Transaction Number || 'FF' '0F' any
A.28 Issuer Application Data (M/Chip 2.05)

Tag: Format: Description: 9F10 b, 8 bytes The Issuer Application Data (IAD) generated by the PayPass M/Chip Flex application contains transaction related information for the issuer. The IAD for an M/Chip 2.05 co-application is coded according to Table A.35.
Table A.35Coding of M/Chip 2.05 Issuer Application Data IAD Byte 1 2 3-6 7-8 Description Derivation Key Index Cryptogram Version Number CVR - M/Chip 2.05 Data Validation Response Comment Determined by issuer Determined by issuer The Card Verification Results from Card Risk Management processing Data Authentication Code if SDA is performed. Otherwise, set to zero.
2006 MasterCard
141

Issuer Application Data (M/Chip Lite 2.1)
A.29 Issuer Application Data (M/Chip Lite 2.1)

Tag: Format: Description: 9F10 b, 8 bytes The Issuer Application Data (IAD) generated by the PayPass M/Chip Flex application contains transaction related information for the issuer. The IAD for an M/Chip Lite 2.1 co-application is coded according to Table A.36.
Table A.36Coding of M/Chip Lite 2.1 Issuer Application Data IAD Byte 1 2 3-6 7-8 Description Key Derivation Index Cryptogram Version Number CVR - M/Chip Lite 2.1 Data Authentication Code Comment Determined by issuer Determined by issuer The Card Verification Results from Card Risk Management processing Determined by issuer
A.30 Issuer Application Data (UKIS)

Tag: Format: Description: 9F10 b, 23 bytes The Issuer Application Data (IAD) generated by the PayPass M/Chip Flex application contains transaction related information for the issuer. The IAD for an UKIS co-application is coded according to Table A.37.
Table A.37Coding of UKIS Issuer Application Data IAD Byte 1 2 3 4-7 8-23 Description Length Indicator Derivation Key Index (DKI) Cryptogram Version Number CVR UKIS Issuer Discretionary Data Assigned by the issuer (default '00') Assigned by Visa, value supported: '0A' The Card Verification Results from Card Risk Management processing Optional, first byte indicates length Comment
2006 MasterCard
142

IVCVC3TRACK1
A.31 IVCVC3TRACK1
Tag: Format: Description: DC b, 2 bytes The IVCVC3TRACK1 is an issuer proprietary static data element that is used as input for the generation of the CVC3TRACK1 cryptogram. Refer to Section 6.3 for a detailed description of the generation of IVCVC3TRACK1.
A.32 IVCVC3TRACK2
Tag: Format: Description: DD b, 2 bytes The IVCVC3TRACK2 is an issuer proprietary static data element that is used as input for the generation of the CVC3TRACK2 cryptogram. Refer to Section 6.3 for a detailed description of the generation of IVCVC3TRACK2.
A.33 Key Derivation Index

Tag: Format: Description: b, 1 byte The Key Derivation Index is an issuer specific data element.
A.34 Lower Consecutive Offline Limit

Tag: Format: Description: 9F14 b, 1 byte If the Consecutive Offline Transactions Number has exceeded this limit, the relevant CVR bit is set.
A.35 Lower Cumulative Offline Transaction Amount

Tag: Format: Description: CA n, 12 If the Cumulative Offline Transaction Amount has exceeded this limit, the relevant Card Verification Results bit is set.
2006 MasterCard
143

Offline Balance
A.36 Offline Balance

Tag: Format: Description: 9F50 n, 12 The Offline Balance represents the amount of offline spending available and can be retrieved by the GET DATA command, if allowed by the Application Control. The Offline Balance is computed as follows: Offline Balance = Upper Cumulative Offline Transaction Amount Cumulative Offline Transaction Amount
A.37 Offline Consecutive Transactions Remaining

Tag: Format: Description: 9F7A b, 1 byte The Offline Consecutive Transactions Remaining represents the remaining number of offline consecutive transactions which have not been cumulated in the Cumulative Offline Transaction Amount. The Offline Consecutive Transactions Remaining is retrievable by the GET DATA command, if allowed by the Application Control and is computed as follows: Offline Consecutive Transactions Remaining = Upper Consecutive Offline Limit Consecutive Offline Transactions Number.
A.38 Previous Transaction History

Tag: Format: Description: b, 1 byte The Previous Transaction History is used to store information about previous transactions in non-volatile memory. It is used in Card Risk Management. The Previous Transaction History is coded as shown in Table A.38.
2006 MasterCard
144

Security Limits
Table A.38Previous Transaction History Coding b8 b7 b6 b5 b4 b3 b2 b1 Meaning x 0 x 0 x 0 1 x 0 1 x 0 x 0 x 0 x 0 Reserved Other value RFU Application disabled Application is not disabled Application is disabled Application blocked Application is not blocked Application is blocked Go online on next transaction Not supported Issuer Authentication failed Not supported Script received Not supported Script failed Not supported
A.39 Security Limits

Tag: Format: Description: DF01 b, 2 bytes The Security Limits data element contains the concatenation of security limits associated with internal security-related counters. The format of the Security Limits data element is shown in Table A.39.
Table A.39Content of Security Limits Element AC Session Key Counter Limit Length 2
2006 MasterCard
145

Security Limits Status
A.40 Security Limits Status

Tag: Format: Description: DF02 b, 1 byte The Security Limits Status data element is introduced for forensic reasons to make it possible to determine that a security counter has reached its limit. The format of the Security Limits Status data element is shown in Table A.40.
Table A.40Content of Security Limits Status b8 b7 b6 b5 b4 b3 b2 b1 Meaning 1 0 0 0 0 0 0 0 Application Cryptogram Error Limit Exceeded not used RFU
A.41 Static CVC3TRACK1

Tag: Format: Description: DA b, 2 bytes The Static CVC3TRACK1 is the static variant of the dynamic CVC3 of the track 1 data converted into the binary format (e.g. a Static CVC3TRACK1 with value 812 in ans format is stored as 032C). The PayPass M/Chip Flex application returns the Static CVC3TRACK1 instead of the dynamically calculated CVC3TRACK1 if Application Control [3][8] = 1b.
A.42 Static CVC3TRACK2

Tag: Format: Description: DB b, 2 bytes The Static CVC3TRACK2 is the static variant of the dynamic CVC3 of the track 2 data converted into the binary format (e.g. a Static CVC3TRACK2 with value 812 in numeric (n) format is stored as 032C). The PayPass M/Chip Flex application returns the Static CVC3TRACK2 instead of the dynamically calculated CVC3TRACK2 if Application Control [3] [8] = 1b.
2006 MasterCard
146

Upper Consecutive Offline Limit
A.43 Upper Consecutive Offline Limit

Tag: Format: Description: 9F23 b, 1 byte If the Consecutive Offline Transactions Number has exceeded this limit, the relevant Card Verification Results bit is set.
A.44 Upper Cumulative Offline Transaction Amount

Tag: Format: Description: CB n, 12 If the Cumulative Offline Transaction Amount has exceeded this limit, the relevant Card Verification Results bit is set.
2006 MasterCard
147

Upper Cumulative Offline Transaction Amount
2006 MasterCard
148
Currency Conversion
Currency Conversion Process
Annex B: Currency Conversion

This appendix describes the mechanism of currency conversion used by the PayPass M/Chip Flex application.
B.1 Currency Conversion Process

The currency conversion mechanism allows the PayPass M/Chip Flex application to accumulate - in the Cumulative Offline Transaction Amount - transaction amounts in five additional currencies. The method used for recording offline transactions in the two offline counters is as follows: The application checks if the Transaction Currency Code is the CRM Currency Code. If the Transaction Currency Code is equal to the CRM Currency Code, then the Amount, Authorised is added to the Cumulative Offline Transaction Amount. If the Transaction Currency Code is not equal to the CRM Currency Code, then the application checks whether the Transaction Currency Code is equal to one of the five entries in the Currency Conversion Table, i.e. the Transaction Currency Code is equal to the currency code of one of the Currency Conversion Parameters. If the Transaction Currency Code is equal to one of the five entries in the Currency Conversion Table, then the Amount Authorized is converted into the counter currency, and the converted amount is added to the Cumulative Offline Transaction Amount.
If the Transaction Currency Code is not equal to one of the five currencies in the Currency Conversion Table, then the Consecutive Offline Transactions Number is incremented by 1. Figure B.1 illustrates the currency conversion process.
2006 MasterCard
149
Currency Conversion
Currency Conversion Parameters
Figure B.1Cumulated Transaction Amounts with Currency Conversion
transaction currency is the application currency ?
yes
add amount to cumulative amount
no
transaction currency is in the conversion table ?

no
yes
convert amount to application currency
add transaction to consecutive number
add converted amount to cumulative amount
B.2 Currency Conversion Parameters

Currency conversion uses the following parameters: Amount, Authorised The Currency Conversion Parameters corresponding to the Transaction Currency Code, as described in Table B.1.
Table B.1Currency Conversion Parameters Position Byte 1-2 Byte 3-4 Byte 5 Data Currency Code Conversion Rate Conversion Exponent Length 2 2 1 Value Issuer specific Decimal, BCD coding of multiplication factor Binary coding of 10-power (most significant bit is the sign)
2006 MasterCard
150
Currency Conversion
Currency Conversion Algorithm
B.3 Currency Conversion Algorithm

If (conversion exponent [8]=0b) then { Amount in Counter Currency = Amount, Authorised * conversion rate * 10 conversion exponent [7-1] If (Amount in Counter Currency > 999999999999) then an overflow occurs. } If (conversion exponent [8]=1b) then { Amount in Counter Currency = Amount, Authorised * conversion rate / 10 conversion exponent [7-1] the division is the integer division 3 If (Amount in Counter Currency > 999999999999) then an overflow occurs. }
the integer division is the truncated division, which can be implemented as a shift.
2006 MasterCard
151
Currency Conversion
2006 MasterCard
152
CVR Mapping Tables

Annex C: CVR Mapping Tables

This annex illustrates the CVR mapping mechanism of the PayPass M/Chip Flex application. First, Card Risk Management defines the Card Verification Results. Secondly, the Card Verification Results are mapped on the CVR belonging to the co-application. A hit in the table between a Card Verification Results bit and a co-application CVR bit is to be interpreted in the following way. If a Card Verification Results bit is set, then the relating co-application CVR bit must also be set. It may be possible that several Card Verification Results bits are related to only one co-application CVR bit. In this case the co-application CVR bit is set if at least one of the related Card Verification Results bits is set. Refer to Figure C.1, Card Verification Results [5] [7, 8], as an example for this behavior. Only CVR bits marked bold are used.
2006 MasterCard
153
CVR Mapping Tables

CVR Mapping Table for M/Chip 2.05
C.1 CVR Mapping Table for M/Chip 2.05

Figure C.1CVR Mapping Table for M/Chip 2.05
Byte 2 Byte 3 Byte 4 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1
CVR - M/Chip 2.05

No Match Found in Additional Check Table Match Found in Additional Check Table Reserved " " " " " Script Failed Script Received Issuer Authentication Failed Go Online On Next Transaction Was Set Upper Cumulative Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Consecutive Offline Limit Exceeded Terminal Err. Considers Offline PIN OK Domestic Transaction International Transaction PTL Exceeded Offline PIN Verification Failed Offline PIN Verification Not Performed Unable To Go Online Indicated Reserved Right nibble of PIN Try Counter " " " Right nibble of Script Counter " " " Reserved Reserved Reserved CIAC-Default Skipped On CAT3 Issuer Authentication Performed Comb. DDA/AC Gen. Ret. In Sec. GEN AC Comb. DDA/AC Gen. Ret. In First GEN AC DDA returned Offline PIN Verification Successful Offline Encrypted PIN Verification Performed Offline PIN Verification Performed Reserved AC returned in first G ENERATE AC " AC returned in second Generate AC " Byte 1 Byte 2 Byte 3 Byte 4 Byte 5 Byte 6 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1
154
Proprietary and Confidential
AC Type returned in second Generate AC " AC Type returned in first Generate AC " Issuer Authentication failed Offline PIN Verification performed Offline PIN Verification failed Unable to go online Last online transaction not completed Pin Try Limit exceeded Exceeded velocity checking New card Issuer Auth. failure on last online transaction Issuer Auth. not performed after online author. Not set by the application SDA failed on last trans. and trans. decl. offl. N. of Iss. Script Com. con. sm pr. on last trans. " " DDA failed on last trans. and trans. decl. offl. Issuer script proc. failed on last trans. LCOL or LCOTA exceeded UCOL or UCOTA exceeded Maximum offline transaction amount exceeded
2006 MasterCard
PayPass M/Chip Flex Technical Specifications
CVR Mapping Tables

CVR Mapping Table for M/Chip Lite 2.1
C.2 CVR Mapping Table for M/Chip Lite 2.1

Figure C.2CVR Mapping Table for M/Chip Lite 2.1
Byte 2 Byte 3 Byte 4 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1

No Match Found in Additional Check Table Match Found in Additional Check Table Reserved " " " " " Script Failed Script Received Issuer Authentication Failed Go Online On Next Transaction Was Set Upper Cumulative Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Consecutive Offline Limit Exceeded Terminal Err. Considers Offline PIN OK Domestic Transaction International Transaction PTL Exceeded Offline PIN Verification Failed Offline PIN Verification Not Performed Unable To Go Online Indicated Reserved Right nibble of PIN Try Counter " " " Right nibble of Script Counter " " " Reserved Reserved Reserved CIAC-Default Skipped On CAT3 Issuer Authentication Performed Comb. DDA/AC Gen. Ret. In Sec. GEN AC Comb. DDA/AC Gen. Ret. In First GEN AC DDA returned Offline PIN Verification Successful Offline Encrypted PIN Verification Performed Offline PIN Verification Performed Reserved AC returned in first G ENERATE AC " AC returned in second Generate AC " Byte 1 Byte 2 Byte 3 Byte 4 Byte 5 Byte 6 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1
2006 MasterCard
AC Type returned in second Generate AC " AC Type returned in first Generate AC " Issuer Authentication failed Offline PIN Verification performed Offline PIN Verification failed Unable to go online Last online transaction not completed Pin Try Limit exceeded Exceeded velocity checking New card Issuer Auth. failure on last online transaction Issuer Auth. not performed after online author. Appl. blocked by card because PTL exceeded Offline SDA failed on last transaction N. of script commands processed successfully " " Not used Issuer script proc. fail. on last or current trans. LCOL or LCOTA exceeded UCOL or UCOTA exceeded Not used
155
CVR Mapping Tables

CVR Mapping Table for CCD
C.3 CVR Mapping Table for CCD

Figure C.3CVR Mapping Table for CCD
Byte 1 Byte 2 Byte 3 Byte 4 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1
CVR - CCD

No Match Found in Additional Check Table Match Found in Additional Check Table Reserved " " " " " Script Failed Script Received Issuer Authentication Failed Go Online On Next Transaction Was Set Upper Cumulative Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Consecutive Offline Limit Exceeded Terminal Err. Considers Offline PIN OK Domestic Transaction International Transaction PTL Exceeded Offline PIN Verification Failed Offline PIN Verification Not Performed Unable To Go Online Indicated Reserved Right nibble of PIN Try Counter " " " Right nibble of Script Counter " " " Reserved Reserved Reserved CIAC-Default Skipped On CAT3 Issuer Authentication Performed Comb. DDA/AC Gen. Ret. In Sec. GEN AC Comb. DDA/AC Gen. Ret. In First GEN AC DDA returned Offline PIN Verification Successful Offline Encrypted PIN Verification Performed Offline PIN Verification Performed Reserved AC returned in first GENERATE AC " AC returned in second Generate AC " Byte 1 Byte 2 Byte 3 Byte 4 Byte 5 Byte 6 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1
156
AC returned in second Generate AC " AC returned in first GENERATE AC " CDA performed Offline DDA performed Issuer Authentication not performed Issuer Authentication failed Low order nibble of PIN Try Counter " " " Offline PIN Verification performed Off. PIN Verif. perf. and PIN not suc. ver. PIN Try Limit exceeded Last online transaction not completed Lower Offline Trans. Count Limit exceeded Upper Offline Trans. Count Limit exceeded Lower Cumul. Offl. Amount Limit exceeded Upper Cumu. Offl. Amount Limit exceeded Issuer-discretionary bit 1 Issuer-discretionary bit 2 Issuer-discretionary bit 3 Issuer-discretionary bit 4 Num. of Issuer Scr. Com. containing sm proc. " " " Issuer script processing failed Offline data auth. failed on previous trans. Go online on next transaction was set Unable to go online
2006 MasterCard
CVR Mapping Tables

CVR Mapping Table for UKIS
C.4 CVR Mapping Table for UKIS

Figure C.4CVR Mapping Table for UKIS
Byte 2 Byte 3 Byte 4 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 Offl. dda fail. on last trans. and trans. decl. offl. ... c. se messaging processed on last transaction Issuer Auth. not perf. after online authorization Offline dynamic data authentication performed N. of Issuer Script Com. rec. a. sec. GEN AC... Offl. SDA fail. o. last trans. a. trans. decl. offl. Appl. blocked by card because PTL exceeded Issuer Auth. failure on last online transaction AC Type returned in second Generate AC Issuer script processing failed on last trans. Issuer Authentication performed and failed
AC Type returned in first Generate AC
CVR - UKIS
Exceeded velocity checking counters
Last online transaction not completed
Offline PIN Verification performed
Offline PIN Verification failed
Pin Try Limit exceeded
Unable to go online
No Match Found in Additional Check Table Match Found in Additional Check Table Reserved " " " " " Script Failed Script Received Issuer Authentication Failed Go Online On Next Transaction Was Set Upper Cumulative Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Consecutive Offline Limit Exceeded Terminal Err. Considers Offline PIN OK Domestic Transaction International Transaction PTL Exceeded Offline PIN Verification Failed Offline PIN Verification Not Performed Unable To Go Online Indicated Reserved Right nibble of PIN Try Counter " " " Right nibble of Script Counter " " " Reserved Reserved Reserved CIAC-Default Skipped On CAT3 Issuer Authentication Performed Comb. DDA/AC Gen. Ret. In Sec. G EN AC Comb. DDA/AC Gen. Ret. In First G EN AC DDA returned Offline PIN Verification Successful Offline Encrypted PIN Verification Performed Offline PIN Verification Performed Reserved AC returned in first G ENERATE AC " AC returned in second Generate AC "
Byte 1
8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1
Byte 2
Byte 3
Byte 4
Byte 5
Byte 6
2006 MasterCard
157
RFU
"
"
"
"
New card
CVR Mapping Tables

2006 MasterCard
158
CVR Mapping Tables

Annex D: Additional Check Table

This appendix provides a description of the check that may be added to the Card Risk Management via the Additional Check Table. The Additional Check Table allows an issuer to add a check to the basic Card Risk Management. This additional check is only performed if the Application Control [2][3] is set to 1b. The check consists of the following steps: 1. The application extracts a value from the CDOL 1 Related Data. This value can be any number of consecutive bytes. 2. The application masks the extracted value to a Bit Mask to force some of the bits to 0b. 3. The application compares the masked value with values stored in the Additional Check Table. 4. If the requested value matches a value in the table, the application sets the bit Card Verification Results [6][2] to 1b, otherwise the application sets the bit Card Verification Results [6][1] to 1b. 5. Depending on the settings of the Card Issuer Action Codes, the application can take an action when a match is found in the table, or when no match is found. Figure D.1 illustrates the use of the Additional Check Table.
2006 MasterCard
159
CVR Mapping Tables

Figure D.1Additional Check Table Usage
CDOL1 related data
extraction extracted value masking
+
bit mask table value 1 value 2 value 3 CVR comparison masked value =?
match found
1 0
match found no match found
CVR no match found 0 1 match found no match found
The part that is extracted from CDOL 1 Related Data is defined at personalization, with two parameters: Position in CDOL 1 Related Data Length in CDOL 1 Related Data
CDOL 1 Related Data is illustrated in Figure D.2.
2006 MasterCard
160
CVR Mapping Tables

Figure D.2CDOL 1 Related Data

position
length
CDOL1 related data
extraction extracted value
The Additional Check Table is the concatenation (without TLV coding) of the data elements identified in Table D.1.
Table D.1Additional Check Table Data Element Position In CDOL 1 Related Data Length In CDOL 1 Related Data Number of Entries Entries Bit Mask Value 1 ... Value Number Of Entries - 1 Padding Length 1 1 1 15 Length In CDOL 1 Related Data Length In CDOL 1 Related Data ... Length In CDOL 1 Related Data 15 - Number Of Entries * Length In CDOL 1 Related Data Format binary binary binary binary binary binary ... binary FF ... FF
The following sections describe the contents of the data elements in Table D.1. Position In CDOL 1 Related Data This data element contains the position of the portion of CDOL 1 Related Data that is compared to the table entries. If the first byte in CDOL 1 Related Data is checked against the entries in the table, the value of Position in CDOL 1 Related Data is 01. Length In CDOL 1 Related Data This data element contains the length of the portion of CDOL 1 Related Data that is compared to the table entries.
2006 MasterCard
161
CVR Mapping Tables

Number Of Entries This data element contains the number of values (including the Bit Mask) in the Table Content that are used for the comparison. Entries This data element contains the concatenation of the values used for the comparison, optionally padded with FF to make up 15 bytes. The first value is used as a Bit Mask. Figure D.3 illustrates the Additional Check Table.
Figure D.3Additional Check Table
entries
offset
length
number
bit mask
val1
val2
...
padding
Note
It is possible to apply the check on any value that can be requested from the terminal.
Example The Additional Check Table is used to take a decision when the value of the Terminal Country Code indicates that the transaction did not take place in the following countries: Belgium (0056) France (0250).
The position of the Terminal Country Code in CDOL 1 Related Data is the 13th byte, i.e. 0D in hexadecimal. The length of the Terminal Country Code is 2 bytes. The two values in the table used for the comparison are the Terminal Country Code for Belgium and France. The comparison is performed on the complete value of the Terminal Country Code. The Bit Mask is therefore equal to FFFF. The Additional Check Table value is therefore equal to: 0D0203FFFF00560250FFFFFFFFFFFFFFFFFF.
2006 MasterCard
162
**** End of Document ****
2006 MasterCard
163

PayPass - MChip Flex Technical Specifications (V1.1)

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

PayPass - MChip Flex Technical Specifications (V1.1)

Загружено:

Авторское право:

Доступные форматы

PayPass M/Chip Flex

Version 1.1 October 2006

Version 1.1 - October 2006

PayPass M/Chip Flex Technical Specifications Proprietary and Confidential

Using this Manual ................................................................................. 9

Co-application Interface .......................................................... 17

C-APDU Acceptance .......................................................................................35

Rejected C-APDU Processing .........................................................................37

PayPass M/Chip Flex Technical Specifications Proprietary and Confidential

SELECT Signal Processing .............................................................................40

C-APDU Processing ........................................................................................47

GENERATE APPLICATION CRYPTOGRAM ...........................................................52

GET PROCESSING OPTIONS ...............................................................................80

READ RECORD ..................................................................................................84

Version 1.1 - October 2006

PayPass M/Chip Flex Technical Specifications Proprietary and Confidential

Cryptographic Algorithms and Key Management................. 91

ICC Derived Key for CVC3 Generation (KDCVC3)..........................................95 MAC Algorithm...............................................................................................95

Data Elements Location .......................................................... 97

Personalization ...................................................................... 105

Annex A : Data Elements Dictionary ............................................... 113

Version 1.1 - October 2006

PayPass M/Chip Flex Technical Specifications Proprietary and Confidential

PayPass M/Chip Flex Technical Specifications Proprietary and Confidential

Annex B : Currency Conversion...................................................... 149

Annex C : CVR Mapping Tables....................................................... 153

Annex D : Additional Check Table................................................... 159

Version 1.1 - October 2006

PayPass M/Chip Flex Technical Specifications Proprietary and Confidential

Version 1.1 - October 2006

PayPass M/Chip Flex Technical Specifications Proprietary and Confidential

Using this Manual

Using this Manual

Version 1.1 - October 2006

PayPass M/Chip Flex Technical Specifications Proprietary and Confidential

Using this Manual

[ISO/IEC 7811/2] [ISO/IEC 7813:1995] [ISO/IEC 7816-4:1995]

[ISO/IEC 7816-6:1996] [EMV BOOK 1]

Version 1.1 - October 2006

PayPass M/Chip Flex Technical Specifications Proprietary and Confidential

Using this Manual

Version 1.1 - October 2006

PayPass M/Chip Flex Technical Specifications Proprietary and Confidential

Using this Manual

Version 1.1 - October 2006

PayPass M/Chip Flex Technical Specifications Proprietary and Confidential

Using this Manual

Version 1.1 - October 2006

PayPass M/Chip Flex Technical Specifications Proprietary and Confidential

Using this Manual

Version 1.1 - October 2006

PayPass M/Chip Flex Technical Specifications Proprietary and Confidential

PayPass M/Chip Flex does not support the following:

Version 1.1 - October 2006

PayPass M/Chip Flex Technical Specifications Proprietary and Confidential

Version 1.1 - October 2006

PayPass M/Chip Flex Technical Specifications Proprietary and Confidential

PayPass Options Indicator

Version 1.1 - October 2006

PayPass M/Chip Flex Technical Specifications Proprietary and Confidential

T=0/T=1 Dual Interface Card

PayPass M/Chip Flex Application

Version 1.1 - October 2006